hxxps://u[.]to/50zTIA

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/50zTIA

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand steam.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{A9DAACD0-2FE8-4A31-8586-4C4138FADACB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2252	msedge.exe
2252	msedge.exe
3408	identity_helper.exe
3408	identity_helper.exe
4964	msedge.exe
4964	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2960	2252	msedge.exe	84
PID 2252 wrote to memory of 2960	2252	msedge.exe	84
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 3364	2252	msedge.exe	85
PID 2252 wrote to memory of 2188	2252	msedge.exe	86
PID 2252 wrote to memory of 2188	2252	msedge.exe	86
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87
PID 2252 wrote to memory of 608	2252	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/50zTIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c7d46f8,0x7ffc6c7d4708,0x7ffc6c7d4718
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2036 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9799104078071103444,2909407964311079521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
17KB

MD5
56b913703255a5987243bf1b083b3c39

SHA1
e25f12d9db1649ce7cfc55eed5aa8b7cb2a5539a

SHA256
3d71468bce1f70a7b97618b2d56204dde76749656661408247ba261598ff67e1

SHA512
e5ffea041e8a67eac45c887593efe185a5047558400079bf0ea440089e41b367b579b1623dded7fb3c36b423f74ebd12e4d256750addc64b161b95edf44a3a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
31KB

MD5
fcd972ddf3db01801b03bfd37fd41226

SHA1
75b891b2cc2476fdcc5d71818bc1c4ef7a3d3c97

SHA256
25bab1c90d4328c06042700db655283dd994e37712307d2a2027978e0760e88e

SHA512
69bfa6f839af14c5a4685d2102a54c2956561c22f161aeb7b36a57b3cf63a24ff3cf97c3d224747df7bcd3a10f8ec5760222724a7d4a9f6cb77bdc5c249e9e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
c5e39337f681f1c40f0efa29366109b6

SHA1
3df6cdfb2a6ef5d2e0b0b2832154986629dc3e70

SHA256
70707407660a3f4361c5b197db2be83f96fe74e2f1f95f0753e985ee30b7b84e

SHA512
f73d25aa88d2ff3bdfc4d569d20c327883b16600f76410c883e07eba51715cc65d8983cebfb681f2a0c6f888394749f9975ecbf5c9af428ec5f3e433874d6534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
6f882cfc18469731fd8ebeca69365f7f

SHA1
78ad386807dbc130b1fbe5e1a97389e1e0e2981a

SHA256
b81ddb468e5604f1b5ddce3c1e15e0298432841752cd6be0c497b05fae7cc346

SHA512
75855a2b09abfab3476fc16b18d996e4a705980a1dc2c4f84688c9b8c7b4c1a6ed0a4dd7f6c57eb28838ba1999012a96253a1288f9445056bb2f7386b2315128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
029f7cc33ae75fc214f920e50ec8e1ed

SHA1
a9944bb45acaa6ff7481e33d1dae8720e660a0dc

SHA256
7afcb7387ce3e780abf62bbe0fb5746a01f4778d2f05ead46cf1b0380ce7d445

SHA512
e98ca79dc7fe5f16542f5e7d191b87e1081941dc94b39336eb36b5451d8573fb7dd243412af1eb3722c2a7b9147129b9ba2c1487449c27b78f3ce4895eb5c622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
1cd9f819fae888ce4860b7f6093347f1

SHA1
04f78da120741f1198d595af811b2c42ca9d5406

SHA256
d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad

SHA512
2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
40KB

MD5
af1509b250f7e95f2f9cc855c8852002

SHA1
e91a35cb4dc4311a844936f255e68ce4bee50b82

SHA256
2a9fc98490e0f4b9f7c1ce35d8692c6bf1e9bb8c7930dbf4c986032e65460aae

SHA512
89ea04437c9c3b2e171c64335a5da6d5bd70368e7809b82e71ff185ec14b7f277dde9626a12ab71e79a8d395e5c5e5c05f56ecfe20deb462708bade1ea405ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
02c4cc6d759709eba3f82adc2fac19dd

SHA1
769074f793e9913f2921582368b86f0b32269d89

SHA256
1109318670f3f0ed4881ef4d85ec2fbb9fec253df4e67259064af2dec0b97e1e

SHA512
cc73116fcf0f6671458a0cf46577f6c6acfdb53ab01db09fccc04df6196d78551e4b03593cfd034ad0950d0abc587173e74bb734ae62f9dac726eaf959b8e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
152KB

MD5
6dd7b4f9078fdbee117bfb190531988b

SHA1
7a3d0053826d139662daa0268bf2a76e76bd0966

SHA256
81ca7b2ade361aeaf2a53278fd82b145ae30a11653342bcfc943de6aea8a703d

SHA512
9dddf6729c0502580ee77410ff4d69691316f281fbc9cc140362604407950289a7bcd7c16ccadc5a6d51efd1a941142cad1934357fd3d181651b53f1bd59fd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
72KB

MD5
6e4d4a3b9ec9b1137a5d8bc0fe8e932b

SHA1
d97b25f7907356ba2e8b75efdc9ecd4cdc0248c4

SHA256
efa84433cd3da2c22f1f9c9a6d122fce985980825668ad81c4224995e55ea2c4

SHA512
48006adee9f1c462b37944bf1a44b6bfa840e0e72a23a189c7994e8faf721794a5f639741c5e86d9276d4173e0a55a4a5cb7e7e22f7463b9e885a296baefbed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
305KB

MD5
8ada5ba601183ddba305227b419d30b0

SHA1
3e04916582fb75cd0599e62e878f2317505bd1e1

SHA256
f60ed14f529c3f98a63122b6f61efdf680aa8feea61644ec5d4a4a9c90f0d8f5

SHA512
cc0a1f296ff2291b3cc45c3fe983641763c69cf7cfc0b9d4ac1fcb972515763ad6ef17e96cd4db5d0c26444b95872a26be4c853c23d4cf712958c98dd009921a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
475KB

MD5
cfe245420160354f6d429124bdd7f16b

SHA1
edbd9863290f95c6e77454127176b48021919892

SHA256
9c72e12b30d2848517cd65186f2c654665638337e2f0d95e15785cfceed608fd

SHA512
a40d5c32ef63e3682e1828dce8213e9ccfe439749b3bbe4d531ded0c6a5e59138a8fcd862705069807e339628b8c4f79a52dc48f30ed50335281d7792fcbf0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
135KB

MD5
9bd29854e5e9dee12f9ef50cae46fb86

SHA1
48731dc7f2f2473452cf2c05001f4f15e0856a3e

SHA256
f341d6fc5a06ef5ad98964327d2d682d57a956c029091c4ef28827df8225eb10

SHA512
13aa4d4a0fb4e73a91c0dda09af479ff436fde8ffd56b7d00663dd560a486aaabb33eee2b012172e9bfa4314a7d9f76dae59ac7a25f08b7f3faa363f9f2709e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
17KB

MD5
18c76886e533c920a94353734f354d18

SHA1
610291e584653973627974d10d57ea3301514c66

SHA256
5dbd4c9ec5486487f89e7dda9d0fa9b35b4c73e7327c393cdc453b3f9d0785c8

SHA512
35ff640836de0ba31f4646e02a26e473fa9773357055ecd56b5a23d389aaee2babbe43c75e9c033ae48940ae0ef38ae355f28ad39c90bdc6d6682d9f9f4756aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
40KB

MD5
23dccd50c1598cf87c321dd0e788e2e4

SHA1
4697f41531098e96b97de4ca6626fd86621efb1e

SHA256
167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635

SHA512
00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
52KB

MD5
24fd993f0cf6cdd2f310db84596d1bbc

SHA1
b9ca724fcb3342c58ae026d266a009a73b1f5e31

SHA256
53db01b6f27963566a58cc3bea3ff2f88abda9c16302b9ebfd3c858d77f2d9c2

SHA512
892280df9bb1daa6e443ed684a48f4221a313e54bf300bea00c896d3a2967eadc6f98717b4545c1c956811b8d5403f132bb2b94a5e9aca91088e0f0203630ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
c1400c439977526bcb6910ce49bb0bca

SHA1
bae4f620af857b3f0bfc23ed0100e56324911c1d

SHA256
3afad9eeaac4cb601103b7196bf92bfdfc0c260a682bc97d60e06fd420b55213

SHA512
9c2931295f00ae340894de3932de64b875241c057e0414ce459e644e3361c3dfcf8d62a49ef51aacd058dede88d60cf195de37ba204630348dc35b860bbf1aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4361aee4a1c72bd12e9d1446a0e177e0

SHA1
56ef6a949c6dba1f26caef81e4a17563e1c863f6

SHA256
ead8257eee0fc71d34b801ad10ef76cf261dd88fbe2faff85666db30273719f2

SHA512
49b730c6968f1e55abb86d258ebadce386582832e65713c59b55d83a85b4ce9505b20c030ddee95c92a086fe6691beae6ea3b0f72e78585808c5b7aa21f6bd65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
643848aa8a674124ec5d5bba28aa2aae

SHA1
fbf8e3ca23f994ff2fb1776c0a04a3fe6edccb89

SHA256
605e5d262b1966acced88790436adccdda92900b7208f770c74f80c6fe157f87

SHA512
5bc2205170d93505338de64d0875452a5e72ffa934a014c33424ff571114b5cf0bc06d62fdc23c692ad4e835c71167c71f0f8bab7cf38a96348dea9b3d996a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
345B

MD5
72a2723adbe54ec1d2d9a03d7f5572ae

SHA1
c9f8715c8cf12d5befbf7698f7c95731556659b3

SHA256
1f3ae154527a04ac83573a0a06bbc430f239d7bbd74c04a9a602fd4263e276b8

SHA512
6be2750c8388e1d6671c3f2c749b34960166f563888beaaa3d7e7487a88fd1eb08aff22330af0554cc6b5a8976fdc9c3ffadf71f9e64c5374150a9c2b69162cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5803a7b50a3524af4b4b757f0cb98dc

SHA1
322da21734928a4b4ebb618c8041871762a5f567

SHA256
4e98cc97a8218598de4f10e0b8dd7c5571f7c43fa269613c3601566d1a7a140f

SHA512
e810330a21c21a5622e1ce71986eaf1367d2a37289f56358a1625f8c076db172d5af15451937bcd1e1c07e9d50c8bf16825298ff961d453aed86cd397ed95159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e88c26a45b65068dd716ab45dd9ed766

SHA1
5647b7b2befaecb9fbe803a8ec6c25d5384ff248

SHA256
2b2241c91fdd77e03b7a22908833e571935de7e1e00597848da56a2865b816c2

SHA512
0f1ff90255dc22c5bfa00c232f7a3f7c6f316c63e0d4cc57fb70101bf026917d501eb9c0ba57e987d8cff29b13d6c4ac3ac01c359b7f90ef5d1a9d0b3d07028f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f690621201cffb7ba7caa089dd2d3fc

SHA1
a6d77c0b31a0e8b0ab212c10e6a01397967fed06

SHA256
ad4da1c6b197a73104387872d2a821ab611fa6eb3f885eb6ce3c1fe2e2429f61

SHA512
8e6c6e0f6f4b4a51ec2ba2eab6e41264f849f62f730e558886e44d946df11665c71cec28574dd40ee5096c894e1509a48e40aea65f6dfb7354cb3523b1ca4b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0eaae323f62448c7857d10d388aa295d

SHA1
1e1500a08f1e535598705b779f998470292fc870

SHA256
626c7011f996a9c5344c33c08d83e69a49fd1ce953eed86c97d7fee65a0a7266

SHA512
6f1b35042558f1ceefcd678a84db585de4f0030320402717104357574103fa3b32aee19bf70a5e1b3c59901310864bba9c3e5fa6331433a8aaf592242e3c9309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16f84b42df01a13f32e7d7bfce853d07

SHA1
e7e61b28e68daec8d9a74b2ac589897f8e30fb69

SHA256
4e4394156c1e8ec66a4e7bd148faa93aeacffba58454b4a341bf5bfced5a326e

SHA512
91264bfb6efc9cf2bbc8e225accdc02f7dd613ae2584cfd8dadd5d74e0efb18083b133a4bd0481abe22739f997fc571dc22c494ee81417f52a39d7d08b930d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ae4336b18420064b2f53d110c864cc65

SHA1
77e3a905918329aa0f4ca6967437984059d181fb

SHA256
fecdb2e4a1117ee80e1bc11e4ae57b0577c760f8b448ec8da03bed7ea9583440

SHA512
6ee8268b2366de0d934e9161e75af9196190461a1d12029ef000965548ed07da118e066d7e8a0b10794eeb87b5682db04a5566a0b4b82a217194f79162afe179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57e20188f647fc149fede7ddc99495d6

SHA1
03bb2ad7bed6b2d69130127b2091abc0ae915aab

SHA256
aa3c9132b8aa128fa745b7364cd0d92670a2f520393479112a9f461d2f9f5aaa

SHA512
5c23b63321a0f7099a4bf06085b51444e2f274819886db35271cdd00e07e2340a41b0429013a85a631ae9dc41f57b9e30bc56ca21f7f50ee042a4314452dd296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d3ee7c1837f4de7b71c2aa6ce9e388b

SHA1
aca829fb038b47bdb665954c5b5be1d3e40806c1

SHA256
ca44d5d615b2658e95e6dec227e93be5374c8d2bafbab97f5f96b69fa7d88073

SHA512
28663ab493b010cfeaf22b5f9e32d8c5949072092191e90bad3abe57aa9e7add0f50a81626aacc50bc95b71b08a36cc040907cee33de2fa3469d50c9a6587767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46366366753c0aa21b42878eb221ad6c

SHA1
ce703f3d992dcf91a91d7e3c5fbcd882b0199e51

SHA256
64f783ef31731bed919520d005b25938c4dc550c1ebccaf91bcd8660ce894681

SHA512
457f09591b63bbf6a7013f4663983bed248e17fb363a46c979459117ec6ee71a3f2325dfa9f37e12fd300751264682fac7d2d54057f382524f1a16c0337ff0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
8f4a31c4856c84a0def0913ce94031cd

SHA1
cf2738bd130ea4697072d1cd7a3b7d61ec72e270

SHA256
fac53a1dea812e3de0e836a0237c3a8fa6b687474b232a1892fef19406453d2d

SHA512
1333dbdbd71aae215cb4a7df55f6c592ac4f08326712b369ec3c43b2db1680b715ea67b1d72b3752c30af7d41f693305680383bcaf86ec0b9ad602b39ee3c617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
4a5a85a6db5ecfcbd17c98cd4173dbec

SHA1
3aad138a75233e8f9889df5e1f77766104c118db

SHA256
04b25a2b94017e5af7978bafcf857c0cafad41b8fcc1268c2d71821a0c85c553

SHA512
6e58a41738599cc00e8c0784e1402bf2c47740a0067436e34faee881e558eba21673459a99b4118bbee00a454ad7d1e041878533f77334827f8ba1ced01e8413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1f9d8d0daabeeef33f207a4455bc8cb

SHA1
d87101bf5dca068e8d66789f7867af89f30d0653

SHA256
6a85d53ef84abe276358d4a000c8616f39639fc8497b9848eebd2aa31a0ca0c7

SHA512
4fe072800ec2f9f427e23aa77cac82895b4aa26d1140050d27e34592bbe37c01b233761cb1e6fc866d14ebcac956c102bd7852a63e96dd29d837bd338c29985e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c43c5c906de3a039c1b931a88695559d

SHA1
7ac087bcede7d072ed1de0e17371c0a03041a911

SHA256
6c96b178b239ccb70c6b3bd2eb58af285a5249622530a0f49ab553ce8f5649cd

SHA512
ee9b216a25599d98efc59d1d5b7c58e6e794833f02af1cd457c1bf6ddbce3968c3210e0955027cd297a6977eae0b55e7ef679786d37d59e2b5667f0f00697f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
756c8a7f815325565bead7f2d32df9eb

SHA1
37accad14fde06e796d008a698feab238bf6204c

SHA256
9cb93e42c8755861a3c34565cb8098601a54ac09d1baa1f26c329950bd5148dc

SHA512
7a3343d8043edce8928de47d365bf132bd4598d963fc89ff3370dd71d3b78f30da26217684f27d879744c10ad7d778de53a19732c3b417f48b423f0e114d7597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806b2.TMP

Filesize
372B

MD5
db7e807a72bc610c7ee0e9fc679c2879

SHA1
dda5164ae696e2cbe7bc5c8f6b117b391c2f9a96

SHA256
85dfb5544cad2fe118a4623a9b6da0c691733322d9835947d10244c877388037

SHA512
fcfc86d3f85b2f84a69fe59ea2d141eb48b0fccf2807cc3ffd634a6f2196e04cda0f18fb6b3370cfb54be317229a92e39489e90536e1011ea6e15093d9cf034b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07ab535f01827f38cd4775ca6432895c

SHA1
1617f709cc4d986ad72bd6ef4a929a6b67fbfb85

SHA256
88af0029b4bda4d4afcc16bf8328e73816e6fb815bf1672591ca7eb7bd82be6a

SHA512
010f8d607812cd26fa01d11a53910ed9d01cfdfa4251fa2bdc2ef1951a632b36ede5e24b65c0ae3439c4f3a26665e2db4c5aae077d826d342309a1b8cd5cb12d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
80b0c387bdbd66ead34c9571506fbf58

SHA1
2e803cf57be806ad029954271c7b665908cc8587

SHA256
eda12117427351cb8ee8f94f718f724da41f2ac17403e388a68a0fe9fea4e667

SHA512
da08e6bd9aa745617d5b701ef2bfc5f0dbe4dc8025fdb1266290e88b8d121e21eff6d82901d91997429f7d8357441ddad3e7de67ec5c7680ef6b0cc542114c7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8a87c9a3260ab0343162c613ffa5350d

SHA1
58f8e98874a65883cebe94a1c0c0723b89658bf3

SHA256
96945f52e19cedb9dc9e8e7632ee741104c6f127c7a622475ea818684032e574

SHA512
58f07df2de8f62a29d7ba1ed21050611886379fd794ce6bcc392923b830e2b5d1ce06de6938d5f689935249a1f963850ecb451fac9643aa0f6278127df9d5c10

Download Submit