hxxps://www[.]bluestacks[.]com/es/index[.]html

Resubmissions

03/09/2024, 22:41

240903-2mjg9szhkh 1

03/09/2024, 22:36

03/09/2024, 19:45

03/09/2024, 19:41

03/09/2024, 17:36

11/08/2024, 17:42

11/08/2024, 17:24

28/07/2024, 18:08

Analysis

max time kernel
325s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bluestacks.com/es/index.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{EB32BD5A-3CEC-47DB-B20D-2B1EF8745929}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
744	msedge.exe
744	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
564	msedge.exe
564	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 3512	744	msedge.exe	83
PID 744 wrote to memory of 3512	744	msedge.exe	83
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 908	744	msedge.exe	84
PID 744 wrote to memory of 3364	744	msedge.exe	85
PID 744 wrote to memory of 3364	744	msedge.exe	85
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86
PID 744 wrote to memory of 3608	744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bluestacks.com/es/index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f946f8,0x7ffe80f94708,0x7ffe80f94718
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6373227373100222621,18368876018327451357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
25KB

MD5
20cbec2ea2f7969a5123a5ef4f2004d5

SHA1
359132c0f89d36a5782e14335445e8c4cfdc28d8

SHA256
9e5883dbf09c948d36ef85a2148b380fcd22f83c2672fe857eb285078d0c28ad

SHA512
d08f0267d6689ad638e89e628fd97ddf89ba18bd007dfe0938f6611de916c6cbac30f8306561a1dd1ce351fb5c79da8e2c499b46d590ec10a6c740af9e9576b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
18KB

MD5
a3af556dacbbfea3bcdd56e9b7d4d4b6

SHA1
d56b62490b719c9c35448b17c03fec33efafef60

SHA256
b9c977e197d3672b443e0b97a2f582b6a6f30f68bd40445ab1f9fa474def0a52

SHA512
5d7c32fd1c1e2404b74d30c964a99f41fcf9ebc262c15547ebc4d0a26b1c7b904f62f5358a12c6e5d351c20fac5503f2c6e684b6558762c6c2e7fbb34b644a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
20KB

MD5
5957c300b8653d48c875490dae6f3edd

SHA1
4960cb666c7863b2bd8a3449619005d0730875b0

SHA256
9dd3ea282d524bfc4a534223dadf1450686feae44cf231eedd604fd6238e96d7

SHA512
eb965c8beb916dccf7469399df4e504c1ea255a443d933648429e7b59ef04d249812912b171afcd45b155047773ed46218d2e3509a701f4bd63171c133efe66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
caafe64956018f6016f3dc97c9fae747

SHA1
7ee294fb0d85029995175cfec96aa06454e57d6e

SHA256
b417b49e4ee4ed75ef01eb1fced825e634e1f43d77041276ed0e9131d8882056

SHA512
f5890affcb49636ed821f1be628afb6548a38cab60148f530190fae455bb0d6242c1b879392a26b6ed53ceaa6126b8f93b01fbbfcc9d5e512103e89c6c54a5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9d8d6cf80ceddb89322c3018f37e5e27

SHA1
97ed18f92f59758fbab3be275b134f8b3b3b7c29

SHA256
c9b24e1088c9128b209fffda51f216e208f7567385c21ccd6c94a86c3f861a39

SHA512
40cab5d100c5d4e74ddab13394f978a8ec679c6de9f639f44e3a9339a17aca16f3ecd59dbe4468df8020a50ab8a825fc911e2ac9675409500804352e93b73ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b07361e110e55a17b7c5151f7476a874

SHA1
0f7fef1d90b247e79c1f970ca9cf652d51d2ef09

SHA256
630e0321c12a7ea4b7bc9af82bd1dfcd4afe62aca7628f2f349fb31f90753890

SHA512
b5d999445c256b9ac1ae984b6a33c18899ae8421b448785b39f5d7ec1aa7a9ee171f796277941b884fcbe246c07e404b98a15994847ddfdcf505f3c0929f9fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
fe6c104d6a29fb332cc410e2953949ae

SHA1
bc6604325b1d3aca11f588ee8070801f733f322c

SHA256
4c7b75d381b044b8b4e2113d0d4917735868130bf100b6d66cad090e49a68563

SHA512
847a50bbd93d0a27b02197e38fc3356e44fe601139240a0d617f74c20e6e879faa7f200b749d038ddaa21e9223ae91e792acaeacb7b21077d8b6907183ea6925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f450c7348fd2b562e343d47bee10ca5d

SHA1
70bd76e0607eb12509c250b371df4b910ae0f813

SHA256
76bfbbcbcfdc9689ab7a3684aeeb1f8785016acb1a9e3048cc1af4d6b27dd0c6

SHA512
8e6c91e91352d8528be93537be991c5c3ea8ae115d43dc06a9bb4900cb0b460249eb452b4ba39a47671ebb31a42e6f6d3620a2ed0334a3eb80a0dcfa1cc1ed70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c7231eb402f90201eda4cdd2097b30a7

SHA1
eb580df30f00f4a8ffc808eaab7d228f99d1e423

SHA256
c8de7a877b75b40091b051bec474f8921a223eead420c6ce79c7d50aefaf20ab

SHA512
b1a245691c03cdd77dd6160ce59a7a4317260db2d1deab311cf6242b46efc3ccc9a3f95dd3fabb1dc6e56fc7d363b1a04b3e43be84032e445d278a1555fb53d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56a883fc3b8b1d2aad620957bb17fa77

SHA1
c416b40885b05dd4ce6b2b96f3e385ca1106fa70

SHA256
ee4a5cd1448c05843957a69aa72785ecb0e57efdd85247afc43df06109a7005f

SHA512
4bcfbf9d5848bc5e33f15a0dc4b2dfae0daf70583138472b40a88de2bb176bac2f6d2cf25121fbffd5493cfd6d03eb391d172b0656129026e8f034db3b6dfd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2ac687f38a6d9b3209cd25b7234ed707

SHA1
56f94cb2adf4d4e0d1338458e2cb993f88bed3eb

SHA256
9eb107120ebf5634f183182035d1af04ba7fb61658a250cd0ef44c5a06768a6f

SHA512
f57ae0ccf845278d196e7f3bd94b85afc76b8125f68ce632d23f553a708d838cdfd8eb598cf52ffd8c6fa7b809387afe9afd79bcb01ae3d56108556c7eb30f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
976fcb9d36f627ff5fc7065dcbed65a7

SHA1
8c48915fa46250c7dfa3efde9b84bd97acaede53

SHA256
b1db9d777426453ef2a036bf65ca52e51ab6a564afaec3f3a2e6a8882e5dfd41

SHA512
70772228aa79b06f1f7afe6cbb5d8cd9a43eb202f699b4e74a88974ab9d3f77c83908257f9b7af88c5702cd4f1414da2338587c750660da75a917ee676937ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22971c23f525bed245a30afaacbf852f

SHA1
2cdffc9d283a36b18ddf9af5c5442dc09a9d745e

SHA256
89a957d1fbd34381124207c9beda091baeb1e653349d24af237e1575d1b0a13c

SHA512
97c080a00284e52e7e960faaa75ed1d77746e524b9a881ce889d6cd5413c6f00aa8de957d499e6138a95c5e23115a3bad63b2ee0e9705f67624524463aa281e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08d880c43d7415231f87a6306bac861a

SHA1
0290cc0bbe9dab406ffdc46aede94897febf9839

SHA256
0552bc84ba38db535a48f56257b953977a85e7bfcc781f826348e840a4734a51

SHA512
76b42ee0f7d26b8ae147aa6256c33378042d3d7796bca10f45616a64eec2a9da31c47f87af3ef2e71a758a270f69c9c05c35fbc82b39be4aca945d726ea3f4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f7d2c3a933f78d9b6306e2aec0c4f33

SHA1
1c1ff351246c275c5d16e26f5e46d0aed649ff78

SHA256
f9ec3320f576e03f0bae6d22547cc222d3df8484025c3562e359069c7ae2a6f0

SHA512
715927ad2714117875ac95445e959df8aa4f21f2f49382de85786663ef5c7d3fd48def85f832a55ac48db206bf1bf1c2093df7dfa1e309835855f18408e8c671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6c392ee7bdc83167281d3b8f0e6086a

SHA1
024e604a6aef24e7fe56af8c732b463d1bdd69b0

SHA256
33a71b03bcc055b7d36cc824b123687fb9dbec2c5ad0efb24a6a214e8d0c8673

SHA512
ec17abfe6e3506f8bd7972b66b2e662dc87cadbaf47dbe3aca823c2712a14a4839b4eacd10b049b1af6704ebab1060273a11ecfcb296ce3cc9f7cfa6810126eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f670bfe5486c3d79daed98b5b49b99ea

SHA1
ba0f5dc9eb24700cb6e071b58cd6dbe13c9c2ad8

SHA256
f771e944f086e12e17429e25c0ad663ecb770e206959a5ed32e7e6f28d852a76

SHA512
0af87e566536ecc085b0748f6100f71aa402338cb74ffef6e3d977d6f787095c7e945422548ae70ec464d5070aa9d8f0c3170a510cd9536e2cbbaeefd553c27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
59bd54a1433f738cd4b80e9c7411e51d

SHA1
48ff7ffe30d9097b3e41e1a5511a7bf4bbc72680

SHA256
0829b18bdabaf574d5c5e888dbe583b8ba40ad3abe2bccd6fb07360fc6c5f9ae

SHA512
63a75788a7c8010938e15401366beb63e769062811f13207ae5980cc24bd3e0fdd0bb05566e5a5dc7550e3495c536d33aff953e086a936dee941736df96d4b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
317c750d501af096b9416ca7972275a8

SHA1
b14042cc866c55fcd05e50321882c67005c18e06

SHA256
0dd534a9203461204d473bd65031827c0ce07176cc9b64be5f480a5c5e07a387

SHA512
a15b3964d4f8ce1ba5de064b8073234d1fef413ab92d3d1ccba1f9bbf512e1c0f4f1d5ef788d8be3ada7791af9f17a6b26ce74fab333b1c1041021dd3c455fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a84fcbc58748f26f300c085ce785fe6

SHA1
136d1657dca5406c6162759b317377334b20c83f

SHA256
fddc0b57b9a61f567ffd8d36a777642cd94696ca67ed2b1a9b828d92bb6a0ec9

SHA512
bfd4ade4630212b56c8f005c1c8867aebcd28d03d7c371d0698825099a09e45e5c430ff0d620a90c1d04c202eb3c74d717938dbc348c190be48fd4525b001ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f102a51decb8c66005ecbfc7c7b8844

SHA1
10a20846f835acf2e6c658d921f0987cfa9c360c

SHA256
18683e6c0f476143bf32b93f2ed406c1d286417a8c839505cd1731300d3d6ec2

SHA512
e36e994b8bbb0be1c9ed34a5273cc7f95c12fd1875906d3588a9c69ef1263b5a5033888882c64c034daa63561e79e7076feb6418be7382fc7af1729b8c5b35b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7258fde378a2d2187f7e43e8adac368

SHA1
36cc61d2fd86531f04a84eea7707864048e306e1

SHA256
e7fe31c04aea92e2ac8e01ada830c79a7aee042cb5e9a76e3672439632934eb6

SHA512
ae8f5cb5fbe60361fc2aa9dfcffd2818f0c3edec61fa41ab52ffb3d637627aebf81534e9b2bfc55947754669d5bd54879aca6b1a819ba8484afefa9a7c272009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a35a7b8dfadb611c06e99b4cc3831f34

SHA1
ef4d184799e03deba7249bba6744c80f8db09fda

SHA256
a1d67c19678e6e69ef0b1e38c9029670c316cb4a668e286986a1046c30b194e2

SHA512
aa0c2eb3870bf7adf288fd7c6ff4ae4fb6d7b779f2fc54e85d43a972e96d3ebdb64372aa23fc5e6f585178165ec7ceed4c5b77196c6b2a67fd6e73f01412a419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592ab0.TMP

Filesize
538B

MD5
32a7bc9858aea0adf47f0aaf6e4407d9

SHA1
24b36209838039f49ac4ef6d63117183912515f9

SHA256
b702563b261f8208c5bb8481e1471e8f324584a8194cc6b5914f45357be98740

SHA512
6993bc1e5401f2af75922542180264c6c22d4d95dd3a4aba23c4fdda74ee5a82a98af443755076f3ffd193a3d280bc5d757f0cf3b37b7a87a1229e8ae8dde3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
394866d60e1c5e67498caa5a30a4a643

SHA1
49e43715dc0c6892cff2176a84228c31cf97bddd

SHA256
88bc139be9d253e83e5746b3d2183f9504aeb11911336b5d510cd09aff95b21b

SHA512
63bb2cefe31970896055a4e33edc66d832f5440fe777834799ebd97159b6a261986d2a433417c0b474e546d9e7d29030b1bbd7dbf54853a5a96358b4bf0af5b3

Download Submit