af9eea157571316f0cfd4fdad0561b38b2cc866202e49e0014a73d326244e0bc

Resubmissions

09-09-2024 13:23

240909-qmv1hssdqd 3

09-09-2024 13:19

240909-qkw5sszdnm 3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

501KB
MD5

fd9af27252dc6d50be9aa1ef44fdfc9b
SHA1

ded429fd848b79dadfad869974d2362e3660a94d
SHA256

af9eea157571316f0cfd4fdad0561b38b2cc866202e49e0014a73d326244e0bc
SHA512

a1536983d3c0169fe06ad4ba743da6537d6b66a3f8d1665707c48dbc042970bea1da5b71f830f99b3677a33a8371ef953e2222b741291d7e8d7bea0ed83118f9
SSDEEP

6144:BTp8y28yq8yh8y88yL8yL8yT8yG8yA8ysP9i:BV8d878g8X8+868Q858V8nP9i

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{90250966-FEBB-4FCF-B526-EC0E7C5753E7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
2228	msedge.exe
2228	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe
2268	msedge.exe
2268	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 4236	2228	msedge.exe	83
PID 2228 wrote to memory of 4236	2228	msedge.exe	83
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 2836	2228	msedge.exe	84
PID 2228 wrote to memory of 1760	2228	msedge.exe	85
PID 2228 wrote to memory of 1760	2228	msedge.exe	85
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86
PID 2228 wrote to memory of 1832	2228	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11096364401271705009,3117254335031363838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\21421797-d407-4497-82fc-b71ca8a8c80d.tmp

Filesize
2KB

MD5
eec26119ded0db1427e69cd1488f9c85

SHA1
b3bdf1144d0b2fcc08383063f8ae111f4ae4cf99

SHA256
d235d6fd560d636881afe1d012523eeb3cfa6b564a103123d7101932dd9821a8

SHA512
f5791494af4dff8d9f63ec016a5fe0fa5aef5d277cfd7c7ea807c6d5a6a1f19c040d3802a8ef9cdf22d74c14155b9f3719704adafb3c4b07cc4190bd6d19ce13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
40KB

MD5
7322bf64e862154c7bd92251b43f461f

SHA1
6e11214a6391d8777bd56a137b7afb454b5f10e6

SHA256
54051655d197f1aca06713ca43987fb69c0139fe5366be8f13df38f339ab7027

SHA512
98814088a8b7a900b6efd48b0ae9c119de3349bfc8e78afe23f3cf77b5bf0613c264c6adf907d0bc3a71d2e96785b9eca314af1ad294fe5ecc34a87ed21b1704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.2MB

MD5
51cbcadb5af9bd38d0db678ed330cd2e

SHA1
12b51d65938c73bba1d56b16d32fce033ad21853

SHA256
3c4aa481e9f908cd8b70af5a59a1f3256ac10d0f25ce4603782e698a881ac095

SHA512
e845d3fce3799811edd6de35883c8a25ce25cd7aa850cb0f92004f1a52fb55fead9b982a4c323ced45c3df295f20735965161d6f349ac2427a4835ac659db094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
324KB

MD5
95ed709be782790bb9b9230f3f854e08

SHA1
d8179641e750d24ea8b754d4af2f3d9a0df443b4

SHA256
bbcafa502bcc28e02be2422b797b191b0e537f33c88bfa71fcb26a2d590df43c

SHA512
0875a9a4dce2f20db380f440bbc6befc5b02db34576e57281339464d7d6d0720de4a6e3d15b5a8f48c86a93acbc97519da4a9d930007e4d9a547de7f54ffdd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
c2ffdd3c3514e7498edcb358ff24851b

SHA1
2e370fb3469bb2bcd710d422ea8309be760b3b35

SHA256
5c89e3d2923c8d8864fb0cd9b39a18000b3e8f28a064b6866d406cb5c758746d

SHA512
ffc734aa98a3a7f676d16e3a7cf5341103b85c806a3d7068c8865976b6543424337776e41e4cf42d1232a3523972bf605beadde419f965d7e54c3ab266a5c345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
26KB

MD5
8ed693e50522be638c5187c667092166

SHA1
a19c268f14fa4e90637470597919e31d688b1e33

SHA256
7973da86f8629053c612f8518483be81fb64dad098fe87c99b438da0fed91a31

SHA512
1ba215b91c31106640971cc279f15bbfacb22118e83aef7673001b75ff2c272f98ca762fc243b4ce7baf89f128c843d2b6e9d600ca213e28d50482208c8545ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80d7d5380f192d8e6841bc965da07dda

SHA1
d18ff0d914caedd74c944d4fe51258f07a22d963

SHA256
edf21b7e1894ba2df0190d8a130eb8f4423a1fa706d63401d955c653eacf71bc

SHA512
b34d8a1b03ed088a954def910e17735a826dd0ea3f43b8058428bb1e3c29b462397b4b421ac00d203da317051897cd5f22298bbd9a57973e81089d12377b0bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ca25e6c019a09142238b21ba73a8533

SHA1
c57b36868eef2a91f2d38e23ee3b5c1bc1d15e8c

SHA256
e37b1e84e94ba00445f3f9b6451e2fc8b330f56d5928807428f59028e05234a7

SHA512
cd5a3c46dd760d91b1e9b48453f4646040da7b33348f5c712dac89e208a365ec813010cdd185634acedfce2efd37f54f9faf7a96410cf34805efb4db31597cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d3c6d7024857de482331d763aa2e1943

SHA1
b47df2d657a0ec605089c066dd2daf00f47e5344

SHA256
b8e5e290fe1955060ca769adfbc4cc78dbd79fe36737d5b91cd004cb7c88135e

SHA512
9cdf1af6d149b982caee16883b152eb7bfbdedce8981a984be3065947e081fe357eced6057b36ce747093dce9a5eea9e1fd9f271d38259583a34aec8b734fbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d3966f556d3e91e4821eeafebda0bb98

SHA1
d883cc0ad1be0c521c5ae2368b711c1363839c2a

SHA256
c558bb44b14f375956d979d7120c418e75d620711458b04e7bd9f7edcfcbdfa3

SHA512
fb09972a5eb0782857bc279ffee4f69ce7741bf1a5d90cc907aec693ec48ac6024812b08950aed30b1bd0bc9743f8b155e488ec52c3099a6fc47f5b3664b6427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04fdb7833e01db0e890f1449da7fd116

SHA1
d421808e72deafc125e95250da8cc37250a0fd81

SHA256
f357b3a2035db7e5f1906f26ba322e8c92c7baf1fe5567a648ee6030cdade3aa

SHA512
5fff3d3e6ca5be3b5b6a714bdd48722688fa72ee0d045b3b2c0c9dab5082c53eabd9d024020829bcff6f9bedc88251805159f2d42f3d74466d9ecb257c475a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
682ada271f3b66bd80c3e2d90aab41fb

SHA1
0ef034ee394e8c66a34a977205510005279eed06

SHA256
1173af7dab2243d942ecbe162ca0cb4968ade075565a3174d83d87a0ca76db18

SHA512
5d933e568fd9f7735c9d1d3784a8a34763bb15a38dab2898a067d78820cbd194437ed83354e069944945e31132e51b610edba733976c3eab7a45de906503e720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
084de86633cf0f19d77bdd1312eb9cf9

SHA1
3e434bbd4644977bc9ac8fd19754f657ac15fe03

SHA256
02da5d349e469bd1050bed40078c4cf89b0f29cc3c272cff1a2ca1860f1091fb

SHA512
af0ad535eab4584f3716cd6ded6ab7229692d76ef01d691f047d0ce1e866df55815c0c820108676d2ee44f040097a18301a82f4a35456715ba522bf84bd4ae5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16cd4bf4b29e04ee10e39fa5f8bddcdf

SHA1
166110e9c07371ec5e4b78a1d179444a48abdd6f

SHA256
58eca41e522bfc729d05a6a962a7debe6365a111133817d73bf5903ede6b2ed1

SHA512
95df31b0f545cbd904fd0c587df36ddacce3c0d0548cbbe22649ec0a102b44210211e477bdbce77e74c5edd62682929513cebcb62a2786de673c219af970d40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25c11cd3be9d311ecb07a4ee1496a7a9

SHA1
54b4b06a7dd5612a951539d26af8135b22c08a63

SHA256
482d47a79a93b9eebc26167f31c5c26d61b66f6a9adc66c461cb16747e03cbe3

SHA512
71c6c07193b93ed1ab8a4b1801f977c3858e6944b476496a74b13dcaaa2bccdcaeeab901ead1e61a2067bb75362b05e70356369fa05a7ba440c4424bede0e310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
754b681c0e46c0e568d938ea9e69d18a

SHA1
24a3a0de3ecb0896146f2540ed7b03f63be4afe7

SHA256
42026ee9cba44b7f476f85a27dade9499adbf00e23cf2b9aa403f17df9432da0

SHA512
461ef0932531a6831227f8042b21d3338f59a8d0ee597579fc8580d7727b336192fae3e84b16e272b847f9f7488b69cace4794a75866491bc82ddaa77a5bcdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
0e910d37d438ca5bd562e3711df005c5

SHA1
ab484e4230a0803df542dad4ff60b6ea189f77ba

SHA256
025b0f187747595c12a8fa33490631c3a7e65143e37bf6ce5edddd8be31902a3

SHA512
2407e1a6cd6a8bac06163a7c087d9d69b561bc597c1419db932266d71132f4b7b14f6183cf0ff5a4bd3ea30f4e65eb7f01310066c76762a12527566af0314378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
a19e2215fea717ca4e70dbea43b4746c

SHA1
8a0b32383c2eae76cc4bfb103bb18611ca2e78d1

SHA256
22214824975ff307f6ee55787a0c5de8fd3f177246b7c1ba4f79153453ecf758

SHA512
9eac1e8c888a980b60a6371a0069a017efa7bcb7158f8e7d8cb8c8f10a93ffe865f20b241dc1ea08809db1e4f624c37ecff98769a9fe467273935da94723bad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
75d30d060315456fbc4d2ccce5d679de

SHA1
c02d7b1499b46bdfde9d2320dcb90fa2e0a7c834

SHA256
6656e1000c8e57262feab3b6eff3ed370dd9498a24496c3d3cdbacd6b107aee7

SHA512
d7482b5ae9fd43e627d619f05592f9e0349d5625d840ef7c82d7f3ceafaa558e91cf76e7ca3a27ee93bd388806d1cb74b497f816b7e402f90fccc589ccf52d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3af0873b91b7709de065bbc1455fa604

SHA1
0152f8d98d5bfa42809c331c636d47c57ec6210f

SHA256
10fe3c062a5a6b04dde0222ef35938fcc2bf1f81d5b32d10ee3bb5b35b592dc0

SHA512
4cbdc8dfbbe77643722f257a351ad8dd7ce1b861b5621d583afa1a75e65dff8dd4ab726377c4de0a42b363377d33d3d41c0c95505da4119a0f4f9557c45d0c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b40b754ad923bfdbd4a7c6cab0e5bf29

SHA1
6ccbd184c8cbe54bf74aab7b14e6142dcc3d6352

SHA256
5470ea9d414a89663db633224fab50790d0bfc05e0642c546a9bd96e2118f8f5

SHA512
90967da652b4d60460c2fc66742b65ef3a73011c7f60c4fbffeb33557c08c14815032e27bcaf5129795fa55d240b15efb8d8fc8e65770486cb2c2a1f6da78c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
491d190d3723b6a91ff55501be653959

SHA1
60a13cac34fd7a53b981c23a3c88fda19df58432

SHA256
0e723889102ddfc17dcba6410ee5941a428dc8dfa0de1783c7d2f765e1f3fa6d

SHA512
fe70ce29558990b9756274fed378ea50cb64f86436b538f8458b848cc9adce733fb7e2d8dbc13b6018d765447449385013f5d3d666278825e017648cae07b08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a8c.TMP

Filesize
705B

MD5
612c2b7c19399968aab090add9886bc7

SHA1
e95336e0ad6e66f6ebb9e887192f831bee61f9cf

SHA256
7a68cd265cf2a09bb8a2835e59a9d422b8881b24338cd40191a31903e65d7d25

SHA512
91323b647ad8f00d5c372e3a7c96251cdce7b7db738cd648d7872c683c24883122b627d1d786b63faf7bca24dc836546bcfd53478de9a95e5b2847cfa0db6085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db455ae5-76ee-4a91-8866-92009576e50f.tmp

Filesize
3KB

MD5
b0e6742f16fa6659874742962180de9d

SHA1
a1e3b941a2fe0020e9d3ef8ac5ba2064ca33e079

SHA256
75d5102836d0480e3f095f142a32c6ca4f4560fedc1a5c222caabad7136d7eec

SHA512
33a63ea4590f957f30e8df9a7a151cde71805b4b26307c40f0019addd4126237598ca3b2da2daa6168ef761a45346f7a14a280b4063302b9f0c7eb1dd6f4a197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5f8379f38f4e165efebfee115a9dfa6

SHA1
0fbe44ede916d380403f612269c2a159f29c4633

SHA256
30d66f0d61c380f988b12c6f41fd1d890243611cabbd5d5d515fcc85190b4864

SHA512
b125bdc3c9d6d10888ed5cabd179e8ea274125e888550892bd93101ea321de9c43732288ea14657a8b07eeb66d0a94f6ba3db0be4e4af06b30515c64ab42a109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd7d49e518cfb0cba4113888735054cd

SHA1
85c31f822c96e6dc3e710c2e0a03cf051cb55a9d

SHA256
274c9793c559b09a42c3cb4a35b374157d825a2ea4ae1292c7df8ed6a554893a

SHA512
89b80614ec91eaf6e4f0808679f2a0c77c78649eab455e37403beaa715eb3e83ccb88a95627882a055a32b0648a930164b13cb920971dde93e6bb944a3d0cd22

Download Submit