hxxps://picolas[.]simdif[.]com

Analysis

max time kernel
1773s
max time network
1793s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11/09/2024, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://picolas.simdif.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
3544	msedge.exe
3544	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe
2032	msedge.exe
2032	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 4248	3544	msedge.exe	81
PID 3544 wrote to memory of 4248	3544	msedge.exe	81
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 1456	3544	msedge.exe	82
PID 3544 wrote to memory of 484	3544	msedge.exe	83
PID 3544 wrote to memory of 484	3544	msedge.exe	83
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84
PID 3544 wrote to memory of 4592	3544	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://picolas.simdif.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc5553cb8,0x7fffc5553cc8,0x7fffc5553cd8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13847041081150998989,6555707587466106794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33d57a2f1180ff6c_0

Filesize
20KB

MD5
4b2228b203a4647f9a757acc193f8269

SHA1
c724660a0fea7b2a4ea4daadf2786af17acc453d

SHA256
822fb0051c1995eaf537e92bed7094cc7478c716d8f02b269e6a354b2cccf4d0

SHA512
e84b8e855f3efa60d6144db3c84f171a435f261a7bec622e0805997b30dca79755bae89408693400aa51b20b362b372417a68641b569d319b5971b67954e1300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ac0a4b94fbb2d590d0b063004bcbc104

SHA1
783d43d37442012ee92a521682a2cc84aec34688

SHA256
ffa0f2084c46ddf46c018ebc04be1eaba8af485b0212a56310d5e1ae157970a5

SHA512
cec485bc164b49a4fd8a5325778b44ed03aa413907dd05f28edc407689918c9dc8f1e6fa4e4d67c927ef2026a78ae26048f9a518a3c9ad2c31fb935633fd2a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
596e0f04f4706f017efc69f28fae995a

SHA1
e693b1fccf1108cf521e7d962e55442034f207b0

SHA256
7017ae02d456f4572edfc34f53208231e2a1823141fa46b9934637528e46e5fc

SHA512
cb53173195c4ea1c3a961d0c716a0eea93f217598e70be6d8f8b5e23046a78c017bdd4286b83cdd7e981172ece4ed50a39a50f956e66e1dfeb6eb41101021e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
75cd86c8223dbd6e05d1e2e7b4e0b6c9

SHA1
8aefabb605ca08afba1f22fd5b58e5fce59b31eb

SHA256
c5b407e936ec7581a06a650e866fe8a9e1bccec7ea2972cacdf09a1e5746cc23

SHA512
c111b762326423cafcd6c298f577133ed69dcb83a460d8a2659d27448538dc04f3fe65a50e2cec3a07127a6acbc6d55ba308b20e634182d3452f1076a3312736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
74d07ae143597fa629b76a63c0778022

SHA1
b7bd4af3e49bfa73f6364c285d10a5859069887f

SHA256
178e4541e3dd139466d2a3de3045297a46e5a48b0dfffc3d22f4d8fdcc5690ff

SHA512
de673e71bcaa0ed4985e39e3de79502782bf4d7997e7f732b3e9e2f1df1abc4a1228065a9ede7305790e9ffa9edf9e925859e42934482f264713f812668bab48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
5a32130b125a6cc178685de727864803

SHA1
387e43e23695cfc839f8ac69eeb1a4e1630a1a4b

SHA256
240e97299b4f5d31447213dae95960e934df33261e58fbbbc0b5989052c19676

SHA512
4906694783f81c59a7a1adf48fc4955ee0828b0db1808841ae27072da9a6343d1a379276bae1988944c2175f3a3c470a5dfab4a155119770d2921638efa097ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3bee7999dfc8a94f33a5672793a9d4f6

SHA1
86b74e378aa4825fa7911abfa4839901067afea8

SHA256
978df82986c06dae3487e4b1644c1287611e43852dc75476d67f7e5b63468de6

SHA512
de1f4cec0a7f59fee394b1d7a1521029f3e1ace7211d9e7d0eded42741a172b984fd66589c92cc767c72a901aa6ea639c4b4d22929821564882cda0c9ebb2cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e06a60aeeffc52eba8a3b24679b52fc2

SHA1
47d971c3146f0a9f4855750d2ea6b8d506c16191

SHA256
02417709664fbc7a6847c1fcf97ef72ebfaa87bcffb80aed78c775dfacc79a59

SHA512
9e3c19419b2c900ac2c5f6bb861b245d8d1a4d2ad2f217c71487136deed97962fb06c736a70e212859c07e260538427b2792b5cd24c6908ad6fbe6a156320961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f37910d2d442d3db766d4278f691bda0

SHA1
4897cf8996054c0adb08bc1a95239155b94b24be

SHA256
88cd7d897c7ead7cb6a8931e158e4db478b47c3bc94fda16a2a0507d2da320c9

SHA512
d90ea0dc334da1390037bf0f4a85121b3cb01b57dd3a8624e2989d77c6d08e461d2891c0e63be8e235e15c40ea96ad6ad0f24265c328fec298b60c3173ff5595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a10bda148a2258b2c5a73033c612b0f2

SHA1
22207083b8e9c7c78e59a6b0605009a0c01125e8

SHA256
7b1a284cf4ad5c67b860586757da609862cf56b583eb6fc2925b2c2a42e04362

SHA512
4c32c5f99c8d1e9a462f6902956cacd0733d969e1faaeafe30b15d984e2a82534ceeb625ca7f3fa6f5aa2ce4f0b9a1cdd07cb52b8d09e64ba20ef897d87e8da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
f9dbbbfba1b2f58ee6ac08c967e52cc7

SHA1
199fdf0e076770347c4c8f14ca360239ea5e102c

SHA256
e8702bcc92ee75fe1fe1c0ef944c99db0cbd33ff99d0d452536b9cfafca47da2

SHA512
823832a2ff5d86a2ab475e5144f8968ffb3b0d353726412a491a1d30b9a19ed39d65836c5d4dc851f0d423db65564b9fede0cde840671cdd9fbfae42fc5d035e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
ffad56318763a25018ef24046adbdd4f

SHA1
3a32bc80a179301f43c69f38f3a6d8977119791d

SHA256
a7cfce7831c98b84533b49f26f5a904efb36f616805e683963d5c3947253aac6

SHA512
bd05f3082cb926ad92abfe201881a04707410eb87a43b477fae9b017b99711a8ee93cd3bf22bd262b055e643bd7c1c68b85886075b9f068ac5c3ea92c615795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
ceccf7bda1f15d24c6a1e043ca499f9e

SHA1
5981b4084d3f25361c828a2b2d01ee6935466a58

SHA256
30c563bb40ffecc66c22d8550c09ed277a2ee5eae0c2cbe5a705caebdb5a4af7

SHA512
7339fd6be2b23e5673e0cac80042333c460b9e8e121a61b4a3809df84ca3d923fb1be9666e52868e52ed71cb2fc7b7b860ed4a19304ed467173cb7e118a9f990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
d98ff5ab69da83af83173a173d908372

SHA1
602ba736ed560d8375cc1bce5a22caf6498e5fb7

SHA256
3e987a14ebf2c0fed3fd545ee345f4965f0e627050a44224693615712dedde78

SHA512
bd41cda1437088fa033d3b0b95d025fc8df5b831c7878d3d1eced97adeac4a2bf88d675a8ae932cd67c2547dfdc76d3988c5812fd9dff0bce86717bb86081001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
ca97872b646814714ba3556109cea460

SHA1
f76e4d595060f56d2a22e62103fbd82162685951

SHA256
d5a872e5eeacb6e7ad5ea858697129fb2ccf2facc972a8951d8ad298d7266150

SHA512
a09b55855e4f9e1e0f73bc1ad15ff3fa64de8627bf3f72f7794b7db7e42827e0be8c052ecafda37e5ab9bd040da8dba09f1a399a0e08ee074da3f0b91bd9a1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
b9ec967c8fd4e4c5e466dae7246a5f5c

SHA1
9a5e02a975cac02bc65fa9941987985d31b31dd3

SHA256
7ee29a294891facd63ba6f517938ea5e37bb0dd6a91d85872631692e47fe80dc

SHA512
0ef449ddcecd9e872a69d03c60c22968fdb499e83dc5782c35571c3bc9494a3d8c1ef1f1d53f5811f5a62539d9ba55db0342ad32d7d637ead22580a987c01f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
7d945359ffe106237678bb79dc8fbb58

SHA1
bd9dc6db87dcaefa8b0aeb5ba07e913495692085

SHA256
8f092b6e4af6ddca3b62cbbec8d0e3e81504923ddb82747c8cdacfadb8a49e07

SHA512
962e278d44764534cd6101db23a17f2e7da1b9d26ab01ae37d6be21ae2a92cd7b71d34b1411c753003e4231c2a45a5f98036f92af7461e7f21c5d819909d912e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
a5061031660b1d4eb514b451edc7cc7a

SHA1
12d0de5356ea8925a15d9e1e16ce5817a62dbbea

SHA256
db267f17fa23d2e3858e44d3d826363f77837d6448a23cfa49c46e16c59c53a2

SHA512
8a82ed188e5ab41e1685269c84ce4fd4c008d52da04c2880e49d66b395dd5e980e22fc79bb6df89674fef1f0c6f3a03bec59cb3dbfc1e962abf77da85deea3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
872cc3584a7ad6ebf18eede04ebb3998

SHA1
4ecaa6bd2ace7df738f2679a11dc97a6bb2eebd5

SHA256
468a89e01606fa9a1d0bfa2853352f19571ebddefb84aff9355fe6514a05c8bd

SHA512
99798f4ceaea252ae24c347155679af9c43f09ca748252698a1f322773de08bb6b72cd87ae3296f38ec5653d7206d88fb9ba90736986db413cedf489ac68a6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
630B

MD5
470d47d03939e62142f534d45efeaee8

SHA1
36886b4f21c29385e048ba4b5e80a9eda6040f57

SHA256
ab6bb5be6329c356163bd6c016b2b71ad2b4dd4631f7028946e270336a33d4dd

SHA512
c7e9681840772f633ac5d73315c2e8737385be0d093f37dad69d99486232ce9cfe5be28fbdb4a1d097ae258f37906661025b47dcfe9e3630f650f1d450656c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd767743fe3dbb87c71bd4a05b7586c0

SHA1
9afdc8e6f2a722781856ca241d3ee209950b803f

SHA256
870a9a70b8738bb6bf40a4558690b7617a1c545ffa6be1729dfea4289f8eb984

SHA512
120f2865a129eec600881ce1b5259096d3e1313ee50d124925eb6e682ca426860237855ea85318011704d561a43cb3fc860748839f0be2add87ec826f88eab30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e36e9281d899600e2f7ad8a1f39bc53f

SHA1
1a2972d6bb79ff6bd5ef9abe0949b800e9231ce0

SHA256
98f808216c535f55bd9d568279ca65097a7f06fafe9f0eb95ce1353a9e7b5280

SHA512
a6b90edf2d4bfb1adb85185a75dc531d74ea0ca9a2220dd5396fe2c14087ffa12460da4452e5872e1f20b9d0534cd798fdbb9d9ab9775c67952f9584c2eb3a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fece84f63f6c68b42238cd77337c41f

SHA1
d4c2747ddacdc642c623b9bd8ea68dbb02861b6b

SHA256
3451527e425a779549df1cf010f730cb6bdd2e96d14445eb4ff078838dc673a8

SHA512
1a025fe0d8e471ac6b8af1ce7d3fe75806bc22f460e80476bc6d03956e68cb53e7b37af75a036b22b1e847e5e34c3968ebd81572d05d089a77ca4b52f536109f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9bba33d972857151cd5ef566f876e0f2

SHA1
625f9fdccbd2aa428d36fc63edcee6ddf3e0f688

SHA256
163178dc3c5eaa574126563613b0bcd3760649ab15eb16ff03064e5c2145a33c

SHA512
faed9977680902526428c8463e095a55db5ad6c2be57325f877548b0b75e8dfa550c04e33b228324e48e42caaf83fa9bffddb946c185802a3bd4e634d6ec68d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a24c7abeeb1fb7a2b22e6ddc9cea5fd2

SHA1
a801e20b8f918a9f7dd7e974d3a26e705ce1b9c9

SHA256
be1865e41f73a0ffd813113fe705956e539da8b9126e9a0c68b38db4dd069dff

SHA512
49961c07b238c4a14579ecc0abf0e233f9ad4e6a2978ee6ed801d70f62a9cf34eaa318359c1e035954f88c43a9650665f5f834bf59c900731b261e5d3e7f9b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
5f218a9261576d53478ad30233fb0f53

SHA1
e47a787e22569a0962ca03ca54982e1b8f727fb0

SHA256
5d67f82a569f41c9bb27194f7cf9f1e8cc684301380b8a9464f318fb542a0e93

SHA512
5725ea3f09b10fdf29cba4925ddd7c57a20956d602fdc1a0bd7d9d8edac2d08cf0e28be78cc94a98016586f8e6ee62ae02c26bea682139fd497ce9ac06b405a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e2b658b1cd05964502b4ba7ac5b88bde

SHA1
4b8347275406b1bc50d0012c8fb5844d8e44f0dd

SHA256
5da9fc56649f4a414640ea1502af0a674639a4dd93687e5c50450ddcdbd6e4ea

SHA512
e86f0b5b27aa5546886c020278cb890492eb3bf94ca86d666ec0ffd7f6fd9f910a83cb77682dbe71f229f438712c7f1b70c7c18d6f32d37dcfcf82a66da84e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
4c4f340ce5c12d69e99972043227efe7

SHA1
33770a3bd24ca667f66eea1e0ed92c82f3e835fd

SHA256
44b4bd6c8f58458d5525ecadec5a6da0413acb883ddb7df7603d169080634774

SHA512
780ea0d949b74ba6f84b9aee23e6447070b0fe7693129a0ae9f9a38ec1cec3dd7cd1c991a8026ab47fd8d9fa9361d4a3062ff96f2409329dd449bc50a740c1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9dba3b5fde3da2cd7ce01f3d81b3a6f6

SHA1
5edab36bddb44dc20ad0ce49706ab9c07daa95a1

SHA256
e418965a1710150377a051a3655799c10486846a2b708763785cd312e1a6f0b5

SHA512
7db7a3d215ba69a6ede0f7637242d5b783cd49fc1fe737e6754e0958c21dc828956a4dcd1a8dbb3804392c38049f4802221eb8641603f4e7a35d8c719bd64ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d41f2bed75c680a6789e33f303139c61

SHA1
34325b2557799ab0eec2a9c7787f8f958325a017

SHA256
a716ec133cc63c89f3015c0ea54c4f7f4961f26f7c2d53f24a039f2094f8c751

SHA512
187e6e99ca4499fc0de1fa6b86573a1c1f423c4d87a0eac314d934b345f907ea07de36a238d3d4c733a4aa2538f85389888c6ff3cc0adf335bcf89518fe449ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7128d24281bbfc9ddcdc7a82cdba9466

SHA1
4cf991bb2e15d299897a78969f2b130daf629002

SHA256
84f81a8ba15f19ca8032ff3de82bd6a204bcdfec479690f5144f99220927278c

SHA512
04b44990a9478e2b0065a54029560655703c071ec297a60cf6121c65960fc58968543054b05f324287285498e9928daffbee3e9fef756a18033e6c2a9a6863f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9140dc72346bbd3c96d95ef580443a03

SHA1
effd86ac7c22f195cd6eeff3ec8093ac4f55d43f

SHA256
8086f9a00c550425a767ab4fdd56c1c4fe267cb1ecd70c9e8bee15a3f4d2de4e

SHA512
3641426ee8ac0f252becad3c0aff0c7ef4b1b449ba89bafe50cf8c587550b9346ca92cd31ccc3c54625c7e8bcd35352b1a9069ba501e538807c22a7cd9aca23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
216b52770da2bdfef49df19c25b95786

SHA1
8cb5bf3536a97e23e73a0b29f73a4d5a0a5839ce

SHA256
d8e073241124c8ee96b6d53ef0d9b888a936969f2f602e56f61c0ca8cc5a7442

SHA512
cdbd72ecb1b84a85a7b27e2f2c2bff1a03d931e404d88129e01b2ca6c6fda1a8e4eac89e11e5741e366a06b0d2516a00a4146953922fcd705252840a793e4092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
32519610db20c4edb98b987e56f51919

SHA1
c70a84845397d45385375e1a08bc16c40638be7e

SHA256
f46dd9306a1db3cf27d901fd070cd9dce177f8ad9afcb755719a0b495baeb920

SHA512
6ded5af8c2ced63173189707324456583fc1983e4a53e7de8f18e8bc46b5723d0657d7f72ad9a50cfd7aac3550740f5c5d91bf8a48c4ff2f275733bc1a238eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
ca8d7374e78466cc6aab1972434035dc

SHA1
2670d22828ec9d3f8cf9e302280ebbd29420cad0

SHA256
9d0e9d578f71dcd596d172cdd185a31f1648c6dc374c9c56afb913ea7116d4dc

SHA512
d973c80cadffec8d15599c97847ca12d72f27733752a00b87f5edf71ce848f11e77d872ef3f7faae428efc306982725c23dc8b7175af78782e3cd649cf667a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e736ee57852a71876370ba7cd4acd1d9

SHA1
ddf8d4eb5ad5affe9c2bbcd4cf2751a1fcb386ca

SHA256
9c6e89af5c700e5a9af20d5225e964dc7ac178daa2407c8933d93bb482de64bd

SHA512
d11d1db3ec02205c415e398368814afab70a4221ad220c66fffbadec51125d224e15c68c1887b10ca3f2140fa8016b2d53a2a6e65068ceee212ce9cc9cf7a9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
28709bc2a4d0b503bad6e1ad20bb6bb3

SHA1
af58616a485b8b109dc568a63b221c6fda15211f

SHA256
bb0e297ded4e59506e776a3c00da95a98064331674b6db166ba6a91dd4a5928d

SHA512
ef65a4fe15e5818dd8d5c4f9fe3dfa4cc13a4e52d878418f4449759d4dddd77ea328014e9e960e3033643bbfa38e29846c73ab1c85358788588b7300cc5b83a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7da6c80220d04eadfed43096dedf5cc7

SHA1
971d62b86dca8d520d50299044f35e1a1adaab6a

SHA256
54e3b97720a25fe9500bdee368cd1d0c49b7d12bcbab23012d25f8c3ffdbc722

SHA512
2272fa42c06ba735a51cab9e051d21b530fd1097fda12133c540a20d07cacf69bcf5c4038d0090590a87fd697023618f2e4650be2e02482f2f9d1c6899b4cebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
852e8853c9a82a944560cf573a42a298

SHA1
ef48ac16a4d0ad686918016a49c6e26bc2657248

SHA256
9377eb31a95ded7d3f26fa879d156a90c1ea74a5623b1e210762a6b63407ee38

SHA512
0f8866a108602cf780cd15df889094dd033a3c85c2d33b3ffed0b23da3d07746309ecfd7726f21ca569d29f18841d40b5dd78932c84ce53760ba16e6f79f0311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
831877d50be18515ac68b2391dd15852

SHA1
e31712479dbf4eabab1f6b24bce3dc0fad940596

SHA256
f005c9606a0011743788964670465d2a1dded293351f9cb4138207027aaadab6

SHA512
489dede116f939a684b494e6f7cfa1b44f1c52884e95669bcfbc0ffa94792589fd779e09c33d9ee43e03cc373bbb1289c549e4ab068b635037c48ce8829264c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
206cf27b37d7263a95048dd6f6561fd4

SHA1
dfb5181d6f8449b2dbddbf05e976c31dfc469f0d

SHA256
7966acf5e48a34a5f80c502caaacc9ca2ac08049f65595115adb21282d8c2f49

SHA512
157abcd189e8cc2b7b30fe6309b5f52eedfa1bdf1ba987cc1a9693cea853c66ba59fe57790801948346078bca9f52b58763e28d45134bf3e525afda37bd055bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
23e933558d956290d2679bfd0ee480a2

SHA1
1c7ade97c7b240efbd3675d849e3e636cf561730

SHA256
ba335bcbaec6d72c1eda5210b83c638cf4055771fbeca25607dfa52d74b947fd

SHA512
28e331b02ba704ecae87786f421ea7319ce26b610a8516bb4d891184b5754bb4d0d7bdf31fa1b937c1015de86a1ae7a2c1f521db89d064e971c3f5ecdb5a34e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2daf7c3e728f706c7ea7f5239a218ec4

SHA1
78af7a6a07c9631f7a6a316a489c2f8a878fb51b

SHA256
f6c73d88d7674ccef7980006e3453eaae6909f49d4626cb4b9340e773bc9f024

SHA512
dd95b823cb1707a1bfde68538e57adf401bde8437d4bafaa546a97d706720dc00124201ada0d0a19a3097e91ae7748dc78340ec8914d7aac854edde37b1a0bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7583246c3446c1d10fcff0b2dda220eb

SHA1
505d13d292cb7d416f99bfad405f574c29565fa7

SHA256
78181305478d8afff504c16db138794458c901357a7fdaf42d50a991060893b9

SHA512
e12d7a59a493066b9b085d29798fdbd61cc99271bfd6dc5e6aa8f879d682e7f7ddbaabfce649b485de95ce0d9d957c58b509baa08a3622d0931ab86b012caebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aa634.TMP

Filesize
202B

MD5
3b7a097a5a7501b92acabd7dae4696f2

SHA1
0f00e28d30f4ba374f888830db1a327fd3b00fb2

SHA256
9e561a1f938eb259687b8a320d2c0e3056bd44f554b9f3c90938a90cc298a91d

SHA512
ea559129567d2ffc6fa9410ffb7987115c73ba64aff2a084dfa85888892fc3db2187ba4d30def56cdf93bcd38d8b0dd5f34f59da2426cd7e7489d8063daa48b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e0e27f3b-b4c5-4fa0-b571-34c10c31cb63.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cda556469afe8effab0ae3d8a0384d9

SHA1
49a0ead4cf17ab7572f65dbd3d23b2990756d584

SHA256
c54e7db7424f8918a40863dabf8eebbc89a4e82fdf8c92736ea1c8f2b5be43f9

SHA512
b310604dbdd772abb2d07208e93dfc7dcc890d40282c3036ba3dffdc681f4aef3f761c8399792b88d73dfa810335de47d481c3fc9c30165fedf619d2c31a798c

Download Submit