hxxps://gta-6[.]en[.]softonic[.]com/

Analysis

max time kernel
1721s
max time network
1777s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-10-2024 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gta-6.en.softonic.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
1436	msedge.exe
1436	msedge.exe
5088	msedge.exe
5088	msedge.exe
2824	identity_helper.exe
2824	identity_helper.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1600	1436	msedge.exe	78
PID 1436 wrote to memory of 1600	1436	msedge.exe	78
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 2924	1436	msedge.exe	79
PID 1436 wrote to memory of 4568	1436	msedge.exe	80
PID 1436 wrote to memory of 4568	1436	msedge.exe	80
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81
PID 1436 wrote to memory of 2504	1436	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gta-6.en.softonic.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff98133cb8,0x7fff98133cc8,0x7fff98133cd8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3627321476111717638,1625026092053272274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
f94e456c8408f5b53496f9aed26f06a8

SHA1
3e86a881f06cc37b3dd94f75e829b2f6f320d721

SHA256
d971f2cbb2468f0b05b43da4b82812c9cf7148c1c1f153ca98f787260171f813

SHA512
2f08659923bd87eaff15ee0419ee8c57994ec7921e03755537199b5e694cc378eb8f8d5a51f4cf5a36a2021c4ebb21e34e8b89017c937a3ac78c08b18bdb9c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e651bbb14528e41f9595315ea020c13c

SHA1
8d86ae6b7092408680ef82838acba7679673baec

SHA256
3e6e95273fd47cb884885fd03fd6f56532ff4c6c6ae8fd1499d7aa406b1f263c

SHA512
0a447671b1d97159f744da592c88bf8d1ebae67d57bed04c83f2919ac7acea6f05b6ba5f010bb893add56fe97a7b9072e69ae6481dbdd2ed1bac6b4ebe5c04a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
46KB

MD5
79947998a75b3f9199e88954587312c4

SHA1
0d370f7c028d1eb1681ffe0996012402ce3520fa

SHA256
911092ff36328c610285d72d3ba18fb95965e74f21422b1e8f54f5263db1e05b

SHA512
e59a704a877d8874b8acfc8726660f11a8af77c740accf80b38dc328e54234650dd1ddad444d6532d8de3d902179e191baddadaa25a98e618d6b60aefb1a6685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
154KB

MD5
b5d840067dc58d6ca524db650f3dc06a

SHA1
b97ea11df37fbc43e21d0186ea03460038c43ca5

SHA256
3c7b8e2c39e58043094fd1d80f0296861bd19280bc3131d1e7821fe1b5edfe2f

SHA512
bdbb1c281f7b8dde4835ed9058993e1cf2949e4811a10c8698ccef7a36e9e855edf7ca318893129c98d1be9b022f2d182a2d2bdf7b5ae48745743bda8e7b1994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
28KB

MD5
969b0285d6b03f7b0a28737d4c0899e3

SHA1
63533572441c5cf6a786c06188b3c75100fa41ac

SHA256
a2008e3d56cd23eb5e250e112af348805139daf2eaf0b5b1b97e2c2255ce787b

SHA512
11cfbfbe441ded5af1fdc8f315816bddb802e5289926e561a87475cf15b959471982ea712b37332096fad3c216b2f5063de11575bc8a6a4c18a9e542889d32e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
60KB

MD5
d356ef2bef6c97696d4dd88c4e3d0fd8

SHA1
ce50bb1bff84b715aaf3d94ea5b97a1f1df141da

SHA256
39f9fd63b9383c06c2f2b15a1915e5b254e64ad0585943c8646cc9e48ceb05fe

SHA512
461f3d362807b41e8394ef662fc3eda3a31309defba8e6536b8410963b81b47b8b9c5823bcf1ccf068e494626f7e79ca9092865dd79603c1eb59aa9f1e641d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
156KB

MD5
f5dd808c72936b3b55ab9d71e77b74fe

SHA1
12feb671de0a8f8a585aa1a6a959fa9359db226c

SHA256
5817c7e82394f3cfac3edc54887165e8d426ad342b15deb5a0bc1d817f8c4075

SHA512
b4ed4ca6042b68a800f5048b8007821b84a360bb372361cfef7b270a941560148eaa2d8d668aa0e9ff492e594578fc54021cb8ea26e8e2e69ce19c6e7ffb22e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
28KB

MD5
13f9d801ebd272efa5d936a2fd9b60ea

SHA1
e1c352fc815a3dff3ec8f7c0b800c0dd26adea7f

SHA256
1e790749a48dab97e9ee3713f1a04ab8c861b2bcd47280b11adfd241f90d860e

SHA512
c7e87458d02f18fa5191391ef7ac0a19336edc0a64889b097136aadeb174b5967fd395a8d2b59c0ba4b2839e0c5595738d4e94923ace781d4cd15241b6165ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
18KB

MD5
08811ef217d513915fd1db491936e525

SHA1
8977e94f0f591143a3241ddc9f31362e144c86ff

SHA256
2410123b8a066b4794230cacb7df3e72dbed3d4db8589ca1956fa116300885bb

SHA512
8c853d371bedba9c0fc5d1d57eadd69d4c9dfe90c0a4b05c9762c92649bfd5e6a0b56a2c25004f5ffc0d0d3f07d34b391aa3399c49f3b3a932c15a0c3841d076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
30KB

MD5
317dffaa1cdc8db0c9f531a9e223f245

SHA1
ad8c704ca64f45fbb8f42b042b7489f8f5175d3d

SHA256
1aec967cba6a7603c2bc09922a3613d738e746d75c2c6b11154d215bc7fd172f

SHA512
06b367ed9ff978428a77533aba7a475b02ef643883a374ed3b02e3e93632a6a053d93dbb73f2b2a3defe9ecb63d792e2a543826896ff67e5c90157df35ca136d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
18KB

MD5
f2c727f40e300bb8f5bf5eaf614aa656

SHA1
4ade0f835ed7c18c3f23c9a716161c155feddda4

SHA256
22b8c396a3b4f305ae3d9d508237ebff153a2e9353ccc3f0f9041bb58b8d5b23

SHA512
50441e917a403ef97563eace0e25e84fef255069400d2bbc348d36c0084b146b4e63f5f2cd59d8de7563e1afd929650f8cccf4e123180e670a6a1d0caf387bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
90KB

MD5
9cf14333b6ee1b4a942d7a3a6aeb8a94

SHA1
70deae49f5d0534d6079fba725535f849c9726de

SHA256
feafebc7529661aedd2afd43b36e998867bab66162ac2ecb5eb97fc66d8dc6b5

SHA512
ea617445d11de0ef73b8cca6bcedab27b1811849b6d06f204bd78b6b4486dc5ef51dfafaca5ffc668b216c3e5699ed196d98a33021cbfe859ff4ace3afe00c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
239KB

MD5
132688a8fcef1a5b00503fec72665749

SHA1
9e5e457044c776c6d85e106d77ed032fc8678ea9

SHA256
c9d8013ab36b83487849c58f63683fd7746305ca86069876856091d97d54e27a

SHA512
ec7a84774396db176a2a947e8d45f2ecbda36b6302025df7c9cc1b1472d3040b6f9de2e3b951bbe1d5a9f2482de50797679f861d38b93e3fa69c398a44302dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
66KB

MD5
195eac8db284f61a813a38b980ce3a77

SHA1
0e58526cf0005da1984862ac9222b4653e0a88ea

SHA256
92561d7a86e9136a3a6764ec34df8d373a984797f27f0223df39a0808ddd05bc

SHA512
3c3de3c1c4b43fc064369ee2d468d9e986a463fb2d37fea2b53a5fad9def0e30a256196dadc1db7705657fec2290b4aae664922c1ed28e6549d45af02e9ff0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
158KB

MD5
c5ebeddd48b77a776d262c805680fce1

SHA1
fb883510ac888e5794a755265c02cb22e2508c0d

SHA256
53358eeff3ce3ea48b9cebc80fdda6404cdfaed74f7064402880464b57c4c120

SHA512
680f3cf456874a2ab0199fd2445c54896ac35eb2f15f4285aca4408e7dbb35a28bf4ed8d5cb35cbbfd1a79206f573ccf8a2862b31d61de7db7e5f78dab58c21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1105062380c33d33_0

Filesize
30KB

MD5
6a174e329beed31907bc33768eaba6c2

SHA1
f174c3cd62cc9f3ecc9c2eda1d7bd57236979d9a

SHA256
a4c4ad4f5af5930d16886c18bfa2fc3c6d99ffc7526386a0229904f38167a44c

SHA512
a68f3c2e4d8451ca65fde56364c046772febc2c0fe8866f7eba404fb6e13bbdce3b1c10eee315e6ed203d13c406dc4ce12670ef3e25fd5623b68470f09138f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3c5430ea90e1a2_0

Filesize
3KB

MD5
f80198a81a08410af9f3aace8c3ebf30

SHA1
3cda616481609618fcf4419cd2a4db3d8d1bd4f4

SHA256
4ea213fb0a3c06ba50f5c7c07d39284e2509069a90654ed948831ef198619e7b

SHA512
16a0b30848c4ec68d923511efe327030f1bc25894fbce058f6aa9678193e2806edddb503a376108a527ac9901d48a80b7664645b7a98b707634e27f528ddf5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98789f7df278de5b_0

Filesize
4KB

MD5
b69793fca1da94fe8e05584c53fe4377

SHA1
b46b5d648db7235e5ba74deb13fbc29b0e9a2a48

SHA256
166df04502e94354c811dd4169dc0f2df8144d47597c632866795f2d0450a68a

SHA512
c6ac6e92cab4fb411cfff226b6819f5d6ed112192844607348233939b7c56e333d4d5c7aced7bb190f91154d715b82bad207ca103be4cab04783186660f7fc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dcdfd9cf5021f3e71ea93d425dba9c46

SHA1
bd034eb2c7c1da6ffe091f8bd2d1bff430af24a3

SHA256
4b68891fabc021fe25095b9102c7a0a9427b79a174b543814d33c17bc7e558ad

SHA512
f5a50e7b51ef899aadb83bc0cf5dbe82aaadc8677acd7080839122e33493344e1b7e8f8211ad225b169402e6636c1a3d58e736f1e710541fc7e7725d296b8dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cba15cfe548cb7d3e224e0929a292957

SHA1
08d848a1902ea7a569c5a494cb0898129e3ed56d

SHA256
ce7037a61987bf19128929405eb106128d9a2a15ae80751e598fbe17773861a9

SHA512
7a324e43874c4050bc8b34f9ca9fda952eedeb88384cd4bfea46b088d5fae8d0bb6d11fdf2e6cb415dd2f14e9723876dbc860461f7007bc7b534e05acec3f6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bf364c1900f493012f3dbb0205f7d9df

SHA1
a8ce1d7f85cd4bea2eeb621b36e3d6d581791a23

SHA256
269eaa3432e81694909479c1bb52f640126b41678b50ca09d906e99ea56a88ec

SHA512
519e0469123e64d9beb249a7f7ee6ff6f0f481e83bfc2410fe78fb5a74bbb0caca817931ac178d9c803cf4a325f9170134855f67e49c44e0a3435610372e5a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
898c4e62fcc973e9e8f039616561dd2a

SHA1
a1b9da9d4a10cef6b2876afe1bc9b70447075c5f

SHA256
1d91726fa832aab433b19be84247a53d088d9b33fa0231186ace9ba82059e481

SHA512
428b424d47d3c6cd8839d3e07d179c215b4f9f24f9fc7e668afb20d3c04be40b14624ebe197d5c11a7f84cc3e893dafbb71f915ceebd74d71309f3e23aded052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
6d29695b8ee766f8906cef265f08869e

SHA1
e04767522e8b3b1949c7a73621f0842635ccc8d3

SHA256
e9ff3c3f45b1abdeccf21a266550576cffe986099c8f5b48ca7d139267edc7e6

SHA512
13c5b56f871b72372483fe4e7ae7b152adcf23363bd05d432883b5b45113eadae6b12a78c3cf549372960b856d99afef8c6e5a7ad3883ca991dcef07d9ef1225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
f7a5fadfb2aadc742c6b56e94d8b5669

SHA1
22441c43a7855f2c75fe3cb6d7ad1ed3eeaa95be

SHA256
451fa413ce1819ed9b8b0bd4383c1a021da82bef8d501beeab43145eafd14ed3

SHA512
487390ecc2a9f26ee1d9f579227b88cbd0078fdb5966e2099e4afd54f544b493f037ec06b4da806f43a0c9921cc85942fb1c95c526867afc1cde14bf34cb212c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc2da0a30f693ed92304fc7a6244c8b0

SHA1
d860329c0b8c8fbedc3ad266dd22312624672519

SHA256
d5c8b6e5253db55a1ca7796155e7405c4a9aceabf578d8758cab11d1f5400003

SHA512
d2a47e66352d488c977e5d0f4c9aaa17bee65f0a75f711d2cc11d6e76c844a4da3d62bc41c5ef82297a4e6b82ad2e5e1e488a019d037705c41f3df7f5ebffbbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4ce423be663df900acd118fe2ca3a7c

SHA1
2ce4fcf5e67d4e52fb3b93fb7d73616953812dd9

SHA256
0b25686c045ece910d6289453107d80abcfa4e95217ff993887bddd9f8480c3d

SHA512
6c48fb1d3f4cc59d5efac0127daa7fb37c59906d9eb89bef3a3d810c52372367f7ef79f2e831b912dab0a5a03bf7fa8807c79953f335803cb4b8aba7560f1d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
00a5c96a99d289fdb0437d18505598f0

SHA1
3ca5724f2b4cc892ecaa7510b36e3ac158796883

SHA256
ce2cce99e949d759a468734a01fa02273b1e88e9acd878e95a5260c6c44a0695

SHA512
5bc4a9a9248520d0e4c3f4f8582ea2313e5a7343a41c7b0d86dad3dcc4f9d6665d81101b469710c0ad032ef2199a662b79a997240bb21a6e7e90e29281eb29de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e4ead01d96069c21a28677b2f3a95f5f

SHA1
b36108709b3cf6b0257e1220150f769908237639

SHA256
9d8ab14a50ca480f32e7f7c1f1928993de6b3ae5cc70b8d303a9af24fbf131d8

SHA512
b6f328cb21b6c72b7a614fd0d4636094bdf89dea4e72534ffe64be0c2457bb9a0cd81483d050b1df766b38d4cc9e3c995589d49edb9f39179addbe4a9fc3bc31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4d3583450db11e54aec07afb9501af0e

SHA1
b6fd52a3c26f5bdf69b09cc70158cc04177838dc

SHA256
756ae2973d027408ec2a5c6d1945a25a6e0172f7416e077fdc066ec9854a27d7

SHA512
ec209c4f9a16b24e8df6281399e071c1c0ba27f73fd6db9f1e74c143a396f5bf52e7873fa18882aa963448b5bfddd4643b4b08120b8ae17f04a0960e13de73a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3efb53c3062fc70daf2159c21b199169

SHA1
7281cf03f0d468413b2def1ab7f144046fd5bc3f

SHA256
294b3c7e83cb38682e6285ffa97c1603ffbee81ce12afe55d7adb22591240d10

SHA512
c91445d9c16f240b05bdfbf5fcfa89f35088f545319aa58816b88f35947e8d8fa941e8bd52fd612e342ec35fa6f11385c95d314caacbe00cb9d6076b1c0ca6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c0dbed7b8174a6e594a803f06499e263

SHA1
6c4918d5fc05ce102a44d22a63b3665b073aaa6c

SHA256
919272446bc80922e6f8ebd48e6d4896d19da04c59c40d1be0ef5d8b536f6c47

SHA512
416456236489ae4dbcb387623d501144795bffbaa7ab4a0208459f4d31ef7ff0a6cda2122f47669450021ea1eee1e8a34188c4bfe3a9738bd999d4063059bf1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b13dd0fe72a278e6f75cf07805537c24

SHA1
77d89c29896060b3757ce6eed7af4920f8b9445b

SHA256
9c19393dae22e6647213c0d9a88690b564a5274ea5d8c3128e74d54ebe4ac677

SHA512
c81251f81ad89cf53648135d09df3b58b879390cb0fddc3f273ae9bd9507e79b4e725410e54a0ac389c466a4bb266e739f9680098d689a5cea887104a329aa8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dfbb9f7712d7182149873a8edc6575d9

SHA1
7a588f08cf8760ca7cd3e81309cbf624209c3123

SHA256
6a603ef19c07b70f51abdcb929cbc4f9c90c9cc906d77a649ab9e77dd0ba53e6

SHA512
431571644d6ae6a11e7243577e0d71f0c78e343bd125da8597fd1b70aeb7050245f6ebb279d708aa4aabee2c624c4b1437ae1b2cda7f0615dc4addb4fa3cc5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e31ec73881293ad43355019b5c7412ae

SHA1
c7d57eafb526e8395d0ff7292766f97799f03b83

SHA256
d231f5ad29033be94f8f86a47e53a8d4b30092094796b36d6ce4e4d62ca7212e

SHA512
788160975650dfdcef174940e364937d22236a03bfabfd81b20ae1b58d22de3623d7ef262139125dea7bfb43ddf9b224969bea2083b01abc8bef2728cd823e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
883114d98a659cbf1d9dc6e0a18d7eab

SHA1
4f16a1a804d2467c8298254cd9e255af667dee5a

SHA256
dbdc1ed321f902ea24317acd0c322f1ec096174c9e03b8fa7eb4ea9699778021

SHA512
575519a432519130b3597d3968403acee0bdef2e705e3160076fd1ea4ae1bcb4beb81f0f6024e30c0cb34be1cf54c6b6b9e4e4757da19642fc91cbc659eca4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e6ca93e7b20a9af4e5bd6696eb967d3f

SHA1
3869ba1a3ea96dc8d71fdce65b2f68110002c190

SHA256
9be6e1a9245f470012ded8a7e713006422ae32c2552260e00222dfbc1353c2ad

SHA512
fbe3478d36904ff28a9f7c5ac2266035841d713f972b54eb80b5d4b31c9906825dc025b778360099d73947aa44e6a227ee4f3cbfba7c569479f8f1cb222830a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9e9a5bbe02fcbcd822408c362f25dfa4

SHA1
648240e4cef8d1875c774880f14fbd2f755bdd14

SHA256
90894b531b1a757529823cc4c601c3386e27b00763dbf15707418a65547bd797

SHA512
ea023d5230fdae1041dc541f7467117f94b78abdea198f5230f60af9d82c170afbba006d14f2b0b8fe2293b7fd7d155e27ae44136dcbb6231b382d066389697d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a9aa5edb71ca9ca4ca9f3149a1589338

SHA1
40a04fba6ad117d506027552813302f33d1e1b6c

SHA256
be7d1160e8a9bbdb6d1058abb795bf20079849edcba8796e681e3f96295bd149

SHA512
9ffa503de09b2b70ec2e8478dba6cb1f3d8f3674d49a869a8711f8b42b1e31da7f9ee49ce5fb0daf899c9c204c92ed000a0abdfa177ca0357aba5b5348a0af0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7167cbb770f427884544c80065c4895b

SHA1
fca038540f2772cf9b4cf4526a9ef76d8a60d2e7

SHA256
bf87a9cd0b93bb9777b4db094b11fab2baa0d03a27dfc33070a0adc424db7ccb

SHA512
4bc977c5ec50240d1492ae65f2a006d2dc99e09a48fe7fcc5e4868c19b4f4cb272e21a2e6dc61060f7b4e5319f25bb4ee307fba2763368eecc5015a97357c279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83cec94d56d464cb5eb55f13876c9f81

SHA1
5b064b6dcd2c2ce7624e86d6e8af7dd9eab689b1

SHA256
9f4dad3ace8ec5ea25010d416e8a767d7eea4131ea5f3f8e4c2f6f99a3e95089

SHA512
e26bf67b2e9e7bb84187f2fe23d91c003729d6e2c3af369194fdb925efa9be98249bd9625049637a5b0abeae83ff67a8ce4c9cb757282e9f0643e49e2c04c980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
56555f369a59acac1e34812c5545c571

SHA1
778630a1ebeacec6cf3c2471a327f9f9f8a50b5d

SHA256
450a5c6962514264982cc910bc0e5b72ac2343384405cddaae349ec3bf1f4c60

SHA512
d9c6100178cf98c7e1816802b4439756e6e5111be50f2b71afce5faf3995b4b876424b2d0c9305b46feddd1e1d13a89eb08c313cf438c54587f6ce54e8d8ce6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4052f39a2d2b863ff0c671e9727513e5

SHA1
001725a1a09a1c930e7d8e803da0507c5aefbdc2

SHA256
54be3b9977c3d642113da06ccd83f1b4a56f36385edc49d25c09e5251d9062b1

SHA512
9f79848f00e007d750966ef536fc81b70d2170739125a52b9b425ce14fdb31603bab0c505a468b149b7212fef24027f030624036d13dd3016ede50bdadebdd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
10f81a4fe35d3dc791011c2489099480

SHA1
cdb1520bee8b14015cbe2d356dea8123dafcf0e7

SHA256
a9e2bce8bedc83464b2f7d4cfd0199867ee6c412ade78244189f3d33d14ea07e

SHA512
b816b2629515699985472e459816eff7a5a8fd41ec152007defe2130c68562d806cf364ab4abd6a33ea1d54efc4ad3654badff17404e6111d16d634c384204e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5f325819720c803356bd8b12db0bd13b

SHA1
e634d77953e812f209a7ea616446ad5adc8564c4

SHA256
f6a054f44912cdd4f35e34c9ae5aafed556a59c5dc8287d2946e005bfd31c4b2

SHA512
02f949b44f17d4c686dd63376f13ff49e119c03830e2abdbd3487f47859f48f2f6bcebd9527c0f26bac2ee47dec25aa6f0ce042f6fe6259bed2eff5e976a0176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58292e.TMP

Filesize
1KB

MD5
b5d7cd7758d9cf05807e393a4b81a044

SHA1
b1bfb3460bae2225945305159ec9e6de5d638e2b

SHA256
e8e26c002d54a3bc05e4272fb4f689f9e78c0a99a1294f08daca73516860e719

SHA512
9a9adf056b2e67b554382098ce2dfb649540f6dc768a4e3b4aac97f4de4a98d240088f7d68b805c107d9cd9e919cdba176d2d4bb259373176622c5320d0412cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7da5bf9bfa806257b8f218381308454b

SHA1
91c9c7a71c0d89c80cdfe61e35cad328bc528641

SHA256
e557910696bf637b49468fced7191b9d67af42cd4a9cd75e50bc2b632713f68d

SHA512
9b3545aefd9d9268de7b1bdfd24bcb47809747341517dcbf76ceacce0c2483467030774aa824a83b04fd332c0c6a5e8ebfd39d5d937c1f85b60a0382f1949be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bac96fae9c2e515c5c490d690b1782be

SHA1
1e887dbbb95c2432e3a87ef2018c2ee3f7b575ce

SHA256
bd925523918c3c7c60dde5e4ad2e19f6b7ec0c28448769551d96f4411515a6d8

SHA512
af84d17ab1f715ad4bce591c469bd324f7c98f26440e6b7a401b5ad735434a413ad23fb1a4c0d1940f09fc07dfc1b55865eabdaedf92b6b9db52ea1a746586f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit