hxxp://www[.]deals4me[.]lk

Analysis

max time kernel
201s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.deals4me.lk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
4548	msedge.exe
4548	msedge.exe
4556	identity_helper.exe
4556	identity_helper.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 3312	4548	msedge.exe	84
PID 4548 wrote to memory of 3312	4548	msedge.exe	84
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 4484	4548	msedge.exe	85
PID 4548 wrote to memory of 3976	4548	msedge.exe	86
PID 4548 wrote to memory of 3976	4548	msedge.exe	86
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87
PID 4548 wrote to memory of 1624	4548	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.deals4me.lk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93b0346f8,0x7ff93b034708,0x7ff93b034718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7509038654715985546,438786574231243830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0d9ecfb6-bf2b-4567-8559-61a75742b2cd.tmp

Filesize
10KB

MD5
80d2c84431f8e8b7518919be0d6aa8a3

SHA1
579e2cc5e1e127ff77d6f9da5bcc9ed42bc920a4

SHA256
a136a37ff7d7ab50696bd8660fc63745613fad5c7bfaa595d1f60deede001815

SHA512
ce29730258fd44278488864aaf7124d0ff8d371fd20062fed54431c3f12a3ea45795ed82f8aff5c5a5799613b2c51edf508c743593ce6086fc0acaae9c768f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
e1f7a4de4ce44bdcc870ad4159c68665

SHA1
1d6fb90a1b9a0426e01f389320837cbe43782ff0

SHA256
f0767e21434cd733b7119f3fddf95daf016462a36fe39dc5791b7bf821dda617

SHA512
acc5348c4eaf6e457b09f15381453e037f9183c2435e1316d0a7965679d1033ac550248bfa5251ea311ee4612bbfdd7ec5a7de76056c67b8122a3f997be5c734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
118KB

MD5
ec3bb52a00e176a7181d454dffaea219

SHA1
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68

SHA256
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

SHA512
e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
fc4c997daa3645f69e53eb40f590d41c

SHA1
6e65f9d6e4b8b5ac164d522e1deeacfd1ceadbf0

SHA256
78d58b4b90e3a558f491f32d679b643168cf22a887e7b833d6df7dcb79f601eb

SHA512
c1e3a409a3d17308c6a78a82d53b122719260235db3d105463a6c7ea0147815cf51683116e9604027954584bf7273e9c9cec485559fa68f8a11f842adffe6f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
ab6b02efeaf178e0247b9504051472fb

SHA1
8256575374f430476bdcd49de98c77990229ce31

SHA256
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

SHA512
b6aba9e6de57c895e5bd7f1bfc4f69234b30180e00ba0b3316abdd58049adbfe3ce288f81d6ed46972b04669cc2ca169dd959e4f08e30a1e89e3402f754421ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
0ae29ee862fb43cb03121ba36e2a6a84

SHA1
605c9e79df2039cce64083ce196ddb231bea42ef

SHA256
6c80f43cc0dea4ea00e226283e8e52a89c4635feb489c57a6c7c473557629ba3

SHA512
f4f61977eb38460ec30086078084a1724d9b850d027a949d476791d3be219e8cbbb513113dbaf6d340e8607d085f69e123b68ea2e6446f0682188043d79c8a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
428202ebb47bf70ddf66f2dc11119869

SHA1
f04e683d6470041f9db30d168ce59003b1dad114

SHA256
5b545e1599178e6ace10139d6f82fc75ed3687cbd7344ef85d8c3473735a1164

SHA512
619016bee428ec69f08a23aa23058f7a2d73e3a039af14e25eb39bb64bbe5dc37f5211865f1ab71031076506fabc053f6dc4a91be4fcbfa7836572333995defd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
78KB

MD5
6cfc7e6127dd4df9113782e51eb31bf2

SHA1
0581ca23082fd0cfbdf45f5bb19bfc5ba22bcf1a

SHA256
1446f8af73d10bd89c253ced9a6654a28350a211f1de88bbf09d311520270f9f

SHA512
07d75973ccc26a8bd606c80107a6feef2bfd1e70d3bf00989b845ad665361edb07b6b6f759a6573af393b2a4c17f2dffbd766338731a4f164a535251764f2186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
51KB

MD5
2bce7c1b232b96f64610b8a9b656a82b

SHA1
79b05b28c478511b8b991f105b60a7ee3c003126

SHA256
006e89d042e64775b201dce5d966c610a294dcc4a222bb0143c71937d106e0cd

SHA512
bdc4fdeaa1429e043e21761703e5f75711d06b1485a656d0a03d9cedc6e23d3d4295594aedb6331b026b0b88855a5839151063c9e2dd2b31bd835975bec1d003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
139KB

MD5
a79a31aa91bde9956664049b85bf5a8e

SHA1
9a9df9f886871df4d9c767b972c369f592fba1e3

SHA256
f1f7ea8072f6a13b9bfdbf7007d783031b7158098834e0c813e2c3feca06ddcb

SHA512
3666a94c89286f8c994b8b1b60d29db494d26f528ce1b3e43f4fee77f9bc7c216f87f571c14cf522065ed0658789b5e1884abe2a9edd8a4333ae273bef813671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
103KB

MD5
d2f858943a7aecaca501ba14e40afb56

SHA1
1b464726dfff718b3a70454760aee65d1f56b9c5

SHA256
e81e70da6adcc5c00551078b7d9bcecd85867f45631aff87dfbfe4bf708d6b82

SHA512
ff7da937aa5562377947adc061a76810798982e176c4dca47dcadfc88fd374c7e48f7d5c55004f659813d802d62a9dfb85f66149ebd6b3fdc65cdaa371c0797b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
63KB

MD5
c80a4cb90170306cd3c0c315df08206e

SHA1
3af2716ad7bd4d8361e69aee380540fcfba86b18

SHA256
355fcafa80bcc320b64a84300ccba7d088779a296a96fa74c1e1a8afc5a2a01f

SHA512
cf31010a4d006a4e5ee135199e94bfba1e7c5da0e4ea3cd8f4e9c241b624c4aaf5b61cdbfdce1b14eed7706f107ab302b79a9968a8b9027f063b81ff58aa748f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
21KB

MD5
da93aa5083d4a8a231142493c28fdae3

SHA1
7ec3646cb8219a1e3f4d2bfb9b80343ad4ad0fde

SHA256
f953d546d5c0159ed38fb748e442276e47958eb0f95f29c6af82b7e31e3667ff

SHA512
4af42d49043a6d8d193ed491a66999fa5d57942b6d1ceea33574eaabd53bb7cf86573980ee9c4aac98b3e039011634c2450041343872de503661416cad2616f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c8c22862e631c1_0

Filesize
374KB

MD5
d4ba58f9e63694eb90bb758e6d3b25c7

SHA1
892ee34fbaaa5e854f03e7e926bae4ea94580780

SHA256
c10ef39d36641241fbe192396f9d4d9a35464e48444fed588f563eb402afeeb8

SHA512
1c5b511f3a8045ce9c2d861d193b09e426cb17627c3da5b5f649fadb35fb25b477297cd6b79b7ec88b3fc740f7877b086f1717a3ded5dd567efb5e497f0a67a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bd98be866eb14e2_0

Filesize
3KB

MD5
affd7f48642fd70ff5ef7fc5264990eb

SHA1
c9726cdcbefbd231634a7b11a49680bb8df972cd

SHA256
b50c2d02ed073c7686b95ea012c31b63a4e8f7c0303d516360281c63f1525f21

SHA512
061ffc7fd539ef4b4c9cb4cc6e220e4f95815f8c83b53b8ed8cfc4c5d7c00ed47d81105c39b8f98115d76aa5161a85f2a3d99af87467dc51b2f7b99dab0a9eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
303B

MD5
436cf244275dc2364eb86822b445f73b

SHA1
7be60ce71c098029db65e0386c7508bc1be5632b

SHA256
cd7505b415eb07909426a35bb6f5d1a101ca117139ff321aa29b5411c89d6cab

SHA512
75dbe4b2a261040b2d7ec4dab580512436a8d100cb64d3ec789ba209a829f43d9df3a4df05c6566ab377b7b9c20cc99036913bb58ec7b135a00bd00ad755c6a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f425e9ed246b4929_0

Filesize
31KB

MD5
5c7804ff4716157897e3c82819d743be

SHA1
afddf372402d32fcabee890604cd5e5823656532

SHA256
be40aa70b66c4834e1828bb8f27437f2584731511eb5bdee2ab6f98cbb4bec13

SHA512
e86eb2ae3f9bfd42fec294eda747cc8c28c9e8fd6db19e9ee25a690d68717d7b11412192b739b859172d4f1640b79d4ad61533bd60205c05998936053b075b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
58a72efa7b93d04cf74c16cc86d24844

SHA1
dcd2e03d202d9796c6872ce682d0d329dc2478be

SHA256
5210a32089bdf93d06ce1878ab2d563794c5f73aaf76aa99b77bd8656d7b016c

SHA512
4f84e1edc851b64fd8f1dc390cf8d19d8ec39ae2fc2e83ed9eaba3f6a2681953366b6a57cc7c304b453f10b99e56249b38c57489b31ebfef8fa40e7b749c3247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
659e688af017464abe723a04b3df3fdc

SHA1
56b0cd6ef648623eb1ecc698e3ac163d4fac42d6

SHA256
0c8750277a025a1acccfe827d7a622639cefbcebdf2fa11e15e4832ef840d90e

SHA512
1e2ba2a880fee9d316a93c3dade255c4ce303643ce63b6e6a14536fa2b3dae3f2eee851819620f9726188c80392ef483938ae858919fcf521bd589e3e31b9497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4c0b3137e027da4035b4383c89def1d3

SHA1
2592e8cc96371c278a76b1d3cd20ff79c7f9a3e9

SHA256
5eb2ede430b7287bc6341f3b8e97b9632dfed863af6f63180f661f90a84a6dc3

SHA512
3a61e06099b82dd9c08fdcc653bbf0e34df582010f6757539d07985354fa3c7164e4c7b4e993190c96499280f61279516fbbb24fb25eec18bb1dbeb60b12ec95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
653c5ae4b058dc3c64cd7977df361170

SHA1
82f9943c39abd737b2fe56955970cb2f8b813579

SHA256
7e59dbccf1d724fba9c438e30219daaec595a2504692b0be4aa71d303b0f64fc

SHA512
1b1226a9e57039581d2c6d892e9758182a9733c07b71e21c7d9891a2ac6e277fe861b46c15a36898e71cbd79cc0342d751e432897b8164b1d904ada86d295676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
4ef8771f32fbe700ddd7c61f49e57e77

SHA1
8969c726ca50d810f38b4a90698198a566cb1f0c

SHA256
c107627c36b0c2aa9588211faf01531cad43e88368ad742b9edcf0551dc4b0d6

SHA512
61200b43f44534a795ca1dfdae6ba14102e0f386c5aaa5974d2b2de77ba2e71aa78268a9e4b57c6ba361cb77eea67464a52f2dae22fa61970d40c3ac6e86990b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b91967a376eb7c7659466cd6f0920067

SHA1
7575aa3af9ea5709c4d70fe98b2753afe476feac

SHA256
61b39be7b359821ee4c7ce413b6517de3d16c1f71cfe7c5b6d36e2de53703d0b

SHA512
f06c9e5663eb8395bbd72ad5902b72b6c18c8ba2a16ce3b9f6bcf56ad182fdbcf0d751db046d008c283b94b5feb35f95faee6170b10469899ecd6285cec5e801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
627a7ad04517dbc908883d75d665cfbd

SHA1
1daa33a14cdb3c9fbc4a3f022df49fab88dabd2f

SHA256
c9d76041442fe39500a3f0064212d6ada0571910b3b957b54140ead25ce83faf

SHA512
05af89bd4a64642e8c025aeb62d95432b7b0556e07e7b2f3000ed74a1e86ab6e30b246089695e4f0e870ac7a3139a169e5960d12c9ea66864bbf95346e5d6283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a2eb681d7de0ebae2446872b3104825

SHA1
c0c808d4a2ff9ccf1b4926296f9abe1b565b3c5e

SHA256
e199b4a3d5b13a336d5d6fd2b3548ac707a152fc7fcc785abc4b91f98ba4a72f

SHA512
e78afe7e6ea3ef2796d210d8fb14d2b6ee37a69e4b516ad28dadd2ba318cb6de08a7b45e78f165de73582fd775a60e92ab7c7febd04e804f61f7a7069d7bf4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9e208cf372f4b5dac5eaba8cab2ffe5

SHA1
2aa4451b797f6e7ad005547d55db481b49fff017

SHA256
cb6ef90e437199d818142f6218092a5fa535088c8409a3e6b3857d26bb416849

SHA512
37eada8fa77d581198b08392fa4304980ed9281c5c18952693e3d4978c720ce810f24752b6118c8fffc00bd5020f3648e1db3b75e3d0e7f1759765ad4c812727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e1fa8d597c15e81ecabf4e4ec8f9793b

SHA1
3e7a9d76c9f2b1bf32f1c34ff139a0da27884a7b

SHA256
4ad8b9415d23c7eb171a6e52fc93737c0717a86fc8206a09190bbde11d611406

SHA512
131057fc387d42641fe7abaff0904009db5de1c2211fb5dfb4a0d080650b0d50d00e59aa11e7a2582c6cf331bdbcf482b303c19a1f3426fd8a53577f3b3d88c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f26387dc2544296ae2ef5cffaad1475d

SHA1
3f9664de54588a33eb67179cbd20fe5e459e8c58

SHA256
0eb2d931d6237800ef4399ae8a70b7c8258cae806d0e49452a46743e28dec314

SHA512
24c8837be950353622f1941703addcaeb8634c7be1a9a2dd4bc072eedcff0d9390b180ac25f479925b37fc38352738886f4011976259e3551bb22d90f28387eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cc238db31a7a61601caa2964bb98031a

SHA1
d6225d1421bbd8de40024545e09b2fb15d562dcb

SHA256
dfe5bc12047f325339536843f0f48f7313a84ce1a1e5840df8448c25c5fb75fd

SHA512
83e25d90f2b5354718e21af774e75ce2fce86b6f7810eae3b6e7845322806d3ea736b2addf78376004828e3710d1b540dd42d632c254f61c1ddd048f729be6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5efc430e96156216afab46f931bf3708

SHA1
105b07f7d9bf61a4b8dc8ff1b39f6928d35cd91c

SHA256
83614e234ba1f9075bda61d1a158d054add752487a6b1cb9268f1420cd92ef27

SHA512
7bcda2b4b49c482a7cd8646b570e40560efd8558cd16079f703d171677511a6bfa1ac80b8657596a28559492964d9be8f42e46482c9cd43f2057ccdf8de0a5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
174d084cf0a4e646f1e8932c9bc1d862

SHA1
d53bfdacb2eb2920cc9d36d4bc47889cf26cbc53

SHA256
9e67f9e1cbda0b17cf48f09d6890ea5f59d134353c273664392cd87ab89ef014

SHA512
056c5a882fe6fe210d8e1bebb41c53606e8cb8987496c819a9f4513e208f27493a1d552c8fdb353a481e8048f64b28221bb1d6e3c2fa66378e25818ad578ba59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3782c1b988028088eed01a04fbfa49ec

SHA1
61fa79deca6e6fac8769e29d8f213915ce97a230

SHA256
681227adb75c26ebdd9456febf005937ea33d52d222c14a47e5df370dd7caa79

SHA512
d8fa25983ce6aa86d02171920d751a3d7f2320df61fe6ee38587287c1117100aff1c373802caffdddd2564e3ae1602100e017e52996f65ab508d4ae6bcdcc178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
8add7c5fb0301d460bd8cb190084ed65

SHA1
b50449c46677ab27e67197200ebfca9d92663242

SHA256
0a065bc7a451c487059a7cf833d97f8feb54b6f9b2ef483fe71cfcf4067a277c

SHA512
acde1b42127d0eb206e0a7de3e25d1895e61aff1983ce11bcfce652a37e8a300025970c00ba3f2697452fb7f506371438778a05a4ff607663c708824e4298220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e3455dfa8728ff10a93e4de7261c8465

SHA1
7da5237009e0576dabdba12b630f9a5844d24308

SHA256
ca141516f50af36a1756f6d93bf301a63fd2c33a387bdd0637aab368c5bdcc92

SHA512
bd97499bbe37d0eabe23496b0d98bd3214b9315271c3f0ebb7b50e109830c558729f9c5ed0553f23db1720a457a5d7187bdb0e342f69616d98c255f7ea49a013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
66e35e457bfb34d4f2a97dd868e1d195

SHA1
158b232801a407e68a00017c6675f3ccee060f29

SHA256
fb4ac7b9b3ce8d7f2ab2c9b385e2a0cc9274e1e94e6c7fc82a1c22b1d0150037

SHA512
95f5c6502f294d55dada319243dc3835b5001471f9e2f11a414412cae5032acb10a1c42e20239863895fcf4ea46ffcd5d5c825f74cc2074285e3719a08d0aac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0061e9b7ab3a4bae6c2612cbf3d4a39d

SHA1
6e5935a11fac6e23ae77943d447ea59a245e3a8d

SHA256
f3da7de84074aaf080054ddc4a2d8b4be7dd13b22ceb24802d0df0dd4d4e261a

SHA512
5a146c381ef102efeb3267d4c547b081df2d4ee4b4df507d5662bc573da036afd7486e89b400fd23264e294de5120b3e13ce35ee37ca8469dbc037fabc77335b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0afff4d5154926a420993e450ca8347

SHA1
0d324c5dc92cd4acc381823a052dfcf5a8437370

SHA256
fcbebbec92d7ad2c28f9488a1163633908839de349fcc3099b35cab6ec1715d1

SHA512
b1da9b0a31275f910d4a81e39a3314c3ee566484a1a251a5d079a22279ac36eb8f647f637ce79ca7cdf8230e39773c81c9d4e7ba3e70845c72030ed1e2631b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd9c8c48b44cd02e7a085b6c72868794

SHA1
63c7f0de59378a93b24e663feabb9f9d1871602d

SHA256
7e264db484e1d13a32b3c8ef09b2171bf665266350148d075d7e16ed799170ac

SHA512
b91f920b2688377bf828dfff7f40fc9ea8cd7c3586ac0c44f4705933427c3f8a1bb9abd20723f85db609a592516cb937ce856fc493146d331f4b2625436be8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5819fb.TMP

Filesize
371B

MD5
56cf362d1586f3787df96f0a7a76c4b0

SHA1
3dab94ac56c39f8d86e70adbbf7778e832fae89f

SHA256
a5e5583ac7eadabcfdff5534c52cd3e7f6ff15647cc8609523d43446e2bb5f17

SHA512
9a4abd8db760a3e4650f3fda058a4b47a7417e8ca634290ee1a7117f0466e3143eb2ebfacdab404f9f80cd4e673f6a399337d5d0fb50fe7d691f2269e87728d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit