hxxp://google[.]com

Resubmissions

19/11/2024, 11:50

241119-nzmtkawerr 6

13/11/2024, 10:24

241113-mfhvtszhkj 8

Analysis

max time kernel
289s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
312	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
2612	msedge.exe
2612	msedge.exe
1396	identity_helper.exe
1396	identity_helper.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 3520	2612	msedge.exe	85
PID 2612 wrote to memory of 3520	2612	msedge.exe	85
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 1432	2612	msedge.exe	86
PID 2612 wrote to memory of 5064	2612	msedge.exe	87
PID 2612 wrote to memory of 5064	2612	msedge.exe	87
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88
PID 2612 wrote to memory of 1896	2612	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a8f46f8,0x7ffe1a8f4708,0x7ffe1a8f4718
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12846146026757043644,15049450423405955062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x3c8
1⤵
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
25KB

MD5
e273067ac330c539067c72f775ccead7

SHA1
9317c76b2c71b073c49f7929224940c173ea86cf

SHA256
a640989dd889740f888e89b323c0ac39f7a8311a5ad66204a2e630770713dfda

SHA512
8948cea06f358dc04db5bca6d35e9b9de55ac55d04b31fdc554ce386503d066ec1b7cda083fca59282bd3d6afd0f259c1f5e07051ace444b4c240672d4e66bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
4243e3468e9232abc88d23736af19bca

SHA1
c6ae38a51e89634277402cff4a234e395822a946

SHA256
d31e42a28b991b7bfc9643de54a4cb99b60b38c366a4687173fa9f18461d6791

SHA512
d10ed7f8e454097f840377878578ef7a202d7abe608c5b812f26cd0f8cc5d5c69d6c044e091b35ca5ee5b080e62d052206e7a5be34f8e56af1174f0b4b4f14c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
7e629853e30a4292a11101baed6da195

SHA1
e70e27663ddc3e871b41f97e25e3fc7c2bbeb13c

SHA256
abe01690fbaef625b61f59855ee349f63f46a48d418f4f2574e1b9c13698c152

SHA512
40bb46b69ca0ebe91869152db9aff6c945cd411442efdbb2f7471400da93431e0930f26eedd273b1642876bdaa3f2793c53c57de8f54167a268aab77f26eafa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
495c588c8bfcad4a7464bde9c6a0d90b

SHA1
b3459833a7e3b0efd3d479b6164e8001a75403a3

SHA256
4e39775167b52205d551a5bf8fc7e1c4ef5575a24dbc84669c1c00643bab8e89

SHA512
f1f2a293ad13b053a4709930837d9b14ef6b03563389c839917fd61f6c1d1c880542a6ee298d31237bf4168dba18a619be229860c02e4a37b86bd199b684c4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
182c083065f3500b26702f4c82ad2a1e

SHA1
fe4a357e5b265a7a2decf6b96bb7a43f4b6dd29a

SHA256
59bc01ef55081d76d6208cfdc6097e1a582c770d0c9e5de7d1d1ed588c64ac33

SHA512
2f7d01e54c9a6313f6c3d5beaca489b6388e4f3b9d75c72cddf3edd199366806a6ccfd14f91fe45501b43e7306706de4d91b740b6fc8dbe727defd34ea84951d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e7b7577e767de6e4d729717fc1e88677

SHA1
adcada6ab0c1d4656cfb2108750fd453466abc3b

SHA256
831c3cbeb98d8fcf368d7b2acc409bea5c4c37d8fc1c35385ad1f1e9b08fb1f5

SHA512
62be7e5e6aacc042df6fbdfd2b983db5737d1ee048e386e9615b6e5626c6f2faf9a7966a0315946b676ae9cd1ffd05dccc913b2ae9d9725237e4a39bc424b82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
307644797f562f53f8367e194b18d97e

SHA1
5f3232c042612bb5a06d7f0317b1d8b2d5d1aa18

SHA256
bb459cf3235312c5c5f029290453570e6e5945fd58b67c1e68b7d7865f00d76b

SHA512
7c7d30d00c3eebe20d36451b694c314252c3f6c7f8cd7419ed9a527bd996b3594579985216dcebf5413dd9322519dc172c0b25043c3d1bc0680c369d1cb58749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
177aeae8c773e3efceee2fcc2facbc66

SHA1
8168fe03eec693cce4f7b1143d4b7c3f83905776

SHA256
73c27ca146456d8bb192fd19b8c65577d60c1781bd77371631199c1b8296bf7e

SHA512
8519c8ee85eb8adca1b471bd3ef2241e15228065235860c363d21a8f03bf3e60891acddf4cc4c8d145432eadad3a45194b4bb1632159b3f659cbd4c0d2496c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9f8cf87e3bdc6b6811de1ef18d14b57f

SHA1
fd6d8fd8a8c1c5c07c59f7c65bf15886982b0ded

SHA256
a5b995df64bab84184fddea75f679ecd471061bebc95242cb8c623265b50fd99

SHA512
c0f6c3e4b3162768938426aef751089523ba281c9420d0dd2fc57fe22788cdc292ce27460a25b19ca5289f3fd872c498d223ba7f16109900c08d6201b491e8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cccb5807418dc15ce23e40edf25fe0f2

SHA1
2211d41d31015a024df4a6c1265efa923d53e4e5

SHA256
44d951154dc246f716598fe7fc87aadba74f0f4041550e0d196697d01adb63d7

SHA512
32d3fe56e2537c20cc0fede672b5630eace1adbd1d6ae0678e6f7870699970ab85499742f038516a9230b2483743f046261be5a8969531e8991334e460b6814e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6f3defcb3c609278a776836e2df9bc7

SHA1
87cc2b12206fa007da7b2fabe9ae5ef6b3b61e86

SHA256
cdb35c95e8ba0837149660fc2f97e745cb549e33d09baad7b6016478903d264c

SHA512
caaa3912bfcd6267fa0e187f9b81d7b4b8657fab866d156a6f6355f25d2d02d6a2089a460db61d4b03f624d405c644b7ba36fef78e2aa827685d107c89c0b425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cc8a8e8e6d27554b71e55a77989497c

SHA1
3ed84248f6a9cee04fbf7f0d9355774929c20af3

SHA256
38434754aaf7be254cde434289778bb27935b818d657dd5d90e4740e2544445c

SHA512
8406bb7380626851c49be7b4a42e4809014d282609ea271f3ba98c05a672f9569fa6ce5c190589eb9aa45dd82a9f812d8e1024da7f734eb2aadf6f675f27b02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
550510adaa8a946132322f1b9bb7c030

SHA1
e426a0eae7fcc3260c206763d44d4e45f2bc445d

SHA256
ccc8a5ee5c6324fd41b824d6abba9b716e5efb695ce9dee25a0fb16a0eb7df3a

SHA512
9b3514937500b8fad014de89dd05f84a60e074c214399b430bca651340e343076649bb9aff8a0566ef9beb5a831c0bcfd4c1af8f917d307052d86edf3808ee0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5b11a5c1274c9683315126699cb0e95f

SHA1
0000783fdb6ab74ececf87ac3d56594727137ea2

SHA256
880fa80dae2dcbb73e8141739faab2ef43ae1ecf6be408f5c234d007f098158a

SHA512
796202d8c04ecc3418280160a22eb9d195b0fe9a373229f0186616148f5b1279403cc118f6b94eeb5e935d419154c403b9483d78849efaebf2cbcfbc257d5996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
443bb58dd150739747592a0519cbd284

SHA1
b270f99fbed6d0c8e27c188176a2ca50c56bf783

SHA256
3d0f3408be2636467e429128233042cca5d58300e7600592141c80ebeab0e580

SHA512
a2bb0a5b66f5fbf1f72db99e52a2b50191935af2f8f9566841576b0e09441935ed16a51d16dbf47af2d6421cef340f238788bfc0e8bddad445bcde4847d49402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c14c242a6e865d183f5faedf4566a72c

SHA1
5bba883bdf21ff8d5fabfd471ffdd8cde73555ee

SHA256
e58e47909e2908fe5f0b6a5b917c07987e9a08847bca19851fa7deae520a14ef

SHA512
724f25257e4aab450e4632159ba9567a482b763d37ebea5899e6263c129eb36f1b838dd1c29761bed98552ae7c5dfd0c9b79a0f71e93cf01082233daa0d9408c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1793a4f02e9b3f22725c486778037231

SHA1
f46c25bebdc3ae090ade242c259cd2d1eee9e1f4

SHA256
b6ea8bc8ba36a74fe358ee601c507550113788a0d7a35a28d98f69013045cddb

SHA512
401ddb012d7ea30b7a78538f2d79f14cc65348e188dbec5b475d6cfd54e4778b9a5acfec5bd8f029b1e6092a607b235f9dee676b2e4913670bc7431307f3dceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2e9e84d31eb3c637759c731157c631e3

SHA1
541598c63c41ee81d82dbbff233aa07aa9ba3790

SHA256
19389bec41e3bc3c0abd679dae1e9ded81c026f277bc20bdd99fa844cab1747a

SHA512
0e7aaabad4585eb40de939af24541c40be0d44a4e1235c4ce9d7483f23bbc07c995a92d9b5019c4b4a69f984543b410b72f89e60755cf56da1c8d4e085dd1963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\df8b16ba6b5e9014ee47ee51c07016962359fe10\3708c723-8e2c-420b-a0fa-52cc77aa5ac0\index-dir\the-real-index

Filesize
72B

MD5
88131597eb5a4cf01d8d6f2a765947e0

SHA1
f54b9debc1933bdcdce39f68dbfc1d132690b8c3

SHA256
663d666b25a96ae2a2791e7bd520e7723a10edbba6faba120cce33556c4b75b1

SHA512
f351f34918bd76cb012c449f96c458ac47596e4be1cd4275760892da22ff301c18afd0e2cdab7a7a2c71fa078f7f638c163c40cb81ae3d5db83ee93e7c02b712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\df8b16ba6b5e9014ee47ee51c07016962359fe10\3708c723-8e2c-420b-a0fa-52cc77aa5ac0\index-dir\the-real-index~RFe5987b4.TMP

Filesize
48B

MD5
89806ff0363653a4129538945a0a9130

SHA1
ac83a6cd53d20fdc2c2f00c8a003e178ffbf5c96

SHA256
58d16e2f29da80749643bafe2b2ed42dd99547906a93f462c7e6c4b57bebc848

SHA512
7dbbe7a5c806e5629da863c1b3e2f4d220b74b1f8c165f71c36b57ea501d34ee4e86d6558af74cb5ddcb8b8978ebbbafea8a47275d18c97fb6462e8a74fe12e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\df8b16ba6b5e9014ee47ee51c07016962359fe10\index.txt

Filesize
122B

MD5
d59631f825005fcfadc9ee8198431ed2

SHA1
4de3487547b07da47dd548ff598feef8d63fd6d1

SHA256
814391fd782becb6ad2e9fa37ed9a3514a9276466f137079bdea1da616f34805

SHA512
f2707a9848bc5877a4d89f2d8ab4182dab6efdcc4d8a7e998c1cd625cd69bbf4f431fbba576f96cd9c6c4863989ce548d0da3f3960806276c09c6ef7cb950368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\df8b16ba6b5e9014ee47ee51c07016962359fe10\index.txt

Filesize
116B

MD5
52e6e9670f1f7f81d926885d1598e1b8

SHA1
0ac2e9c9370d15982d92e2d444f70093793ef872

SHA256
b0d171c06e3fffce36e2cf406b0a1f21dc2958677324e249fa30659a44d45fb5

SHA512
80f09795e7168a1258ecd816e2ced3de6d91dd248a0b6ceb8a54a361849806857a1ccf7194112c6e5f357fce756e44d1c86d82476537bab4fdea6aa75729f6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1add34c3be5c720b63cda85e33d2fbad

SHA1
e6620ded9dc849677784ff16fcdb16215d3b98a7

SHA256
0d25b68f17eaff348deac762b4131315b43cff2f1726d1b8ef0815653a808cc4

SHA512
8d55c66295f0bfd1d7645166f7eeb5a8ffafe7db0d92dbd3d47d27ec957d8626052a60dfed23b8a92a7be091c3e3dea44cd54d3a89573ef76688ab12868260f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5986e9.TMP

Filesize
48B

MD5
185a3c2883518632135511c0aa910464

SHA1
47fd8f9a0f6c6320b75344b27943bd671e13afe5

SHA256
d2812492182ef74f726f02ec410b09f3a2b842e6eacac7ef75788de7b4d4fbde

SHA512
5ad7eaee73eecbeaf31714e8c727b86b2a4fbbc8728932e096a9a6a63dce1cad1bf974089523bedd1d6357e36856a906dcdf694556ccf6d4b5c2981aa98dc6ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c01f33bb3f727053e647f990673d345

SHA1
5fc4c2a6f3d4be917babca331d70160231715e9b

SHA256
5c84550bc4e98fec49ecbfe8a5a5311881d3cf50c3e719da1676bfc207eb9683

SHA512
1f93adbcb7fc837a8e73a1b00b0365cc6ff05ea6987c27182247ad45c478dcf1a863a25c66d52b0e849cb8a92bca8f3ff47572a17131bfb6a8c6656f8e929040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4c66a37ebd707f5d03b192968ecf06d

SHA1
85e964d66bc529a3dd73f1ae93fcc01f9654247a

SHA256
e998f87323fad7541f895adbda42bd8dec667c295aa7945693dec50102787633

SHA512
8617f60f6fc7bb92237c8be0bab1e8cc3c3f4695dc6fab90b90cd8ce4c74c01a0ffeaf9e368cbb4382ee65bf036f07ede6e7e0039f8c53e249ff1339c0cbd67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af42b4f387971470d813230812489d65

SHA1
8caa673d8bad12d87a401c7a523196ef1c14e083

SHA256
9d187c536f72063afd1f0f904a4098847f7952b93e052aff10fdca5fe50cd1f5

SHA512
da4000f0a54a40294d1a157f6018eabed835a4ca096c1e97a69656df084f2514445ccfd067e805a78b11cf6fe41e8695c2cdb6296669bf6f2f83c20011107e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
443832390e73daa0af0d289dde91bb4d

SHA1
e3796b5219e93bfdbcb23b5cd0cd942a7b8095d6

SHA256
015ed88ae91c008c5773c2af9b238472dc04d8d7c6921de7248dd21aba247e17

SHA512
be9379f108e8cbeae95f051d9920745c85176541064fe564fd6ae9491cc710a92b17c32d568f79b7a8979fcc146a1b2c9efd14df17019bef403611dfb56bf8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cef4142157b01fd93968f5ec08c75f0f

SHA1
0d0ef5c5fbfdf87283780290912594b0085ef15d

SHA256
9331e8c3c76915d9cc4e2ebe241823796c90823288ef67bfe78397f54043e2f5

SHA512
4bf60260123fc46a76f42aa9f92b4ae05477bc3895cf6e1bbd32cb8fde36596893ba6fab99cad71e995715889180b72a1f2b65df8a5cd5a51c464574df96a026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a50.TMP

Filesize
872B

MD5
8aa649b1b082f480e6df1b8587ab4d9c

SHA1
beb01861aad18830667bcec62cceaa17783032d7

SHA256
75cfac3c922442799887e05a8906078cfbb7fd9b0e2ffa24f3c7e021420bd887

SHA512
ff23918879419b04b8ff295ca6d6fa87ec11d4882b673dd88fcc45df72d71ab936691b8d4c38fe0e9cb4adbf4a24745d1432073a0642a7df6141d01519e0174c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c48b203bfaf012c51fe5259f0471ad1

SHA1
a5a6b96cd8f9c5fec61c9da2856bbfcb99770c7b

SHA256
53294588da9454ebfcda6b9e938326bcddb5cc36e5bb3781a85da603b208fd8d

SHA512
56774d4c34b4dd7219781776c811a3e9791328614999c0aa0204702d68d4336901c7bca15a612c7e01fbc1ff0a009c9814eb2b63d8125b46c631359eff605c01

Download Submit