hxxps://is[.]gd/HDwxOD

Analysis

max time kernel
535s
max time network
540s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2025, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/HDwxOD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
4812	msedge.exe
4812	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
3428	msedge.exe
3428	msedge.exe
4256	msedge.exe
4256	msedge.exe
5356	identity_helper.exe
5356	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4572	4812	msedge.exe	85
PID 4812 wrote to memory of 4572	4812	msedge.exe	85
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5036	4812	msedge.exe	86
PID 4812 wrote to memory of 5116	4812	msedge.exe	87
PID 4812 wrote to memory of 5116	4812	msedge.exe	87
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88
PID 4812 wrote to memory of 4240	4812	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/HDwxOD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd747d46f8,0x7ffd747d4708,0x7ffd747d4718
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,591257399145297560,6686829856011659687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x244
1⤵
PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd747d46f8,0x7ffd747d4708,0x7ffd747d4718
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8051530163519704898,10025159264234692757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3e82ef7101d74c3994309c0c51541d5

SHA1
2861715bf4e2cd034b923595785f536ae932efa6

SHA256
3dacff73fc83638b94fffab7519727faee50e6a9ef6587e2d07d364ab773336c

SHA512
435a4b4257d5a700ff37c75fcf54800c20a3792a1008b813976979e98ef2356bd1def6abf8d0581416f00926c4ef30578f384e8e56680b655933f089960565fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
23c881bd9ff24ec1e1c1388e1967d94d

SHA1
cf340b91392671812c5d68f70a32b8b0768f4c75

SHA256
60eb6975421a62b21622524ea781e64e7892294e65056ad6ca7766e1362b7156

SHA512
5694ab40278f68cd46d12a39fd7c7883cb1268b9896f3f09a8283db4a4070147f7970f18902885b119848f532d04f662fb44ab8ad5a7cd47a473578a692da7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
20KB

MD5
93be7955935adeb48b77528f2dc2e9ea

SHA1
58cbdc14353bbdc7e8457c4c6a305907eabb008c

SHA256
e334891b33bc300d351d94b78cafae565a30e80c5e52a4ddaa158a8dae64511f

SHA512
cc6f0ae67fe3a11c0dfcacaac2d3c8c00a51caa81994b9fb20c1f855a053cfbe17c0374711990ddfed39a38a138357e55a8d5294a920c2ef80790845520b43b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
7989483dbd080ed031924cb7c7cc5827

SHA1
0a952cce77af87d680a860f80c55a263b35fd0dc

SHA256
d3edf1481516d8b599f3ca0fde4d1fa94a6bd4422f50133be6a285ef61915d6d

SHA512
76174111adfd914e51a3371200113114ea5e709955ab56be45d12e45bc5ed370c25e3e677d5a29ce8c3855667ba5722b69dd50fe88447427488c15db9609a6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5903d461af80df0ce4391720c5919a01

SHA1
54272577dbcb97744b5d30b1e066ea8edddca3bd

SHA256
c76ae37b0d6acb7f7fb18e582ecc16b28f49eb35f9434d089d0d9209311ce11a

SHA512
2ec2107a46bf9103aec1e08a375f5112cf50241d87b6ef317351499e7c392918c215ab89feb3099b80ff61a6c739f2c9e1e8f0e2505a979404c29e30176517ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
78bd621b7da6f8a120c32cc26d1525a1

SHA1
1393b2913aa9bb347415904dce80ace673ad1ae1

SHA256
57d46ce09f7815b729c633a0c3e4fba8b65bbc2d91b77cbc6400329d4acf5246

SHA512
13081e486cafebd22522c6c06840012c96adb8c4ca8c9a44b96a6af892ca90bcb2cd99619aa14b4010b77cbe0ed41c57a4ede64b53c3b754ddf8bd1865700471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3aa9690295c06404b7e660d15f12364d

SHA1
f42ba79f4d1c8421673870c9328b0af176973c15

SHA256
52dc4f68eb723ffa8e2c1bde918e36ab3ecf3b415b6457d2bacd40eb3d7a3152

SHA512
f23c227fb7ec68428aa3beeea1779300f9c280229af4e2ef4e933c7f48174fba22ae262714d95ba6625b7b4df1eaa4dcecae3f0dd305baeeb6973b4646a02384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
245f9f616469be3d5aa243d599c95df5

SHA1
64f82c7a219979b53779eb36f8f13b4486706cb1

SHA256
d1a7b0dda5d7e24d3dc061601d6197294d6c0408b3f524aa92b7ef4cdbb5ec91

SHA512
4a9f89adc31ef0299f254dbfb73239d303bd1e91c305e49ba4eff58e4d6c77c23d078919d3d98e5f6cdc57d29017c7469c0847dadba95d5f3b90891c1c456ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6a32d31aced920ba5dabb4e3d92d89e3

SHA1
4f9183dde9ba83f912d64dafc3be0a897416c06c

SHA256
a73dcc647eb0086efa1fc60f9f25e7a9fa5a0b1b14edb36f3452c7c8f11904ae

SHA512
51c2ea2c4f7f3c1d734b65611da9709c23c091c0c2f39112a324300b773aa82d4ea38af484594c5abe6dc1dc74abf0b4d08931ede37207749ebf47872b59737b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4b0a1cb0ce047c868c908dd00146560d

SHA1
66441a7e0b1a105d80769b1ca269045fc5f7a83a

SHA256
57525f0976dc158ef0f9e8a4837bc0f4af93f71f33b8807034128ce9987dcef8

SHA512
e050b7575dfb985982fde5ce2ff460e73a2b3339fbcacb81c1b248188bd6a81eca402605bb029710a80305ada2c438f8d7558593a66db0a5dcf656efb47596a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
a460192ee6bb6e4e1552fb21d5e2e834

SHA1
f0454f7821710f83292a2b1952395ed66a0a658e

SHA256
91d0a6697484ba92c7d0ee5f6d94b2fee08976abfc5b1f71c5f19d6d75c4182e

SHA512
1e468be69035e7c26a9570a1192ed4b684c74f7491183dc99b17ed00511c02c5bdfc76930b58f67ded80c0bf289676843783122f0e3456aa1cedd3cef271bfa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0fd1128590f555e7b9bdf01437bdb11f

SHA1
95762dfe51876fb761044f109e3a577206182f42

SHA256
d3cab8cce854af51dabac9c084860694ec21329a1540741690c7c270d78489cf

SHA512
6a9bf6aaf14cccbff9463016f16b1c678b788612fc88cb29f38c30042e6349ccc4cb5601a1d1950f7d0ceb21186c38fb900c05b8fa7d2962dbde852cd4e5205f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
494B

MD5
28ab067fa2161df7ca7d81b10ceef597

SHA1
4df6a4186551b2aa1f9e132fac485795910e9aba

SHA256
a31bfb200da8ed3448e7d7b533b75d631586e8ca3a556ff5a7e57fabf6e87fe6

SHA512
3c326e6cba585a71107f590ecfb467f8c04ad8a12d6c3ea1954d3cd4d2a1d86733218d985f95563b936951cc9035decedad3cd9a36a9f5d4b4046f2994c9cc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
145B

MD5
e9d54b9e77efdf6c0965754c552b08ef

SHA1
b4884323b8bd569d6ffdaeace42612ec1752ab9d

SHA256
a7aa63d78061f2a8fd31a2c0275f384c7a008e8012f018e8c1ed2633251fe9e0

SHA512
601e382f48da3288203a4a21a846f2e70f40809d434a36097138d0fd0f1c843139553a517904c5bd0dbf58f73c1c26fb530f65e8c43200bb6bd6d1b0c6c18c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4404c154f85ceee379910b808cad537f

SHA1
220acab1e971837dd8d5c34d662e2189ed981634

SHA256
4def6cfb3fa0ceeef37b1d7f56c0418338c71fe67815838727ddac071e9e88ab

SHA512
eaf83f628620a4918c54e5fa9795b44a65d4d9ade8d6308b3859c9ef7b54fecd0687439c2c2152fc83bac0fee28bc21b6b4ad9550270fcbc15ebd80332b1e10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
849B

MD5
f45a0d645af5af82a84b71a4860086d0

SHA1
cc6a5b57e578e353aef38c7319665e6e19fe33ca

SHA256
28a6d3f9c251ee16dfdfcb710e7c7ba0a0fff0d3a4df9ee9aa7fc9cd0916eb83

SHA512
f5b780492a092b1d97a659a6a91ae1bb039f5f6e5baf0152be9b0c8ff8b766d4c2b1594d4c9c40c8fbbc3e37741d11bc60bedbcd93cf2bc5bcb068b1b00a1694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
24ab0418721b2eae50984adfcf740554

SHA1
b7fe297374ba1bcc594a59d8c319afff13c6a14f

SHA256
572a88119d52004b80cacc6ba869b563c8b7cc6486eaf88a26876230beff2380

SHA512
7fea667dfdfc082aca99bb1818a18ebe16cc935c7e0da607c9830b514fdb4b3f438a85d443935b482bee344ce0d9c05050e6acf1b6e10442b685683bb5dde6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
706c047945117e3c0685e7b0ee2ebc7c

SHA1
043064d792f753e904d69c75284286ae87fdeb48

SHA256
41a2661df7a0ba3c191646d65e8fa969e8f314d1a6461f8e42a983f3c383f3b3

SHA512
4092a1c7106a4fdc71cb1537d7164539d98a87321aa799fd79fee6fcc806033782660ab45a998a1acab7a30a8822fdbe38a230489e976ff2b03b4998f2596996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
bf19cb1c62cdf480837c742cef3459ea

SHA1
4e7aefe1de29e509a60ad808ad56c49d068f9053

SHA256
d858c84cc001efd3d791976c3c05615adca6f510464289e5aae72a7e869ad0d9

SHA512
c148fddcb32425f84c9be6e7698cd2c0f2d76c51e3c1326dd79f53bdf137f0dbdac72507d92b8cc44b0446bfb4819cf2364912a0d93f246f856eccd5b0ad518c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0c531b005cb93736ad2cf218989c3576

SHA1
7182ccce786f71b782831359710d6bb66e8bb401

SHA256
7a75cbf19d4d09ce9029acd55de9025f177dd3592c43b956c644b454ffc16798

SHA512
c3caf44ab0225227fb6cfc26a5e7fb72d1976a408cc1e17f2a7ec8cb8fa660efd1e295f1e2357ef51ca9d99a2b6e7a5e549a5aff02d98eaeaa70394897480e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
df6416b066b725772c542464c38322e1

SHA1
94c83f5452fa1efb422810743c2854654368a651

SHA256
04e9efc40f3b29beaa6a49b2e2f63cb814409207e54a33a28fa4e6d833f3a79f

SHA512
6dade3efd630c39d0eb7944421917cf6f470777fdc0e9fcb26f023c7da40fa9f3a493c6c4335d26abfe7be1bb55fd0acaddfaa63158e0fc3c927f7da78518c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
efab7b0ee0254afde20e9d63768838e7

SHA1
ab95ec4115f35bcc0a8a139a7e0b09249d35955c

SHA256
4657bf0a1335e3f73c9ea790b61550da50b44648a9de25afb2a38fa9a90ae69b

SHA512
65c12a8040374ab97ac8ba09b3b536e10c0e354135f2072b6488269aa56e90b76916ed43e5c9e35d6f02bd71ac22b27e66ab66fc0e3858e7c128388e6e8d3b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
85ce3500e508119304f2062e26a64641

SHA1
987f2e26d142dec89c8aae770cad42b90139b911

SHA256
af76dc1330f6218b7882b49e9d43c7858139faef69202c9c69f62d39e605b9c1

SHA512
5a72e3240ac5670126d409835df3a0480f18e21ed29170d24ecd9e1564219397fedce6d1ecfcbd6f8710bc7e05e24ab81a537ab35f1b6d60ce58a087303f5399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e36afe0f3b36944e9196c735442f3305

SHA1
26160de7e7cf5da8e85ee205ad34deb82d62d1ca

SHA256
883b60d2110a3f2239794a09b1dfc0f253ab61df193eaf9a5471a256f928bdcd

SHA512
5edb8cea32a92cc982f1605ca253fd9b6f97cdb4033ccce54cd10e2047c1b39ffb659081ed05d233cdeef7b07cfa8172b5a8d1a4bdd9c909324bd7d08d0f5465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
40a2cf1a190d3788893f52ce4943f6b0

SHA1
1dc40a800d32eccd71b2f34060a0c9776058d7a9

SHA256
89706a7d86ad47b32066aeb9de98e303663853b74ab9d1efd27dd5d98c704c8d

SHA512
fefc0c3e51e75062713fac343a0449180e1d5db5ee54986ceab0166d8adf71109d654ade440c01c521b4b9ce5f62ba107e92a7a2494335925cf4ac9d06887fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
90f094a409d5b5c9010ec3c1e80640fa

SHA1
415160f1982d65424fdba7ba8ce9dfc673505650

SHA256
ce6ecbcd1a3b699a35d3ef8f9f0787e69374553df83e9eba0f9cdde2405b489a

SHA512
1d24b01e40443ded9d6ce5e8c9dcac2bc67a6cde412fd93865ef3e1702dbeae77c53b1108edf43902c2a0c97867b20f6f372b26393b850e62b425afe9a350d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
b2401550f1e3275b6e41283a477884dd

SHA1
08dec7cb12b6904664334350284526c2895056c1

SHA256
d717fcb1d29221ce33535ad6cf91271c505b16f08456687eb81f08d5f07743fc

SHA512
66cd5e2f042004df9dfe2f855eac36b0c8b406a967d5de424ca54252e930250d9a8b2e5cc7bef2206fac0f0a6141796439fa1f157155b3cbe0dcccd490a1fd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ce04914a9bc5456d0b08c3f1175156a5

SHA1
c3cc4ecf5fdd821dbe2c6abdd567463051876121

SHA256
f3dd01b7bbe0a83ce1c9c86b7509a40724476a6a29bdfd4c5e4628f3fe53f5e8

SHA512
dbd27ea743e638b19bb998d36fb022746d540104e4a14a85ecbde90ad068f14128f5016dc16f50132387acb1c13af2e7e930ed0a874364fe22f7662ddf46d74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f7d409ee91da44430494ef6047dfb69

SHA1
1506f769228671263e18c94b127e021ab5b78dfb

SHA256
8ac38ce76886f6183354c05c038c6d48a3479e86551153f1978e809b103395d9

SHA512
ea52b96d0f0c3d2206604af506bdddfa6d45438eaffc5d4147e30e00992c9323953820dccac285a800b92f3ed0ca8dfef58c87561319f230deedf383b476c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
25a8bde1be4ab1d34f3f9fda0799ecd6

SHA1
8ce0331c3acdb866bc389b0c44bace43c7904003

SHA256
894f3dc2eb48df438a6914ac3d65612969d19d00d23f5d35e97998855ca9dd30

SHA512
3557e0af4490f1e8f1ea5fe9b408a5f466a6faca95316ebc9d1a44899bbc737f640a2fcd599371047138c3d9d2bb4afc62ee425975758a9dda6200dcd34b0a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8e8d5fbcfd20bec4af25210f51ddb2d

SHA1
4b002803ad3bc936eafdbed95f33129674514a19

SHA256
7c59d53acd857859c33af3701fabb072b07a67073fc3e8b8d056ee38eb7aaad5

SHA512
aa4f89f76967837471906789b55a17251ba9853bf5145a6532c8d0e8631d0f8f1cdc45e8eb69c0d6d05ae07b24e3d949901fb85dd4d94dc7ff40ead2e46a56eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1e17372a2dff8eeaf48e9a6bc80820c

SHA1
4953baafbcbe13425b3b4cfc3f48af0bcc62135f

SHA256
85c514302929f4dc4ae18d761cb28ac33a41a98520a7d81fd87ac98517547c60

SHA512
95daa0e40b4cae42c188768fe4643dd7e7513346161edeb628cef8ea9bea12d30cb9c7c05cbbf4606f947c34f18bef65936226d8034106acb109efa48661441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
220fcc9958c6d91553fa453f2ebe8da3

SHA1
95778411ebcb90584b825dc53ab735f6eb9a0dcd

SHA256
bddcd3b271f4b060ecd2e312135d05a21556189f7dcd3c3c167d61d82a21f5fc

SHA512
7f6af603044786bee1166918297bace401c8afad520844d9ba3b464d9ba3b9b2614a61d8a32bcaa6c75ddde94a4ed4b9741b860d2cf60d69c5fa68cf227233a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380315744350068

Filesize
105KB

MD5
31756e698464b373926e5105d9866d53

SHA1
6d631cbac3ab66b963de214dd3c8b17998b2e437

SHA256
490d9fa29c090be4392017e27dd2d69d2f8d7a95f61ec03d20bb69a7ccd2f75f

SHA512
9d86a36269159a8899c4115e78f2056a09c082b3ac54b16f4d8bb8e97ccb5fbf250d7f28219f6d917bc02509434d9976b29badca01694065bdfaaadddd15f3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
475B

MD5
7a6db859d1daa238bbdeb8437680470f

SHA1
33162d562636c0e897588650706a577e94607c39

SHA256
7812bb241b8ebaa121c1ac6b21f5c1e6948ff79eabbab0fd7935c3285e581daa

SHA512
0cad903ca9932ff5ae7960d2035ea52e09f69eb64357febba48c8b4cdc3c6af78e007dc7ba8d63a3123a079960bf184a7e5eedb86aec961ddfe911566ab42550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2b715a6ba585fed0bb4a6653cb56f596

SHA1
b2f23a4bcdfb5d3896d3d2133b7d44fbea347f98

SHA256
3f1b2e9d157ec704bec2e53254d16a8b59b84e110dce1ec307c364785afac4b5

SHA512
348f4a9da5cecf4c27c4bbee006de0932af4c84a6abd43423b8f28900157977fa482b38dcc26a805c15ec6026e903ee9175f3ace2de9066d52cbb0f0baea6a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
22db8bff5d728c8bfbaf1816661cede3

SHA1
5251fcc20ea132aa8c1493b0ded9bc96f4952e9b

SHA256
984d20cd80ddd41e9f3cd8ecac2e01918720814ee3cc59516d6071bd0294ac24

SHA512
9aeca4676bb8c9dbf19393c31a1389d6334250badf2b03ca3a7f328316b92f3eea4efa5ea785e793e803119122e6c737b31e0fcf6127ca976c3d503f77bec6ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e07c46e9bc590a7dd2bc743877fec21

SHA1
fc8e7e3223c5882fd1708cc4495a0150a3394be0

SHA256
b2905545121692f2d5fe3b4b4139fba2945eb3725a71a01eb9bca2448e96f9fa

SHA512
602fd4010db9bb8b8e9e9a576abefc4a1a04fabb94f7f641819f2c12a6aa19fb0e8e42fea19a4168c1d3604a5218cbf701efd2525c48fd986607341c0873bf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
48d4c3a3ba8878bf9137ab0365293c19

SHA1
57f44730fdee23bc68cc4eef8d8588d511ab4d1a

SHA256
c50491b6be699231d605aaf61fa12d3e4a10b509e8a7dfbdaaeed9d7855c5335

SHA512
aa580b5529f219430fbec432e67f017a3502fc634cf16acdbb0e14832006153082e6e03f257a1fab05b95cdb6d7fd004f5714214efae452663274f4ac0d2d24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5697a985ef4a9515807bf0826dc3e31d

SHA1
efdfd63e50c05ba48a2d0aa5b5a46221243d7141

SHA256
c5abab242a72866cc9f956a79889770f3d7bb29fb13792b06808aaacb7a6dff1

SHA512
1619aeda137b133fc123c64c05f72e5f1472f86ceb4e237d45e2cdc3e3cbdf5ef35689032e27b58e0375b2946940994b3679b413fb1d9449129e9ca4daeb3b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
50451ce39b4006cfbc1711c006304f2a

SHA1
cb5023e88ad9f16c53f016026eb2ef702a3d29ec

SHA256
44aa1f764d94a23bb05c5be08bafeef70596d2c1390e8f733b5d3ac7c80db861

SHA512
f11b07d9122fe6a4e781ce67e681a05fde4a34dd4740aa46e645ff6c38d94f9b2302558b691da2529c242e21f8609882fe12ffeaf52cffb0ec0abaa0de0ff91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c5303874317585e6ae13c1abaedd09d3

SHA1
4a2f7a155729c3289900917458c80ac08b94071e

SHA256
6dbe93be4d3a25da86044b7d2566a8d8241bfe66b96c1dc55f0808c2dc62f39a

SHA512
883e451d415c9d4f5a79504778b3f3f52f3c07bc30f71108cf9187828ec070f958aecb9f8b11757aee9d5da8ba188d7f4247979bd333e41498bdf8fdbf9190b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66f4ad0a9349c64e272a06836cd650c6

SHA1
4a28aa9361f4c3c4c918ddccc09376d11c630fd3

SHA256
afc8290f49c45f993b0f10e9347316c4ddb0efc7242da021f787bea5b87babd5

SHA512
c002cddfcc3803dc17e427abaa18003cbd312090e77d79b8cb867cab383b87e29373f38fa9ba587479265402549bb7607b83b1b68b098ac44dc7fba7571f5768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c865c3993355dcd738d5c5548cc32e62

SHA1
2bb385369e7158275ac65cbe2a5d93abbea2d1f0

SHA256
3ba451a0f59ed830f54163312eda4ac05a68cc5a27ef1530d6bd98c226f5ede3

SHA512
706adae921e9a4421cdfec824676167ca4012222e2a576b3f5a44e9eeefa4b9553f951231831211dece2cdfb68e64a1f3691cc66a669c0148b810be6ed3b50fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ef4c381a0ec695f1f048785378e5325c

SHA1
99e0b4447b31ecb2e7ac42c3a1356538ba50f057

SHA256
6429477f902bd5764290fd9a9a46befacdc92b41ffa6fab59a69219ec93ff50d

SHA512
abb0fd9021657a15984b8cc2f5ab59aac3039a298cd46eca94754c46c2041a49d8c64e6e4c9a33611cbb5ba0eab8e23fd901e117d18bc8945f7c82407b24d6a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
97e49e5f8fa61fdce2b5786feeee3cb5

SHA1
f48813b96d68061951b8b77e44176150dac0e8cb

SHA256
cde4e1baad5e77f3db1f0cd49b72dd80c5572271599fdb455ab8b9b6caf3d869

SHA512
89cabe1656bec714881813ae0d0c8bc3d1481aa1ec1990904d969bca3f9995ba3c485d94ffa9f6f5dabbdadf6e8075a009b8c061ec20635b0fad5efaf255edf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e9c765b2ce23c155e204116b2b424c55

SHA1
17d3c98a8f5a9705b90b4e0ead4749e5590acd2e

SHA256
4c903a5f3431e5af91155d56743f0c21a7a86522e3c684201aecb9b7e5da41ac

SHA512
f5dd635982438c7f37a2bde66237890f7255c3d723e143e930ef70639f6a9345aecdfb83387ef85f516a7e1f804764b96c049cbd1c6144ff9e61abbd4c4c3db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59b7bd.TMP

Filesize
1KB

MD5
d77237d116f21645a6565253fe78947e

SHA1
bb042c0e780cab55de5402c8e2bf158f7fa6bcad

SHA256
e221acfd12dccc55d49b6d7dff037a8e6b338be1e77c47222f69b7b6cbc470fb

SHA512
dbf87d6780022c009e5b8749da70de720d9c10bb594aea7c2ccba2dd2bf3a48f40667e2d729198227232127f1ab7f8ecff940ba3196dc91d5ae380ddd0f883ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5ef6dab07324e6d2a3ce58d4e612d625

SHA1
d17eec63b9a814094ee8ba2e0a7346d334916f40

SHA256
ad8e3b0b8550cdddaad4b1636c9cd8c8b5286efdcf470f489b514fc2b20c57f5

SHA512
83f05ca46577c8ea85eb06457d8db174d35bf2f74b378f370b6ef2e9f6e1ddee0f0cdad6ee9bd482eccb0be65be9647bfc501d0b7833fdf67eeb924fe542310a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
d99cb40858f07f01e57883fb04d5dc9d

SHA1
008debffb3df2150a3c4a2a48802586e52f28519

SHA256
81d339d3968c7bd33c88b28e324afed6556387b1e60680bdbbaf24e8a54b98ae

SHA512
c7846ae4ac18e3f0d53701d330ed122df8a1f63b268343e782462ba949b450793ecb051d8df260048dc085ef42f0a19164f6c815b106888767c3342879ff7ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6420907c309ba965ffc4f829ad9d8520

SHA1
869f526cea0e77ce1b3fc0fdf235601d572b6876

SHA256
37db90a63f81c6fbfd886239f9bdfada281e39820a5607365bda5c9b97de7216

SHA512
76b736f17972e5cc961e31d67b66bdbd25bf4cb5efcc8bcbfefd1d528166bc74024567928fee301056dcb954fea08cc46f0794f675ed67234a71b638a6f7996b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
044597c37ccb95471bb9c59352318cfd

SHA1
a98220c89af79eb529cd7401816873a3491957b5

SHA256
fca15f8fd4648d50a7a664edb4c2d5f59ea26510442dc1471f075a35239c82a2

SHA512
3cea7db9a4e550ae7ca98b59b4d55878c71b7e3219eea2c58ae05314070952a56f47117de38c34a3a1c5b28c91aa80c82489b8a7b016fad0667df1c75d96cdb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1333db7f6c0b4203b7c0b0760a475e0b

SHA1
b9ee97af2082d983ef4cd876041749ea6d8e265f

SHA256
a1381244d4ee0c0fddd5f42466886d0c2325292b174c8aed0bf7c403ae0f8570

SHA512
89bf7f6d96cabbf75ce5b39f704be9ac772a26d06c676518354ac009a1a15d2fb8fe3803e424bfc1b23c70a84d1263491082a586a2eb94db30094be0d01230ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
abd23248e9e2b79d56027246abdd6e3b

SHA1
6d0eb0399a50fed00fcc6f533e9bc8092946e5b3

SHA256
aa6c60c8d3c4c5fcdac7ede34e73fa7dffa1cd333b065a98361970f92ce89adf

SHA512
be6b01b57e972f7bcd90a0d091b86658305f92953bf3885eb0201e89070089bd01afb72f135e540ce00bd2fde5981652438290555f148314fe4e414e8bb519cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
57809cefb4796908e2a223d12b637d68

SHA1
1c8eca3e67529d3e55cd1fe03b84e00fc97abe12

SHA256
9acc9fbe8d308dfe898fac6b59517aeec93600e05461e0f51786b7a56184f40d

SHA512
d892348472198af66235eee6bc062b43a9f6f97ea1a593d67feddf72464eaf2bc11379082e36e4db7d1a1559ab13abc1f96fc361d1497e14506604ebcdb1fb72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
99a47bbf9b11e481ba11b082eb5dc3c8

SHA1
3b0e1b66d5852630f5005cd042e0c14a139a686d

SHA256
d734cca47a935cfc84f4b696df04b88bcd31271f86bcf788b7a7bdc5f4bb85b0

SHA512
2f92db5feef102dec52782efe15f5826a5e15cae95d2c421e80a7c24298b33aaa026b36eca31ab9ba7311ff07d1f6ba602c8dda174aa8839531cc3011bda83c4

Download Submit