hxxp://github[.]com

Analysis

max time kernel
1800s
max time network
1701s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
4060	msedge.exe
4060	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 1988	4060	msedge.exe	83
PID 4060 wrote to memory of 1988	4060	msedge.exe	83
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 5112	4060	msedge.exe	84
PID 4060 wrote to memory of 3952	4060	msedge.exe	85
PID 4060 wrote to memory of 3952	4060	msedge.exe	85
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86
PID 4060 wrote to memory of 2100	4060	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1b3f46f8,0x7ffd1b3f4708,0x7ffd1b3f4718
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7760 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17139389575757206927,6819307918069488787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4064

C:\Windows\System32\fsquirt.exe
"C:\Windows\System32\fsquirt.exe"
1⤵
PID:1656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x4f8
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0e465fa3-d594-494e-821a-622e8c7ecbb0.tmp

Filesize
9KB

MD5
9da050509070bee9a194da0efc5ba49a

SHA1
f900600f3680d4bf786ee476dd441b148510d11a

SHA256
c4f35fa59b05c3b62851e5e8c8b92e01f85bbf6cd6feb7b92f6f116fb284474f

SHA512
7b1b28b47080cabd1bd0efe97bcbe410270a2189d1d6a13e524e6e0af947088bc8b9044a0e03321dea5a61177aafefb086815443472054dadcfd6ed3ba1347f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9660ba10-8020-4475-852c-06c6493cf708.tmp

Filesize
7KB

MD5
bc2bf95ec3df1fd4eaa7aab325af37e8

SHA1
10e1d5bdfff4f1d671c96a6b702a22b7db229c3c

SHA256
f3cef5c56e49179deef68aa6746d6e2275b3b1bf5eb76e57223e5cfa695cb44d

SHA512
8c6df0c6cf288258adaf5bb3eaa768f5df095ff32efd3563b533de84f6f6b6ecdf7822ad3237ec59543669c0967eee1ba8d3a3a11cbe948abd50b4e415b7b8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
102KB

MD5
742598107fb92c92ab82694c538b800b

SHA1
542608e53f505c0bb6f123686ebc1fe6c91dc7db

SHA256
013e1aff9bc218717e15a84088cba213f814a2f232ab07fc008fca83081f4cb1

SHA512
8c1f0e0eb47b9101472fbaaffb4805fe7b24a7a6ee4fa95d4cc9ef662cdb85a4400b10d684ec1b5ece6545ff3734be37b09793f42d6e1aea955de40faac2967b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
133KB

MD5
aa17e236bd37aadf250d587480c83cb2

SHA1
41d034ce317ac51a1844e20d608cb694858ae5a1

SHA256
e95f31ef632a39ff963de3f2882ff4754f354f2ad70682299f79a7d7cc1c5f6c

SHA512
b0214afd04b07dbf210bbfa2466a16a5c0a2fd1588a1923b4b9c915098eb6a44d37d1db5f24cd0e944c6cfc8f120fb04e75feafb25dbcc12a29257f0c6d02e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
71KB

MD5
9865484f274b2e84582ed80340c12fc9

SHA1
25d0e7dbe25f9bb4f6c69fd1618f8488b9d6ac79

SHA256
7b28e5874afc7360a75df03bba5dfbf4cc68226ac2edd4d5c85f311347444bcb

SHA512
b67f73dc2f2b36071876ec300808d3ea4e672c44f3efada948cf0450efa629f5992ef60240e96d78c2ea641fed86586013f92bc6c155433c12f64f939420f6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
109KB

MD5
21861bcb079aa36484aca086710ea709

SHA1
c8e17255d4f74a66d781dec1dadd478ee8805e06

SHA256
954d39e01b321676748fa1af570dcb45070293f086ce31f8b1f543922cd9499d

SHA512
b5e81da0e83e9b03604dbd7295b2fdf046bf9bba4fd2eb066548625e728fa059ca8fc62d9efae062b8225898e2cbb1351f8d473a34fa9e05192eed1a084ac450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
93KB

MD5
e139a95aae8092977e777142956b311b

SHA1
b5ad1f3e4a9ff1a652803e035891d16b835a0914

SHA256
32662e45c4c6e4925c63e584a71a2f22817c657ee90a48b3a644df8ebaa16db7

SHA512
01c9c3c91987f25a68ac188fe4034b964e4a11e8c77583313c16d2fc4288e4e01566b83218b98852323981ef68fdb25a665a59db9a0b577154124bf19a1cff38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
91KB

MD5
ead1516d470110d81c6c752a27145c18

SHA1
e9ae0516af36bd730c1c4a8373ff9ca9e645c3ce

SHA256
63f5e6f282a36dc54afee177a1e89200c601d00be98a75ccff737f2ef1eec284

SHA512
d10760f80644b3c6669c44f342fd27a6e89cb2b702f019f7705fd540b926d241574319b716ab15aa8201b3b245b728a8d3716b004d6105e496b93a42ae4306db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
83KB

MD5
129679c76e429a1d32df29fd586750dc

SHA1
e75cc339be7c1a802bdf856db0f1e3a2af858141

SHA256
9264a8f320cbbbcf0d53c924cffbae9cb537d001d7015796130ae6d0189488d1

SHA512
e497257947e43f8d53e9692cdce72b19e99969bfcbdd399eef3e94057397c18217d3e9e0a76fb29ffea732207f6875c70c58a77de3ec2413719a24429b40acb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
90KB

MD5
ecc7b2cf96f72e8a188cc3b5cd7cbfc8

SHA1
d2e801c40aba1ba4ea27fe0857ba1f784b48dacd

SHA256
4e1951fb8be02ec7675b3c415b3248f3c081faf2baa6e0f97e07100fd5419ab6

SHA512
4d90d751ee661b84b49b02d49ee65150196fc7a552f834da254d0add6749787c5bcf64cc793c9ea821d88113652267ba7b7c356820fac4b1be2c5c421d5b555e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
136KB

MD5
9a718732bcb334d813becfd6a2baac5e

SHA1
476e05b692a075e0fb87c8adf6ce38285c115887

SHA256
ad1735be33193529a29ceffbc54297bd9201a88bfadb16b491e654de1e1625b2

SHA512
61f9bc1d70bb55acc36f1f60516d951bf6fd21ac77a70cad3b58300ae8cc7ba10a79f0beba654b36d0b66aa42e282f52b11a9dde2e70e5856e26eb11ae63652b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
580c8285431e95a1d34cb75b4c15a488

SHA1
2b8ae90b70d84a01a774ff3a2c25cab899fe23e0

SHA256
4800434b1fc676012a66739a59bc6c8b581bd0dfff6270ddd1eef1470caed197

SHA512
2d6aab1deed84fd386e2f3f2e27b5f9dde2330eb77defd31e6e34facec6c590dc214e9c8fffe9a76bfaff36538c7cb1b8e1cfbc484482a970b5648b14646ff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3671dba270280752d59336ba1f430d6a

SHA1
b3cf42b42a850d6a9ccb8c26c4427dfbef792308

SHA256
40dbec2f49184c6fd39f2589f5de4ff33ef473be7f2c0f2f359a309ddfc81e65

SHA512
9d8d14ecf34c663ceb9848d5e75552781c4cb5fd70ff51066a44a25ab66304aecad574094edafbf863636235d519867036dfe007fbbd07e8dac8e276b585b229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aaa10eb9d4a3e4f99d7719964a89c6f5

SHA1
2d4c7f5c45e046e0dbafacc17cabcbd38f1c7fd5

SHA256
1d9441644aa23f6e9104b33858888736e34c7e7dc3cd0fbc9bd056b421f32c8b

SHA512
473c424238ebd849afa898ea44df8c8a8048533c20aecce417d37c00550f1b1f9be8777ac4fedc4ddad70dde49ad954946cbf09756e326842d165bcae8e0c92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b2c18dfd2757140fca07a6929474c67d

SHA1
56c4c2a4c3b114fa7f0575b74c927280963cde72

SHA256
3c447b43bf51c32f97548bf9c064a6d78c17686c918d48fec844d0d8b2a2a3fc

SHA512
10b21d664bbeb2bccc25451457a676d499cfc236a04d6075605a82586358f89132598e329b12d6c38d364e032b52305631f8217d997626a8fd15f183d1750233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
8194ed25dbd9488193ea0891ba2a1d61

SHA1
1602608cba6eb29c098a3cc75373719ff803b46d

SHA256
f8061a62c10c0c68205a93c4797fc675334a13bdd4bcd3e4dfbcdf67293060e4

SHA512
2882eef26bfaefffc3d268b418ff128422b2e9055f6fc560b1146bb121e39926e83cf04ea5c648425e2906c37a5a695447fbb4ce3ff2cef7a8aaf25421fef995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d4fc5f336dc8fc5dc9b1962f97af9fcb

SHA1
0d8a06158bc701ce6772fb7f4bd27c370a31d8a1

SHA256
087328a711d25274b4819103e4a73f886ac4fa7b29d358192bdc97823a09ec5a

SHA512
ac937cb5a63fb667e0dc394f717919901a70cfbe335272743ad5f19502abef5ba755b84145719da0f9bb357c389aabc5c18a65da3950659669e4be457c4ffec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6779ab3c70a59a7435eb709cb02d7c7e

SHA1
d76ae7fbf30a06c1ef0f6ff57d7974100f3e6f33

SHA256
1596ce9c7fe5426618283d1f07af634ccc9d61a2bc07935ed5b62d5b344d87ca

SHA512
09827d4daf1c381542f67b0fb0440ff0268a4aeab1aa054727e42fad583723ddd213574277bd0c751f4e6aa3e968e73f59d1f47b46c03a910881b7a186a88b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b842f1067f5888346eebd00470bb251

SHA1
8eee57ff9c6355610f11f03afeac24bcbf9313c9

SHA256
6c7cf2c28086efc715f95b3a8a15acbdfc83af3b8abfdfd08d86b034cb264484

SHA512
4c4e9b9b4517ca1df1266d3a92b646f10c3f63ef72a71c911fe7f8ad2379d02ab021c7b149bd42307e946f9a21aaf3bf16c12ba4cef2a72515e6367049f6cd36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
53f77adfb0ba74ad598b9157b50ef977

SHA1
809a71d5a8aa7507171a42d254d368ec5dfdd6bc

SHA256
b9a82e26a8df89b634f4d75100bd6d9e747d76f08fc99aa157913e0819b7379f

SHA512
97f28985931f9f13c6c7ee68b5387edbafae584637a4d59ca83c443ce6e80c156f37a12e8e1e284d7d462a01463e7c4d3f26c561386b85e33971fe50c84151bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
61b44bee9add27dc9611e2d60e19db66

SHA1
88d1498c3307658c36072ff376dc6956aca51d11

SHA256
3bf35d87be29e5020f9a5b9b0830e29e13e0abe79ae7f38ad297f391f4b2ae6e

SHA512
3bce370c07e746bec0a89495a3cec0382bda2c2cf37caedba7b20751f649d94faaa57ccf25fef30e27a745d18aea8e1ad52f6aa3f2e66108636ef0d4b6469e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
57dc133817bcd3fde2b4bb6a864d5e7a

SHA1
6172d88b279337ec0cbbd3c0deee96be83bfd2b4

SHA256
c14306ddb8a57a2401acefbb0ecd02fd3aeade2d95068b5669523745cace40b7

SHA512
3f8633571b49fbf67672ab4c033a7990a001d25fdc9503a1bb0ef0153a563ede23222c6cd95844feba3ecbcc0b090752d5cea2a9c2b85f00c862825ae44db7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b63b7fd94ba4fa35046281e47e073ae2

SHA1
899c06bd1df35d6ee141046da51687f96cf1ce4c

SHA256
40e621258d0092ce4c15d552c3e68e17b42f84b923706c168640963ea8aa839e

SHA512
857785afcce28ffe253643fa688acb3c3389c7f27add4a88e6c16e0e29df41ceb9887288425535ea4e9b3a1052491c7749bf2f2312e44b8e49938982ca31e0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ce144e200ead607f9de8c3ac66386e27

SHA1
49ee287759d1ecc8b98c9c4f9545ffdde8a31219

SHA256
f5c34015fc5bff088d663f6b89ae2b24ede438aa4cff0087716dc3c40a27a913

SHA512
f3cefd4fc974043cb03217113f3482b61813913bef542cbf831fe81102af5a3c89b15c47719b664c4643f1dbd6ca4729e1575168ef7b81d4c1aa96705a6ed977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3aaa919745db921a33532e0a0ee2b90f

SHA1
3bda96c355c81a0f35c2d262cc31b6a892ee9da0

SHA256
b04e3927543518aa034a302510720d57b7913767c774a3beb8515ea8748c377b

SHA512
9d1843dcf3bfa3d52be6fce20ab717347cabd83196dd937af1ce8a58d91a86134fee6a691b539ebd67e2b6df63aa696c5fed5622037a971eba0451e6103e5fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e01f19e2630bf857ca9222cb547db7dc458ce71f\adc55a0d-845b-42c4-87d3-c5952dd28a68\index-dir\the-real-index

Filesize
72B

MD5
28a6cdeeb961cc042b3d5cdc27015959

SHA1
64ebd5462882d5a7c93c6a7797223d53bd6ae71d

SHA256
13f58fdcd9beaf36288ee66e06c459a7fc61916737517f3f587067dad3ef141b

SHA512
9a0ca63bd786d8494275e410a78935d1f298538550f3dfb3704ec49c08870f0ccc499f9fbe74f577757ef8cafa02d1894f6d1e04f4b01b7921e80341ece15e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e01f19e2630bf857ca9222cb547db7dc458ce71f\adc55a0d-845b-42c4-87d3-c5952dd28a68\index-dir\the-real-index~RFe5cb56d.TMP

Filesize
48B

MD5
535b5cc612da56f001e65a7f961b2ae5

SHA1
76898de5836df59c90f043d6a62f67d21cf2bbe6

SHA256
82af90dd3a6d22525da0d0b017f4031188dc7e23bc462c0b31bdc5c8421850c7

SHA512
8efc8c01e3eb2b0a654ad6fa907f3b8bc860aa99287104ce88d51626323de6d4812cb67d26468935c999da7fafb4e76149e2fb52a3c9f2ebe6c21a424a5f0667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e01f19e2630bf857ca9222cb547db7dc458ce71f\index.txt

Filesize
89B

MD5
e449051ca77cc0848fa5d7688e56cc52

SHA1
09ee3cff3c109da25d9849d3189a55ce4b89b453

SHA256
47cee4e6c46060612835d6798db1a8f9ad9cbdd741da3608b3461c382ad76822

SHA512
fbdfd39cb1d8ec377519c027fee3b8ccb7212a6ff6095cae97a02f5caa2d9023f00e3401e7862ad4c3933ea2c871dd09403969d0262ef3bb2678ca5cbe13a461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e01f19e2630bf857ca9222cb547db7dc458ce71f\index.txt

Filesize
83B

MD5
149faf170dc131b1843fa6ebf3eb26f8

SHA1
7ff4be918e403f031e0f14b5714bbf869beaf097

SHA256
8bdf537f13da465bbd4ecd9eb7177f531b71622b849d1974a408bb360cb2e8a3

SHA512
eff469ff5f2960ff2f18ae90d7b1c0efa05af86a2aafca30878e188084c5735df558eee9637d53784399ad3bb9e9bd0bd0cc492cf0a9823c9c258ec2bd0179dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b8736bf160be9a925c7fa17195df34ca

SHA1
0ae67ee8e8655d6e0db1e10e279895a244f3732f

SHA256
2ef426ee53a703ee251f665b191be9bc2a0821a34265d23ec66732c38dde20e3

SHA512
04a69f2e0520b2026ae5ca4328646c90ceca3b335af9320b8cdc23a61602b44f1966a1763a6c87ff29bbfca8b54c0f79bac7a6bcac332e7ebc2d4f7fe5e90148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ccf8c.TMP

Filesize
48B

MD5
8168dcc857ccce06a99cc16855b05b2f

SHA1
53e597cf850a7224b0d32d1ce83d492f8dbc8880

SHA256
fcf6d51754a50e6ccda026be3734586df619530d0c6e585bd0cd39dba80105a2

SHA512
e04d2afc2d1e6bc8986719b4df985e5403dff3f0c8262e696b6f18ae16c80a9a9459a0d40558d4de660e4cac11fd6d72498f5ce93358d64ddc1b0fda64713fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4d9e8926ab81c03cc2ab94ca0f76669

SHA1
1b03befe556281ceb122b55e9b8405ec14ff15ad

SHA256
82dfd91857289d82b10d6394d3f096bdf2e8a46c4b785ebab2dccdd79f6d8b45

SHA512
d44b59dc398669bf629b4fdee6d724c7fab46fa54da5baaddc9fc958223a944f2cf3e13d9fae7e965aa545d519f42d4b7e056afac6dc9befdbb2b97194fc4d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c059f7302730fba93c882a1e8c90e43f

SHA1
27d7539f59112df769ca328c88ef559d96ea7d2a

SHA256
c8e575442f2418246e31676918a89f0c083f5435d19f50c6a91048e3ec2113d4

SHA512
9d4d2c134d0670164c5e60e185b8f2a758992f10067260f7acdc667bbac4528711ba0404b514efbe06a166e6b98a8d5760795760a8c5fc87596f328f83cc478a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a681a926be088dc2fc4e85bdc198701b

SHA1
c6b8f8f07cdd2887aaf0cb7428caacb4ca08d2d2

SHA256
dabffe208a5ca530ea7ad9e05e0f62c775fff5781d74e759402342ca2b9ca708

SHA512
872fb5dac139f93b4cc507e5351004b19b4135af6260a4c03c430496d4133c533d1918f69d0beef477ca20f0477ccd6b8061c04b2f619d5b7d4259c71f0d5c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ce14bb2159ba39fa1be1a587ba469887

SHA1
f550c0e1a8d062c4e8d852671f18383593f5afc4

SHA256
5559fd121d64f8b98e0aa0aae165b1c92520d494f7d32c26a07fa87aefa6f27d

SHA512
bbfa9c34e68d0017461c289f407f2850afb8b21a5a1bc99812d072810e4eb28ab4572c425ca1282d6e9703a638d27fa2c062dac9902f1aec8b39c0cf27dbe49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7c26670c825ecaf5c4ae75bfa7ae5ad0

SHA1
975578a34d25a595c79f1940a77427711e4fc245

SHA256
dd2f3b2118eb2bc1d2037823cc7321fdf86f8dc23a63c418e545d2fecb4986b4

SHA512
9b18b0034e53c04e288f18048ab27b344fb44fd806a78fae14edda7d5caebb8bd095a86de0c50e8096916cdfd9fbe02ff7403ff5d032ee6dba54b9e22a870271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
927098e943e2c76150510fb318ea15cc

SHA1
0856dc7c8dc43b0b90c0086b7163700b5201c3ed

SHA256
d5642f65fa788c65b41a4bd82fb620bb6a08cb5d112dfbf472ef7be89005a23d

SHA512
80ca15e66a48faa4a6331a64df96280940b6d68b23efae91519c1315b653eecc876485a6be97017955f4db9d66a284637e3f3e56b6c4eab648b1df8c323de373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b507f9d70db058a8f4d08f48870da9a4

SHA1
debac3cef23cde90e58b2efcdf7e752917cc2f88

SHA256
d5110e3f732e301be5cbb4a65e999802573a0c9d7e2559975b97c3e3175b630a

SHA512
42fbac0081f0d359142e18291fe2ad37b9c43da04e88122fd721e966032b9159d35ee7e7754e947c9b1b2152492874c196a6df749171cdef79f48a2ef69d0a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6f6b81170ead1b48f300da32180dcabc

SHA1
1e7f9e0ad6c43b8257cbc57c56b308988d660c69

SHA256
05e81d2d0c15915d6ded5b7ada28c9a41cd8eb455d1f6e85d5b52ea19bb6ecc1

SHA512
993d3be47d869bc3940d5ef73444ce23b6b2e8119af275ea17ddc167668fa603e378b2958d8444fe266e02fac4746e03a27b1e3cd4f501f86970dcc35bcb2b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c0e30.TMP

Filesize
698B

MD5
5416dc460160e907d28979389d3811ae

SHA1
8aca24652d8944514126f1d79072e40ca40d4abf

SHA256
e1e7e4b2de2e1059fb94b92478a087c0250371d29569929ddafaa4ea28670c8c

SHA512
58d5a03c51c981d5c00bc79cfdf0ceff8230027edf87c3f0af51a7cece924194989991094f4587f2a5526f91019049de4610ddf284730dfe52ae4b03219c0e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c63190d94b65f8bcda8e77bd38ecda64

SHA1
583369b15eeaae83513b94e9a5ebc406fe78630e

SHA256
3c2b42e86691442e40f5ed5ee64bec8ea9ea632d6733c4510ec72d98014e014a

SHA512
afaeca1c7f86f9fec9e4fc70a857b3b261a43540d79394bd1bbd483d65c0aeaae0cf09178c3392d1d63d835af69d324cc4d8fe52f8a542cd1a38c17f96348501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a787326a-672c-45c3-8ae1-2e57476adee8.tmp

Filesize
10KB

MD5
ebab7bf8d8fe51faaca08c73667045fe

SHA1
9ddcc51ead45e255abed1f332a4bc68207fc5f45

SHA256
d2b6819d102e7ede2bc67e43d32b68a235204e3b93bd0bb5915a1d69e08624cb

SHA512
bfbf9fecd77dac7209be31be8bdb2e0a6ac9646cbb2ab9f9725340468662d67923425aea64e4745499df09f16e0b5e1a02768ae6417dd5d87b27dfcf76675a36

Download Submit