hxxps://www[.]pcspecialist[.]co[.]uk/?srsltid=AfmBOor5uFGdudswz7qu0F9EVpzGLqGVlHWqBTCjXRGjeeU8JUCFgUNg

Resubmissions

19-01-2025 04:21

250119-eyzbjavqdt 7

12-01-2025 11:54

250112-n29q4stmhj 3

12-01-2025 11:48

250112-nylvwa1let 3

Analysis

max time kernel
331s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.pcspecialist.co.uk/?srsltid=AfmBOor5uFGdudswz7qu0F9EVpzGLqGVlHWqBTCjXRGjeeU8JUCFgUNg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
3916	msedge.exe
3916	msedge.exe
1724	identity_helper.exe
1724	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 3868	3916	msedge.exe	85
PID 3916 wrote to memory of 3868	3916	msedge.exe	85
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 4024	3916	msedge.exe	86
PID 3916 wrote to memory of 412	3916	msedge.exe	87
PID 3916 wrote to memory of 412	3916	msedge.exe	87
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88
PID 3916 wrote to memory of 432	3916	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.pcspecialist.co.uk/?srsltid=AfmBOor5uFGdudswz7qu0F9EVpzGLqGVlHWqBTCjXRGjeeU8JUCFgUNg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72d046f8,0x7ffe72d04708,0x7ffe72d04718
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,285675482791335220,9875504282851510145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b462396-e25c-4b57-aaf6-45303535b393.tmp

Filesize
5KB

MD5
4e1ecb0ab4525006bbb3415d1e086e2a

SHA1
69100d503905b7feb9091efdadc36eac830afed5

SHA256
bc540daae52f7e9a149304ee2379c9986834d395dcd92b7234e91ad12eaf2c97

SHA512
87e2eb557c04f84506384fa92dea47888bd5a4d275aac48032ec9608bf54f1290bdfcbbc30003d30e1f1fc3990d24e42533c5c836a522d65d5b4a9312926ceec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74dc35bf-0760-4a1d-a44f-1372799fe533.tmp

Filesize
7KB

MD5
9b18d48fbd94fd3e641fdf053f1c97c0

SHA1
bdf8bc4606ce27300eacf206a2971207b4fbed15

SHA256
0c60dbab0ef0f7ca18982ef3d29e62139c7f22d3be57847bb658c36da4895693

SHA512
9f543af8ddd502a303c50f9e69b2a063773f91ac3f67f68b82d01ea21ae4987fb872e694f0a5afb4d080ec3c1d5a37ac3e5a7ccdde6c52ef046d2bcc6f19a717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
25KB

MD5
0b02ff2f103d3ef629e68aed7fb20613

SHA1
33b74b26af3e23d661e0b4b12022991cf9ba8f49

SHA256
1012597e46a3fc30d7f543671ce4f8b2c92fae60b2a9bf3aaa523f74d7b8911b

SHA512
fb2a7d1c2d8fdcc9862e52875db9dc4357b76863cb059c539c6647263bc84d024da6136bf0d2488e1fb921d9242213c3b005733f1f26b7832188f1bea120ae9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
84KB

MD5
99f1b003c366a613100e2c1d887310dc

SHA1
8ad815e52a0eed60a4e1951476f4edae3b103318

SHA256
94e9c23f74470f1b3dca9e3cda1858388b4db0c26165585f74fb2413329ef1fd

SHA512
7e53be8adec77c2980bd14e2cc02b336eadeb39e385963ab53977deedb04df806cec2a861e6573d246e8801b4e9612df5e48705e54bc97cbe4b656c0758e0fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
70KB

MD5
16fdf712ccb78049f5212208faf915f6

SHA1
643c653b2e4e6bcc9589fd59f55d6d2e868f548b

SHA256
6d0d9dea23346c044437d9eea4b406db7a171283d11b90ccaba1250688593858

SHA512
fe68c9a0ead2d6c8428da1c8a92a3a3cb4ef5fd43903fa31286d2e4f6d510e6708cb9d91329a389ebe83381a60d546fa435dbe77bf3e5f16ca67e0f1d83af8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
120KB

MD5
9162ea954aa00639b13a393a4b754c58

SHA1
a884898e51668aa37ad270169c51080a6c817358

SHA256
d86a5b5542cb108dd4c0b21b8d6971ee88944c5797488421cadc62b1f7fd51c3

SHA512
b65f1bb2328bca030dc617a236f387a18b0b9d7143c0f76439a370731695600ac6c7ccc0b8001d62d20be5ef8c157ecf05b01ce5a2588968fcefe24cbf674a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
133KB

MD5
7674783a7417a241099f69407a65d951

SHA1
82ad14e00aaa8e1e2ae2fbb815873666b763af9d

SHA256
6d9853d0c52274ca52389be4905fb609d309d090e6c485cf077623baf386f181

SHA512
0f03a7d05bca2254db251d341fd372084025fcd6bab6963b74f960594fe92926dccf5f21679e3280730e1359e49cf908b7e62cc8d95872906d3e622d6d26bfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
27KB

MD5
bc7321f62fec1792b4b4b06eb70b55ed

SHA1
1ec07a8dea6ba3e7cfbcfa03fd41e4fbcab88d80

SHA256
4568f3217ad7eca8b87555678b82e4fe003aa5df2c4dd7cd27f469961b3bf303

SHA512
6fb01025e6d815f26047d4f2c0eee18a992ed550b73b4d23733b2d00c70827e1407828986c2fe13f2f08a991dc45e555177199c7f226ac5aed5323bf5436fdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
30KB

MD5
7808e0e4b7a714230373852158500533

SHA1
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c

SHA256
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

SHA512
ff9896a0599d770d54b86a875ce98135c5aa077ff19f2be6e075146b8501d92b874361dc8701a18ef4c14ab5400a7a48c928e069e8f05c36d6f6a408b90664f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
209KB

MD5
609753de70d0d0b9556598e19cb2995a

SHA1
36b61164aa726af5ae54287e968f3e9d14dfa00b

SHA256
4612bdcf784c810382afd75e64b162380cdfa11688d4b677ee40b311696a3c98

SHA512
2aa56221a5b724dcab469a55f747b015e318df0aa72e22c0c0a81db7df0f73bdaaeed8643be342af519c6bd4bd79945bb2f4383d1f45c4ec5fabe7d3c1f76f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c7448568c3f6ae9ce4a6b8b2b2c35af9

SHA1
ce87484e6589558c2fee7dcb759fe5e2b0d4c0b2

SHA256
0735084baf62a9e8e262078012fa940c7e9dd9a419213ddacc50abf7f131a098

SHA512
f816c3d4d8249c2d2dacc341bede2076212641d2f884df9c36860bd795b8a7f635c3cf4aa5523e21d283095f6adbfe10040b8fea2fa73b8459e5c4c961547511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
df419b404f03185fef3c1179352a6a39

SHA1
e12446eedccf2bf4deab5618eda619ef43f45187

SHA256
1000c997b3a2328cae43d67a05dcc9caacf1f0edafa532f99ff3262eef9ba0b9

SHA512
48fdeeb584bcd52ab8d06f12249c15f3a67778c2341bb5e3f4abdb347adee874dedf1e49e727ed394d8d9948cb3c124b997df26c1bd4daa071b94a63ed60eaa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
075ff92035e30ec19e387015ebd6251c

SHA1
2cc5ba2acee09e85432e855320fe6c0d1ff62717

SHA256
7d131fed2904f269bf10060db53baffce355fbf899992c1a1df9e9fede8b1532

SHA512
2e53aa3617905552dff38ce897a61d69f6ed142e3b4df8e9304cdaac7d8dd99ff3a283322a288e1364a84cfe788433fb70392d6dcbe352054fd99f20f4839a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
67d093268303906a7647bea29b52f1fc

SHA1
61622de893ef6fddac23148f5eff00e0b9cccb74

SHA256
641ca342d08611d49d93a7354c079f4e470270988395b5ebe2dc085b51fd4dfb

SHA512
0daef3f85748cd0dbe1ee17a4a7fd3904961724284baaf100fa217e49cd2279805fd9489ea873f387a0e40563cbeaf0b7bd21204a088d72f57800d139bd39888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0454e47c7e33e817bd02571ffeead4f8

SHA1
e2c282d1cb61ccc1975576f2e1c99d0619d52684

SHA256
b9651d1ed33d445faec88d6dddb037de19c47a1ffe6eeb317dc0bd8361b53f0c

SHA512
11e298e8a3447d63dd2e62f8aec5713f4237f5042459bb4fb10fd57ec3e51bbf02268802b0a0d1d1e0bf4805d0af24e9a6271d3475e340abc61145b8a794a2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b7875b2980c0bfc14311df233516b5e0

SHA1
83e88fa952ed91305165ef105ab89bd29380a4e6

SHA256
4bdbd0e59bdf26d30ab00a98724348b4eb6545f3728e9cd0e3fb76ba88942529

SHA512
0570d88b8750f2c502ad017827d2da62143eb6aa6ad8e60e877e0ca881742a608db27aab9e496585898dc7af5a85835d2579ac96dacf562037724a86409d7e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d903674f6c1de97d0780e9628d5c56b5

SHA1
4657313c3608cc87f3a8ab49b6aef00c76826308

SHA256
be722351b026177e2f5ee7323a1a4d5dcb97fee28974c25a65021b1f8e783e2c

SHA512
02c117b01fd60f21cea8d2450a24dc44280023fa65af41f59bb7314c354eaea33bb5c174802b4288dbd1e59c16f816b567cf3c621d404cfa36bbe358d8a71b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0fdaf86c6f2358491ba050888eee441c

SHA1
ff5b779c290f4ffe473552839483f8f37613ed51

SHA256
a091e76987930b6fc27d0b0be633c13305a4542ba9e77fa0e701a07a850c2a49

SHA512
59a4ed3c8f4c1870427408a58abc82040e207d0f6ca5c3939ca4734a92bdee303d4bf800c71356a81cf2b1426db51f4c86a5d2c11f2aeeb6db926eba733a0f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9af9fa13338aa7e63702ccd797d69389

SHA1
f6518e5972c5d3d33473c2b4fe353f375a5cc300

SHA256
32d9eb522ae2c16c89ae83f2863e75539b56ba7ea3982a7f5af54bab7a00d000

SHA512
2261bbcb1f3e4c241ddda72f572951d2080a303803f9f31ffc02c4d9e22af753e4a78141e588aaeb4e53aea81b1fc3dae35aa6f147d1e9c3af0c00d2ac09537c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00256745055ef6026ace0066fda56765

SHA1
6462e9e62641319939a69480a64d8d6b1a5b509b

SHA256
2c79d3621844ee805fa8c0f23969dd4fd9d22f42afe975cbc5803b33cfc86c3e

SHA512
f00b3e85a270a2d7525b1701774881fa0e869686c5d6befe1f2576eb21a784f3740b8db08c8b902666a7f10e7a716d2492add083b66d1da221dc0471a8327eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
726da928af07843f2371730fba902562

SHA1
5d972427903bfe2b096a236f5c14de9109da7a0a

SHA256
603b6a839c6eb73926048fa2220aa8f20256737ad19cbc4d0192e8a232eb12ca

SHA512
de00b7a6d4ab7c8781dc51bd84ee05a4c6614d61f983299e88f66ace893cb24a111c7c04941b862df6eab063d8d4a5d07b071c4d2521db46be9559c7c6b35d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3c6f9332a1684471f57d07e52421538

SHA1
91f5576ce7315a8800d59fe07e04aff853811812

SHA256
047d3f4f396f19f7d138ae61979ad5b7ee483a8e307d762a494ff457f2687f8b

SHA512
31d6fc07e86a7887a260d5e593d5bfaf2fd870b2911b2942c72a571a110d38de5f491b33f41556ac71bbe97e70f30650f048413c68fe04d3fa6b79bbfde2334f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
16c8aa2c0fa0010c463c09fd3d115a4f

SHA1
e8692e1300502f8e6a6ff6256b0bfc7710887d62

SHA256
f08c99adfd01881110dc32b714a183e4ad1799b1aaa2f96f40e2e3004343158e

SHA512
02de4ba2014aa0532186621fcf567b209e13e9934b8137c9c6293545f1541340ef11f26787a5bd1db835417cb202693c05ca8f67475253370104bcd8227d35b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2f44b331ecc2c2706d36de77f20175a

SHA1
690fe1979a0d3bc9e15c0805e0ef94060a9c74d3

SHA256
ad0f7af152f57fd4a274867e52318a3fa731f4739ed53cbcf6f1be838bb43a54

SHA512
221758503d5a735838bae3022629017da3b9537e05086442c623bb36e79939f7f0ff420f54c97afb0b751e9ed29b2e315a87bacf691ead693b8785cad914583e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4399ec98122546d245af979aa6aab0a6

SHA1
e7fc1b51ed26c8c51df7b916ed4c5a6c19c2c2d0

SHA256
7175591bfe531133cbbde0a83a1b04769b3bb6c8ad7cfb617132166442ef92f9

SHA512
4d7ee02ff926b64ec95ef7b0b3a90b9f5a5ad93f87b4f953b1d39ff0c5dde87affecc13b00713ac36e4fdc96e381af2c0ba80434a835a59e4ba5d0e4b078a013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12655111e78bcb2462464013e7178cde

SHA1
c2ba2026ba3a4e82da957f9e9eb202c4d76930e5

SHA256
4dff4ca9d0ce51775830f234ef43b3263c03663a80e6863706f766c9b17b0538

SHA512
55fa690295b15d6d073c9469c3b46a2361b0d33314f9083bc5b0712500239f6a3d0ba6da5bb88d7155bd1ed408d40c9b1ce195c296989ff07773ea0d536bfd62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4418c1de989a767374b48915e700463

SHA1
10917e1b0cb41405e2490f1b4485dedc31f4aa09

SHA256
42d4f15438bf835f303251018fd2f3f8ede5fcb3820b5981c91a3ab7ea4d4435

SHA512
934a0e7f16317f3a4ce04226049efe779cfe99e74698ee95b9e4ccb6d62740c3e61382cffccfe66e93f93adf7b9a4f19631a9091bd2d3741984c8232cfa2b87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
26KB

MD5
1231e0cdd565feac439ce4740793f03b

SHA1
b8ff79c0e53f27d9600b7e6b44ac626b12794ca1

SHA256
2ab599235cde76f1292c50921f337e1b585f022653400ad9b0d37789a0528f42

SHA512
38b72aa7c8948b13d28482f524a52bfd7390c770d8e252d1601ce3b49ac04d80632da4b776d50c093fd97f5e524150e07981746dc60246eedf70804f56d230cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7b220e373c7039eeaa69c17e0b0de1e5

SHA1
114a18680fba83e2245cbe84bad06d8180419ef4

SHA256
2262e871c6e8050289aa122f510d36f9ad2e0e269097a7d27d3141fe92af58f1

SHA512
031098994636e326928c8ab29273d6adbc9723e8522503bab992f24e39f81d0ab2dc42041d5055197961df01396feb3b74d4759dda0571ac403a6657561357d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585aae.TMP

Filesize
48B

MD5
04c55d581197e51becfa9bf6f7261409

SHA1
958b4acd7acb7029cdf0680cb96cd4aa15e76871

SHA256
092a0f2454fee2e5367aac3d995c5dbbe7ea68d04992bea159ab9d7315481bfd

SHA512
86ada8bd8e1717ee788222c8b93b08838bdbc8bf7625214c932291717d104aeddbee0e5ecf910bec2c61d51e36471c753932745e695f570254dc6a35a22cf3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
57f2a006fc1bd702a64e817ff5f40879

SHA1
d1aef9401d0955f0a33eba3cd34846a4ab7084dc

SHA256
1453d8487501e1e2a2f3b406e48c52ab1f21d37d80aa3060348839f660121c16

SHA512
142c4c091ee9bb12732fc3a6f1714741212b3c3f42bb24c1b481535ded42b0ea783190d5a63610f7123c85c96a58b1be3edbd855de0c6b77db95423e1eb6d360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
b8be1e2bcc8cfe8f07803c7a4c191dc5

SHA1
3d25dae1a2f590582e843e902a04125a18ce8dd3

SHA256
180f76b9e5740b38ab5881ef23e506dc562431045d6648bd26aa98cde66fd082

SHA512
e0ea5d912dc6d05c40662b1d85d0f98e709a9607e5773447129253b6155b00452ba29d380d95f70d45a319cdb6a6f16d794a901175869332af901e40a5b1d24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
863cff7f964a3f9a59fc816bfb483150

SHA1
5493e73593cb4ba896aaf0f0ae4ad657f86d20d2

SHA256
1282c132bf2fcc8829c9545663d66555622ee678ceb6a5174000db8636780f84

SHA512
3cc6a5b34d6a3339062799059bae3ab2f15eef9411fb9d5fc634cb3940e7e86dbaf88f44c0ed9cab3f980f270901142ce054c7dfab67a4ca34afe66484c3b168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
5b83c7d6215f88d235db4fb229f1d156

SHA1
d75b937d4dd383c0daf30b3b58fc1d7a3fa36719

SHA256
9bf27a7cf52fa44cf5d7a51c1187a6eea9d59351f91e70c7ad341801ae292c78

SHA512
78df2621c9ad550739988a139d032c37f9cfead255c88ec75eef425fef45cca64d72ea504e7113086d86e5a8a3c1458a87b2b5eb130d499e9f6b571a48100f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
c85694e17f2bb760d89b84966feb0801

SHA1
0e5584c2411b843845b37ec925eb7e296421f83e

SHA256
64dd9cd1bf3d639cac6bd2296f9fdbc69f824d9c68211264628d211167676c74

SHA512
b46b68c86050b2a77a50c8a988ede1d4c7b3ab2d66f262d8de386af50b0aaad7c33c7895157e81624d63071744779804057a64e7bc929ad07ac650244b92919b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
4ae5b7b89f1e51dbf00d3fd98ee4654c

SHA1
2353b31171d46606e5c5c237eaeaf61ba6db4c6f

SHA256
c9c93d942ffe59deaaefb197cbd2040ec7d8daf03e7102007ff5a43ec9a5f4e7

SHA512
4653375d72e051b3a8825cf7f0f5c851de2c2a19c4dd7126c2435e546328257fda6d74e19c12c2ef97dafacd6cc6e1d1b15ef027dc1ba8a04e86d40090734fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
c93fd2b6c0f534e3d694c7284864483e

SHA1
5cb225ad162e2529b4c1182d112fe1281e2e268a

SHA256
2781e7fa4903bfb48e4113541c066c99b95ed7144c76b56e5cc4e0ccd88cfdb9

SHA512
8bec55de3c4bbe6fad17d9211f43cd55b8230bcddfa908409f438bce6eb395a3ec05f70e38e98d6b62efcbbfcfa50affd3ebbe725978b61d130c58793484fe18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
e00c3975b27d589fab25c2f2f6a7c2de

SHA1
cffb56d81583e908a2d4a4fb17481cb8fcda84cf

SHA256
fee11c9eb5154267b38e19d64194c6ed9f91b83d9678a9c29344523243cfbba9

SHA512
d6e51febaefdc99b91357f26adf8de8ae7b7b98574cbfb15688aa31157935ecbb5705ac6d26e955a474bddb3e3bf6b04b25d6c38ed51a082907b49c00e9c5cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
bf46a6be8f7708a870842339caa4469a

SHA1
141d1168bfc3b30a4e02af277ac95ac88a8496a6

SHA256
754bb23ca67e4d52634eed1cb7059614fc0329240e81bfcc1fe57ec17edadf77

SHA512
48ed1c34b887ef511fb7b986bb8972998803272158c06918e88a9b410efb21f6ebe6d510a17a3b18e60d1d5f9445d4f2a07480ac08564d35e3dc5e60e4e27f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
5c6e86ffa5c84a12b8dddf7bce93f723

SHA1
502e4784e2759f2b2d28def34361f67a50fe6d1b

SHA256
e29f1062d77c8ae09d3b7dbb43f40aa37d891847cfdc454e2bb673e376cadf06

SHA512
ba9228716b09bca151b683ed55207b01d1597fe8b2216cd2205e492c5e88cd6144b40d8fbafe700339b68b4b737be01a7a9899405fe26bda793a97a9cc302791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f29489df541c5edf7e1157692dbe871

SHA1
1a591b7a9ba287f0574585caab64863bfac84caa

SHA256
3182f45f7851b9897f03578c4091d33d5b4b2506ac937f7f8e2dbc0a6946b62e

SHA512
b34e03e7fc317bb212faec0ba0135369769ae587b1f8ea5e6b30ec2a7bfc7fb9d6256c265f2db0da8e77c16c5b56668702627adee66dc829756910f255c0f941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594608.TMP

Filesize
537B

MD5
d0b749ce01906e25d3f88d925c00f742

SHA1
24c29d58172496c9d04c680cecb756e4e55b21cb

SHA256
d95682cf79341dc01b67bbf0eb086b8430f26061009daf65f8a0a2c775f5ddf8

SHA512
736a64c4329cc005707cd7bc3304bfb0e07e7292819225de73cfc1f68e48ce651ade168f68dbd67e0733516d5df1a469d378c4e11f796a358ec1409b55799aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dbb29d9b-7e05-4a16-8918-b1c594caad35.tmp

Filesize
7KB

MD5
bf8341f3aab906c7c8095fbce5ea9a62

SHA1
96be1fd1ccb2b38f2ab2b392024dc87198cef670

SHA256
2178411571a8cb8a0cec9138fcb85b9f23b21fdada3556b5391a0e5d5f79ad04

SHA512
4bcd9e7b20a5b96fb02fc7d551a1a9087b301a7b00e21d90bfd761e73d10b7734050cebb9d227fe34bb704fe4e25173f90b190669d5020baa785d9d5dfd629dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eac741dc2efeef7a699f8abeec06a495

SHA1
d63cd1caf4d38c7f1819874154dde468a3f0465b

SHA256
70217871381a5d21cce05c0f56ac98b96393290e43e2d38489d0c29f96553170

SHA512
ba340b801e7701a50ec30b2163c18945d8489190c4dd3a3423eb949211160de6a2e7db5702402b96a5e6fa68763b71b7c5d0dea3270aa4907d6047e6f7e31d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
26a0a7b1172d6f2627e5e57bf6b26ce5

SHA1
3bd04252b80528e3fb257661c39919bfc395eae0

SHA256
97c2aa13966c5ac41f05bec9969addb4600e6a7a84e4c609e687f0be51ae30f8

SHA512
131db0d5fb5e85467f9a6432e196177cb10eb04cd601d747ad5e2e3afa45c50f27da4f9685f20997a99a9c601d70bb89ce6eaa95cb5beaf4c5fce7e776f9b8e3

Download Submit