hxxps://is[.]gd/EmvBKz

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2025, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/EmvBKz

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
4200	msedge.exe
4200	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4200 wrote to memory of 4344	4200	msedge.exe	83
PID 4200 wrote to memory of 4344	4200	msedge.exe	83
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2128	4200	msedge.exe	84
PID 4200 wrote to memory of 2432	4200	msedge.exe	85
PID 4200 wrote to memory of 2432	4200	msedge.exe	85
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86
PID 4200 wrote to memory of 1012	4200	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/EmvBKz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd774046f8,0x7ffd77404708,0x7ffd77404718
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12465707153354490949,10899327157141944812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
43KB

MD5
7f2c172ca810d85c0596390b4ab21df3

SHA1
d4acb412e626e744609aa326247bd7eeec469bec

SHA256
4ccac6b00b8d6b7bec9886d8a23d84131bed955d995a37b5017196b03d1edab6

SHA512
961fd847cdc7b7c54dcb5ec19e3446701de454e9d06e1e2025360a1d0b426d204fb8aec90b854c7b2dbe3153aa66b5d90ba56f8ac6a8bc996177642d6f55c263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
99af5da82ee74e7d9502225446604614

SHA1
7deff05853fbf1528875f9c358b8a6a31d6dee5e

SHA256
031fe7ea42e0a823949190f13ab143f1d9d26fb0b22d863b582593a37cbcda9d

SHA512
7d2cec0882df88edbb4789fc14c7721f6dca5681c85919ee1f033d5cb2324f9c1305707bbc4c534e0019a2b163291edf4bd65c374e843d75174589e7148aab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
24KB

MD5
b201e8da90ef456598b8b3bb0e31bf53

SHA1
8bb524c8e9b17920c83d9a06c0b305e41cfca560

SHA256
2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665

SHA512
50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
36KB

MD5
80c484a058ca2ae0f9bc62a38223d496

SHA1
8315360b781e7161b79df6bc8def9a66db7530a9

SHA256
d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a

SHA512
5b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
4d01e326592ce2f559ff1613a10a00f1

SHA1
fb1c762040ee1e36bcb7c44674638b32040fb74c

SHA256
56c9ff85451fcbe3d0c8a80051d5cc690d9731fbdedb6549b4386c6010519078

SHA512
e8f9cb416f7ef90613812861ac6033d712526dc3fa11ef59a1b5929f649a063c176024d2e3e3cffc5ec33e7f516e5fb3d082947b059ef812f701eabaff17b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
48ffef4fc267c7350a37339001bd1a02

SHA1
9379041d4d542c116b420d014c7ebb68137a008a

SHA256
254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873

SHA512
34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
7182dab792dbc9cc2928f499d10807aa

SHA1
edb2741e45fda4b9707f16a8c4fccdb4567e3607

SHA256
90468387a08481e00d3a0366954fe8b71bcbbf0037cae6e67ebd8c54dd742a54

SHA512
32ac22dd170e8a52835f45e4fa3b719c27ac5f9d840d62f5fdcee3b8ff0cfac7327723faa4a0d1133ff83867681cd857e72fd6bb96b663ef6267c64ee0c60de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
40KB

MD5
46f57737d50e34053f1f7633d74d600a

SHA1
ebb8c24e34d2f6f7e25de8ff516cb46ee8dafa36

SHA256
b49341286ebd650e4486d60e7bed27076f7d583f825f7440faa15d16ba3714b2

SHA512
c72f440d2a1a3fd6be82cc8c2b10a15f045f0c3485d734ede9fcbe436ba1a9f291830830005d386458092a1a6df1431b58cc6ac95fe2ea745e74ba70b050f2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
150KB

MD5
52344bfd16b4f6d1dc61922468458ce0

SHA1
142e9ec2e44f56e7e97f243624655decd4ee75ca

SHA256
d4636d2d08503bfd82c4e2a614efaac77ed9aaa38793703e16cf8f73b445aefa

SHA512
4bdf08a37c220abdb1ff30a30b10573082960ea9ad4118d3a9abe3e0334aefbcbe07eb60cf17d9f8f4539c5f719a67c803a452a4e79ab64e71e7c7b83c0de172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
268KB

MD5
0f6192618cc95b90b08c888009300563

SHA1
20bc0faf53892a8bb835e3dd7edb4794dc8f7446

SHA256
6bd273b2441d8135d9b18cad1c0a71b834105e18607fc5d1db1fe66e19142855

SHA512
50d6a2f2b9753319120266379cd8d00e5af547a7fd0117d5f3c445c69260f064ebe61074727c98391729cd0b0f44e3f30cf5e28921f27c3a5592ed2cf1d1c3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
34KB

MD5
0463b35928bd2a797c7f05c8036f12a8

SHA1
9741327aed844ea35b2576760969b1af5057b2e1

SHA256
2294df1409a23436656c7fb5ce2f43d3b89f3f814ac86511528f47f87c6b582b

SHA512
a82cd38e03a255913919c8fdcad7fd56d1f8b0952d90dec4c43a15f2f2efd0b478e3a67717ed649038c54bb253843e5cea28f4c04adb39b0de568a04935bca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
30KB

MD5
f2fcba2bbf60e3be5ae9350007951164

SHA1
720c52bf4b6839eaad37bfd52dd314f1f3b0fd73

SHA256
ee3b0183799320d7f188c62a44ca22cf40b2013594649b4c1cba0d7385a27a10

SHA512
0dbcbd165d7cfbe46b7fa0b157973e35112a8e74e1caf5359f11cd2e09e4fb225c96b0448a86b756d5916a22e9666f24921f5125cfc799ed51bcfeb62d17d53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
17KB

MD5
78009b0bcd5f695070babef7964ce279

SHA1
817fb69778754c2d5976909a48525ea46136992a

SHA256
a179f5a994b7974aec4a54c2af8d07d1d0d9d2cfc66c81246e1299a5a0b1ad19

SHA512
922be73fde8d54afead642c60b480f7c2d54fda6c840cb6976b02f10d12d67df749b5af21b7e441342c2007a17287b1ed55a9dc894638ff8fe21454be171b42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
ca723d6fabfbfd032fc2716eebdc9570

SHA1
d189cedcfce4053ac7ecaac5608b1a8d3f563405

SHA256
69e7fee72e3437295c892cecb4e4f32af8bba9725a358019c7f2eda1e2b2160a

SHA512
b32b9b7ed6c5db747b816093f174d945c835afa7e8f588b9cab5288739ba6945c4a7a169a2bfc107c4f9cc8d20416ce864be7b6b83b3ec75a8d0756b50cf145e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
53KB

MD5
f50541958f39d0f2cad3b3112d0e3a02

SHA1
e4ca9359553d047cac275725aaa6cb01194bb956

SHA256
533528013e9e1978adff37231678fbbb9f80434425fd7b13e196f91194651766

SHA512
cdaabaad8493a8fbbea2713e93a9563aec8d29591ac13c2a6bd1f5be9fe0ca8b1e33a9fc9ee51e579d79510e143c30831d7edd060e32e4fbdaf39b62bfe05267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
65KB

MD5
10f463b75d3d7b4c2ad97ff70b8935c8

SHA1
028355fcc04f4fbf79fc0944b17dc29fc0429bf7

SHA256
8091287cfdc332a4e68026302f28d0d15d28c4a46c8c9916b7d7f6f8bca06bc6

SHA512
c5a384d61b96aef6fad5196dcec42bfa7e190dbd171eeecc711262bb9cf6487b1f32c13d299b2a3a053f7a9721cccc6c3e844077df639869dc55d3e7530554ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
16KB

MD5
7bd08e9630e9c60a5d6c72f46b6945d8

SHA1
3309a46762ddf5ef9ffc015409ee7ff8804786ae

SHA256
8d8b3694b450752e14b2f376eba29589b0c9c31512169beb7e56310acbbd0778

SHA512
8b718cba1b1c66930efcb061e0eedd542a2c2fddec3e689733ceeeb3d8bc882cc014ab6d23ae1483c490ac38a5c35e6d3e3258b6e56b31ee7755bb7b6ad2496f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
18KB

MD5
3a89ad3f879e00ec76bf99c5b26ff433

SHA1
ce76f802547972a4e2e81af6777faede59f0d1ca

SHA256
4b272584cf3af27124948620c34e5acfc912a15f55061b69fae64b01fd35b28b

SHA512
208988fe0fdf965b56c067e774da15355c6c9f118cdfa16a98913620e11faed1b5a394209326cd4295cb877af91772f924426e1e32424404803eb81ce7329334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
42KB

MD5
20d616438ba3649d5e38674bc147c5b2

SHA1
96cce3481df5aa13973293981ae4875cec0d7b3f

SHA256
823e0109f8f10e6209b6b03a230a842d75cac4acedaf1774c635d8cdf99c4887

SHA512
3ce582c312b6feeddfd94f0fb0be198300c12320fb04f64cbb49083188d264090bec3d8ac5ae9e74c95ed5a180354c7b17403e337f37891d2e7f7a920717ed47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
35KB

MD5
fa607b90a1f1988f04c533705eb0b244

SHA1
105cbc22cf0cc15a27337bbfa9c91cbbacd97d2a

SHA256
5eebf25b1ae4fc1838001ec4b6532c206b6c62560db4f409a8f2e130d48ca9cd

SHA512
4914f04d5ec6bdcbca477ca6073b684a008e474df06495a9448c741d2f76ef4908f616a58d551346251e1dbdada50aa768bf9ab5f07d24ad01f9f7570b1f2263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
217KB

MD5
fae7c0c1fea62a8d4893dc58346e4662

SHA1
c56c049a5cdac1636359b86826ad7beee9c0f607

SHA256
7618db60f4ca62ac841775321464bf4def06225522b5b1548c6903613a9207ef

SHA512
07639066c5c7f82b8d5a23da221f76ced47bec1a9e00aa26d13ad3ef7814f3394031774211d72ae25b92a29633156c8c9ffa0e2b15cf02e203584ef2766ae2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
962KB

MD5
98eaf699f517ff88bb2f595bddb2c5d8

SHA1
eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca

SHA256
7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582

SHA512
7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
ed9b742490df8c92428211ec6f7b15ad

SHA1
38b33b661fa25c09864adfe83d82614cd99ecb13

SHA256
fa96a588bbdc15603478dad0da0dcc003d388246694875e546b375da5699ea2c

SHA512
836282d0b3b0c09e56d3c18b955a4db91a0a98a8c97a810d8cff8028b5916d5ddda9807c72cb43b45b69555f1d648b228d35ba09d8718693f6026f42ba313310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a003f69a8eec77a8f60efa1979610e46

SHA1
4010311d3cc90fe5b08aaf3366e4f004af71efac

SHA256
0cd5f3a04b1a1056ffa43f6e189636150e5cc0fc72d2620ccfead8d6fd38f52a

SHA512
5e2167ce941f5d58c85354473934d6af4c86fb8720c43fbc5cbeef9e76b37a517bfbe1719e4ba1ba4336d7e499ad4d92b03d62cd8efdf612d46851c3c318421b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e97b7d352490527fe04b6378b5cf30e5

SHA1
60e8195e3da5db803a265b2af48bd234c1adb44a

SHA256
44f82639bc386f7ccdfa7a5051d56385198ddaf81ab97cecdc0292a77db188bb

SHA512
2ce24b0e050a7f95af0fe37a65ed09bef4635fe477948d7799fa2590a37d64cff847a31120009d729881c03804b5ce1eaa49069e9e6a81e0afe40fff7c55b40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b69434a7b43198ec191c0fa4f42cdfdd

SHA1
88355f62395a6b97ee0d0f1b8c5b70546d25b290

SHA256
f4a96db9078882e8c438bac1823575a247b5de6e9a0c2124381cd977263c9c19

SHA512
fa48a82d9602b05f8a9bfd03a2e8ed17b5dc3e219441560d2482d01588a8c38aa8b6cc728ac5a8404063f97057c6fff9bcdf3637e7cf16ce01a1cfd032bbac23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adfdf38b1aba3981574ba840ecd3f5ae

SHA1
b3cbdb33b8c46d7d5e5e2d52cdaf7daaf3a91918

SHA256
d1cc30c426eb8d6630b01595aa4f0dbee10fdbb2e353efce4a026ffc97621007

SHA512
5c8c4395771c57c02aaed77d8437fb95fd5e41bd614c5a4681f71030817e5110ea3d12542bdeccd0c352ab6f83cfa5f88bb61a52449979ad5142b127ad9a1e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1c5b961434b9dafb9d92035427f97af

SHA1
e2e4318f28bdde431cfe1310bdc5d4afd35ad04d

SHA256
2c314b9ec0bad6be99749bc825e3a8093ded52090fcd8fec973ad0f20be5e27c

SHA512
8f79e3eef9373574b9515840ea621be062114cfdfba62eb38d4a9de05305b1f44c7838404820f07eaff16013bfe5b43372de0de081c2bd9c0b4f319d7560dedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adefba6aa069c1975bf77274e8ca6d1f

SHA1
a3c46bda31c30e117e7f76773c8bd66aebf49f95

SHA256
3cd2cd8df54e7205626bf1573174260c9e07a7f410075efbfb5373043deb2410

SHA512
35b7d7f55ea5cba664599ac7754afd8e3c20dd94c3be08cf8e5d7cf88707889709bf90d5431c8e6033f29b13131425a58d508dc759150816c33ca81275159e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1847cabae685974375cc539fc33c401e

SHA1
2c362e0a93da89d4359503fb9c4d9fa1b393504f

SHA256
126c8346e144a64ed4c3dc31c2c6d9136d8bfd0ffeb5ad79e661cf69fbb3e432

SHA512
b46660ae7aba34766bc9bd325c467600582d3c486e7fd79c235a3fba3fd7ffcb5cc7cbb2b051e5332b8e1a87f0ed1947cd6b5a2eb624bbd7d886883156efb657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
70e7979c1632db9c52a8fbae1acbd2e4

SHA1
33aaad840ae2e64f10e537192d4f5089a420ecd8

SHA256
88fa97fe9825fa270fb51181fc8b03178690d960cf33d88a7dc1c54c0d01567f

SHA512
4681d3cf926cdc19ecb293e5728be4b9a7dcf9b2629b5206fdb2acc427e94e68ae6729ffac122860860beafaff9b8bbdd3c7f2da8d0d4ed449dc0cec8bec6910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0c3a8dfda794d2044ef0b3819aee7b55

SHA1
458b1d3fcabd3507de3bef5ead2b4cabf4b51113

SHA256
db6190e8d73eea34539d905f7112dfe609f5059af02a13c8ded733ef74d127ae

SHA512
31306c9269080077ff76442884342ee6738cb69c6f3161ec75da1bca6cbd380208bce6675d664a82091f0063014212cc7a338afdf96e5fa7c9e89539a896b998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c2fab3f99164d9593dc52a4b7172d0b

SHA1
cb29943b5441da3637d14025727fa6879291fac8

SHA256
33db936e2177f89a7c8647efac60a63ef458c4c418c13dd2869f760d723b8be9

SHA512
67fa4317fab81a86d8f547a68677241e244379f67626d3abdbe3b58adc5a634cd04825cd5b0f6da1d0e1a585d478eafb3d5c58639510c601e6dbb0aebd9bcd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5667b921893b18666ffc709639845a07

SHA1
3e9d22d3d360fed270df097b8369d1cf36da13b3

SHA256
a51cc58d91d7b05cfb3461ea1a6daefdf3ac46d6840d24617166c9e9f728920a

SHA512
ef378a9ffa9c70c40a9ed6afaae5cd575339ea59203862e4eb5519d638de747878ba7ed9f0e46f6bcaf8e5fa7d32d9520ebd9a3c2b6fcc6496528f97fca6358b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58142f.TMP

Filesize
371B

MD5
a3c206da96f87199f6a387ee6eaa740f

SHA1
9c1db9656fae015acf03dd5d20210f099da4305f

SHA256
fcea06108d73a2d4fdc77eb4226a00e587ca47736343eda3e9ef864780d702b4

SHA512
36015431910e2cc6bfaf7d81475b6c7aaa7a21854225e9162622599e8ed2232e88288dcce54113c26d329023697cd3e1e2edda7bae0013fa284bb9b10d73f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be3ce8ff-6b17-4e8a-bc86-db0a326ab2f7.tmp

Filesize
6KB

MD5
ce6c916a525e674b868f0464828e5e28

SHA1
4ac58cfc7fa3eeb0c49c84b1268ec33369c1c432

SHA256
4db0fa170723048e8e89f2a6439197852777ca25ec0501e0e3c79c6ed093ceaf

SHA512
9a5b4f3d6997a7c3752a8b975554dd8b8abb0fc7c5234712e0df3c4603f0d4863120f3922643ddee40623f27fdf8e6092b45abb062807b37d0a9d153220f00b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64400b4a0e9204847bfcd1f6e9c3560b

SHA1
4b6898c5ec4f3e19d6002af6ff97bd2ca4581a88

SHA256
d495c86e08323fcb229ec48c246d4acf339f460cca3b262ebd643aa468456ab4

SHA512
04917ad03a36fcbc5baa9835de7942ce2820ba62d7cc3947610106c26b0da69c446d10481dd1507bc6f98cfba92cfe03486e067534780fa7fff14ec355d683ab

Download Submit