d4f421c985f1786f603bd1eaf4232d5a0d56b5ee8a7f02e0da978b478f060af2

Resubmissions

03/02/2025, 23:12

250203-268lhaylcq 10

03/02/2025, 11:34

250203-npmqtazlh1 10

Analysis

max time kernel
334s
max time network
338s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2025, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mediadrm.dll
Size

138KB
MD5

be57543e1b5b2978abf5d27690aeceac
SHA1

95bcbbe4b6745d42cc1b4b56838e6cb04f136b02
SHA256

d4f421c985f1786f603bd1eaf4232d5a0d56b5ee8a7f02e0da978b478f060af2
SHA512

d03cefeacc5bce6873b4aca253085001934d099199354d9a5dbbc86d075013d91552dce1727a968db96ad9de35da61f58d56b95116bec4b2f5574530275fe797
SSDEEP

3072:wZrLn/uERTyiG1YXZRU7Go0F+7U6YcO+:wluERTyB1ARUao1/R

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page 1 IoCs

phishing google

flow	pid	Process
51	3424	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3144	msedge.exe
3144	msedge.exe
4700	identity_helper.exe
4700	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1516	3144	msedge.exe	115
PID 3144 wrote to memory of 1516	3144	msedge.exe	115
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 5060	3144	msedge.exe	116
PID 3144 wrote to memory of 3424	3144	msedge.exe	117
PID 3144 wrote to memory of 3424	3144	msedge.exe	117
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118
PID 3144 wrote to memory of 4812	3144	msedge.exe	118

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll,#1
1⤵
PID:1688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2032

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4192
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5600
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5840
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5824
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5884
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5868
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:6008
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:6028
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:4808
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:3896
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:6100
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll
  2⤵
  PID:1400
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #0
  2⤵
  PID:3444
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #main
  2⤵
  PID:2868
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #main
  2⤵
  PID:1692
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #0
  2⤵
  PID:1568
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5100
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5668
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5720
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #1
  2⤵
  PID:5744
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #2
  2⤵
  PID:5092
- C:\Windows\System32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mediadrm.dll, #3
  2⤵
  PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea1e846f8,0x7ffea1e84708,0x7ffea1e84718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Detected google phishing page
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15520966096650990864,14611588934880816684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d071abd21ba95452bd70e7274b2139b6

SHA1
75ea5ccc5ad04b9634e377b286fc99c448f07891

SHA256
973e07a348e7b2dba242b74f59a5d3d690842f19be76dd15a5e693992f08f142

SHA512
af42a390439b837dfffa305f21fb573b6f2028bbf767d7dcf239900fbcbb8d4e7015d37a8c52bb513bad60f6f5039d4e699acf8b5135b24e8d0e26a1d96d9b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
102f253d13f1fcbd58ff7ea07502d0f9

SHA1
17fa9662f4778117d415f7821ad2f9eb549832c1

SHA256
6d75e75b1174af3c7b730d9d4a397e5c1b53c6935f7c4ea675da4e42a9f6559d

SHA512
5401a9bd5aab0b6add34e79e644916c3869198b3310c47aa8a845ab2d4d566d973c2a56e888c675c96bd04d2e1cbc756189f9122d6ce4b88cdbcbe1186ca7eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
06e32a5d1e2d387ce562ee7aede8192d

SHA1
67f9d64c29663f6865d0d134db189938a92503cb

SHA256
46ec4156584d2cfcd0ea2dd2eed85a0545ddf4e30a8c20c26b2ff3fc7c065317

SHA512
0d1de74efa671be757ac49d1b864ed89cca90bd56114d79432ab91407ef5987d4f4573ef3f2e307b32601ab335a43f8cd1860954f986dd5d887a02ae37ea0717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6501ccc4c40c4ba44bd1c1c893d1e504

SHA1
0f94bc9778efb9cc8c61d9874124f9bfce9ac1e7

SHA256
dfe7f186a80c47864fbcd316176c06cfb1010f88943e79e3ec3e4a8f6f6a7260

SHA512
8de16d62c13a632f10b70a593d25be349f261f748510a58534dd64907113ad401039802077a376e7ad55c8315bfa1376745b2f9ae1610119e78099273d77cd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
51697131c1ecf0f74b5070a0f1d9ba0d

SHA1
f19cd1a83e225171eea63cc28dc13e1aea7bf6e9

SHA256
986a1b69997008d779602ec978bb89e7119c8262e906cf9b4638c088351cefcb

SHA512
9da4051babc50e5cf189b50d6037e4dab7e0b611ee2af63808d355561c8426fe444eb673a525d9e846350689f8619531744492e2bd76a4eb81b4ac1407603d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
959d6483ce3ced2cb562198275063ded

SHA1
fa47e907a62ac705638762834a028b8941cd7793

SHA256
3f042ef899cd8f6fe4b697e234155941291ab7bd7080691d2926d1eed93e1a57

SHA512
13c895f37c3c9c8c5a9cc288bea59ed7bbea179b3a0562f69abaa605f8bfd492aebafca9da758c894feb2b1890db55483e59d8f91a2c139fadf268c963bd5d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a1c9860c53ff19357572ffb689f996c

SHA1
987e6e1e09d37addc682912517db51d738dac75d

SHA256
6df8fa661dd4c0b0a19c1ac72e2bf9591c320a6f9f291a30a18f382f672db270

SHA512
75b4b3d57b56261db9356e2d26fde163e751df67fb517788c4507492ea9947c9dc04f2f3182e5a49d234da3e43129fab84ce66754595ebfe3aa26b6d8613adbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c77ca81b60668938245b827e92f158ec

SHA1
5378c8c47a26e828fb971c1341da561a01788744

SHA256
149edba798c104612f88c514ac0efd41fdead0b3a335fcba64fa94d1869d29b9

SHA512
614fee86d01f31a7f495a8b111a96285b81a95e876eb0826838cd4e03c5ced885cc3342504fca874c69da2fc32a9ad2dde0bfbb88ddbd921e9d73957c5337177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75c7df931138bb81c20ee393624649d5

SHA1
23bb3410be9b5224ca3e3be07589ea969dbc7110

SHA256
000bac853d731cf90d5422cbe54f02115b41188a113ed11f8be50bddc7bf3fb4

SHA512
1d00c1afa22a4d4946537a1cb5574d4d6e98f4f283ea2005279b0cb5647097b3991bb4bf6075a854ad85f6a98105518d2d4397197c7c1deb2a62aa27090c5103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ff4b48572e47cfd84f1d5e29bcb6de10da1db9a7\60b470a3-9958-4d80-b271-5b659ecb2b0a\index-dir\the-real-index

Filesize
72B

MD5
9fdc4523f8c46c547bdb5a57a750a738

SHA1
673f950bd276c4725d6043eda325d6e0a96a7a00

SHA256
6a6274ac80fa62e58f55ecd81bf9b77113fbb2c2a6530982561201c7543e7ead

SHA512
57f4526cf6f7b92e7f0e82a84bb4c1946494738c80eb6971140ea3cf275eea329ba509eae92334f9b90719cc9761ea21c0cd1331e1da407fa3aa7cb7ab759d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ff4b48572e47cfd84f1d5e29bcb6de10da1db9a7\60b470a3-9958-4d80-b271-5b659ecb2b0a\index-dir\the-real-index~RFe5bacc7.TMP

Filesize
48B

MD5
11aa44cf6e07301220340804a7177bde

SHA1
47ad7a8efadc0f3335750e328b679d5575268ee3

SHA256
6630364d67a43572a06b920f0c03e884cca9db782a61e352e460b4ff61326dfb

SHA512
750e1b4fb69d326dc3e4cb7f71110499c3fd5af67f385f52f2fe552de1663b0e82eda0e068062e21f20229c40b6a2deff2372cb400e0533e0a1dc64642186241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ff4b48572e47cfd84f1d5e29bcb6de10da1db9a7\index.txt

Filesize
99B

MD5
5a2c163371315c3865e17b38e170f963

SHA1
274a1fe5c2579703b403001a9073092f48c79e59

SHA256
4237701793e4eb11316314512d5814b7e4ebff8d32ff0444284c1988500e3569

SHA512
2ab43afcf7ebaea4d8f2d48172f665d731c8e67ac08a96f1f028f0403eedaa98d5360f4643497654a2d7933ce17115a52b7e7abfcf846e483262e5abe0427bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ff4b48572e47cfd84f1d5e29bcb6de10da1db9a7\index.txt

Filesize
93B

MD5
349f4be58260b3793ffc6ec09668f196

SHA1
6fdedc1f002a959e0b23afd487c90f99e4c6fc0c

SHA256
45c598b738a4a85158f5069ec2c902fde77e6a0df98510396306dc8cbbdef14c

SHA512
097aae262c899d448d8251f545b36ab547225f526d5fd7b52119db23869f3da19c4b2bea47e00440eadfd0c87beff5ab3ca12b39038bb830f7ee784ad5fb802d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35d6bb896dbea85671917c18e370bdf4

SHA1
35c32fde897feb5da7b831ad0f9e1e1238c55a04

SHA256
57513b841eb7636c99e23d2b313ce72194c4ce8f4b13934d3b4bcf81ed94fdfa

SHA512
2a7b6bcbc3b222a3056a52fceb47199fac090913ba0150fc8b7d5dc21c079cedcc7cc2d70cd67124f8edb570efc6463674ec3f534fa32b66f819370aba72da1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5babcd.TMP

Filesize
48B

MD5
955d1241ab06f5b4b148cc106fb34432

SHA1
26c3cfb041803aec1e1f60c1bbd13b04abbc5a0a

SHA256
51cfbc302bc9fb170a0f76a2459bee921617cc7336c3387b492d0e11e01b5f96

SHA512
b9d11034fd3e009a743c5205800ceadc582b1e348da3637e8b5ea0951a132da6e50e94466eab6845ed117d41bc5eea15f67c9eea644502427179edb22e284bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2766cec506a63c231ed6f74b97b29e1b

SHA1
8b25e77aa41d5729e5cc818dcc409c944982f0a4

SHA256
aaecd29bfe83c9c57a0dab906d95a107d79d4854efbd9f30cd06c40e8c09b99a

SHA512
c0f9a87807bb0cc7c5958d039de6976dc06c5b1e90fd77f4ecffe662bf219d30eeb30fc2283a760448a8036f60e6eb9435b2a01ab09acc90e1c54f5bcdbfa413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
267e104098fd36f3173fec7ffbf3cee9

SHA1
2512f7b8bd9ec94e3a342c784954a21f9ca31ad9

SHA256
151e737fe26f61449690820fa0068f6e810aea5a2cbefdda8b57b05e3c8dfb6c

SHA512
09577af12614e35925691fe6bf26d0e310cd0079bfb4be40781ce4641dad4864366b061f389bfa101bb5ed2286b471216e9d642d33876a9996932ce7368104d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1b1c64b92f76cfced5a5ffe1bee7bbae

SHA1
af8e8ab6a5c28b4c0078dfd23306e2a667b8e5e2

SHA256
128d8e0adee9d14d553c8d91ab328101271a71ba6fd24d34f5be958f9f279f06

SHA512
b04b1a1a8829d180d0f945d7380db99390f529e742daef03505110329e2120ca406bf642e984039ce7150931de3642aa8d978f37a97e53aeadace983adef2d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b47a4.TMP

Filesize
538B

MD5
14ccc39579c804346aaf06836b066a4e

SHA1
0a556adc6b738dca32c578f71c166bb79b3b25f8

SHA256
71fb1c12d811a09356a04fb72f06ef80322e4cfdc5b6a7e617d5fbfdec91369a

SHA512
dcae974504c20b5a07f805c0314e4b1d97b196889dc5282fe658a38e44688ceb21fd39000d240ecce65d9846fdeff1a5dd37183f57831c0bb853608ad30dd51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90e2520e7f7c48d66f3f1f3a78f154c1

SHA1
271c0d06c85098d0f6443f3f6a709f4b8c3ee79c

SHA256
8e32b7f5bd167efccdd4baa209fd9f0f8104af321d5aee284adef362fe4fe60c

SHA512
988da90265e787253983d930042a2366c70ce70973abbfc5c71afc4e6126df57c531f51aa56dc53fbe41bfb2550cbd11ce638cb182da36dbb794e1aa6a3e33d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49b38f7809eea7c1e1bed4d84382cc71

SHA1
843b3bebd76bb5252a0e5d17b7c01c1e2190a123

SHA256
1626cc2cc362b9e2cead031a65ab327342d1afb416b6b7d2cca64eb171a3190a

SHA512
af2acc1dfb3dfbc26a42febbe6f13d86a9fb91d6dd9899d7194f5002d7c02dcf1693496f61ede51f6d6cc8b18b7f602593c09369390fed2d5367f2d009b25c6e

Download Submit