7e4070ca62251c07e24edfbe7610dc28763298f767a11cf17da9472f49e4012c

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameBrew.url
Size

65B
MD5

b14c902348cbd2ab5c2ef947aba7d471
SHA1

fc4a7512dec5a728ce21876f93dd19e56315758f
SHA256

1b921a3463bb129c71769ade52c9357c7feae0414a679f44ca03b4b2d3dd6b65
SHA512

32ab25f00d7235d7d8db4e9daa7bf37edb395109e1fd2da0ac5d533dcfb4aaf360954610ab81141f4d0828da929563cc30068ec2b3873828b6839daa33987f27

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\02412637-ebf7-4885-a618-55884d46d874.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230329161140.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
3412	msedge.exe
3412	msedge.exe
4984	identity_helper.exe
4984	identity_helper.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 3412	1560	rundll32.exe	83
PID 1560 wrote to memory of 3412	1560	rundll32.exe	83
PID 3412 wrote to memory of 4532	3412	msedge.exe	85
PID 3412 wrote to memory of 4532	3412	msedge.exe	85
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 1936	3412	msedge.exe	86
PID 3412 wrote to memory of 4920	3412	msedge.exe	87
PID 3412 wrote to memory of 4920	3412	msedge.exe	87
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89
PID 3412 wrote to memory of 1876	3412	msedge.exe	89

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\GameBrew.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.gamebrew.org/wiki/Main_Page
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb759346f8,0x7ffb75934708,0x7ffb75934718
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 /prefetch:8
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
    3⤵
    PID:2920
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6426a5460,0x7ff6426a5470,0x7ff6426a5480
      4⤵
      PID:1300
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
    3⤵
    PID:5200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
    3⤵
    PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
    3⤵
    PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
    3⤵
    PID:5776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6692 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3030230641550852620,9124958302559675527,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
    3⤵
    PID:5236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2ec
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
156KB

MD5
39d40e378a72457f66d5bd7867cf73eb

SHA1
8d3e6ff87a5ea6dc8ba1ea643a8b0a095ab2e5fd

SHA256
b05446eed19959dd37288739a28cad62e9808f432abc28835e239d583242e184

SHA512
c7977b8b7ac2b7e601cb547491d388341d9573a09b9148cb12206431632ea97a2142dfa29c50402d3935e0177e21708945f604f621381d4ad69d8e11c4711304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
677KB

MD5
b0e8468ff8607f9b97e9215b39129e99

SHA1
a6b22cba06650330b8568a69c8c1edeaf4b480d6

SHA256
7242653d17e64c30f4023b0d1902c5079b527e6cc63da1cb0fdcbda88caf135a

SHA512
3a2233367ca5a2ce0c91dc0aaccfd27febf223431921f9e7564f7fe676c5e319b6ede59f808e795287d04f5d59e777d7c54760443aac8b9bca556f2128787e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
497KB

MD5
64e9db5c14894b9f2dc3c3c1c1fd7ca3

SHA1
f121589c943ec4f03533f782fc30472ab148d523

SHA256
ab31e157e421b2bccf54815be9171b5a7b8035837bc1b63625060a7da0e2ad66

SHA512
0a3cca2dd6b3944ffdafd4dc1d65526b1f8037460be4eb32069a2ff55e2cc29b750a5d6a87ecefcbf21f7dde4a8e189dc6064320fdbbf3dc6205b3eecea973f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
225KB

MD5
d644a098f0c7498e46ce3f8f44d65b01

SHA1
fc1bdd868c9116f00579599625c6497ede96f416

SHA256
13e6e4124e77ad6c2b77a9b5db6387330bbd884d53e71718ed5434d8a7d8911f

SHA512
ff67b14e51657f58bca25bf5ab4875c2cc0217b6ae3e7d6b72f6add36a2d1fe877fe0105f2a16f7bc379e33b3d4ead1d146465b9812150ac5a246916a56c41a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
588KB

MD5
c012fed7f6bfaca92ed699b1a8a31ab7

SHA1
d4a75cbedb16f2a9655e309dd67dfea440492149

SHA256
dcf90f2f29e6550483b400716fb8595d5892a198338150091e0686fc98bfcb1d

SHA512
43fd94be899e61b7cb3214a4b0bb918db8e700b3a574132a683a8c435aaf06cb640ba048e92a0a56d57ca1496a28b8664b928f19ea561faa8e9b1deab36f67bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
312KB

MD5
96014085ebb011bd18192fa9a080a80a

SHA1
0a2113f48ad96943e56cc6d1a99f9d39a6f6529c

SHA256
1068e16db72ebc05b11dfedcc72b20fbbbf05b9c893c9f18d1a03bb115e4ac89

SHA512
60f1f7b54157e0f48058ce2c8ffe244ea3017428a13e3bc792f0c811c1cb996ba6ab6a4e8006846137ab341f5f9ad6ce190ade2f5dd47d5ec53398b445cf438b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
377KB

MD5
b00775fc99363e52f09dbeab89f72c9f

SHA1
bcf7ce4c63fda07143bdcf784f5f870c5c14c5c4

SHA256
cbea47af5b3caf95878ad9c325a32f54d6405cfae52bbdc456a4bc0bdb081b6a

SHA512
14bab2c24a05994758c3cbac5e7edb8a62f50d024274d15e0ed00088a2f11af4b692bb01bbcf4eb8386c7a6afbf66e0d184c6182e813760f377922b9a3b05d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2eadb168e3813de279f6a1ec529eb422

SHA1
043ab1d071d5beb0ec7abe9ce549dd4a9b389fe4

SHA256
bc616e2e3bad9e19835e10facd4109fb19753ce09efae31bf4569d04b6dfa699

SHA512
7da0a73527658409694a233b31bb0fe36d2213d1e353a9e3b5a42048f618c25698caee0e849619af132524c2bedd88c1613415d077d4c72f091ddbe1ac74276d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6badba3cc4ceb025424ee7cf3e197fc2

SHA1
3f3d4a2cc28586c14287eb9fff55d7643cdee4c6

SHA256
b68105aef03316233bd111abd1bf50489b6c87efa9faaaa3bb12b63eb9cf2e67

SHA512
b0de2e33a104c7ba59806a6c780bfed5923a3451bc207efeb3ac8fa75df069dbf1bcdef809b728315c6ad5a86d4149d81138b728580ea52fc631e9be5da1a887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2617b293f3cc5c8b7143cf732d49235b

SHA1
3f3da0dc3f838a4addf62ee7789b069f1c8b24b0

SHA256
5854cc2b3e7beeb0e76748aebd2d325cf6e1b6a6c113d298a0861b5faa7c6ee6

SHA512
8d2e08dd5e38552bf8eea058a668b88e1cd3b804bf00bd3a386077e0dde13bd3102adc08e2a4d2f0773f16d3fcc355676023d9bff5c02ebf2c0e486a9d21bc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
a8c4f520fea04a626e2caa2141fc62ff

SHA1
dfe4474212e5f35e4c1a45cd7057ad5f62d29517

SHA256
1dcd0cf1b477482cc9358030c4171cb5698906369937255bc03d4550e6f887ae

SHA512
8d0b7864b9281f9d92cc18d4da31c0b5a4b707b938669a4ff6cf095aecd62bb016f9f604aefdaa31467df0e2fc16c5dd75fea6bd3af7cb643b9063c55dbe00f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
38f431e13cc656c9c850aa03595fabb5

SHA1
a8d72d6b244d3380c0608b8408bf3acca9b9ecb9

SHA256
85db4e80972ebecef858e1c8dad5c282f817a430170bb8302838a1012c59cc93

SHA512
f4c8a4ba144b8bcd84afd5ff836a201170c3686a23e2cf9ba0f63a49bf433e309177900549e895222bd988f332f10076c344db7e513482355bd332b319a55ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e021444635719c8691ef3af882299614

SHA1
b2c7dd4ca3299bd88205c8fc11c445c4d7a64353

SHA256
b231ce3f8ff2d57d081faee19d05d103d4abbf1f4b9fb583f9f87fd1ef98d095

SHA512
43cba8d9db1461c9200a2178a635c6c09246e908871d4cc82a501b6c1c9d96cf5e611508c9ffd7cf4d3e2d5521ce38a937a05c67194e9a0ca92a54492083a653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0caeb38d27a0ece9d7eb655fca28344c

SHA1
72d24e31afa067e698d6ac0ea33f6f3f0c1578a3

SHA256
d1be98feef0a45c633b424bbb5314e1b4f4418b5c842627339f77472bb148f1a

SHA512
bc5ac5c7ec87a02f62986a602bd8b157db59e972079af9c1747b41f5415672d8d1fe82b952e07529602204e21ff0f48a0bb3512b515e63b38af81bb492d2e869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a164d4236269235d9c84f744b3f49e35

SHA1
5207385e20ab0fe142c8b5730873acacacdf8291

SHA256
0d3aa245c044fc825886d6b6bb2d4d21cd8ef3bb0f6531a89121f33fd2adaca5

SHA512
5b3aba6b14a33af4645ae7b4ad5d53ce6214d77651e584b7f3964d4fcb469344a21c485a96509aa965e2c9a19c5794b54cd99b80ab97dfcac7de119cfb78bf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73e99cf62d4cc6ecffceac57161ab2f8

SHA1
6e00b3dedd8246eafbe0535ac0c8c2095f89bd83

SHA256
58d8303f7d90af9bae822bb18a71be97cc0e58d7f16c592646172d8cc9206f9c

SHA512
5dd2bdb6a544d63df8be2e921a62cb5066f9744349cbd3150da165b8e65aa71bd81a6f4ad6d207453d603767e6ce2656fb224f9cfa0b5e200b3e19bf5d9b8eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
90a35cf362a4f00dfb25d2c934b0d804

SHA1
9802c2b32a4fab36b9eef373fd88a4d91402cc3d

SHA256
20fb7954b7bb437fa19df5287d778064ffe53ba0efe8655ec54ac0f721ecda54

SHA512
3ebc27b214c9914fd97b23737e77cce3b8d7d5e710699d9130d02ee04d42e9fc2698ad16e3eee4039fb36935c6cfe3c1f2b013f7a7b782bb3fbc38af39c202a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
411402aa2b5cb6bbf6443055b673bd56

SHA1
4ad135fc9d3d5b8ff8e66836ac2535bfe3ec8074

SHA256
3687cc6ef61c9923f9fd6ad7750661280923dec2a3bcffa986693bf7678856f9

SHA512
1ef0dedc2ccb4060a08151088c538c7901c75ec509f8b7cee04a45e660048104856f2290d47e7317081e66c648aea958ab5aa8add9acca208e4aa899602f0da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35e0c52a1efa45a142a4ff9937e38638

SHA1
ee9952159d66e2df5b87d4b62bebd97474107219

SHA256
ada14e628a7dadf00b8cf60bbc989025dc02bfbae51559c2d4f7eef49a24fc78

SHA512
ca17aa24eb393517cec74111dea036e6c75699c25e9a2000399ad044e751aaa43642cc9cef14ea6ca9388b47da8bf2be833d38d6f2bdb6c2bb4604a82526d699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56f3ea.TMP

Filesize
48B

MD5
2238ffa919e08b727f49c658a1dac470

SHA1
2edfb089eda57ca1bb13fdd5be23489c246e2667

SHA256
436634d81af31a73abd71494e659ade4b53305f62e08ea45a330368f2e9af6c4

SHA512
5598b55705f5e3760ced46a32893a4f93c146c111fa9e8e1de6440a3af52856d5f98bfd7de388afe2b4be4f512dbc86d916155da7064df805e96fc005c9f55b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a6a0ffad12a5cae6ed34215887a38a3

SHA1
bf1e0913546d7d83349a03375be86c9b6badb364

SHA256
2dacf16a6b29e04f0640ccf0611c478c73705cdd0c61dcb0757da5d0151154e0

SHA512
2f82caa52dcd77bb3fc3fa710e2e27347c1dc220193972cf0c04bd6d5536d20dc01fefede50c4bbb34e83475a12659eb1cc70fd19519bad5f092ea07f4bdca0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67d764308c990a19e301b31e2c78ba68

SHA1
6db12600a42d84a968efddcaa4ee00bc7a5e96c1

SHA256
2d01a6c110c29f6c832cad7f7e745a9dc173c29e4acc4f604f216fa50658a4e0

SHA512
04aff82761140d1e8c44685ec06b88bd3c9d2f5310981bae9b23d31aefbbaa6fc6c22cd013bc03c9c4444d6c09a47d2c5b86c55fa163f7e0d18e91f784890778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56343403975ec3df664b358a4f221c70

SHA1
b673a476899ef9828a198f5f0b18633afe25e102

SHA256
46aed18ad8a0c2761dfe34723330e810b38164662df41a6de810d370598fad2d

SHA512
6f582562cf90f6b8a20349c413f901eb5e854de3600e5f3d25661a0e717565a5c1268e417af19442b40acb5c98f3276cea0641dbd9d3cde91961106fbc5532d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7ef6b306ea72535fcc402ddeea521bd

SHA1
ddb021558702c93e8d1bdb423cfdc33a2873e4ac

SHA256
c73db439e2f7d4f43240fd585bca7e8bb076ed1ce15fefa1c1e09edaeaa1bedb

SHA512
e16d3320d5529738f1e0d67a0b4f9f63e87782d4f0c7eccf4c3142046332cb81b13404e04b05c8252d41399eaf19a8d07a482eaa2e0f8db8d8cd2ef3ce52bcfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4604d68c5ee459467e93fccfb08b88e6

SHA1
cdae555f49339bc2d85487006ebd76850d15a9e5

SHA256
7be320a6de138bd7da82396f539b9ac7b89de5f770e0858e8c4b03e759656ed1

SHA512
f246025643ff99342a258bcd5c8f2f1c2b5e6f81b4a871ac80afbf847b138045a3df09f8af3ac6e768bf482a2f3b7a32d358f0536e9d671c6a236a0e5b46c7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68b6708b8a324a6b1783c6aeb453857e

SHA1
37cebc4fcb9515a0577f97edc7912d671e368427

SHA256
159fcfebcd57321fec687569469fcbc481f0e5d2f1df0b388eb119c596add637

SHA512
ac20787e6354dd69976b539e1c250169c8fe1ae11aba54cc59d891d6a1be48f8938b7f1015758831e62bb287f6c3feecacac48c079dceefaa1364882fa254a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
344a0f0a2a428ccdfbbae76d4d6205ba

SHA1
a628d4bb17a130e12a021ead1d5da7bc2002b6db

SHA256
3135b748837aee33b83f07d85fc5c5e8d968a429a6fcba6ba8083ad4069fb844

SHA512
a24993358d1913ada4038a1f31ae6233e066db88fbf2911d24055bb779d487eb7ab1932af3056942553260e391f21abad8fc02630e86a1c856fc95783f5fd55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13826226a15f0467acd3305e5f48e370

SHA1
181332a09389e4ee6d542ddd08d044fc8d407310

SHA256
b313c330ccd340977ad9d05ec00cfde6064ba42fd16f6dbe632bfe0b6ab17e89

SHA512
6b49e51163a61e187338731bf6f0436f41773caee969340c7ff91e4b636a3a3dbd3233a7dee17c2d8c1ae0dbc1eb1439b2dddc7b56e82d78a2eeae328322f8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57184b.TMP

Filesize
1KB

MD5
e0b62b0428ea4d9283ef78917c9c62aa

SHA1
2c157e380b6fae24344659e0f20fa04f3a591c4b

SHA256
7ab48ff58541f6f8afa9eefc7514974aa51c73fddef595ceb947faffe62a5217

SHA512
4386bc128bf2abfcd97d0268b7a41932dc82bec0eee88f426b81a4d3da27f520a0c4f231fb3a59522e7cd6b4d98d3d2d1d6d8eec5dae63cc91fc17767a2692c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adc60413-17f1-4853-aa8f-654e052e968b.tmp

Filesize
8KB

MD5
7e37b9e07765286423a29151bcc84987

SHA1
69f14b8b711a26248a9b5539a290c6cded7f56c0

SHA256
f8c0b18d352083dda0cfd1144c8be332dbe381c604d71c40ed9565abaafc7cfd

SHA512
43d7831b153824f692c7e1200d0ccdd2499c61f1e1171bd974b936c8603f21a812a7929698f6c1ece44163bf06efdcfb96584fe205602e43b8709d9ba61b3d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e5b35d5d893a476757cec153fd885539

SHA1
f6fdfde1f9932febac9bc29b3a20dbda9167e537

SHA256
fd0473a04cec87aca18be2437a10926e8804a46290fe03045b2454a9a9fe1679

SHA512
7fc81d0d97c455b187cc50b83bfc999f67a0ecd777750e7d3acd24225a82cdcc7a33a3534d3cf0fcf0c08133bf72b528bcff59ef7e76d52d393f29fc81b39726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3605edac35b0fc715c9bd73cf34239d

SHA1
d00ec165521a09df9fb545ee935194fa752d6dfe

SHA256
28291b831f0a92217e4ad6e6de5462fd98efbe8f13f4cccd9d3ed91bc4145b03

SHA512
f1f9ee04f38ab8c238fa7b070c4e1a2fb90a7e87a8e6d3c574ca2495b5bf0f092ef8155d7060b4338446936ed21c68e23fef5960de0a191e0c2634e8360b679c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a1e12aebd1396dd5f9b91dab0e39e0df

SHA1
d3817e4887c49c9a3cf767d846ea0e8da48d5184

SHA256
2556dffb4a6c69cc8686eff8bb0ca8e7bfe656e9ff9c3a93b2b7fd8b06960362

SHA512
8e6ff4cb27dc03f63aef88a07239eeda79cc4f7879e42af32101543c8dcd5d592278e5c53fccaa9c74ccb305e8c38f92f6122f5c1df93f291535191765a5633e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5f8dfb5e2967ba4b49ad4c7424902aea

SHA1
e7940562ab5d24d2ccd78e2e38ba7f8e845e2b1a

SHA256
65f93aadbaaafd7ecd338820f887bc37c1d2f69e3fcfde07e1c5e2d9fe038601

SHA512
5fe23ce6469c17ebe1f45022f0373ab766b8f1b07c0b1bcf6ef3156b970f54fdf04cda42f288e24b1b7986b4b97bd60be117594b76904601fe457bd17bd09c27

Download Submit