hxxps://olvtec[.]com

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://olvtec.com

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d586c0ff-cccf-4bb7-b989-52dee4ed4d16.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230426105844.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000d30d3132e93e7baecd2d04a8291da9d9c918966e86c6c422bffb9648fad14ed9000000000e8000000002000020000000bd762944497842e537550c349384209812303f9abefd892cb5823b9fcf79f41c20000000404dd80c07a528b23f3f3ddeeb139b903fa6be8910471b83b8bc7567a62f404540000000749648aae6dce49a1a7ca7f05c1eea8a1d32ab6823e7704208d56199c504f7658b0036bee625b164e1a2c023c53973696e8080ca62851f414ae2aefa957824eb	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "203170793"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31029294"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31029294"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3732B1FF-E421-11ED-8227-CA237BF7C9E7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "389271658"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31029294"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a01f0f2e78d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a099350f2e78d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "203170793"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "212077393"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b000000000200000000001066000000010000200000005343223365e54d99bc2747d36e404643b75eac29df4bc1a97f8d7d8a023ac8db000000000e80000000020000200000003ea621365dc0251610edffb3aa404fd0b81342a575a0a2da5c79b4e1e0f781dc20000000898b063b85034b384572b825503b459a6228c68a0a9f1e53f3aa95b7dd902d27400000005a5be8acc40e7f4c2e0e7d2bc739605003bcaa454c851323b4d22aa448c3a29367e22a3635265dfd5c34fe6e61fda041869a5626c39060814180d04d37cdf4e1	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
4612	msedge.exe
4612	msedge.exe
2008	identity_helper.exe
2008	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
1932	iexplore.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1932	iexplore.exe
1932	iexplore.exe
4800	IEXPLORE.EXE
4800	IEXPLORE.EXE
4800	IEXPLORE.EXE
4800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 4800	1932	iexplore.exe	83
PID 1932 wrote to memory of 4800	1932	iexplore.exe	83
PID 1932 wrote to memory of 4800	1932	iexplore.exe	83
PID 4612 wrote to memory of 1888	4612	msedge.exe	93
PID 4612 wrote to memory of 1888	4612	msedge.exe	93
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 1004	4612	msedge.exe	94
PID 4612 wrote to memory of 404	4612	msedge.exe	95
PID 4612 wrote to memory of 404	4612	msedge.exe	95
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97
PID 4612 wrote to memory of 4112	4612	msedge.exe	97

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://olvtec.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch -url https://olvtec.com/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8ff1b46f8,0x7ff8ff1b4708,0x7ff8ff1b4718
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2920
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff640d65460,0x7ff640d65470,0x7ff640d65480
    3⤵
    PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8131467302836722698,18032536552765099755,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b328478729a15a4a849e0ec94a598893

SHA1
192add99217bc114602509da3ccb7e39faf5d4a5

SHA256
43d36f58a2246981643facc18a758c050556d1837cf1ee8ecdb34e92086afe24

SHA512
fb919df31b09e6d2173787bd285fd4f58b561c346aec68db048608e28d9a4d7448e4d5dcf0f18ec0f70eac1eaa211a0a9ef9af1c9bab236e1575f9123c15bc53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_18B02B928FFC93F4042C1BDC3C1BEFE9

Filesize
472B

MD5
0a09e2a511a2705b7631a12159f4bb80

SHA1
809ae34d59c4695517221c93bb706aca5f7964a8

SHA256
1973bd26c6c259506e18bcd24b0a08e8c1a5db99d682727b7ac977c938c8e00e

SHA512
0b539f26a0baf1487c30a87b5f18fe01313865dfc1da307c593d614ffbfd6e1ecf0a764ab2cd6a329c6d1b80bc332925e7c683ad300c2b848c83cdea87fef962

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_600EF020C96CF8AAA331625500A5DDA1

Filesize
313B

MD5
ce81f840dccf8fd843c4dde1f7ca05ab

SHA1
72abef6c11eb0de6381a66dc5aa3eff15706166c

SHA256
b4538c58940ca3ea1e1c47f9bc03e453c79bfbbc0b788838e06490adc354d8bf

SHA512
2201a32fee13d0ce89b2549a077bb25196369c6dc6a147abf14e8f4e4c91be40d8cff14b1f26c0a68119c01ea19f7772c4fa341b64736362ba8718da4ba1771e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4269AB4FC3E42C9DC5A29CE8C68E072F

Filesize
503B

MD5
6f728639ebf03c52d0da4d0baf3759a2

SHA1
7713cd0eb19dd1314c58f4168f64cc435351faf2

SHA256
24de2f96c67acb302247b257df078a2fda1bf80069a8ca1366ff8c2685ccc817

SHA512
b090eca702e74aada1ab009ac55cc2bf782f4f68394c1ca7205dd1d383a39fa0480f3ea67d3103604d6a9bbf938c5f976f169de1f2254379948c0835b6998238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c21af60a56cabee014f0bddf486296d4

SHA1
3b143b356aed0ab3e9a73843ea221e1cab819310

SHA256
3b8e9be80c68a0e4dda4cf30205638b58d2f055700e2cb131351ff9663cfa787

SHA512
9546c265eb771109b5fc39fd85da02be4b653180c2a1a7b43428fbaead7a8286ecfbe801dbffc8fd3fe58193803699128efcc3da633614396e6da85f1fee61e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_7A39494C307FED9D5F5884BD7C121AE3

Filesize
471B

MD5
7d8186af44de9643d33490d79561d252

SHA1
2d3712d484eda13928c8aff1e0321a5645b2e205

SHA256
0a1fb75579171e1615b8054b8017a5c81a8210c2bbca8e74de8b91cf1386c86a

SHA512
82779b0ae00626b86ed4af67fe84167949287cce99fdaaf4adfc5368fb2fdedbf17e0a2e6f07c8c5c3cad0dd9d2cac9223c116e8d3db1e98192858126a329a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
ce3e8ff77146649ad4f74d713fcf9e67

SHA1
f59f0172dc1cf7a21572d72d8d6cb63e38e5d995

SHA256
3afc46dbbf3ccbed5c81ec663307cb995ca96c1cda0cfcb224ae5cd1d40c16ec

SHA512
1c0aedea685058dcca970339b3e757d17691ce2d7d8593277edefc262ba6d5ce7b7ff6e6473ec13e9fcfc2649a9bdc924a257c89278856bc043ae204aecf31fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
52682814bee4bb4be237192b26c15bb8

SHA1
dd9767da4ae02b4099b72886c0268269a1a628cd

SHA256
8265fdc9e6fe8e630150728fe384e204511ba19c239916fa1779f03c595b1ca8

SHA512
a2432a8422952d3ad8a3a903c15e06e2fe2c867641d0c3c16b652efb1b23f550475aef7a065c0b71d9242a7636ac463c26029983e07f5c940356640af1c32473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
76c03d7992fc1831ff3525f4694df474

SHA1
c68cc3001f47cfd5d817ad5b973bde177c0ec67b

SHA256
6b7cdea0f84059ae2dff419c455c34299b5652b0662ef6b4f371e840fdb16d67

SHA512
bd72110d742cacc35138bcc68d0d3e0b14a2715b5b92a896ba7c6cf016b31b7f17abcfa59791214a1cc5f2ee261738357c85851a043bee692085181edab6341e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e6b727be77232fb6d1bd191e629abba6

SHA1
83813c687e4ed7b1a1238b1f41f97463a11fdae3

SHA256
40cc134b5e0c213572b1e6736cb4249ce789b918a3219c9eb61d1c92860b679a

SHA512
69136ca75dfaa00bec063b1538494bcfa7282297b3245984705d2a4a2ec8d76d32320c5713040e10b5a26b45deed4c90a62cbe5f48ebef83f2e3851aa0bd5fbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_18B02B928FFC93F4042C1BDC3C1BEFE9

Filesize
402B

MD5
e4ce6a6e06dfee140aa0e322d4002f3a

SHA1
6ab26227ed992959f0e5954d14583088c9de26e7

SHA256
aa0a4c9724c37e5ab77f3c972cda8fd67351510024a8235d80b9357cf1065023

SHA512
79f29ef5dd3bd3e8c48595c6ac6234df7df12041ab01df1314e3435ef9d7424e3aabab7ec5c6b72dc9edeb0a4f7d807ff952075c2c453978c5ea8435984f714c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_600EF020C96CF8AAA331625500A5DDA1

Filesize
408B

MD5
f5494d0671bd0043a5456253116e5242

SHA1
e5fbb4ea2eb0da78352a1f5b7781c60c54cef734

SHA256
2ea4e8decbcd086899ea50beef496b6a2c90be62122368e6af7068c069562e87

SHA512
cc15bef626576ce358be6e96538dc360ed77898036e6ed10b9ea3376ad4a84e33545011b9d9c9b14d6c194d1e8715b28af3945d06affc3302187b005c7c1fd10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4269AB4FC3E42C9DC5A29CE8C68E072F

Filesize
556B

MD5
1723892b536383df950999c9a3148bae

SHA1
ebd6b00349ce2c166850717aaafe3031259defe1

SHA256
182b529ca7e1013ef9c5369d0442d55d06bbb50daad12c74e1b33a1abf08561a

SHA512
165e84f3f8879ed43983d444612195395fe0a56a94380da67f2687c01de4e66e1e34a6055334a8edbb691ffa05467ce4fc68290c28bdbdf0977053b8fa225cda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
17fa25ee656339b70ceb6c193428df96

SHA1
855f6e8e06394877079bdafdebf47fd1e272c76d

SHA256
6b5c6b8eceaeef04428e0dadca9382add6749b49b583a95cccdae101cb95834f

SHA512
902c7e837dcc6344bac9fcb34e4f65ef2d7dd3a8771ca21265ee85636bc66ed3cdcaf3fe7d01ad8357ea66bf28fd714f0d098d20d773618ecca6d04fa75ba260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_7A39494C307FED9D5F5884BD7C121AE3

Filesize
410B

MD5
243c77119a626b4da73f0ab5a1204867

SHA1
5c4a77ad30a89ec2ec09b95ed5d7be4631f01aa3

SHA256
ad40c621daaaa3c1bf64a4e12dc49471fc2c475335d324ba3e5e3811ef40db8b

SHA512
0a017d82048e8c20fefacdd1c245f626594a44792dda9eada01687147fa7557781682fb1d094cc2c679e3b9a71826d4271d09217a1f773a70cef9f7fbe078f9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
8eea2c7faf5c426de9cbdbdf1b706285

SHA1
7e6ff1681597abcb31715cc53bdcae0273eb36d7

SHA256
17007750d0c6fb4aefe48ed4c12de8111f7390f5dacefb4012b93cbea33bcbde

SHA512
ef42a53b5958a2a66c0ec6eac9eddda1fe7592ce5357a43c60fe277b9a0c6951c73772bfd20b4a11a35dc58ca43095284cb6d4f2fc6c82df83d4e3c23d4778e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c571fa1915db4a4b604b31d9c444d26c

SHA1
cb42b81ea5d7b6393c53a233e396f8617257e1f3

SHA256
bfea94e572bc936d6d2a723308d390d2f494320296a1f275d05061219ace7401

SHA512
976aa0997b1e09fd8475d82e3de29d5d028f7246c2899bed67977b4751fbf3f0f0034c5279564a6381bac27ef011855bac3177fd0d71282d8aa0f9e4c2563dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
6fa7386c6c5a584cd8dd432eb9958004

SHA1
d28723fb3dbe751f26bf3582dd5f7d8347012b77

SHA256
e72bb1830030391acb082aef3f4614c333266b87f7b7c758684a7a045e47189b

SHA512
13fac485cf83ecb13e66da69e0b5c82f3e45607b14425af94960e5cfe3a03e6933466a9d6685590151dfc84e7da7a6dccc0690c339435a17764f3f6bd00d57fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
06cc143924e8d891e974560d2543188f

SHA1
f5a0856fa57e203ab4b2535bdc286a12941a3a62

SHA256
534368e8ea3ad475359677933132b6b9720889421403cb27e47c0a2192300f65

SHA512
9bf6eb84f9e42b9eb75bc85064f69d7b6b995daf91e34d0dd3cf83c0335c00f459014ff97a1dd82ea2989a49987920a72ddfb46c19ff75299cf3c1181ba1e4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
bbc542533f234b38dbc6daffbe3a7e70

SHA1
f9e926d0d3749745426cd927b79bbcd6e6c73161

SHA256
fad35f422082937508452035b989bde80d1853e6ca721e58f68b50bc7782a4e6

SHA512
13da5d5153ee34ff5a755b1f6c40dceb833d6c8992d0bdd71911c0095c228a95024659a749c6a94913d66fd702470486378461a7906cd03c6a96bb4b93df9267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
af811b497448ba992ffb72361e3e76ef

SHA1
e8779aab3b656f3fb0600d545211ef382b6feb54

SHA256
93bc339f08aa9d6a946821f5676a1af6d9040f65877da7d67ae2dbf97374be49

SHA512
480dc89866035234ac40be0dc72e6a5998785de6678b9f928d36e55c6e181ce0b7b374b36a6ad2ea266d7285c440059f5ad9b04e704cddcc33ada688a815420e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee130092c16ee8efc1ed07b84f1e2aa2

SHA1
e4310df47a5b054262ebebcc81a432109f477379

SHA256
25ef4258f740c4d0065a63dc4c4435579018bbd3ba925961924059b40d062764

SHA512
6fbdcbf0f80f092b799f7c087c63b2869e42b683007af41f9c05e3c915d7d334c7d5416c48c314eef08c3c4bc8d1abee9afc516f5f6f786b6a1f56380f8397ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a085882534953a92406ef1f801d9f68

SHA1
7b0e3eedd4a54d24009c1121094ebcbf4d53105d

SHA256
b158b1cbd49f87f76d0e5e493addd6f0483dae61f439cb7eee7ca05e7c41c351

SHA512
6ce368e228231fe39e2f4499d4c19db92081a82de83bdd124621448091d51b7e833909becfd1a060b25ba4fc88e937c59dad9687446eaadd85c906ed4339634b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
aeb047ceed2e7f71b689a21a48e6163d

SHA1
8428d81ca5e5f7aeb7d79f35442b3651c15dee27

SHA256
40008a63a612f7be4e565616521f0338dd85dbb36f22f138d8752d7a7d5a5137

SHA512
e0cb2aa8dc579f4b8cb97fe01f674f74f2f18187585a15c1fbbe2852fa424c443528cfa1c38aac875efdd003e5548ccee426f58863bf6e781bdb0c093cefdbcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bdbe8b6fd6099a9b7e5c4b1f0e6747b7

SHA1
462b2ecd660811fd7326cdf54bf1eb4757622f7d

SHA256
f513f1600d180e5a92e44bcba9804374455c8542d74b72a24700fa87b4473479

SHA512
d34fc07295d486d633bb6061356d9f5c3e81dff7796f239f47b1985acf2a7e938d465b817ef8b3327289e03d1be613408e16650f263e83babc391445fc2238ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
e93997940696574a42dd072591c1f7b8

SHA1
133fadda2453f00e9492c094625fbe742f30134a

SHA256
32b7b9a8b3b0142f886a412e269e62c046f97f441331a4d28d040697eaaef3dd

SHA512
c7ac8d8841515cd3f81d3ba2db01dc3c402fa5bc59bdeac436b535a54ea9dc95a513dcdb129b0df02aca9bdb4ef9f8c45a232217bd2d9f9273829ff097643531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
32f9ffbc8066a3d595d6dda2c0895f30

SHA1
29ddd49eeddcf44c638d711c31f92791689fa94c

SHA256
04b2f76dbdd163b6e1d0980250cf7cd9d44938c7ec05702204bd95ef44e08321

SHA512
659012ad665183004ec56157950f10c96a8c759e96a168d0fbc7bf67ae5ed6c8ca9906c458f37793d86d38c6f48e1659d0466b94df5d67cb26ea4c7e1fa79cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573d38.TMP

Filesize
369B

MD5
403d53e17a25da2636b612bb9b83acd0

SHA1
b375f06eee085c1267bb05ed8206f22aad344b9f

SHA256
09366c1a7c387fb0116767b28b6bbd54f0227fae8e79457ae469ca3055aeec96

SHA512
d2dcf3c034bcbaf0fe5bcaf86d7a6c59d2bd2d64d89532450d1e8c880a56c6e4d7de57d9e06663c7611c84d87e63bcffdee24a3f19e1a645b9d0c1bd1fe9eae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0f6b808-e732-4752-8cdb-e87f3e2064f7.tmp

Filesize
369B

MD5
0f6de0952e8108736ff77f8a4ad03fbb

SHA1
68be7baf7fcb36bfc122a919e17f2fda4639210a

SHA256
a64f32e50419db98c48e2b5f5e2032d31dfa11404ec4680a982d6a4c7d2c6375

SHA512
4d168bd7c8d22c28a06c48f00df106d9329f3a40412656b85f2c7e2f476832a4047197d0ed908e0cb4497286ba8abedd365ce3380cdebcad78c3871ef768c316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9080fe5bf664febc72d4f6bd52b39b03

SHA1
c4ed6c28cdadf24e426daf6e1a09b82facbd34c3

SHA256
e065443db5bbcb9573f237917cd5188dcd13336b0e26fd0080b9113a0fb95449

SHA512
cae054572ae454e0a3fe3214b75a9c750ffa8b128511cb619d6787934108cb0ba72cde2788e560e168b587da0f90736cda5b16cbf53a6de19b5d685987a1b1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b8615ef2627ece72369a0ea582562b0

SHA1
a0a76e40a32ef1145fef85a222741fac0b514145

SHA256
d60e8dff09855cbc404dafb1ff1175349b442ae707eadc16f6a2648179c0c263

SHA512
c8a8d0ec77dfa18b3dc973e49b68b49399ad77bc2608d8df985ab68ca0fdc824524d3d27ba7d899dc2fc37e62286af44a356d3628923365e983a6326491c95a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cz9baam\imagestore.dat

Filesize
1KB

MD5
7ff0464f94b7a7151e73d52050c4e997

SHA1
6b9f66ef458c88c93c9e4f5cf377c86dcb42cf11

SHA256
dc1fd1920a4c203927aaedc4aca06a80f8bc0b6d6051bef105d11cc562eb01cc

SHA512
67408f07c22fd5e7b77501575cfb72269cdfa69ce6c2ac7680e1f31f3073b5a208a4104c10543bb3c558f91793318ce2348e30365bfdd0b11a578959b3249dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RP56V4OA\cropped-Asset-4-32x32[1].png

Filesize
1KB

MD5
5748b4377e5a2fdb50f90acb8fe19d2f

SHA1
bd5858aa1fa9aa82c5767f46e2fcaa0a6ad5ffb1

SHA256
a50ed30e8c4063f15a1b2ba1eb3fa953de125206f97a8eda4ab728a8fcd23de2

SHA512
c3e0efa8eff094545649f40195248244bb6a408641a1f6b93500aeb454a4295cea1c5d967dd8c1a3a3144ac62084efc40104fbce97546cc8274d386f0750ecf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
51ce34c6b4112c40c724c4aba412a443

SHA1
2427461c08923c55a1c4d975eefcdd2873678950

SHA256
7bae4b5bfa2351d9593c486ca46f8c759ac4e4f2c061225498449b77cb775a65

SHA512
0307c87db1a143af2e3073cf5adc6b017189c9586ad9fba3c116703b32e03254f7fb4ee4610a5618b13ebf39d2bd02680725145ff3eab22fb4345affd369e6f5

Download Submit