11e3b8c92cfecf8ddbe5b3636039b37d59831ad0c2090f40f7a943ef0427083b

Analysis

max time kernel
1683s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 14:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

download.jpg
Size

8KB
MD5

df27dbe2b7056bf85e0dccaf06504e7a
SHA1

75022a735c6720cf5e66bf4bceaf59dfe61bd758
SHA256

11e3b8c92cfecf8ddbe5b3636039b37d59831ad0c2090f40f7a943ef0427083b
SHA512

067995e713ae76187e0d8d14c72e54d0f61e3e4d5d07beff44a5637b2e089fc3f3ebb84476fd792987a4e7451bcbae7b0a0549bb2f9d426f09d8540b1bafa948
SSDEEP

192:fbqHkopOzMSXtCnu3QEnvjgxnhBDMBrwZ+xOwrsC7gvDffcdnSoEcYh:WHkiOzzXtCnu3QEn0xM1wAxRt72gnSoG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3336304223-2978740688-3645194410-1000\{714E9883-37AD-4510-A401-115840868295}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
3080	msedge.exe
3080	msedge.exe
4036	msedge.exe
4036	msedge.exe
4400	msedge.exe
4400	msedge.exe
5336	identity_helper.exe
5336	identity_helper.exe
4320	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1396	3592	msedge.exe	89
PID 3592 wrote to memory of 1396	3592	msedge.exe	89
PID 4036 wrote to memory of 2328	4036	msedge.exe	90
PID 4036 wrote to memory of 2328	4036	msedge.exe	90
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 4496	4036	msedge.exe	95
PID 4036 wrote to memory of 3080	4036	msedge.exe	94
PID 4036 wrote to memory of 3080	4036	msedge.exe	94
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93
PID 3592 wrote to memory of 2832	3592	msedge.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\download.jpg
1⤵
PID:708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7ffdad2446f8,0x7ffdad244708,0x7ffdad244718
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16157106219084239004,14553630357252321972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdad2446f8,0x7ffdad244708,0x7ffdad244718
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,14346466824112222039,17525616073981376685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,14346466824112222039,17525616073981376685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66b31399a75bcff66ebf4a8e04616867

SHA1
9a0ada46a4b25f421ef71dc732431934325be355

SHA256
d454afb2387549913368a8136a5ee6bad7942b2ad8ac614a0cfaedadf0500477

SHA512
5adaead4ebe728a592701bc22b562d3f4177a69a06e622da5759b543e8dd3e923972a32586ca2612e9b6139308c000ad95919df1c2a055ffd784333c14cb782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\40976dae-48a8-458a-a57e-272fb511681b.tmp

Filesize
4KB

MD5
95972d86442837cbc9754a22ce13f644

SHA1
a41450ce5acd28a485ae70b2b1ea68a0c24809c3

SHA256
a3f76f5cf72c3197ca9b03fd9b9a8b8bdf54f835ec510cd95208f3271588957f

SHA512
ab5de5226d8104547a2fd32c3c463cd20f6455f05c99455e3761ec6aea14dda7c10bd3297bf550eced514225f0873fb5054c4a722abb4f61fbe90f8319f8b03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
c33c3755c9bc5c370e51bd72a524da35

SHA1
7b4d2ef2b5e0188562afcd4c87060a809a7d2919

SHA256
e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113

SHA512
7c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
26KB

MD5
3e0b6ca2a9c26aee04addb4e37017867

SHA1
11b12d8fef7194baabf0834f735cb1a6d191084c

SHA256
8ec21e2b87437b72a175f87cd246015a81fce8a77e3aece36cd98978ff0a9a9d

SHA512
ea35dd4c638e8549f6692cb615f34c053a04969c403bf682ef16b3d1bdb554dac4f47b17a66e8f7278e5fd52af51382d3dc92e34d17e36b63f4d24719a58a425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
fdc479da91ca92fb15ce23b847171962

SHA1
e096d0f96fd8806069af0a22110d44a4cd21421f

SHA256
7f790aacd2c2c295d6c7cf4177233bd90c07d951dba3f68e42c05c566209593c

SHA512
c50be621c38991a09a629f8a7c4a8c3a9c8947cf71b6dcd5a99fcbe16ed66b0d433d208120d0dd235d344bb4d70310576bbbdc012cfdac30f62c904e3418c230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
96KB

MD5
987d8920f98c2d9e0f7c2b9f30c8e27f

SHA1
10a0b1e40e7a1c97d62e2b5944a1f90efe1f8c86

SHA256
4c33060665a96a5dc1818a2345702b34f035bcc5d0be88fa1d76afed38a9f1e2

SHA512
683dcce0bd846e89097919469bfe5772680704df4137bd6a5bcc198b187f6768b202f4b9d89aecd46c330dd52c3f1fca595b7eb83c07c36e0f9f703bedcbd209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
49KB

MD5
950948bdc28159adeae2d735e720f9ce

SHA1
456af20c06403a131bdadabfb5a0cdf0e6e8ba5f

SHA256
608b2d937c5ecd145d356de16f0851f3f782e39494dda6704831752a1f326b85

SHA512
f0d5bc4a2a5bca890c476027ce48b0a6480ec6ac650aed4f3e72d47001307b6f2d2e7880635e09abbbefdb4211abeea658cf9adba099791b5f7c63267d0580e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
5e6f51ec45217fd1d530dc2abcf548de

SHA1
011865d0bc1101796654cf2dc0d3bfab98042130

SHA256
d7c93a85eb7d3aef1333edfbb3607a33b02e9c5294fff46487672fc734ce2f8f

SHA512
e6d9b97aabc08e2ff3f2000db30064a03c8018e4b2eb4c634c566d9d478e7bcf6a413c652c52911c9aaa9ccbce57720c81285124a5265c60bb5c92588473249b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
cb57af4934df3870151e204925546e3f

SHA1
5e3b30b5786a008ea4d08f33c8341a8f968c5302

SHA256
17f3cc550d5d056ea8c0eeb7be29318e2611671012afbc36dec3ea2d28c3983e

SHA512
54893ce9c11f87fbeac0b9941c92e5dc8e3ea767894fd9da4de02df24c8c6ff51eefc6533a496491072f9cdec939d092c56fe329c3f1db6c6e3997e68ee20650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4158ce559fd6ae76d539e745896695ee

SHA1
b326fe9d029556158b9c7471c60fdce5e8e62ed8

SHA256
7946545e60e169c7775be660ddacd0b466a7952220498071b2ce9bf166b77b83

SHA512
1b9e40cf5eb3707cbc0c7aafa2ce24442016a4836aa4103a660d0273236e04d7da3b486557d5f42888f57c6a8dd871abc6dc83055ebc47cd90f06a1c2cd92f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
a998f3b8291b5a733b3060ee19e9c487

SHA1
4b9f19354850fcbe1a31b953f67215b5b7ea8e74

SHA256
99295c06ef7c21199c9a72321595e1edb2e85fb085fd2fb216e9ba3b7b3316be

SHA512
880abfa79d09803ed22b381ed1c4aaa44da189080eb58669abfd98d6b19c8e782211417f21edd0f77bef4c3888307d2f7911cf0ce4037519a0e5fd4ecc156209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
319aa7efa0230d6afd63ae466523ad20

SHA1
1d1ab26b581284a22571c1c2fe21cfe9b6e2b1f3

SHA256
faa5f67683eb41ff48f0bec60ee6a02b85cc862d06a7aefddce3750e5931effd

SHA512
19c87ec944aa86332826a4f93ed7baad2b2780cd3f0819e5f01fa5b2edf7bb6149630ba1c56948cc9a0ba6e33b68428dd48aba03d305356d22703288f360360c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
5dcaf46857aefa1961b597ff895a62c4

SHA1
fd4cae62e7960b7a1a72f330ff391667b92b4f5c

SHA256
7fbbfc22a3cdb0fe66f46f45a19b3c832821f8bca37fb6f7dd0f52150267d4a6

SHA512
e2ef42f4356ab59d5e938477f4e8e75d724f5d1726d15c0b73921f84297ab575fca29110d4f49406d8d3200282f563953b1f16b8d4228e96d35a34d441f729f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58875b.TMP

Filesize
349B

MD5
b864b976a9dbc576d3b4f9fd09a0cdfc

SHA1
cef7978a114a6f09f465b7c633b2dfdddd5a971c

SHA256
0a7394b707e7eb741529dc7ad986354ddd5ac4c3fd96ea772af0aa18367b025c

SHA512
4c0790f9f39486d22a05fefbcbdc53faeeba3f2c911b893b676a7293406a492dbf4edf9c570877e4c1263e3817ec3c0dd7c6f9f209e426c8b00a63f6bca21b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f386e20a72114cd106fa711b47cac594

SHA1
59c4b1ea71c761137734b9142b40b44fe2645ce5

SHA256
2b42b082dd5cfc034b5ed812c69a73836961852d9e52c4acce484396d7e36e59

SHA512
0e81281d8d4bebfa3c4d9574bac53c15668c4cb80a42aca57ab63db8ba3f4c8389c7ad14821ab6603c76623089b997d1272930325c59861672fcf99cf83d8b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e266175a4a0e14392b2c415dcbdb12d5

SHA1
f3e17bda4c93d919ebcda1ff02032f00c5dd473f

SHA256
c2e7b130c4330790482a40b0bfcf7cd355026ebcd85227ad2f37b2a0fd908586

SHA512
4c21d8822b825a2b03f96e3c57246dc4db9302340a62ad11397a6b221f5118a0b4e35ae980ca68fce1834e1b410f764bae7c49e86670e331d2ff2fbe5e7f8689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3ce99c4f4d53588a8e79b6d118d178a1

SHA1
454dd3c0646c88624d22968d913a8743fdd3b21a

SHA256
57971d801cf98cd29524631838ed42fd2836c31ac8ce8a4f4a3a328641f2183b

SHA512
a77cba587c6dc5e618b3ffa6a99740ee66271bf996b89d29c0c71af71a779dc17d3137f7a6d5dd495ea41187cb3c97ba7f4dffa8be6d7060a8e0d59f142fee1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
827b9da00c192e061c065c7609df136d

SHA1
6d715142111180fd2606b89dfc4d9d277f19043d

SHA256
c08582c3200cb3588c78fb7d744fc8754d5d8ba78c481012184e7f71b772b47e

SHA512
127ee8183a7b4751f0850d1d99632c8ce3bbd709528e48d0cae1688390c487989ee5b83dfa26b8a36d662fd3059b2357b5feaf88d9b7a977dc87dfc76df679cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b21f2f06aefd27a8f6a18368c9ce4436

SHA1
b6812f4cb3c37e6f23d7cd911956b2e4eb747b2b

SHA256
2fda87b126d0461c456ca8b31537c5399479387c44900ddd038d0081b74f00df

SHA512
84eab5122bbcf8299b0719b0e50c50c0990f9bfd7de511e6a9a778f90856415fa1af75663d2a0109b126d030a4e0e5f9f3b9986e42b88bcf25727cdbf49bf41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
485549e5651bfd0b595c289e7cc65137

SHA1
5783b827f25b891c8e418244c5fcc2b78a8c7f60

SHA256
75da8706d05f156bb9dcb6211a0d7bb3faca54a79ff75f63109549ac8142526d

SHA512
60d647cf7a30aa0a5ff70dfd0e493f47f55fe5cec37f5e0b7e5ff4c4d807ba86983bcd4633c2fafeadbd6f7d7a2ac05c3a548708cb117d45e54e738a265519e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6d6c3ca39eb49944310bd91da87be36

SHA1
a792d527622c6f9f166e85bd58fb63f41bacc03a

SHA256
1c45825294aa9533ddf4b7cb746ca9662b5d57ce40808e4bfb2fa59dff2f22cd

SHA512
cc39d410ca80844540535a0db37fa0bd1d7c020f53c5b98a44c6a05dc9753684041d38dc061eaa27a569b34f6c6445083bd54f16b2274a13c9029f7d7c01fd80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
060dffaddc61c9d52888ead4c13f787b

SHA1
14258c6fa172461d2c298116d81e58962ec5b9ce

SHA256
38b267c2eb0721bbffbd2a45d8e202c49b1883fa9f1c8db1c3a374b9378738fe

SHA512
d478444699415852935c6e1f8b584cd5bb210165e596f14947d5718a315389793d70ebc914152d7d04dff83f99e2dfb98dd7ee210015840ee6220891735f6b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e029699ddf4ee063e5c567c698fdefc

SHA1
9ddc198f0baf9def9700b2bd68a2d8f44a52a365

SHA256
f19f5542619e5ad5887474c14ce2853320288c2a0badb02b2f4343e59d0c89f2

SHA512
ee7e1a2455caebda43386f214d433e435046a61fc7c067e7afc99f934338572df92539922cc6c49e5e43fe80c833c64910427844dbd2b08bcf92524b080c7828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56d542b9dcfb7230f0d44f838e9fdd62

SHA1
eb5d6d5a0ae33b9b621c40f3ea146e2976c34544

SHA256
0a70ea033e1fc438170a11baff57a119a70b2f60cc6a6d8c7e9d53b56879044b

SHA512
ed2ce0b51e3c49a6127fe8675c0d689bf20647b47ca803698b8cf9ee2cbdc328fe2a6c887ee7117b01579c224806d9426ea7e5c24f49200de10fb4585df77b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
066912da51797b39c7dc9fb616cdaa5f

SHA1
798a47d7af9aa60a12d4ba69e5c9574e9557a4ab

SHA256
94d5bbbb4c28a91f3b39dc2abfe6437ca8a941907011ed06ab0ab07a599f56d4

SHA512
30eb863cf82e0d9ad5a531259527c7519bcb2c94218c78fc8f408544375b57c2aef96e2b27a01034e8a8be4c5ec187efa3d59573d907f39b2ec029ef95c1fbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
450d5e0e2adb894964ddca76417a006b

SHA1
6cfd160439603b251abfbbf9dcb45e3363d0e5ce

SHA256
061f48b43891007b9a8c3128226c3a3b2e36a57b18539389b244e169471e73ec

SHA512
754894aaee0cd05e3ed40b960c059c6d9b7c369ce55344f42f337810a4ebef308329a3a86ad7b407925f0ed6130006605ef0a075317719f181232192e7d985f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
19e73f94df945b7f77279cbe0d3b648d

SHA1
ec69632a1f9dc8d5b64d88470cf881bdfcd4b797

SHA256
fcd5b4576b60c7855cd096f5434fdb481583b68e6589f8cf5251185119eebb10

SHA512
6bc5712ca9c108b29fc47c658b813f4871f3fa411ee701d1801b56c8ca0735d31095594f093fa6b896bd1dc728df9a9f18ae5a8a2fa6523c93fbe317fb2d26d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9b22d3fe70b9827d1d4ee270d7d62b8d

SHA1
e1eaa0e0b5a9436b5df4c394ba5f5d6d7918c067

SHA256
e308ccf09c8115ca66e76a465cb8456ebca9125acb6baa5adc426dca9f2cd5c6

SHA512
e8a5580ab6cb17785ce3406490531d6c048e1e8792244238c98d1c7f90e1422e22bcd5d00b1f36334f1ec6787ae6524b22b854bccf40eb3b8117a1d5fd17a8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0da14c38d0f89e5086a68db69a981558

SHA1
92cdbe37277ddea8e33907dc928019fdb95c78d9

SHA256
51f8e7c58923403c7fa61478bbab8b489d7f2367f233136adff3e9313b0b388c

SHA512
152733b549b6ceb42c47caf11c6f5f09147050aefbb10e962b92e48d4d1c21f8c5134b0d7cf84d8f2d1e1112be28e16c1f0ef2a47fb7532664879ae11fe21948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f137890fbc60b5150039574cfeb99eb7

SHA1
9863773a878f1beee8ceb29a1974fe6279fa9a5c

SHA256
3cf2f7787191b36d3c87c21ff595bf6924ded97bdf6e4869dce6a37a53ae6d4c

SHA512
7599758d038508c3f18897aacfa167d6c58b9191af32428a8a3423181f50c3bdc73e971781d480ee7be97b057d98a0611b7f176518bdf1875be7f6b8b9490697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
627b44455b8c487223b1ef2e0a7dff3a

SHA1
e1e10a2cd3f6fc1785987c91532aafc30ed630d6

SHA256
2e5a812356b9b2970726769ab5fde21861a9c05df06714f163b780ee959196e1

SHA512
b186c2c5b2d006403c04616c30744db4204759a9b8a273e7f9d8ca4479aa814bb654be91bf8d7c43bf0228b0c57517eb4deb7ba4d3e19ec723ad02b0c3472e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e0646e44981a5e9ef722c46af99468a7

SHA1
745d89e06aebd050fd4cb6ede13e772ca3a66c1d

SHA256
cc03a7f093c6871670870b0263b755faeb7cad8024cb3456641c75faeccf16d6

SHA512
70cc205fe3d99d13c8ced4b516a5d0bff8927bc931019130a1e7bbd6b7c5573876f8110d19bc04e31b0b1e89b3f641e04859fc47aed24575c65cbeb3b3daf0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5708c78992d6a68efd6bdc03f1d0bb22

SHA1
403a2bc724499cb3f3eb20b35407a6c2cc17fc67

SHA256
7a71a01f0c132170f04b164983b7f009e20e2bae0daacd5a12d68650aceb3404

SHA512
fb6c4cc4395b3e36daafdbf0a3856dfe5de04ead08edb7c6e66af0d164568365f5f13557422962c4660bf87c8d67511e3a3527828f79f0509821bdaad9fa5e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
39b33b68b5c521aec7f28c0561752b4c

SHA1
1018c9877a79679189756913f04aa3ebd853ee13

SHA256
adf8397352116d393bdc60421d0dc5c98bd2e6eef5333fb3ff2489946ecc793f

SHA512
9c296701f90b59b2c67b1baf139eb12546599a499e368a4c2760e8d410b83c800101c66afcd8533164f1ea61fd3f75ef67958c80187e2c0bf119e63a1d378782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
57981f72eb4fc8f2f4b0efe112290fe9

SHA1
1d95519040f2028a691ac9bea2d6332bd72117ea

SHA256
5cf870ede49c3adbc90e4da7aa316027ebad1952656885f2aaaf44c3113cc305

SHA512
cea9f2fd1a574895f2cd5de2ce3adce72d413420cfcf4f427aac1e10b44f93869ca96994d2448338af60ab27501607a3167e4054713401e4dffaa8c88174f24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2613020dede8e4d6c42c2e622dd04c48

SHA1
7495494940130bf8df0dc9f5437c036982f16653

SHA256
e3f51c801d231e873f13deb6aa7e2d575595e26330801c3b36c9d57e820bfa8a

SHA512
7a9849ca6566d78aef5b31955b3d9cd3d6b17bab4490e44bd1fae8b17f663863fd601c592747aa8214ca550941434f917aec36a7675ab3dca113ae216f6c4810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
434f00b2cd520c15792a543cbc208041

SHA1
a0aaa7d91ff1120b9857f1e61c27b2ad341736fa

SHA256
4cdb06b9451559b0b66550eccc32907bb661727635618879b0900c3868f3506e

SHA512
dff52ad2469d69e7649d4d9beed8f593d2023eb01b47dcdccebacd15473dfbd6448c17aac6d68b457389fdc56cb9278dcdd29c4dbf34471fe17ad68aee6da23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1da1354750603fd116118acf39aa9534

SHA1
5ea714ac42307520d25d4debd06d197b33f2970c

SHA256
96eb3d2f1ba8d6b710bc5b0ced3d80ad506e43aa1b39fad69477d1177e0b478a

SHA512
fc636d89ff24f8ecd1fdb0b8c2bd329a98033fb467da07c6eb230809353fb875eba9fbc65ee475112413a21a91c4f806475a03ef0c9dce131bcd8b31925eaae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2ec24c51d6eaeca486239d5caf2438ef

SHA1
c6b44d358c472c29ad2aff2983a345232fc1fc25

SHA256
bcc437f51eb0e65d8500347ecef64d8fffbc8ba9ad19694483794a7664de941d

SHA512
aa98e9765bde9ceb6d5edc251fcf0625e67dc262af1b6c9a579e33a2b359d56fa08b722f2d7ccd70c2dcae16d05bfc503cbe95ee449321ac3112f3795cbf7bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aef68c7b1557183fd50c391c70667932

SHA1
16febc7b3bc6e5df7075953163af9e3658d79de0

SHA256
2b7afd1832ca02efd664bf9d5cb449ddf918043e9746d8a7907e6088d9483f13

SHA512
00a74bf8ca6709db4f505ff5f4030a3f304d51b923adac4904b5ac877c3b48081dd33c7600f3374db51a725e86f53999d6397a3b1bdf063af7ad86900622d991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b488d27ab9208b3bfac62b05d749f46b

SHA1
b6f18f9724f254581d17dc6e8e442c80153dc5c9

SHA256
29b84cfc23c04eae56f482dfc36fbf8c9721e71c1bc7f3059526973eaa80cefa

SHA512
a67d2284169e5a844ae4cea1af9849d6c02df79a77cef143543036319f5036fd9b5469bd11f0573e5b319faaac72ecfdea10b9b0486db165a4b2f0dd2dcd7e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ff078eb500980e6db8188e41ad69516f

SHA1
1ce95517796e5a636cc169555f7916c4dfb84a09

SHA256
2e13400572fc2caa41bc484f12b0f10c6120f890b2f9a115ed0a2dd3d9984efe

SHA512
cb01540f8a1bbc38caad45fa3c5d01fa15c5cc26195293b7739de1aed1a00dc63a0fa2a5f838074b34c354be2cdbd748661cd3d69d482e176c0e3cbb8205bdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
29f27962aa71c9a6dddce75904f33b3b

SHA1
199a53ceec347ff266b366123316847dd2e2c898

SHA256
c9feee24b818241aeca78bfe4324eb8e7bce0b84a4b542c12037db02efc705c2

SHA512
bf4e253599b2dc20667abbca231b0973c30d6344f29be9dcd32dba48732fe72a8090f04e48a16f34f3f12db51b5f3ca73261bb14f42031d9c0bb07c5bf222560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
49b3aeb278173838ba9e51a94d018e9b

SHA1
0a9193a0cf383f8bcf685394f3a3d62a396d09e6

SHA256
b1e38f93326653e563616cad5e30958682905908291478afa09d2aef422ccdd1

SHA512
41965d6e2a2c8f989f587c70f6dbe9721a6066b06ac96422ef0a17e90e7745a31506ff23854a7855f76c9f5c76ec3cb646d120fc38bf16bfa63b3e697666fd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
211f3e7c18b43749d85d9519570d1032

SHA1
fcd76b5e6d1aa4c60cd87883935de5a22cfc6640

SHA256
29685a27157a8326e4bb4d7d0a7a93cd6878b8f70ecc3e1aee4849008f80bef8

SHA512
485119b1fb89caa9119f6fd8e5498ecda88739f09e4cc29bef626ce6563c32e23e5e1add6e415b834de2e0da9e2a105026db5a15a007fcb4ec19d7bb1e89f396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c22af5d045286b7274efc2f1c943e673

SHA1
a6f240300f3457ff28472e76af6eae2b6a3ad1b9

SHA256
5bc87b3b2222e273f7cf97b354272e7319d059aad6e861fe607d160163031dc6

SHA512
47dee07feb4714a0de20d48d958698a7629357b105c6e2f683ca5a5c57968705fbb3835f0f64d4c30fcaaea551e60b109a35e59b07dac6ab4044c61d7b581ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aa46480c7e3fc9163221553a9d911f2d

SHA1
c8eabf45baf6a6aeeec118d29d35a82bd327f8da

SHA256
7d006896de13fec5e4519934da6d96449e65c7c5109bc376af02d519c8ef1dd1

SHA512
6de597322fba21bb9458cefa141882f300701ae9ece53676e1290c7004829d43f7048fb7bec062cef5663c5958e51afd1142166d36c14fe8f933dfbc5d93044e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
863b12268cf2e67ebfaf23948bc02d37

SHA1
3618bd797c371dca69c3e027e9e672a2486362d5

SHA256
6cec1a35c797643979a863738624b52549f274a2c1bf837a3c0c36b347595cfa

SHA512
741b1908bb6b287036d4fe77adbdf4e3078c81a5e348c112ea0fd67d2fbb4f8ff84d912d12cbe913e6a4e923c84b3f2d4472bb42e29fba7ef80edb1ad23cdf10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee48.TMP

Filesize
370B

MD5
feb6b2172890534bf9380ad77ce11bc4

SHA1
ee1ac5b97b4f635e16c739e65d4e0a98ac85c1c0

SHA256
65d380b1f3892e301e19b0e3766788efc033269dae099c013bd6d77e1b671887

SHA512
57345a33c0f4b5a7db93d5cdc6dd1c88eeee912f89fe3f9c1996bb11e94e702d255276413b38ac6d16843968f6e0cdbe31f53bbc3bfecbddc3c923c9958c9c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
755c492a03f40fe3d254cb5e9625da9a

SHA1
27c89c266b5559ae1e82aa931ea78b2b847c87d6

SHA256
17af308d8592c05928161948934310587ee7931ec5817da484ea4bae2fe897d2

SHA512
dc7346f62cff51aff46cea9131012583a92e94cfc147134e2e0cdeb550763218ee0ad1f0b8f9836298c2a1a1362bd1d1619936445d06da1341ff14ea2979fcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
14ae16fca817c942d0926d10e9dd41a5

SHA1
ff8740ca4def600647eb0b046161f00a057dc628

SHA256
793a6f9aafba748f02e29cb6725e6c64b2fbf1d882757945e4ffa5f3ced22e35

SHA512
95ad037636617eeb39fd016092df030ae96c1c3ed487569263e6e94d733a0c642268a99e6398e07aed47640485e54af48a7be804c30d3c947761e30111b72362

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit