fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686

max time kernel
916s
max time network
506s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-09-20 1.23.24 PM.png
Size

83KB
MD5

c573be523efe7fa6841917a134efa791
SHA1

48e0eca79d2643680c0c360794c5b3aa23d663c7
SHA256

fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686
SHA512

09ffd2a2ac504e70dc9694d4149dd4dc0b34cfc4f4c7196246545705676f99a848adc28fc6db6f44056700efc1abfd4eb9b1466d679cde2b9d130f198d220801
SSDEEP

1536:kavkTHuFTMYCMLkqSPzzF7FwhXuAEOQV6W5bw+zmu3bs28OaTKmWG:oTqoSLrU8ZEnVfm+zR3I28QmH

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
74	discord.com
72	discord.com
73	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{75E68317-2D7C-463F-AE74-D40FE895FB8A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
4216	msedge.exe
4216	msedge.exe
744	identity_helper.exe
744	identity_helper.exe
4152	msedge.exe
4152	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 4872	4216	msedge.exe	103
PID 4216 wrote to memory of 4872	4216	msedge.exe	103
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 820	4216	msedge.exe	107
PID 4216 wrote to memory of 3392	4216	msedge.exe	106
PID 4216 wrote to memory of 3392	4216	msedge.exe	106
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105
PID 4216 wrote to memory of 208	4216	msedge.exe	105

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-09-20 1.23.24 PM.png"
1⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82ca546f8,0x7ff82ca54708,0x7ff82ca54718
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7078423712581803567,12848225848275460300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
8124b74de3249b98eeb24595ca0a0b1a

SHA1
d840917c982e4281ddacefb7e845fafbcbe57dde

SHA256
e230201f51f76d724b1f797c9221e98db0b570952c61200f28035cd920b94620

SHA512
c60fe94a65574d759788c07c7f757d1438fefbe70061f2626cf3cb4ca343a5682b4b69770c27e106cf0e95c70b9061ee7f5fe4d57c85402a547347dd8d13978f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
ebbbe0d4f05c691f3c702db6be87aa63

SHA1
d157166d0ab4fec1ede8aacda5e6401d57556b07

SHA256
741cb96e63ece07818188490a8b3c2db49b24d33c397bcfe5895a4c93564f6a0

SHA512
576a2a825d448fbe392f9a4342cd3cb07eb09b1d7b0af323839ee87cc1fc5bfd0d81a3d11632e28ad68697b793e130abedef1a01d1f3f44fe7919d652c8a964c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
be2879ffba07dc2f591625950ea4ad32

SHA1
d4a162f019f74f98f16ca35959bab97f6bde17fb

SHA256
171f69aa984876de190a2dc18d3a13d7a5ae417fb354ea4a2968522456e8b042

SHA512
3cdd4f411a10b3425d1cfe6dd9bf41d9acedb90e40f493f54ddc9ab577a9ac6b2ccb862375b9588a48b76c38d6556cc59dde40e71671e1aadd8eb27d81d69c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
deed29e22f133b114cb9d1c75601e369

SHA1
31dfda2d4ac27d8914c02ad0168f239cd1509b06

SHA256
0aa446f314aed6bcf60b84d3e8d85780a0a73226bb6e1482a7c54eebf74cb6cc

SHA512
ae0a7481596735ecdb677b478df2783aecece19d762dd529084b6c95f86a9852e3e435937c326936dfce1df820a11de9928529585883bb95c8c71fd7d548bdb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fb67a62c7939ec55863bfd7a7ac0cd1b

SHA1
dee803ed4ff43319e7ae30ec51cef48eb96f64bd

SHA256
243a46cbe9bfc19009c06c1d01fc1a075a10f921b4a20f89bdd652caa747ff58

SHA512
d37fe7aff0be93c6dfaf526f2ce5c9e943c8170599abbc05032054bc7f7b12f476c9ca162e83a800f848eb8e4382100fbd69fa99f8842373873a3a470e0fb8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
063432309cc9f1c7afa2074ebf8597d5

SHA1
9c09fe928fe9b3952fb77f18b62f124ade8f9550

SHA256
cba4c248598d410d0c0a9140fb162e21998d34af6684338fc11414c378e71767

SHA512
759b32893f59dbea2b1dae6b55725bb91cfb3a181ac9f28a93e20ac0a50b0fc62fe31ce03743eb6c0d43958c2657bc7a462cb95605eb58acb9d8a7e374b5a565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1fdb2f2420a058212969b6aa6c84821

SHA1
8a141c6cc2227a0828f8d7c0984ac4ef874e0598

SHA256
1745b8994ec1f14d17f7ae87857f5e07b51f2962d9fc85b91b58af20fae0f23d

SHA512
850c1c40e80820bee5f523d2c43cfe495ec16aeb338fb0367e42fe59a295f79fffa327d74f4cfa534c9766899cdfeda6e3f11e45d563ffb3b5610c0c51b63803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
44689597359194d4f4954c3d786373a8

SHA1
677a2bf4bfb577b473eac5747741dedc6abaa4e9

SHA256
7e16b89a91539a05eb7fd3ec7f911310156c841a8809398dd9c24f39865aa978

SHA512
ec12266fa1c9cbd31e5f13b7989596d24eae0acae7c3e823ef28ead8798179b1c82a0bae94e7be28d435809e766f86562406a7213dc055ed1ab33516e4cc3df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f461a9cf2e5d3094d522a55eb34e2009

SHA1
1fda5db6cb29b362e2573f45fc602f0264d6ae40

SHA256
b26e4083eb0ba5bc6a4a421b1c7bef969298d9a76ef1e8444b1a449cb3e7f2d6

SHA512
a0f69260b5f16abfb5364bea97df37463171310eb580c9ab9ef23d30d500e8c34b93b2d83b65f1e9f0897950e303b65acf966f5090bb22f9e111e88cc280ae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af1f30a1019e89f281a7db68a775e498

SHA1
3ed1f5a972e69ee83da6cad25e379c19f43ffacc

SHA256
68fd71a9f778a6b7bfee585013955aac42695d804647af8f9920d9a94aa770d9

SHA512
4dd1cc1d7da540232f6251541eef49ee869295a416568189a16ae3816b87157456c812948f6931f86c6d222b23c3e0b0b038cf2bb1c5ce82d7dfaab59e7a25b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fc743ee9fc3a72b644462bab685b2fe

SHA1
83d5a00771fa2af83f6e2bf7c24b18a086af2574

SHA256
a36c84038b36f5d706d8da5394476db57dbf019b835cf5ceead8d4035131f3f5

SHA512
27aa0fd6afd8d33b5cb8754124b956a3beaa5bbe8810e16e473d2e912efa7d0f1458731e8f2d7b2103df83979b26242eb513f4c783c3fda247a1ce0d93077c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9feceaaa5286f0aded7176105400c543

SHA1
c87c1983542aed2015b2c5d412993a591b6d0888

SHA256
9a9380a58d0ab8f6d7acc9e1b2dde753316b7150469c33dbdad89f50f543b9fc

SHA512
72e81b636ed3742aafdab9985320dfdc5e2178bf7725255ad536e89a68de32ec084c29d77a15b6da4ae8800806a3c0ca125fa7cc5ac7c3332e55a1e1ade73d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92c7d912cd9c0670dafcc6eb575077e8

SHA1
2a18c0ae6acad75d9781fd36bd54800449b83d50

SHA256
72e88d12ac8f2bf2ecd82738a43338300dc847ad0803e5816f08214b17600fc3

SHA512
0fda60b89a0d8f8d9ab83b23b65f9729bf46657a72adbfd494592428d3f04881b7acb404ebad3973c95cbac6918dd40d4435dbc05b1c0268aa01b4cda06375a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbe841e4b549c3b685d1d79fd707eb85

SHA1
1f2ea1b255501b320dd74cfb2ab751c74298e029

SHA256
225fc958933226bfdcf2b2425372bbfb8b97edeca92d96ea2cadfce58d0e099e

SHA512
a6bc8485988d6deda0b9335a1737e692023c4df66dc12966255690218770400b5fb2e8123907cae0769dc6e5b1bd8679d33f7af4144becc07b3a28f175a4780a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05e32e0a21ca3e7ecb6349b122594e0d

SHA1
8a0933cfb11845d751b30d8eff102b3704a2e227

SHA256
3078401c8d1898d5b3d55d9c95ca35ed09f376e8772e857f7a8e77549b29dc59

SHA512
e18d70193d4ffcbda06aa36bfec4384955a4b2e2d8456c635b039f1c639ae332242a0325e8fa97ce3b56d68f9e6b85c45f2c849f241ef339fd5fd4cc121ae45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
561db16921ef51633d0fe6e64a360de9

SHA1
085ef0a30beee47c0fd28076d3e3324a0e8bf673

SHA256
eafb60b25f4f499f62a5ac03ce526592bdaac4ec28fbdb401d5654d8f601137b

SHA512
4fed06845fd53eff18faa82f6e9c269451a31d3aba39a0728012a9e30511408e044730b3965c1605620b510b9468fa6db0e47cf9727988298fd7f4eede80040b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a60d6e8ae3c6fc31839202b5bd1417f4

SHA1
5fa2341d62b1d8b66938b3928f4a912361914157

SHA256
321df0d8dd045d9d8dfee8296a3d3a879d54ba840e503e8ff3d9cc74cb3d01a6

SHA512
661ae5708a07bf812de26178c0bf3d265f142f873818751196ce202337cf7589303b5361b30f6ce0ba0906f14408943e52a4f892c6f5ef558378c919a8f13dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
185ad838a176b0c7f1a293115d1c4185

SHA1
5c8a269a253d4c7dfa2a04f32c56e5be75cf0b5f

SHA256
7e5ad95d50897a7bfb93fe9e5063daa024602ab6091d7a8fad43a014cb0d5310

SHA512
1b596f8a238c9b8f573fcf8640377e5a19b0d677d9a7722082528f595e923c1181243c3234cf1038ddf7d4c4c3089aae3aaa9198b927c9501fbdc7a0917f7fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
026300f37d16090904733c245ed9c439

SHA1
f22726f346037bac216a939da3bf1eeced37c89d

SHA256
4a3d6e6ce6f036b5a646bddd5a289b67079bda42b9cb5b5dc27237800930322f

SHA512
cd7a9aa75c0ac44c32fb2fdfe320ee1292191dd05ef347dc08698963f6c170aece8421bd173707df800fa1c791cd318239dd4f48dba61d21a03358718b41ea52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f44facddf5032ae09e07ab40e4b84605

SHA1
8c84dec09dd588f0abfe4ecd258a873717b2375a

SHA256
276c8202afcaa2c4983e386a850714b9cb213de9188f62c7a74e55a6a0b3e0d5

SHA512
c4ef120447d8bc965ead22bee2d8baf403d388f4cfccd0115e90a9032d4c6d6474eae776fd5344383254ae55526bc4a1d7edc73b5077f1c6d271a7fd0566f758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
57ec2853c5a0d30acb76254ac975727b

SHA1
8c729723039c0abe3d47b669b2449fd52092179c

SHA256
d0e1eccb8ee5a4390fd8edc4345944c613f5dfa05c745d5ce1bda6629d555b74

SHA512
39be997e24bf550158e9ac48561d9b477eabe6235f9239ddff864e9e7929f49fd09dbd9d82b23430744a9480820d8b094f449625b6e0c358fd69e4f14989beca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ec1cfdb0155016a5fa177c8df40b6a9a

SHA1
3010017057e93de8210e526b59dfcb9f092bc8bf

SHA256
1209d56ba9771c57fc2bef0d25f562bdf52e85124435781c08f45af3ad1a1eac

SHA512
2044042fd8170e5d39eda869d70193d001b94c7a7db0a3cc12de694ee719713648fabc07fbf8cc9a7d1688def1426ec11a6550b716e886fe0362868527d7aa82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1c0cca12edaef95f7b419acbfdba917d

SHA1
8c0e3f8ebeeeca07cfa4ddbfe802e806812d0c50

SHA256
3f2d5d709fd93d49a7831a6f65f9ffa7544242e85628a7bfc5cd025de8fef6d2

SHA512
bdba0aff5a108b334f0ced7c69361fb64139aeb0768b18d72c52134363bef8f28cc5cf820c26afaee89c6eb33879993ea89ee5892a24d874a980badbf541f462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e88.TMP

Filesize
1KB

MD5
89e9e2b8a7b42d90a21887005a618ac6

SHA1
497e7c77d681d96fe1b033850467b1d30de63507

SHA256
64604ac54b03aca92e33bee995990ad15c44d4553e79dc63485abdb53160f969

SHA512
b979d559085d08e9b6c6a9c09c79dc2a15eefde35f9e55bf8db68fe4015d113d2977c8b27a2171cf575d4af662c0733da8aa89ffb657ecf38bcd2c760ef3a7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b7cbaeaa3656dcd1ceb8e5da839c40f8

SHA1
ac9abb3b9fc78686be7096e10ddaf7fb1b397eb3

SHA256
6bf39e221b0babe7bd0131d12e2090efd2ce1d425087a546c6430209642309fd

SHA512
7fa06763c9d91131056058c388d3a64fddbdb45a6444d273cac80b11c05257e4849562da60ff8d1ef7a7f13204c0ca855b2b5c7280e34baafb59955191184ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb379950c314c6fea28b099318cc7236

SHA1
fba70d56a4b760fb19e83e1851c68a0eb1724a45

SHA256
34e7aa136ea17ab9f7916db8ebf4fd64c9fc1191e19847976260b4de73148a7a

SHA512
aa1e4206018d0da7c05c096aa1a455c1a77745eb5ad3ee9ec3a96b18fc6c628917f28029402d9c40520a81935050c69ace64ddfa2b30e94d7d9d48fc6398ac87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
c4fcb6aebd897ddb176fe4bcd0cb0dec

SHA1
65eb12b3b1dba78824b97fbfa2c85023b38024dd

SHA256
f0d55a1acff50036e30c649af5464a8cb094e087dc22fe4ceb5d19a8cee1c04d

SHA512
f74e29c5c2530072e26296602b08def22c3a83a2a85ccfb156cc8896ba3f1fe0d921b79c156b02be30371baf4c9d29893f17da707131404cf8ad5058e74f004f

Download Submit