884dd60205f99882f3d661fec60728092da86b8664bcd1a498519d30e32e6779

Analysis

max time kernel
168s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Player.lnk
Size

1KB
MD5

e119faf062753c01ac4e908d1e5c837e
SHA1

4e6f1e3d2c3ac19cee1dbac9553b8fbc43e24857
SHA256

884dd60205f99882f3d661fec60728092da86b8664bcd1a498519d30e32e6779
SHA512

8dba822be2f67d60bea653607df63eecfa2136d6415ef81d784a39ad82c6e5fe2980e36e7b8015f262c21a254dd74ee3ee0134c1937acbaa589fab4712c2ae71

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{BCA30A9C-2E2B-4B0B-A8B1-60A815CAC51F}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 101793.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
760	msedge.exe
760	msedge.exe
4760	identity_helper.exe
4760	identity_helper.exe
2740	msedge.exe
2740	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	800	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	800	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4868	760	msedge.exe	92
PID 760 wrote to memory of 4868	760	msedge.exe	92
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 1976	760	msedge.exe	93
PID 760 wrote to memory of 3780	760	msedge.exe	94
PID 760 wrote to memory of 3780	760	msedge.exe	94
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95
PID 760 wrote to memory of 5112	760	msedge.exe	95

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Player.lnk"
1⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8638246f8,0x7ff863824708,0x7ff863824718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1424 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5549137368876347605,10589299325070820645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9f2af9feea37dc472d2250904997828a

SHA1
a5c70639247f2982c25aa93b0a89b7b845cb12ab

SHA256
833c5e426f25293c04d61a79992ae5fc01844264e27e7cc21764d38b1ec3ee3f

SHA512
8df62b2ce500d2b3ef283aca6526edf43ab738a61dbbdcbf3910b243a74cbafb6009eda213f404d6e1ea409ea4d8c5dc92047d5e46ae75ab17ca92748b2d6afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
7da719c464649f2be45a96dbd4140de6

SHA1
b37d8b9f6e098510935a0ac0d2163038b9c4a37c

SHA256
d9c912a8579b773900cd0a81a1af8dbbdad6dc8c62a2868cc01e61a26c0fbda3

SHA512
d0b87f530ac40e0df719191a7a3e62baf1845aedcf476b7ed4902741087e4f43d9cc0e5c148c4bb67af93041bf21a1333264e00059325b49c5883057bd31a97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
1aaf7722325e44c96f41145879647022

SHA1
e195b629f90eeb436ff5252e12c93a0f9d2da904

SHA256
17a7020329e9aaa146f81cad18770fb1d8abf1330c825ed521aaec7f649991fe

SHA512
415f704c627ca67da19bd2b4d7b19b5bdc2238a2023541565174a4716cda93ea979743938bc7be556039744cc024b9016516a9cd50db5bd474488296742c5b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
da1c8f4b82aa9d480b89ebcc4556dc2b

SHA1
daac1617e05ab448b3c0cb6ee63280290ecdd187

SHA256
f0ace7eefb2251b49cae08dc67be2e5decf0f36cfbe9bbf9420c83d24b921da2

SHA512
a707ee0ef959066c153e1447d984554ba738c52bd0735f0c9d5e5c3117db2a79a411d90bdcabcf444188084be1c9fe5a9bd6374f54b90a0dfeefec9dddda4ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
38be0ab26aa256b15fffe477ce5d6621

SHA1
8e9a8cea444a956412d0be62a6bbe77599f3becc

SHA256
411f792a87253dc9b70125a5f6964dd0faeb23e740f3106a3b3d7ce46e6e9534

SHA512
ec2bd5b582921de14ae6c7fbb5c2f314588e4b8c503f0d1f477e7a50c2ee4bad2527a697e221c11e7a8f9b6fbcf9df837facf28f84232e981b7e1ebfd5977113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15fe251205bbb2bd1f1479a2a5931c92

SHA1
c97a4f48e1f21ada1551d55755a0c9d28cb86223

SHA256
4ffe3211d0a27dd866c470f34736f1bcc7ce8f101e5da15e81513311e5acc6b1

SHA512
3105a713b22a8ee98464cb6fa53e680aee148ce514a4c39f26fa5cf4c194a80aafae04b0e7767bb4218a3a1bd34664f36b5e6538dc6c708192c4dc66fe585615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfe35967b131fa00669e0906c5eb9aee

SHA1
a555082df8e721ff179be4f1f2c49d46e97e503f

SHA256
d4525a211058fafdec4082933cf4595d5ae554bc2987b8a8a2975eba7e4493e6

SHA512
036f9a5e0f4b3faf072eb5431b1cca3c09b071560536303fcbca9c143be4e449495efb843b0e477c2a6f16807cbb8af7dd9115f9639c51029d86fcc6283364b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2cc2e01d76b74a769ac80d69aa41687a

SHA1
7b6e9f803fecd5e83a84fe86741c590a1d51879e

SHA256
f514e5446988e3d7dd83defedb7b15f6a2a0628997308dc5d6fae19b95d3fa06

SHA512
49a0a567c3bd324256fccd9b2c6e784ad755a3b15e602d39ce76b135e4ce4111853cb987133996e141283d2db065b77b7d970482d99048a1335ed11358ac1e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
32c1e2cbfb411813b47017a83f88fecb

SHA1
dc5d35ef00493c73bf945b0aa8483a89a3f0fef8

SHA256
5dc79b7827bb4ebbc3213c468f7e63f39bee198d1f5c56f6fa5443f4e944ac33

SHA512
d6cd178fad939f1f833794b929e1d27d1d5832b0b2b8047224721558b1c4f88538c264459b2a09a92fe03f76389a6aff4c287e854f534ae3fb4614159bcee50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
708f4c8c50755070f97412e81510a651

SHA1
62c48fefcf3fc6b5fbd3d7e19a81c0cb88ccba5a

SHA256
048441c79149680c708fc4ef8b04fdb3fb465609bfc9537fc54f0542efe51c3a

SHA512
aec633d4210c8a051783508bd61ae5be7afe286170a048c89fa19b9755139b92b8a6170e6bbce3c22de154080b7320126196f82ad2cff83ccc82db95aa459f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ddf3bdbc75a8baccc9e2c4e51284ef99

SHA1
9d4a153f41e29bfe0f811d5c5690a9047d0df792

SHA256
85e645df92b27a3f26907f9dc3a3c2a9eac493c0fc903c8b7b36e520ebe3757d

SHA512
7b231f82c47ef15474bba36e8f2a245404f77ce0071f0dddc14d2bc4abcba0a9a1d3d797097cd47c7d553e0041cacad866ccae043a895a3c682c51b84d80a6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
848dbc4d16bd7ba7ed452bd9cc720058

SHA1
95f28caaee669394fb0cb98b0ca1d0b119bb4138

SHA256
8878195c29d4e6858ef3e31461fe810d8f7efddb47cd6eef5858e838513f8f81

SHA512
aba1ae66b5b4f6f110faa6febec9b6f6dae9093ef16e69ea5f4bd916ad48d1092c263883863b63c0984d1052a75bb17e13c4931a84ded4db65324cb9045768cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eebe92e63f65605151651b593e8d127c

SHA1
16145927d69fb6743a8276e578cd09ca741174ce

SHA256
1089799a1d5113474ce72be69894e345726af042f814593c0851d14ffc30d11c

SHA512
6c60ad5327db13510c8813265cf4ca1ec722a9f5413151412213a10ee486105a12dfbbd7e4beb0d7c146881e5ee9130e10d3b53184b7c3e90cca0dcf43e8c34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b52e4ce49b5672b60b240626e3c02824

SHA1
edbde6e377af1dbf56e46be476afa154b917c91b

SHA256
9412752ad31a42338249a88e9689eaef2022c77433074bb83bf73e3b3ee6231e

SHA512
95e1b8d3e4f9c1bd9a4354b447e313f9244ca90b3e66b823e1eea7d62379a5f96db6ed4c95c54ca79463c5fc9cf745da2f1d84ee9a609c298f2e2102970ed0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b92751d4d99ff9d7356c1431a88eef4e

SHA1
39d443484925f782fc64add2de6d64b6b9c52c94

SHA256
2bb931bd5183633485b1a2b8b18e3a071dce7df0563910df27e626e40f236ca5

SHA512
da2934d90772b12b0cf2488fa6697fb66c606d029872dbe3c49f5b765ffcdc435fd0ca2b9c0137b4b7273ef125153aef42abc202c3a87e846a8f25103fd010a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b45f61a167cf1c3f749ec652664a992a

SHA1
8edf2186a07298ff37bdb4afcf8c895fb6434dc7

SHA256
13a4ad4113eb50fc838f1d3d6e8f15df0c077fc69012b44e1da93569d3a54b11

SHA512
bf85a923fe969680d243bd0b449ea018b0bcdddd2e1166b466d1c2b568aae135ffb7355aa4e5f4344dc678c68da38aebfacb82138a82155ba26f203e23a1e28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580710.TMP

Filesize
706B

MD5
fcef704b1f41b6e5184efa123037869b

SHA1
c2cf7c49624a3f707cd38abebc3f373e1db3a7c4

SHA256
299e2c83a22898c93a1d1712c61a5b0c087d57f72af6c3ced9c73746f5dee3b4

SHA512
4ba0723a57407faeafe211acb603456944704aa8cfc66a02ac86dcd7c7464fa7f0c21b306c0c82d4338f3b09bcf2b247e83e7d73d10e5597c98f9725e46a8485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5576ee97b3cd233d90666504d088332

SHA1
2b27e3052ac634f29714b5e7ea43daa1c9767ee4

SHA256
ac80d1e0bf4340675a69392bde28c1e966e2ec123534e06ed1589b3eb8f34514

SHA512
131486264c4f10fb1b03db2fd0e83fc3ea4028b5d2e3edbc87799ce18dc670cad9fa5c203cb947dbf341840e6dff0eddecedb1634e7db1f80fd921028233059c

Download Submit