hxxp://google[.]com

Analysis

max time kernel
282s
max time network
280s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3513082673-3003704585-445662156-1000\{C591ED7B-BA58-48BB-B2DC-B96CDFE9AA83}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 742179.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 48725.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 539329.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
1540	msedge.exe
1540	msedge.exe
1776	identity_helper.exe
1776	identity_helper.exe
3280	msedge.exe
3280	msedge.exe
840	msedge.exe
840	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 352	1540	msedge.exe	67
PID 1540 wrote to memory of 352	1540	msedge.exe	67
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 1920	1540	msedge.exe	81
PID 1540 wrote to memory of 4252	1540	msedge.exe	79
PID 1540 wrote to memory of 4252	1540	msedge.exe	79
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80
PID 1540 wrote to memory of 2788	1540	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff91463cb8,0x7fff91463cc8,0x7fff91463cd8
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1844 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1688 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,16317091301295989651,400059498470454108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53b9b1800c90e0f055e0daabb68cc97e

SHA1
beb76399e32e4ca5c634228e2d4001e197249cf0

SHA256
edac0665854b4e7aa3f2b866e6172c71b2e1c6a169a2a04cf1e74102ee9c0e5e

SHA512
87d516b7ae594902b2544e13c6224760e1ec40d676a2f699da3242b5d3a9eb962dc7b3ca7e2a3eed1dac5375cc6fd8379dfe47d127fd3c18a653a05a8f67c31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
164f1995181772492d5ab5cb2f99f42b

SHA1
eb2d3a502908bcaf2884302b3a1d27a4888e8202

SHA256
21b068c196a39c6c1809b83a5ae9fa8aa59027e96213c6d439dc45360d385be0

SHA512
76f9b848dc85a12c6219bed699812f2e526c10c0d1b852899dec65482916ae9f9280c4f59c79a5dfda59f0221ce7ee8423f94b04791634122c3885ef23c80c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5a15a65dbe19686ed032cb1f792b9622

SHA1
4aa11c1ece6f1678fbe89349f23681b8d0ae06fd

SHA256
b35b4015b97299c3f87d35e72bd73cbdc92810743a573196a1432332c15177c7

SHA512
4c16def1bfc9abd23007a89512e12ede5ba18811d2a8b4086314116c676f9b4cd5065c0e73b33f9884c6cfd4a5691a9845494ccb70b39749da6f0c82e7f7d6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5b0e698670c0a3da3acd944f4b39453f

SHA1
eae02966c54b30d8bb0e79921216196f55cc0fce

SHA256
e9199938493b7a4753bfdf2d051db78f378b078c08606ee84b6468d0277ca7dc

SHA512
686e8fae8d77b17d1c64b4a0015d0098ecd2a1b08fb8358c1a505a40441e7bca12ea7183c034ced233de60d6359b9dfceb72cc336a2b3da6514b5e5cd2b3b310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
25e9fb2b8cd90ce87c4d2581d4314dba

SHA1
20cfdb558c396c4fa62d47e3d5edcd5b7d7725ed

SHA256
642415eed7da51b6429acb165213bac48a73cbb8b1105e4b7eb590c61d1cd3a1

SHA512
2af91fda5b76b8a0b1c01c430e872eff78663d6a155b2314cce92b52bb20e6a2198895aeae49cae53b0ca2f65d57c2963ac8b6592e414c1dac9031a7c6200668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d0c3e600697cc386e30e48d695ecfb76

SHA1
5badf6e7290c981000de8e91638399e3a2ad9ae7

SHA256
12788fd405b77c8084e0940b7cafe8ad4239af8551d61313a96d2ab1e4c19371

SHA512
fe6cb9dcacd3170acb8a13a81907e9394f9dcd892f21621fe1688649673750f8a5a0dad7ceca4205e0f7125991d94405ba85bc4130c2426dacfe39d1e75692f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ffeba62f21e93758590c5f6dc06b16e

SHA1
65ac1d134f4140358d2cadcd1b451a7c7172a46b

SHA256
4e94626ca3327a3d123134d2ab8cdfbada8cdc67fb7f13001517a00e46d70157

SHA512
22769cb7c735a3ed8ef12b0839a1b60347c82851ddbedc91679b8fb1587ebca4493cc8a7ec4df27977896cfdc3ea68515b1657c8bf8f5d3488ac6bb19cfeaf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c0e4becc232e9f77005d46fe30628209

SHA1
a30a19fe2cedb5ecd44f0c03aa1b7ede5cbd0554

SHA256
ac452eaa272eb81aac19831470681077f569e5f3b624e684dcf3c43bb07f6fb8

SHA512
7a1451c9ce5f303423d642a0eca956d099cfec122610dbb616d2c4b076e9ac74063f90052c07bdc01fdedbb7ea00f322b23dae898a7ab886a84d09287faae9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0ff6d8101b78000cd3e1e0bae1426bac

SHA1
8974393b5a2f80df0c689311156c0da6def6fc81

SHA256
10c80388143b5fa6fe77a83829b7168b4e5fe10f717c97788fe22c8d391bcb5f

SHA512
34757bc4932f9ccc5c371a31252dbce015ccf37ea457089e5e14d607ffe72f137413af013ea2b88d8b7f9940904e28a411bf1f6eddfd6cf172589d239bd8da2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d2ca9e1924a629f703c4103e3298c138

SHA1
91772efa2798703d8b886958428aa3045d167e40

SHA256
5cc20348cdc4b0cebafbd5764cf87acb79fa6e38aa5527028f3e7f232fc15bce

SHA512
c915f0059d29ecf15b850fe49cd0b65e1bda35c5968a2dd5601ce5d4c128fbd016c55a175e793f8f452e485948af32c7b65af05496a9eabba64aec340700fdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d7b04b2a03c61bd88aaf75e74c6648ce

SHA1
69ada71518376ba153d46105c4e6877e7ba351f0

SHA256
acd22b630e69498c47a2d7e23b16c68af336d0cb9bdb04a5a335d6b65bb0e571

SHA512
81e7febd669a8402142dce0360fb61a8a13e394e7f92c1570131b6fcc7475b25fb214c50c0920d014717ee5c73e5d9749b54e17d93b7a4bb73eda5b225755e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08e6ba04c24e27074f619ebe4da16da0

SHA1
467c0237251f989cdd2ff816806f00c96ce35b3a

SHA256
f520e156edbc94e59cac2b82338d88094259578d499f8dcc4c70c06048478177

SHA512
682f53161fd528fc8d7b1cb11d2074bdb630bf6757a7db87cc19f69c44c98521ce8c3dde5f5aa2d900debb97766d3de84ed69bc85929fefa10ebc097fd94d3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
010fc8069e282045ac86b85bde9487e1

SHA1
57ffae2cb30938c68991a9730701856f74b86b21

SHA256
62123b1633d712dbda49d22410f5a6b0d5e0b4bca471622d731c4ce4881e62ca

SHA512
a51539d0e87a95845962aee7ebfc784fd6aa3b314f1e7e32ab3e9b2f031b99a11950aeb0090e5408bb9c508b38a13db01dc44ebd452ca9e90ee83d8b100f238e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8aaeb45f5e25b866266a016cbf0a1e1c

SHA1
65ea2327138a0402b2ee695ccc9aea73a65808d9

SHA256
48b867032e79779fdaaccaa6e9168a78c5b792d0ac660e8c3cdca74ff31804dc

SHA512
d4e6088c4cf33940613dbd1a50f894d27852d91cd1edc2d5dec5df41c099bcf7dbc20e1e21fab912d26b2e42d050795c2b757989a429466e2243a59e7f0bf1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
022e63ba65ec890edc174ae98a5c1df1

SHA1
1da249b1d141fb10a07ef94a00da7408d6b3a5b2

SHA256
28f95366aabd7dd5e967c433e78b61da7ee647b495f41a43e7ef08ed92055ff7

SHA512
623b693a67ed1eae92c7649348e06bf7096c40feefe645e44998267717301cfaff51b320f53a2e3408369731b98c3c71e594483a1d186bebe960984a0e69a8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
45a1fc32d50db30a77b2c168e5e865d2

SHA1
9637491a0139ab6dd81ed4b439c3e48d3b74bac9

SHA256
767a27f5a4d6c7c74cc97d7c2f7616aaf31fabaa7d1ff2f7b2a1827d0a132b35

SHA512
4db3d2381b9f09477d305693ce388311fd7c04b5131811f03c5b69f13271fc0173f5808229bd6e8e2958596b0d5629ca4b8e28ee2b9624b1e54ce07f40eb79be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4c596148abc9f205756428d2525eac5d

SHA1
3e318eac7c27194b5d2661908734d1a5536eb687

SHA256
e571d20c9cb2b44f3b766db193d8ba6730e3e5b9a948d9138de9e1248c98c3ec

SHA512
fc16caf9599de33b6a3c01d69b624ec708b89ca887900b8e5d08e38db81cff746ea919ed78de2af5567e4c2ddc1b7b4a21b9640beb823f9dde110e6ff9a07fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd6dadb28bf7a68e4a7a29eeaf7bf309

SHA1
58ae666af2c2353ee91e9614ad6cf7f931a19dd5

SHA256
8768e31a083a7d577d9563ede9f324717c583f5df1daee3b481e6c7d3541ad97

SHA512
056ef82a4d4857fce38f9218cf5b0570980d760987405932e748ecfc4ba757dcceb9a5faccdf488429722291a2ee9d963e8c350e2a46a7881438f50be68842ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47cdd852eafefaa33943c8b2f657567a

SHA1
b53982f51296d52e6c983bfca7c8cff7a8896173

SHA256
e91fddc344c7550db15cbc1f5813a8c45cc23c648f2f3f404b0ebc6287ee28f8

SHA512
7ca7b28253472766803ac8322adb13ceade0a26c48871b95888b6791e79f2d12d5f85603dd334134c6b41afa6ca89b41d476234b139dd23f4ad41eff108ede20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
c82ad8ad14e526ec66559c47de1a763f

SHA1
b10b0f130da2c65e86f90dea7ee0a7023d5c2113

SHA256
daf64997d996dd9b5fa74cfcf401181709c99c832ecac0765dfa2685a4de2d26

SHA512
77f20db71a5452fe0de763080ca73b3e55cb0f38bce7805eed977eff6d932b7b081f896be7d9baa8758cb0677e12848f60e08dc2b19985dad0476962b0ffcf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cee8d5e585c229e5a0e582149bb9458

SHA1
b2c707178d67c752ba35a2e144dfb530032c7185

SHA256
3c5cd200190fadf5d202f2d9203b7b11a4bea3be07527029b95e9f21c036d7d0

SHA512
8fbf985abbac429aa34689f2749ff4bffeef63a86f9328da2a863582d9c8a9c541fd7807886bdc662fa45a446532cdd93b5ec7f158954e8f25c2199c04fa0ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b68fff0ee796d08fa21cd6e236d818d5

SHA1
feea04f523c6e05c1266b15f07395850898954c8

SHA256
60f02fe671c5889dd723b5af7af622993f682bdf27a0ff8ba6edb86b48565cf6

SHA512
312fb2a48f6cfd54b306367bb44e6d885c7a84f5b8031d15042878683723575ec5e9c2f64dcd55b6be05885a140aa06f80a9015f9acf9a60f3fa7de84186531f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85d6bee1be8cf3fabe00132f07e49b14

SHA1
d97306b6c862ce7332fc9abb5bdda452d535af8b

SHA256
79c0e58a2bc02f43fa434702809d8706d978eb1ce95c433b779801f339681bc2

SHA512
69a5d95300c7dfb5c5b411c4147d88f5dabf2e41a60b3ba71f300dbd4be46cea3fe86260dde38fd41076928dd50d9f773aa26563171a542ff44f1512292d385b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
de6c51bcb8936d525db6024512e57733

SHA1
8da79e4f2987fc53d90810c47a3f22fd0d784b56

SHA256
2479425a33b85d745351999205cfb662add47757378861c57133b1204d94be30

SHA512
fe8fe7b21c9a0278dd5eac9aefc268f3b71a39a745d16d0365146436fa1323cbf18422fa4b87dc8b0fbf0a3754fb8c893d499a43fca2d639baa4b3a14904b1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac06e7061361fd0d7a456c4e5d21bfa5

SHA1
f30a42582d7a2a37b8c7c55e147e7421eac54d7c

SHA256
9d6b35d554f28e3071ac609fe189e4376f7d0ee3fed9468dd4b75b53e9e468c1

SHA512
4efec60f2fb8a84fd9b6ff6429028d87dc5f1bb372ad48a3387178b82adf72f3265ebf8f3ee70e3ea7d2c18edaa58525f6df605d16dd7e1689243ab5b906da0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590778.TMP

Filesize
534B

MD5
e67af75988c24428a186aaddb497eeb5

SHA1
af7aded751556a59b914e9344936306a82f13c35

SHA256
f02c8ac67111b7afdaed170ac7a87bd8861b3df8b10cf8bd969a739a6e155d63

SHA512
b1a639ecbb6c07f2e539932c99b8535f2c7519f5f098c9211fdb7a772021ee1edcbbd339c9fb1d1a1a727110475689dc9d5298a629a04e1859104952919106c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4b5986d6f089c0baba7a3b76b86e1dc

SHA1
03afbe503e482596d1f0bf47f4ed4486a53b0cd3

SHA256
f2f0421469a79288dcee8e0504afd06839674aa58b3b5a6a0501b33525195380

SHA512
91e18e03435bf935f12cdb4300132a3612e5b266b30b1ebeb19005f52696adf22fe82ec4c76690a791c313063a2c8bb3c2169eae0d8d50cbb32886632692f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
710fd8bda377eadcf921c3117306477c

SHA1
0ad62b843d8f0f48e9525f8b54b29add525c5e46

SHA256
39f04439facec19612f6193e1387d7a666c0535c994d22ae88b3b1cd851b6c45

SHA512
39f3cf584d2bc40c709f8ceaae57d61855715b71859e8eafb96ee91735de5f796f98f505e553d5454629595944f7519342be79c9b61cde34ad85534a92ce9e47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 742179.crdownload

Filesize
2.2MB

MD5
70f3bc193dfa56b78f3e6e4f800f701f

SHA1
1e5598f2de49fed2e81f3dd8630c7346a2b89487

SHA256
3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

SHA512
3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1

Download Submit