hxxps://anix[.]to/home

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anix.to/home

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1414748551-1520717498-2956787782-1000\{8F4D50B8-265F-4971-A006-A72CB3B7AFA9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1280	msedge.exe
1280	msedge.exe
2872	identity_helper.exe
2872	identity_helper.exe
4152	msedge.exe
4152	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3728	1280	msedge.exe	84
PID 1280 wrote to memory of 3728	1280	msedge.exe	84
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 2676	1280	msedge.exe	86
PID 1280 wrote to memory of 1768	1280	msedge.exe	85
PID 1280 wrote to memory of 1768	1280	msedge.exe	85
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87
PID 1280 wrote to memory of 3616	1280	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://anix.to/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc00fd46f8,0x7ffc00fd4708,0x7ffc00fd4718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4643168316102641826,14168044902109424122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
41KB

MD5
4eaad30bea40e9158d26aa6d543a9dfa

SHA1
8c1ed42905fb8932cd9224bd6c97fbccf70df06a

SHA256
6422a964fc2ac4d7d02e057093075584f54e9e00ec229b08967be9a0694be76d

SHA512
13e315825d0f9792885833c8e06ba7cb6ad239a8b5c888dd134a7cf526b0d8a3c44f62de755a03bd7dc36390bebc9130c29345845310159693b4127245c31df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
30KB

MD5
e28f931e111434efe069866a5b251d8b

SHA1
46f6c259db48adf8858631ab597a4092b542c47a

SHA256
7556137381b059f49b7272a5e2c341c184f59c95832e2d16c49e9b2ca05b7050

SHA512
017c644ae093f3da4d3c2d72b753a5c363f4de21afcd774c65d460d8d4981031f0704e844ba5cc51134717eab77f4974a8d7f3bbe10e38f11bf0d81fc66f8425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a11e028963af8dfc8c9f149b678dc9f5

SHA1
4db74ffff74a8706531937e4789e5609eb5bc576

SHA256
ac6458b91c3313d6136861e4888da03462e6b0ccf0cada1268ca82ff8f376a58

SHA512
4b337be7d08f6368c6765fd897f8258e5800bc0ed00a76e9b8b264b4f6065f7d7723970f923eb26bd82e264a9fedc005202c7e2b75c24a8dfd60322e76319454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
37a138d54d836f8def3727608fe63513

SHA1
3458534d0c11873157bb0b4b169e324ade0ae767

SHA256
649949d356f806e656bdec3c1df0fb1e524ccebad894c7e6329ed2523d909f08

SHA512
95553a150ca6d0ec7a8faba49f483e137645e7a041e8c77b148e35326dd0afbe99b698e519a0c57c6aa02087aa29977f65761f2c66cb241245e41cb24aa9986a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bda32e3c4da0e005508900e5bb866717

SHA1
64ed4c24940b3c5e7a3796a7fdbf2096120e8fd4

SHA256
0b4ce02977e267c0dcbec84daeaeb73fcfc1a338a1b2ef3835ab7036d8d905d1

SHA512
95e88069d1da41f2fec6cf42fde6819fc4c61977b1c476b3c53a3888e9184f32bed2c0d5607b06ed2e26f751b72730ce8f981a65c703b6d3d3df1106fbcafe42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d7d2b3e06e6ed2b33ace1f5999901c61

SHA1
478dbedaedb13752d3f2b4f02369b051989eb492

SHA256
5e139ec353e27fd01b0c689e504e214ed45e20976f8948d2cb40a0713d501d1d

SHA512
3a9fdc81dccdf3a058cea999f23a7b3edb7b60b2bf5af612f66369840c55f64f8ca0a79b22e67c51a54a1e9ca92d68c661c58ec76e222bab7e1d58fcfe2e3c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1c71bb0696c31c770082e048c3463c6

SHA1
92f59c11278f05cabc7379a44ba334b2e40cd091

SHA256
fb17c95f25e051fcd52f6566973f5f6eae69e1976751bd1d24ed672a90ccfd10

SHA512
7ed86883d2fd5505dbbcb15732f0e6af1c897a1dbd2c275ac2019209cc908139299dcc6948a5fbf717127d135b290848ece4f95104d2eb84cf226fcbe0ed89a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e978da00fb420b4f1cfe1ea0ba30fae

SHA1
53486612c3214c8b6bb9a95ae775b959e20e7a19

SHA256
ba5aed6cae70c7c01d041a3c7868ac386f185344d3e47b0d47e66a3b768416e0

SHA512
7f04c13954496dffc9f4218d98d93b1cabbd54fb5fdd203a300ada8c251aa059d70f9a661c4a6e5225cd244a1a89cd24f135072bd08263b533ec781627097cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87bd1562066f801842828ce08864719e

SHA1
520f25a09303838c018c2d4a991a3481ce409d5d

SHA256
53e9435014978028a60307100a0a0e59e4a2adeb77fb5179dc9c82fd22da179e

SHA512
b7aabb2974a79c7dcd63aeb1ed7ebe230f2af013c4b6f8e641a4f9263c2909a585728ffdfeaed8e893d850f49a104516b4e0cfae0000ce4708ffa15b767d2fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0aa5b947c43d353cfdd420f49cdbf457

SHA1
b3050a603158a8df4e132022f7bbb22bad3438db

SHA256
c7efce722f2276df4171f1216cc7fc4d241c7cb5e1ba5ecc5024a0663a43f239

SHA512
d7c1250e179b52793eadda5bc3f02020e773afe5e279382b51f645bfb1615bbacfa4d9444d66189eb405610f62609ae1e50c427eac02e606835c38589c314a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
380c6a311987bc3b8fc1cfc41bda81ae

SHA1
2279c748977cbcc44844b6cbf00c18083c5c435a

SHA256
027b5568f29dcb50dbdb7044fd4c3558b39ffc80594e77b7c67b5df9e459e92f

SHA512
4208af80ed624542568ddc6aae7458274a2f1f4d5e98ff0eb5c5df9fc4133ed9872d57429785ae5c655ac8e2f172c49f4bd830cc870540aa1ac1df194ffe9f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5cd01ac1421f3f19c497b80dca5af2bb

SHA1
e82552bda632847581a2c1cd7aa657e8639f45c1

SHA256
0f01ed8deeaec9e29568e59027b54714d3da63ac684d13f852df0272e0d8611f

SHA512
1085c5e98247232b8fe68488e4e4c7ee7cf853538439d7fb45416330aa52cfe641b9bfa7c7e17fdc34fde9be45aa83558fbb77851a1a35f608ad19fa6a223138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e996876a3696961adc0b4b85abaa6b4b

SHA1
1b6da73db0dfba5f5a966b4b7086e1b89e2429fb

SHA256
bb4397b89087c72060f9f9575dfd37933ce4079b186a3c881251e3e8c97c6889

SHA512
5a13d2af0bf21a162cf20f1e09d61852446664fd0c6facacc3f1f9c579e3fba426905f7bdcd833a248c04ff197f9112583c0579f0e439bf8296040c7f1de73f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc8cbe396f39ba32f4bffd3767e188604c4a5c88\index.txt

Filesize
75B

MD5
2d74244554c6288371d59d49f27725ff

SHA1
3d36f9f81fc61b6af74f4db00a59ed49d9a7702e

SHA256
477f65d60c260b8dd6a32cc182aeaee88dc99224df8a9ee2c348375a80533aa5

SHA512
b4d452f12d26424bf28aaa0e247e2b3da21da7a725945f5b0bc685eff16ed1e81ede2c0c713e878abe0c677636496f990a18a6ea3a4e6b6abf9c80fb670e4368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fc8cbe396f39ba32f4bffd3767e188604c4a5c88\index.txt

Filesize
68B

MD5
de7c56bfeb695a6ffe4c37dc3b1b6b0f

SHA1
3fbdb8c1f329bccb94aad16beceb11122325c6e3

SHA256
3e5f8bb28de74466cacab3fdeb6a3d3f50e060cea2079407246d83a38de74d4c

SHA512
2e26c21449f61e9a47d9662e7adaa18d66a7106e0d077a6d1ca15a85466ca4deab9295d8572dce036ac0dd0d0403c24eccd4184f080cc575b8b786f15756ac0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
850dde5ed9f5fd0b175e446d9b7ff9f5

SHA1
58f6dc1549ad64b7e2b693377e312a6d101b26ac

SHA256
e9e7f07f21b7975121a2a77d5cacbd591e775d6e8890ecd16ee794be8e0c0853

SHA512
d0437ae425e54cd57437b64578a57b3502d73e0f560e7e11e6750b39065e7da141edb21dc864c318365f47c21118dfef601790c872f8facf6d92da47b7339ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2e81bb4f07151aaaaf4dc5fda84ec5b2

SHA1
69077420ba719ae449e80a41149f1b0962b5e4f5

SHA256
f8b2dce944314667c86be728ba34f615fb3b4e3c7ab7c9d4d86eb27e15e8e79b

SHA512
3c24a60b8486401eb2b7693158e4f0cec8aa42da08659d391ac6bf31908224c8a9f3e54d21b43e032689094de9a9dc0068a3d99fad77db8b6bdac66097d74d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b4f8.TMP

Filesize
48B

MD5
b22798030b40f4f8b94dd8215a285f36

SHA1
d90c8369f9e9bb60f43eb55805e74bd8df641a40

SHA256
0e6b93ec9f9e611bc8702a1cc95dfbee96de725aed26572d16752343dd422991

SHA512
4ccfbf246f50c275d5238ed53809934afebdb8fc5b608dfcf16052bcf66e2ca102f56338ee39b66ae7d1e4368ea6b05cd2717d97a01fc47c58c3856482f37d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
235b91c2afc1f194e58abc709d5b5ce6

SHA1
4c4d98dd54dfd370f85a116f423ab29141f74b9f

SHA256
c28e2e60fc86d7561131312752526026a41431bb3e287fd645aa8cef1118781d

SHA512
fb46d6f8369dedc320d94399e73b05ea00ec3fe037d1e5793647cbbd0e02823ed5b757badd0e5d934cef7b23ca862db2f0b9abf95e1b98a5245a6018e703f51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
364aa6b53a5689c8eb49a9ef8c1eb873

SHA1
0a90fc7eafcfcb534da8421f5b648db698006473

SHA256
6fc426114e4cb2c2754eb6823365eb921c2e323f28297b9f1c8acff0168742e2

SHA512
a3559b7371ff5e89ef88014f0d2ed432de0a9671d176c0302005d6697c355a9fd800a2acf90155839993cf286b994975d6c0680bc24cecf22ac62700431d701b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
462b60334e64a1208b8544b93b63db32

SHA1
2aeee3da007e750ffd5810219a209fd46608374d

SHA256
fa43973681f5ec547d0c108f2451d2c7471abc50179580eee7e6bd1b7a8992c5

SHA512
6aed4d35f6041fd6f493e20e19bc4a099d0c8f6009d5de0d5cfe4639e56fe2b67bc5225c5257d005eb1c06dfe2793f0c7b7e089705994606b5a8d5a0db318ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7410d683d4d2fa2b90ef2c81e2204557

SHA1
a89ca6ce3f889dd662b87e148da08a2ed2fe6bb4

SHA256
7db95fdcf6ec041d6474f77f7ec7252655934c478129263f44417294a754cb49

SHA512
1292cd65cd5be258a99def6a3f6311b52394d0b04403b94200c941224879837419324c9b460b60f631007578ca7ae59e80433510449773875ce207428f2f7dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dacf.TMP

Filesize
1KB

MD5
b24e52ece49ed0a2219c2299fe892c73

SHA1
46e1898a26c1b4f5082f5dd373e5d0943ad63f03

SHA256
c950eb2455f3fae71070208f467fdb06577d4a30307ff5698f2306c74d6edfc6

SHA512
bd0d1caf675fdedfa73d7e6fee355bdd2a6d9290f009a7bfde5c6df4f5c0b0663f84de019a8c6b06823c60f984b977623c6318fa03f1d2703f4db8e75ba9e129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8cf6ad8-8914-47da-bed1-65abb3cdfe1a.tmp

Filesize
11KB

MD5
ac9fd70d5d41de2a764cfe98cd04885b

SHA1
3b86cbd8d9f1ea6cfebaf6c4dd8f011be447616d

SHA256
35beff56c4ed72d1a5e9f5b127fc70ceecde6bc434c2a36f6aad1b2643dde930

SHA512
5bccb68476eb112ce780b78aeab6196ab155d76efda0a0d56a6cf2b8d2e997c6f177c01db253560c4812d0f137446c0ceef567ce79d7c1f8c5b11db20f1e2fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0253ae6662426c3e6df54a1f0fcc0db

SHA1
2c57e8bd3f76e94c1d0be9a92ddd34ee748d6e16

SHA256
4cc59c5b8881f10e7c56924f77b9eaf53d98036682c61a9dfbd44c563c8fb09a

SHA512
d4f7c33dcd64efb71827ddf0148a79579076fe8d194f99dbb25d10cf716391312d1c22965e794e0a2f8e2629d3866ffdf5550a2e84baf304b0a5f0a83647b806

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
582afcdef4593bdaa966b4122425df28

SHA1
6e0bc045d1244aecf6f604b8efaa86d1cb19ee6d

SHA256
754521ac9ffb288eb52aa37b36ca99d59a1b8dc66db512de5338e17e9e92ff6c

SHA512
ad09d490659bca9a6a6c2df95d61371df2033c813ddeecec9b6034571e7a53002b46d73d00b07e8ea41ff0122e95b29def1fcefe015bdbb07276a01a0450cfc0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ebf95e2dc2b5f8f62e4aba8d8f4ec8cc

SHA1
169eaf79d73919a4df2f867de1c685c545a73e30

SHA256
6ae3c766fe7c98c88d93969239af9d73402db6c4d2abaff4bf144c7a44f674cd

SHA512
d4c773bc44026c27f03b711e45e3c0574660feb09ebe6a142eac9e7c5b323bb33e7b84a0c3ac16e2d409d21b7b5ea188e38d6880eda6f9ce7c7d399373f7fed1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fc6c5153bf1a3d1a4cfe03f894cd2b56

SHA1
09e516726b81b275d7d87893d41075c8c73966e3

SHA256
2897443d215ac69573f6e9be72f67faf0cff42e84588a2c7b6e373f2a33ed699

SHA512
6d9cffbea787fbdcd6db213e4835e4d4f1212fa47818d75d47cf935cfdb9c3579d02786ed507edd927f5662ec50df71469ed05aba470f9dd40ed70c5974d5577

Download Submit