hxxp://freebobux[.]com

Resubmissions

28-02-2024 13:34

240228-qt9r9acg61 7

28-02-2024 13:31

240228-qshblscf98 1

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://freebobux.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{DBFEB9DB-E86A-452E-99C1-DC3C003E82D1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
652	msedge.exe
652	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
3956	msedge.exe
3956	msedge.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 952	4704	msedge.exe	46
PID 4704 wrote to memory of 952	4704	msedge.exe	46
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 4964	4704	msedge.exe	91
PID 4704 wrote to memory of 652	4704	msedge.exe	90
PID 4704 wrote to memory of 652	4704	msedge.exe	90
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92
PID 4704 wrote to memory of 2028	4704	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freebobux.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f2146f8,0x7ffa3f214708,0x7ffa3f214718
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1752 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6909260684105077960,8458736081347472812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x414
1⤵
PID:5604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
9ce36050ed2b421570e80aaff20a7c17

SHA1
ce4d3e27f2f575ca3ffcc3b4afb70858b09144cf

SHA256
63429646a180033b26b60011bb8e0b1d1313ad9cdc89071c3a394c463c9038cc

SHA512
67a1460664f11e4252df814182d85fd45931d8493fbde661130c02941f13f2127b3661dd97fb4d804285ef416c4906d0c7c50958db1c1c536eb1da5271f2b86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
d78c5bc9e55f0edb1469a00c297c4556

SHA1
14b18ecd7a11b2a2f25de3b3eda70f71c76e0cb4

SHA256
bf1bc5d803cf20ba83a4b4afd91424a00da64b824c0a9f1ce6c4a3f1c0c73f46

SHA512
041240b3206ab801a8878a2ee2fdbd7b4302e302c11bd50a0373541e1495d25a4277ecf9152624ab4e6f0245c02ab9a8046087938c3b63218d6099945e520bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7d428f98ec60b612cf535e0376d58b0f

SHA1
8356671d29273a049a585db628b127ab55acff09

SHA256
328749660f759006882af3b984cbcb3f43592773418317342416699e8e299e1f

SHA512
91fffa0971221a83202a3045cbd3a652c039cba515a746e463f3e765e4eb573a990dcb70ed27c7d4f0fca3611d3edcf9a9e0c2e78e128265fc98dbdc775ae864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5acd21093129a325377f6e1b21f408b4

SHA1
8dad9ff2283e6a5a418e209bab112cc13b2481bc

SHA256
b2748b4a2ba08a99f3668adf863a90938fb84d014ccd5d798af2d080b47fd0e3

SHA512
3edc747443cc37e78259e412ca2142ec404f73e31d819bb1a24ef00dc4819706e1955dd9c5f0a6886aa1c3e4a385b8e017736cd488fd210478f66a3a360f6d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
00700946f7335256f0cba19146799b9e

SHA1
88d4aeaf673e0f196d308d724214ccbcb2c512ba

SHA256
f491d4b8e2ec92eda07da8ddd98db056d4d955b53f946151800edf627338e7c1

SHA512
b857b9da27612423b9f58159ff644c00268c9830205f2c74883ab8d3028d581cc5595443903798768eeffc1bd5c78c1d59b480b771c4b8a49224e9aa2f1137d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
921B

MD5
87dff0148150138c08dc3524e99ccf6f

SHA1
1eace0909d34d63739b53d3abbcfd79d388164d3

SHA256
16534533f1adeab9b3e80d9667e0a7f03bef95fa9cf832a474faa1ae7aa72949

SHA512
d707a4987633b24517510634c9a658887c0c1b1a8fa96a124d5ec48424e4066a4364a73c7cef8b516d8ca345a1fc152f7a8323cac25ebae043aa627e30fa72d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5267c85508d9ca12dfd3168caf2e103d

SHA1
e8a42004a8a25bc013fdc979ea758a72a9dea60d

SHA256
932b781618523b73971cb8418f652f04a2e30d86efa9a51197b2301fab6bd582

SHA512
550cb8cfe460099b907a2c62361674b900d9c726a275978d9d9af55e6d8714ed93192bae7d32d69ba24d65a57d55d8d520e5c4681a01ee572808ee8fe46eb822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb138ed82e0f86640f8c7ef5928856cc

SHA1
f67a4eab335d14af23042b26798f5865f83e430e

SHA256
4dee1997928c39a8a939a04e7e42962561a60b8c2baeed6e99db2e3909f6034d

SHA512
5b1dbfdb0080789416a34364e5ff4c9a8baca0537b242564a57cf2cf9354e23121655c8c35631e6307c0bc2623bdfa179b1223a93006688d7008b7b5c0622d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a72c4674896fd170a02d7193cf7f9522

SHA1
134fe3d48685500cb8300d9b74237b9ccd2316c9

SHA256
36ef8978e64621c427ec57c7be89106c962beb80f42e78e8072d41364f488656

SHA512
f8a57e3c18bf7eb683ad6ec70087f74d83e7cc74b8fecf4d1cea4c77f7eab4e3abc630c1705d2e07589c1e10693d2fb7f0caf028d0b9fdabcb1b87a8f6694796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aadb0078f303c0d7f671326166db2850

SHA1
e6f70d3283d466b82fe3acaba8166581e8757ce1

SHA256
4c8fe74e9c959d801f4e0981d1b3dbbf60d8e52e4ec650596917f17c5807aeb9

SHA512
89de4e0d40e280340a28993d2dc21b68a6c8690e3c265250961a077f2929c4322448aa8e602ab24318e8a719c7ea6624685a21a9ce7d7b24f01f225ce4dda2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2574e3d0c44b982a47a3999e7ff9393c

SHA1
f89c66451ba746a4f74244ea45c3526bca2b88be

SHA256
a0a5276a6b1cbb30ac3eab9f7eb76fa247c80ff504332e7f400699c2ee7aa184

SHA512
7360539ef1db1d928e7ef48f35717db08d1eccd1e9e64e218e91ca93f80b3c92507a284ba4bdab560dc0d8a4fc3397a07ec35eeb6d1e3c5c134d325c46bee613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c73f04bce0ac02f3cfc4beb90a28a6f2

SHA1
29479f57a5099bb1834ed40f949bff5b0bfd226c

SHA256
d82bd4d3cf61ef30e72e5a25cdd03edd6e33643361e6c20cf277e688a1baf265

SHA512
6761efd60ec18025a6268e54c58fc310a5f068d3d65fb4a160e346219284c093d2eef80e20e4d5664d70367d80896621686396c795b8eb82260fba927fae1f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7435d29d55cd98b6e3469cfe6918b58a

SHA1
bdc0647f5c08ef0c7d19e3664d7865c00ffd7c7d

SHA256
034bde0c71031d754463eadd39db44d0abf2e45a73a920003833bbe4ca4f3f82

SHA512
d48782e6cb763d3364d949560fa97ab17f9b938cfad7fe5e3cb3c4ab8570d8b46cf83bb69e9bfc4ef002dfad619600be817ed8bbd8879a7eac04598292ad9527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a45d9b6a78d21b1afd5ac8ea1f0610d5

SHA1
ebc2f599c9680ff2c6ec56fa2287063a457fb223

SHA256
d4de1eda19b1f1fd5c8cea292beb920352a7c20784e908a8f719e664cb9dff75

SHA512
89b4014cbd96cba1b375c760b7c634142f5164b007c12224d33f310746c22cf1ff3fb4d72a819ecc0d3141b52f1e0216c6252577574dfdcc3b5a72375973b10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d479701ed37ef01a7f8f7c79b8c8fd46

SHA1
f3c37e4728082956357ed143556c60f130cd54aa

SHA256
1dfbb842dd09331aedcb3014b6d64915580c1f3290b9e5e2bbc78710b7c43cf9

SHA512
0f3f7de260cbf0fda461231eb870b4c8d71aa4b8a7e99ec7bdf1331bcc0e42ed77beb92d57315b4af943645532e44128006d1d5a863e7aced2b065f03869e0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
e1c79c4493705b4343534de54df4e033

SHA1
cfc2731f8adef91266fc37792c9289cd7febe2d5

SHA256
71abbc141b9a237eafe0873832978863c74b624b811f59b36d1c9ae141f0db8c

SHA512
af1af201a59b23dba0a55bba62c7cca4a1c36196b8babcaa877801af56cef8c531f9d1b189af38c8b35ada0d914c21705256aaf28a9576466142345ce41edf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
977dccdb96129dc4d3d0d8469ab97c5d

SHA1
516b63cdd132ad8e44ded59f610a7c5ceafd8eb5

SHA256
eabd5f65acba4e1710580b8f4b46e4dd7309a74aa3db55e7c9012031d0986083

SHA512
b653fd85d81c5e7fb02be899b7dae8a6bbfa19d31ca8047da3c725bd5c52e10296983871375c7b4bcc53033b6d30cd1d65e152d50bb83d8cdda7f7bef4b3b2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7be9dcabe5e5cb70b66cfc7ce80a24f

SHA1
fcad190f7dbca573506e562886884f593446d38c

SHA256
7d2c7756428be1d3a8055dd2296561f84c5401f7d91c6d58beca1c344b3b1813

SHA512
a75a803c25a7d42c76e77a57213662b3e1bc84e44860f5118627df28ee8a4f6bb2277a64387e403f80907a0b1e6aa0f8497b5792eff5e8c36acea462fe92a39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e383db6a08ea9abde6ddfa79ccb1e50d

SHA1
5c10776c005cc6c505121bb6e296883c82da54b6

SHA256
5573daa13de92496c7c797e030a9b3f7f13e32f62e366ab3c89052b74793dc68

SHA512
1ea42f4824375748cd2cb1c9bc0cb6f689493e4692a569d9f57f1404ab9d062dafcf7ce0bb6d01bfb3ab19eccc964b231978353d0cb28f4fcb199213eadf57ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e4da318c0d153fdc317d4ac6422662c

SHA1
da2eacda3f69aca5712ca81b1a37e77d2d495e48

SHA256
e0f2b9b6aa9bad15156b240b3ba24ceab51bccb16eb9ea6e2e329a481fd6cb24

SHA512
b4ee1858270c2293e146b48eb6f4bc68d4033031a97b120fe9de5db438460646d9bdd692822aa37d53bd9a1851ef7d3b18cf087c97934dc4fee3c69c390d5d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58632a.TMP

Filesize
370B

MD5
2513dde1a4e6ce492c2811d63869b481

SHA1
1e90425781abcc9612edc7072eb03fb18e7f1064

SHA256
7e63693442b8fc5c98bf1e0b43ba22a3e64c6f1f2f8dae8c9e390629102cf20c

SHA512
7cf771ba5dc75916a057b7bf9768805710c66f112f60f72b85343d04743031f7e1867e1fbb114679a04ecf4aad0425cd8999f04cb110963ac7548844ad412687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01ca4f43e65a5fecdd0ad89f7b839f5b

SHA1
1061aff6d1dc80ffa9c3c68d2b479eaf6fca2ad9

SHA256
305d8390eed08e5ad1d4f3f261f259fb1075614309ae8c50407c8e650eaa6355

SHA512
d3fa55a8a95591c8db8e7ce7d66483a6121b949077ba6c999e9dd71a3f6a140f60f037f310b6ef60508a802c9840e2a5b6485e2e52958fa9ac598c57ab2085ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit