070b45365e2ba19a914238dfec656ee41ed7fe726a2c113a55e6aeaff3f8c439

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a (3).htm
Size

1KB
MD5

93b6c5df70d617638859f47ff500b3a3
SHA1

29b0b9a393f09dc2ed206de02046bf63994b2e2e
SHA256

070b45365e2ba19a914238dfec656ee41ed7fe726a2c113a55e6aeaff3f8c439
SHA512

a1539e39fd9d745dd2e0db0ee38d7d9948cef9e0c8e67f1206ba6c5e6b578a1d17dc7100bf6544eff792ccd913e345075249c9e99242d85ff6d1f8ab1f6f8e41

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{3649C23E-256A-4A6B-BC31-2D21391B6412}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
2312	msedge.exe
2312	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
4384	msedge.exe
4260	msedge.exe
4260	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2248	2312	msedge.exe	85
PID 2312 wrote to memory of 2248	2312	msedge.exe	85
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 4756	2312	msedge.exe	86
PID 2312 wrote to memory of 3128	2312	msedge.exe	87
PID 2312 wrote to memory of 3128	2312	msedge.exe	87
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88
PID 2312 wrote to memory of 400	2312	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a (3).htm
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb48a146f8,0x7ffb48a14708,0x7ffb48a14718
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3716220981612177792,7538317373398186524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x498
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
86KB

MD5
9b8138397af08febacde6bee5439ea32

SHA1
5f0e3a968fa85e15e5731deac9114969d499e21c

SHA256
4802ef9f543284149172e16797e0342089b3ac1e4258c4b28714aa7bfea06073

SHA512
8468f477b77368a3fad5abbb82d32a562a53c3fae93841321afe4dffd4a3cb8a27041eedababef978c68bc4c9fdd2b0c049ed291de2ac83541f2d46f345c94c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
48KB

MD5
d9486f19c1b01a46a260e64ea048d6da

SHA1
9527e4772e111c92d0ce8b74168ee8968b31b229

SHA256
a8b60a5b107379731f53e4af7dfc35b5bf7ff7fcc5ac01d772e96f0d128c365b

SHA512
24cb6ca5ed618cd0cf7e1165dd3260cf80bf08695de997afc1288bbfe7a99a8e146cd7efcd2e4207914b83620abf1893df282a4c0ac0075bfc310ddf6fe05257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
33KB

MD5
26a5ecd78fbe6dc4bd5102a30513d86b

SHA1
7a5074c21f797b47fdeab198aaef9b5c9fac3acf

SHA256
f3bd50aae1de5cd81498078fe4f637c94738c07fa8d6b275458dc3b813c69df3

SHA512
356f7ec93e47823542088f11987eb3769f68df2248ca098d49c5e2c6e3fe40768f780b842cc9183cd8f9891e8bf53a22aa79ee34a9881299d5a909e7aee6ed2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3ea3b64a2b02588e5b3750555441fe94

SHA1
47e7d9aa4f0bed9ccca5a7c2b25bda1de4b8ed3a

SHA256
efe57572187d6e9d33bd926a51798843233824ee9e25348f02f4e3878886aa8b

SHA512
201d12e48c7100f5fd81690e9a29012fd579512bfe63cd8957709197e798b4d263c0fd0592cfea20608d06f736e1c1cd0110ffe34c6f1952acf39fefc67421c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
38f0034166a74611103be3acc1870a09

SHA1
d6dd831bb40e27351b6319cc1bf21ee4fbebdb1b

SHA256
a3b1df8d277b26deddcedc8fc447b58878fbbb21814fb02ce27dc0764ed73af0

SHA512
b649247343ae816717d6b6476ecc3ab254b89dbda40bb5a9ef1ebd14eb2b425a26bdd2aa1a2eebfb909473873ff7ca4b7ebe1db8e311bb43717ab30f3392c894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f982ac2cddf6bf4ada8cfca9e3036808

SHA1
74308446b448327d9bc21ce98b46fdbb4b65c7a8

SHA256
48ce59a92de3b5bb15adbec6a1e12360e89683446f68e6210b3939d805dc2d78

SHA512
32dc79ed413856c49b66bbd1833b305902e8ef971f86eab91f4d1c9f84937a84915d48a1d3b3806494dcdacfc81326c3ba1252776c8ea19669f436382165c586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
4600e51b2c22c31ebbd93cd171edace0

SHA1
6a494d47b458bae115a0f57d96460f98a2204cdc

SHA256
9d1b38219a6a05c2eea0359a6026444e42ec1bcfed9606d3bd27c8b91ce545a2

SHA512
3e0e0a7ea5d1950be98b35d5fa8bcf3b77d4fb3e25424af5ca898963c4371e4b0f1814373bd771e63dbb197565770684d15d470ab8c5e40c6600f24eb6c1ebb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
9c20ffc0e60a3c59388c6c511d83bd9a

SHA1
2d7803196c469482c51825656de86b696d13091f

SHA256
49a7755c1b89111023616e8bb41d637aeedcd81f60d9f84b2fa9859077c1905e

SHA512
b12bab776e69a63d83165102c155416010d983c28a5b7bdeae43ff43414e08e6315ccf1060c207847fe4b181010f206e4410915ded0f1d670aed66a30352fc45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
c18bfe0a710ab0c87918f6d9bf0c0201

SHA1
81ba7ec8bb6c016646664a305a601bd9366650ad

SHA256
715f134e3266a40f34c0ba32890c41974804708be379f1f9a0e7a7fb807a8c96

SHA512
26bec7b29066e010eae9f4785ee94ffd60a15ead104c4edac2aac795be5ea2ed79c4c07d6da56f399cdb1859f907c5477777a52003e4694cfd15fd3f6197bc05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58dbe4.TMP

Filesize
349B

MD5
f38a4e7d5514ef8f1815069b63eb1fbe

SHA1
05a15c1f759ba2c5e0de7c01860c52f974956f48

SHA256
95047694c68fd03e68107983e0eba215a5405447e677a09b43c0ec51d776c64e

SHA512
fb693db07c1eab390b81524db07ca28484becb5006e7c2eee80f0dc2f906976cdd8e36ee771e2176a7ac43446ab6aa21f2d42d236225dc4e862de1fce4fa9340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
f29ca43401714a354aff0ca4c9129340

SHA1
af74e0afbf6f05c5683af28e30540a9cb349458d

SHA256
954aedafa1dda1ecbe7ca9e2cd451cbe225a12d796ce5765cd4994898fd67156

SHA512
56961cadef237309b387b4a76d72e5e1bb42fde3db549fd1a1ea218c5ca196c12815b3dfe83a0e8e50e7806d7707dd3033f34e9600328271cfffee17e28938dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
83509d108816404566ae89b3cd5dfb2b

SHA1
73b730bbd74fb28d60ebd48e4e9927541c5fc916

SHA256
2b930cbc964c550417b5f6bb97dc5de537ee253b17b1662e7dd622d6b4e5bcfe

SHA512
04373dd9705f9b3bc34117fda8bae006578783e802676e02c1d0a6628a57dd22bf1f07871a250763ba99ddb133ecc31dd467909483af2bdb95bcc6aabf2f20d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b5b6ff42c8c055de5a9a5108d4143db

SHA1
5c517a05c6b9bb1bd23dfee7895f35f8611a74e7

SHA256
043a80b5f9472665fee3d6ef31a773251b761fd927e782b983bc65bad00dc0c7

SHA512
bf017a5de94975607bb12f4fbb1da6e212a669b318f41622bc2fb82e95f122ad1ef616f3590e4964a1e7812df6d5f099ced41f2014c537efb54a4e0d19612641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05bacbc2186ce2b1ac89d566d1637602

SHA1
032114bb16e6a09f8d65c83d3a3e6a98a59171a0

SHA256
9c4cfdb718c167a4f57391e75dc2a9612489d263c9bf1b498e01de580183d2b4

SHA512
ccb931f5b28bac2dd4189463db4f08a698151fdd3fd5d15d4161b6567d7fd8ade337af38dd92c7ecfb49ca850972914d106a3fc8d2be7ad0e3ae71f83cf8cd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4706ed349b4c7bd762b2afa309c9046c

SHA1
cc207964a07e2a872d6a4c94a2b5c9cc7e0b0c6a

SHA256
d4f527bfccc92ef2ceb4194cb5389768c69ec7b2d84f839143cafbcba90e8b2b

SHA512
08541e628000a0939666b3d7bf5f93c23fca55c73e0d87e0f867b01544669cc947889ebf9ffe3815c5c5765a4e0a9ad995d3ae28d716ef23b71aa9b3d71b55ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0598aafefb34d4c0a4a63a0a5ddda522

SHA1
cacb573727221d7f2a6d86c8c614f79100b0b88e

SHA256
575e3425238f2f387aee6c9d0988f43c5ae9bc1ba808fa23b7c9c2e272c7bddc

SHA512
489059ce8b1ed65c9c11b8ad81d6d1232fb146bed1ad977e35b18cdefd9ce3e48da6804bd88e5c37d7b6e1047f146dda8d1db2df5bf28fb8d8f9664896285b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3238e84ccc6a0c858b3ba17187a8f4c

SHA1
d88b9c514d560d3ef57d8c1e41096f773402ac43

SHA256
7c81edbd835aae06a2a85c481843209e2b0d9070701503622e12f5101ac9996c

SHA512
a7ed195fb10e3b4b3047fcb6d8532d16cfc7865261bff8fb4c46af028aac033ea1031627c6d32d366e05bdad8e1c0677bda451aa71c2f314d82c2d5ac2db6904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8385e84046677e01d48890e5b799fd61

SHA1
659804863b968a05db6b3e2c427f25cc32f3ea41

SHA256
8d67976be03fc9ad496b12e7f8991f19c4b71eb86a073ce89ccff03f6ece8fb2

SHA512
dce7796157df513f176d3ac7ab79601ed0cee4ab975f15b7ea037ba29584b2c5294ec6cd4570da48b38c5f1bf22f92cc514f5802c163b3cce92b1cb733906239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d68c8e4d34882f70a92f0ba1d0b6f3eb

SHA1
fb1e6ebecbfd7242822b3df77ce727ccb352b51c

SHA256
d77f9674fc706e78f16b624fe1eccfc0c36475a638608f521f6f540f1b4f5b61

SHA512
bbd336a627e89a95efb1c833517d5536c749619f15433e91e1e11b5517673cb401db550a312a1c630ac573eaa2f2ed7cdd6201e545f70852dae6404eed368a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
90a5c264c8c79dc748c2ce80342039ab

SHA1
9cd5e2e2415766128692bbec5828555e7e9fe5e7

SHA256
64eaea70708ffc8e2d2cfb838cf958132fc457e6e825c05161d2c1a34e38b90e

SHA512
8ecc9c8d4a9dc4bf67cb9eeb19560392d7e9fadfdb9fc0da9157708e9a202a4f3648c4c95c82ccf689f15662b405cff097d145cc2a40bee5e0580a9ffda50ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5b329887bbaeb3f3516d5158594e0a0c

SHA1
67bc9323d2842db9476e533bf884b8c6f79807b0

SHA256
6fb314e23884457fe4a3e80a57a087557523cfc1d07cb5b2ab32b1534a8bc75b

SHA512
646d2c9bf324179a89ec2ae43fe50e754f7beb8f2a97ea2aa7d95696f192174cb5579abd61eb1ca17bc478f5d9dbbf20c4d2613e1503c37a6c4d31cc688edaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1b79865a1d5c96af858bc934ba7ae7eb

SHA1
d8ac5a21c75d3be5dd98dc6e449d1d89368845cd

SHA256
af0c0169e5ea72fbe001396c42c0556af7665308d8fcfce190dde397e78f2314

SHA512
cf9e9aed4c4ddde1755fb4065339869500dba6948084077a99247e1c49ab5bcb317a604a19eac148fc18f245388cc8debcd11d104ec631aa3a69f39019ff10a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
02a4c6cdeab6738061dde3d419e04dec

SHA1
281fcf9413c097a7d119cde3a03be31d7a66789e

SHA256
8479b03dcaecd0ee799be902e6d89c67168bb562b2b004b1107ca1c58f8fb216

SHA512
08bfc285e61d6fc6f73526fbe4c2f3747bc784fe9e596fa0c6708e9baac4cd1d8eda5153eca6fa406dc7cf8236362004d740f2342884b6bf18822c47a93b54c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8b6f97d5c827c3c9bfed5c2943c6ddbb

SHA1
595fc8072c11f962f6795cfa1d67b69f75884bf6

SHA256
3e2688c63c5bc9c448e6ad6f7ad5131aaab99529247334b6527ef055105d51fc

SHA512
d596595af705f5bc3dd3f83c03e0d24cb83975add10844461dfe84967763f0e4fe79e410767f7f794c2a12b5d0be119b9ddb0d97a56d2fcf539727bd4c4b05ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
63935f6552e04e09d7da50433593a936

SHA1
cd83c074b3fdb7c5980fe5ebce3970e9ff2a105d

SHA256
9337c016dd8367790de32e069d74bd987765d124e31e8e7bafe3cb36652930ef

SHA512
e365d52a5f4ea0627828cde17f077643f47d7b67ff12f26147d8ab4b2d7d9567f20d2ed3613ff2548d08af1b2b1b2d6ea014f0dace4b126df09973c42102abe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
385b6c11248f794bfc172f0593608928

SHA1
1d556b2e7c613039480e4c131c6e21d9dbb83f0a

SHA256
ab76049e635aeba3db5c761771bbfbed0af7a4f393af8f41ca9500e568b0e56c

SHA512
c14ded14c9dfc9a25954241ccae680447d49bb80a8a592bc2605d13eb7dea0500d477d6c105d952507cdb29f57c9ee93b92537697b0323d7d58bc302c495394f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
347352d75adcd5be8290e7d87f8df50c

SHA1
109bc9c7e11a783310bcfbb7ea590556d2658870

SHA256
eefee937c1e4ba0afdfab2f5602437cafe5d902534063da449b3fb79cb3211cc

SHA512
f3ed36b88278d6ef0afd45a2b300bfe36292260281b175ff2c0d2ab3fcb8d633c68288a9fb0d16beb229b4dcf759dd79f3f7513a8fd0579c5cd7af2ea2612123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70c75648e0d10e08b65b870430c29fa8

SHA1
04391d30e597b89078183304ba6905d2d21611de

SHA256
ee10d59f590a0889cde2bc9c90ff0b4c53e74170297b0a20de28e89113df20b2

SHA512
44220ecc05e9a990e632b13781ddbe765cb689839a4b2fb8234776442e5d985336d7d71f8a4a5c888da6565bc71dfeb4f389926a9a4b0ec15b753a1665b75f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8fab286a86038c50dea0b3389cfc3294

SHA1
aa7a5c2dbf865879fde0a5b8ef0860621aedcfcd

SHA256
8ecd032e7a58a7e4168816f7175aa8c6ebd811ebc5256625cb7b2df7bb328669

SHA512
323f50121a80c785ef0762a8e16b01a9ee2cb257e0603351aae99f59a1265088a3e01edac26c00d39326459ac05a124f0bcc06047100c6ed2f2aa41a4d35689e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b24f4b43924ee7df85fe28a7fe7b7fd6

SHA1
1091630194a7dbf37334c877cb293e00518da9f5

SHA256
ae5e507c4b87cb4a63f24f030e49aa61aee8ed957fef3310e8c7e6676a0a140f

SHA512
20f62d54d4042da4ced7d11133de0c01efffb13500e10d2034baa05fe0b00c34384b9d08fde4c3f7496f0f96e9843c931156b567cb79e4f626f420eaff2240ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eacdd7df11c666f36992296a1eabb4bb

SHA1
9ceac859e5c9b31d142364ced513e04094cb521e

SHA256
a5072b9794dc6193768aa70511b25624105c4fd698599c61c3f92ee2b3953cea

SHA512
c5de0389bc6aa015ee4af41abde4d66f2cdb227360402ea28388922d0218fc796ce99aa2e4422a4cf30086a8fc38d39ed30fe2ca4a0392891a4ee9672fba73b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579d3a.TMP

Filesize
1KB

MD5
a3d4261a677ec1116e876614674fcf8a

SHA1
1419b9594dd5cff8dc3b40ad0f49c7cb4d2b87dd

SHA256
cc1879f72970ce6f834d508ad925ccc1de71e8bfbda21a17be7856f0c64ee10b

SHA512
b33900f1f6c8c4a811a0ba48d071a403b9a78569196c0a81bdb58bdf2e4817684466873bd16c93ce89c584f4fb1410d848cd315d46e753e133a3ef32c5126ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cef802b923113b3833cbaa7bbfa03133

SHA1
f64973ae42e75c6097d780a36dbd5e2a0f95daa4

SHA256
f068be30a393c6141c780a476766f8103c8c705124606ce6bbcbc7391d117fb5

SHA512
29aab8ac679132c0e4bd60a5d029ff92ebfd3460d175e8f98b74e219c9b95fb0e22c5657046dc8f268284cf41a608a20a0110afbd0342076559eb6e1af8f6370

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit