hxxp://bit[.]ly/enugu5

Analysis

max time kernel
156s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 14:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://bit.ly/enugu5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{AF2AD4FC-3220-4DF5-BC92-9BBAD63A0A9E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1484	msedge.exe
1484	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
3696	msedge.exe
3696	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 2972	1484	msedge.exe	85
PID 1484 wrote to memory of 2972	1484	msedge.exe	85
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 2160	1484	msedge.exe	87
PID 1484 wrote to memory of 1064	1484	msedge.exe	88
PID 1484 wrote to memory of 1064	1484	msedge.exe	88
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89
PID 1484 wrote to memory of 2096	1484	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/enugu5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ec946f8,0x7ff94ec94708,0x7ff94ec94718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1093181568649476170,10638313157786041744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
57KB

MD5
63535bdc19c49888dca5b61140030b60

SHA1
bed4294564815792025a2ddd37f3b4c85c86f9c2

SHA256
3999c3252c7cdc434e94e2c8b3e48957b3e289b0ade78505ab2eca9584c646f5

SHA512
636088ab9677219732fc718330a7339f7710b877b499becf7e5fbfd0ee02c032aefc5a3af2a8cfe84fee432534f941401a037479d385d649299b32d7111d6986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
101KB

MD5
0fa0c28906eb55ff05385cf1b7e592eb

SHA1
fc989ca3cdf621a6bf809b06f4f8a46fedebaeef

SHA256
982749db57592d43a8b89ad685ac8aab78a0be651b05dc933f3233a7f99fca39

SHA512
d661fa6c15a950b220897ef91292dbe6aa878d48e86e93af94e4a9a7e6b96e002c8e9ae2a267e74455bbd469965c7134b3d8cdcc2dfbc3755eb42e754a8c2bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
26KB

MD5
37fb2f0c44adea204c045c059f16701c

SHA1
399b469a0e2b4b30ebc327d9fe32a438f6b35a1c

SHA256
1b5a5bbb4cb7dbbdf74ee788b8223c12108107c368451469e309531764565e6f

SHA512
92eaa11d0dd090c6cd9a6335fac9325d0b2ab3a44946681c7fae1d7c57007c4a89083b0748cfb82f2903e46dc8b46f22b18c9d1b263e8f913f6009d0ecc4a980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
46KB

MD5
cc3d81dcd044c03f4b579ad3bafabbfc

SHA1
cb74f884a8e8239c148337c1d5657f5164222cb8

SHA256
959f8f99f33966ffe155648bcefcf6f68478279f0b4310b2a78f6be032a07289

SHA512
11be0cb2a9cbea07f01a95b339787f517bc3ba82a326272ee161d38e1adabfb7f60f563c49ac69fde066a213ca04a0387f81e5a4d49f93e378f9ad3139577557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
46KB

MD5
ecd2f54ca4b60f017ef72cce11a645bb

SHA1
aefe23773ca4c73f1d1e21dc9fba6f86e0745394

SHA256
49db63ae95e007d8e7c5df8fb7e3034490aae9013c09d076217fe4013a132b28

SHA512
d668bf65bd03584475ef8c99fc92855d8a64bd17e5a303057ece2f8d513940fd596367afd3876dda9392ead8ae02dbe145d43ef031b4c60356d3c3752bde36c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
56KB

MD5
caa1a3a343a1faf932a6e9326e931203

SHA1
b5e5fbdb2781307e6150f9e88759e62d5b49dbf6

SHA256
b50ce728f1012b70541b83ee19cb8d3bea26be3a00e8cc85ab14d7a8ca9f1e8e

SHA512
053b90ea55a0f9ecea641a655d4382033b323d988c5fe453524c713ea5d7775033f52c64c4cca5290f3736e723c0efe7156963a4b4d3ed8e1363be2b6f788b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
67KB

MD5
5b6d0fac750292c580ad7ced2443fe76

SHA1
fcd66529c659724b400c636ee984017574eadba3

SHA256
d3e7899a3a21a960427bf845cd374da80806aa3048737b9d0243473770f2d851

SHA512
4fc373d55bea7ee1261ed8ff98264478ef4a7d4d561c5c44e76e62f517bd5c942c8e945298387a499d360bd82e9112416ed6731b0f8de4166cf95c84906c8d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
25KB

MD5
729005ad8434e5e42ebd62d9036ade0f

SHA1
e7b8607d59411ae11991a8c0272be782c1467303

SHA256
2726b12b3aaf993773b8796278cd66cf097fa160bbfb40518d908b9af7595385

SHA512
c996a21a1a8564f7b38b98b6596f7fab797be87a462bf8efdf80a70c06dc36a9d34fb7aaecf70f9c9e3fc8eeaaa239b623d96901b3260d0c9087f22862dea067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
130KB

MD5
506c33024d0eb643ca901c9892b3c1eb

SHA1
c98d3004908ac942b13fdcccd2935673dce02877

SHA256
91a194f07b8e120bb10e090f0bff0dc7dc45f31a1a4972f3511fa7aa38fe1950

SHA512
09dfb6e7f8cc710e854f17969c0d20ba243291cb71abb3f5223654a7737ce61a48ed4959c690443f8156aa3623f6ffaec4c8602072115f2d37924406e5a3fefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
22KB

MD5
bd1f90a3d99c7e553af828619dde4b0f

SHA1
26d9cf6f1bb10755024a93103dacb3de89591328

SHA256
87de70486f3fcaded74ac742724f8bf3cefd08b636323c90ee3619f35e958463

SHA512
a738db9e7338f702b2c0b290dcb285e62ea0be497961ee772d1efa31f84135d17e1af44579892c7e748f688ba7913a5fdc7a48854879e0f4714fb31cae84c807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
31KB

MD5
dee8477755fbf9048ea885f4d7ef3cc1

SHA1
f476ccee8461ac9b49e3199e5d3d809a6f23584a

SHA256
04513e97f2cc0993e063fedd5e1b591fe2469a49715ff3d1bcfa8868b06e5524

SHA512
01b4b76efbbf7c65c7aedded7fcf4a640441279ad03443ef641425888e61ab375d88f7f99ac834608a65cf6b696be285871e2d7fec1d849acc64be56ec7f7a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
211KB

MD5
929349222da793a2128c4d55bebc2adc

SHA1
924edc752f4cf902564c430ba732c08b9bfdb4ae

SHA256
c675f57388d3598637c4e0f9fe154bd61dfb1c2086271f944a0bb2b9b059b074

SHA512
3f65b6aebf229143df6b7d4f2c1a396dc050aec6be4cd8fc8e229a76d688ac7406328ea140ce9174f8d063194d82ec07cfc030490dbc56404aea41c12e077ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
226KB

MD5
6a2f00dc5d08100743f8173e089d33ff

SHA1
1ed62456d0b7fd967460d435023942b24b519061

SHA256
8c9b1cb44f38893aec9f08627fc88b868ad30859e001677dc65ba34dedd2ed40

SHA512
721fda10367c23724e60e1ebe72b317ce854d5e5e986cbbd892c5a6c5e075e9bce24654e82bc890c4d40553e882cac91804307ee2343b448493ce7f17c00e357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
373KB

MD5
3f85f344659972a324da01365d2d110c

SHA1
365a537dd53093c6d2d5d17f3f7844b504a21e24

SHA256
195bd822dd665ff90cc51092144edd404bd889c7a321bf6ff9e8ca453bc96bdd

SHA512
38a12dee26042fcfa84d20d9e141526f577e02a850710dcf61710c3e0d34756b80ba049f516a87a5577832e42a9feb6165f7640a549ca8800a9b1e513dd101c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
73KB

MD5
b4bef047233415f80b04a1b0e2f26bc6

SHA1
29d358707982b0f14b59fb8ec91607eadf5e90ae

SHA256
88eb6fbbe0c270ddf3384aee0c9620d070e090a26e07c67421ae36c903b5d649

SHA512
2e171c7553467b640c11f237c780d55777243117b7e937f274ab2cea62697478cd162574edd1694b6c7379979da6d299af0c5f2022697b3d3d88d8a889267784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
59KB

MD5
2fea5c16aaf64349f897ab438ad952b5

SHA1
606898a25e9dd19194e406a9da7393647c34f01e

SHA256
5c5555174d7671d685b32c45b426705cd07a6630218c5e8f20e22430295f6abe

SHA512
b182dcc3266b75f950bfa525a4424df5cce7b6653d09d17eeec2b8f410672d4b0f2d4f9cd6331f26679be07578233356e0cb4220a651247bb69e7c4807681d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
254KB

MD5
c70930216503b31b13d7dffdaabe5f9e

SHA1
63e7e314ca1ae93c6eb7f9d966bda5785781a2e2

SHA256
eeb5d8c4dcc8296f53adf73761fa80d31cac9fd9423bc982512d2910d987f236

SHA512
b3bc33b4a259305d412ffcc362d5620ecb22a49519ebf3b63660fd28311c6a218e36dad39a212f2d1dfff45d26edc37e54936125c230be7c0575ade8b3c05770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
54c563835ec9ede9eb9734db766a7048

SHA1
925f283d3d56b7da5d86d3ca5237649d7cc756b9

SHA256
36313580087576aa6f4623cd6c67986ae0e873fb6971aea64d553f658b98de74

SHA512
0bca20a3805bdb8f1dcdf3e89fe4c90d0c60c45349e890bcf0cf34dd9e43da17fdd5083784586ee21571d6a1cea3cecf53b598f4c50e547815c188d80e04007f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1a52c012ffb368a878cca15a974230d2

SHA1
ea78fbc4c9e68d175f562fdcfae6362d4b89935d

SHA256
b9d0f0fbcd750da2fe61e40e382458591665fe66a762a2752aa3f5657d510d83

SHA512
a3a2d69a753b41aeca38c7f79f8d89bdb2c90d5e598378321309cf0162f7e2d637403cd5bcabc873d37d10738babce53717a61f2fbba842d021b810eb5b5b73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
57d3d9078e4a993134803dfc3de2ed8f

SHA1
0986241d5c4bd07b16a8fb622b9f59f5cad0cdd2

SHA256
c4a33992c78bfe7a6a2bf0c585613d28186af5a30d1fd4b62b79e2c223406cd8

SHA512
47bedec2598dff3a7fd7ae1d369c26da1d026b4f4cee225c5a25e3899d8856b26c0892231157bffe29cc2cd97460174bf46f8263ba1955b018a2fc4a37cfd825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
891B

MD5
3145a41ab8e8cef016f3894abf9e163a

SHA1
3e8a35882fce51bbb204b9d6d31e49a339be9206

SHA256
cd9b5d58471ab911835295f1fae240b81e0a22c4ec8bd42da7219a452c6c5f21

SHA512
5354f011298d46cff3a1f02d134d39b46b7fd02df668b93d743f2be1c79c42baafcecd890838d85b5b1065f8487a675f419a524e93c997921bdff8fb36e2d6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
418e1ef112b1714a0796c3e024b9a4f0

SHA1
63b572dac9c4ebc7433aafda4bdc236b0b57e787

SHA256
a4db0bd0dd0858438052c0f36c08c2453fc3015a8787e86f24c882451b4ccebd

SHA512
775a02f56c4fc282ae4087235ac1602f1a43f0f4db8b669c04419e3d869643cfc0a4aec97cd82f0f3ecba90efc71bfe508c7ada024459e067d4ae1d239321dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
272768f070170b1f2a7a3e909c4e7134

SHA1
a3df2a5ef2703a2b595ee9d1007b283371b4d52e

SHA256
4a9b24b4713e7588184161e043c5bf262269f01b102ea7ae3bcf5a4bd88d18dc

SHA512
5bda9a5ca7090731743858966708e7d3217e3cf6586bc1acb9c5cf75d0cc5fdbc3b129c20bf33d7d530d623b344f69d668ac2a4b3f4c496f9d2bd4d820ed7fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d763ca4202d5a1188d795cea3eaa1c55

SHA1
d49206ebf3a0c5c8b4b57991da6b00a3a80d38ca

SHA256
8c41dc350585c5fce20844cba7a6fa8b133a6ab1e04cd5693aaa86e5018fc0ac

SHA512
2771ee490d4bab2b4541bd145653754b90a030adc98b5bba65e8685494dc1b1c702dfe9a761158b6a6093bf5c118cc2907d329caafa843c50fef04139ad6bb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cda4e2d98985d918571319a97e127f00

SHA1
547553c9b75a2f06129abfaf05a3d815ff7287d1

SHA256
f7684bb9bf9920a659154376dfc3e10b43d43d540dee189f372183a32d513313

SHA512
bac08bad95bd9f6a6bbc0c3746f2b5c4e449d7177f1db3331f170e2e38a7dd63e43070f1e634681e25702313906b8b4f3ff42ac5de44b4dadbb34ecea2ad131e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5e2405c240e4ed53e885a1d3f16daec0

SHA1
013a9768c9e3fca77fcc9649b8e57d788fcbc38a

SHA256
0c0ca72bf3a06c5b44a2c2ca59017082a22a0769b92fa1e98ac9aa20b501ca31

SHA512
add50e95c1b52deef05a38f32ec213d7d93e2d9512bc5e2ebc3f4bd8ecf1e896dd83e2c24e92ee812e92fe361c135e2264f55f10401e4bc070d87b2753e24639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
014ec692e1b6e7845004f4f35afa3fdf

SHA1
f334be9da0b8dfec2c375911bc60e4bdc9052fd0

SHA256
161abb596dc8c7795400f2f86b83c88b379f4b154627903eec463fd4949ab755

SHA512
c7047950cc3f5890cd06d934c29eddb15c165c2e2b1c455b4c9ce50e7db44ab1985439bec04654d582c7c9ac4f4e874175c152dc1797f5d992c18c5c6840d8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00a5d416eb98e9d0f922867e3c86657d

SHA1
082a84d5388b0d1edc75722089b3e997a89603da

SHA256
2f074ba72f3254c3325817539bee7cba689f0af174a9f8f027d5eb6f04b3839f

SHA512
b75ee5cafb0c10803360c7242bcbf59425a334a8c5f90f7982c4b812c5af7e1fec6b87f760f13ad0663d16b327d9d8596f751c086c7b547b073745d3e5fe329f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
640894b68dd4f81ab6884d1a76e05085

SHA1
4d334a61d04d42ef6366b0228d9d49f7a7d16170

SHA256
d85eb91bff8ba1a7990517590fd12ecbeda8236adaf0a1ac489b0be097e5a5a3

SHA512
a52b32e801da6cc2e4eeddd1b8cf714ce70d3096d9a7943aa6ba84bfa7dabe1c80947dd02ab780d2aca8c3f17e0bc206365dd56d21a3917489a9935dc0b3c59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0da50b22f34eca79f8203e238abc004

SHA1
1299930e8a02c588218ec17e42d152932921bb7b

SHA256
2cf045ca32dcdf4c0d3a1d19852452af1dd5876805ee17642be4f00959760d3a

SHA512
6256247697ee3dfa024c6ca367cb6b0e50d1bb3d6fd5cedca22a93ce096da19d49d9c944850b6aca88ec7012891d572844dd2d7a8afb3fca7479f45ecfd0b154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5841b56b2c24700e79909402afd8dd2f

SHA1
3c168dc4672a3d26f165ab4c405ffa35e296cadf

SHA256
0a4735b3d2b4370e301566551463836fa738094a3ff4676df28ddc6dced9efc7

SHA512
57d42b36cddd11c7889646dbab0121d7dab20cb98b58afcd3b6702426f4a6f6642ffb7fdee83cef56573a055bc550db4ce80f4d88cad8608305cdab816570250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8bdeff78c5cc1d330f4446963e8c087c

SHA1
e1190d7d6fe74198b7cf15826cd7b11b1032b385

SHA256
a541a747b79f787668b60c604e7a712de4dbb09b1d6f0e23bd72dc12d8cce175

SHA512
a5148efbedc88cf65d9bf909492d92dacc61af3b58c01fc71ef668a7d4356cdd6633ae02be4c861f8e35c86bbc70cc2c360bac13628e77b700704e87e6abdfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588efc.TMP

Filesize
371B

MD5
6f2755707ae44cbba2f2ebed06e5fcbe

SHA1
e3469f4a59d6e0bd9732a5ad4a3e9a281f65ba3c

SHA256
ea36085f3eccb16af2609b33356b252c65888e39a50e1f49dd5c98e83782ec01

SHA512
a4da3afafa242cdd12d19aa03ddf865f40b2fdb360412373456a99db83d7cdd2ae353e831b77f7ac683746e7f9eee779ed34fcd11024f697123e75a2c7de89c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b67cc4cc1aed3d19958902976d07c344

SHA1
d89bf14168e90f8d7f4e869ac846a3d1ff2d09e2

SHA256
531b7dbe2fecc7377675448ebf94869e29c10ac605eaf239f5c7a73fb2a7810b

SHA512
5495acf4c29e9f6873cbafeaa42ce78cfed4e701cdf355693df929627fb97e04fbc0061bf90aeb4e8c12fbed34187cf83a3c6419aafde15ebf5c357139007448

Download Submit