26d45a00ef35702104a153b544f03bea5182b6c4ab120d5d50fe1ec4e297ff6a

Analysis

max time kernel
184s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

56KB
MD5

081670a4f1524ef81680f7499b86be0d
SHA1

81066751eb2458a409bf168676241cfe563bd9e2
SHA256

26d45a00ef35702104a153b544f03bea5182b6c4ab120d5d50fe1ec4e297ff6a
SHA512

6ed7d9332ccaad7bce5f0a36ccd8082b2073f83deeac579377e1ded17729a9a4ea5d95264029cbffa971929794b87b9a3d517833f138e52f7fd5e4207dd5e5e4
SSDEEP

768:a3yvV72MqMZRfmzOt26Ws/g36Or9v96AgtWLyvV72MqgZRfZtWL/g36Or9v96AGt:a3akfxDeHfxk

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2860750803-256193626-1801997576-1000\{AB9EC849-51D9-4B73-B91B-8C35E1FDE2DF}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4184	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
3140	msedge.exe
3140	msedge.exe
1492	identity_helper.exe
1492	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
3016	msedge.exe
3016	msedge.exe
4464	identity_helper.exe
4464	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2632	msinfo32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe
3492	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 1108	3140	msedge.exe	84
PID 3140 wrote to memory of 1108	3140	msedge.exe	84
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 4552	3140	msedge.exe	85
PID 3140 wrote to memory of 1228	3140	msedge.exe	86
PID 3140 wrote to memory of 1228	3140	msedge.exe	86
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87
PID 3140 wrote to memory of 536	3140	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6d6446f8,0x7fff6d644708,0x7fff6d644718
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3803824551017793372,17575008304752014974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3492
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NewRevoke.DVR
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff6d6446f8,0x7fff6d644708,0x7fff6d644718
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3816 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8957555748515794621,9690849318180480583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:4352

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:4492

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\UnlockExport.fon
1⤵
PID:3856

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\RevokeStop.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
147e9a3ebb06ffbe5beda2e669d157dc

SHA1
63452b90afac290c8c805120e09dc89327959e42

SHA256
c162796537a82962f461b0ccbf9b467cf09c45812fd3112c99f813ed5dfe1095

SHA512
ab97b8739c929d4c80a2663c2e2164b5bc871eca13277fb9b75525583686966c0a6a8eebb72bc2b1d2c8161d41d0122eef269568a138f8e013bd9e723dfb978e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6bfb8b40819f6ddfa873056d32cab8ed

SHA1
00cf1ccba3d62a97b56ea7bc47f1497171697b45

SHA256
6211b09d1a7297c7b5c2b170e1b8e497813583538b5639543146e0055450a1d7

SHA512
ed324afffeb2435a711ceea7b715de5342cddf9ca92dc1a8b5aaa235446631b66418396c95c67ac7963f6a3b3e72778dfde46fba49a5b0e9eaa1067656f4b383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
437057c899140de5787676eecb180a8a

SHA1
ffac1ebb82bd4176df88598df85cf9a6bcc337c2

SHA256
aa573f9dc9870b6c16e9609b732851bf98617da7a1ca007977bed7a51a573dd4

SHA512
e2dbaf4b5ad9a3eeeb3c6831c1e71814c1146d68be4e8c46e9e4f3d66612ce9cc774dbc99469e0070e3918f5b1107b943695fc693b0408d59f870ed5651cf8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1ad1ca1232be40e14365f8732133ee9b

SHA1
24aad9994817903d3b5d9321bf0be694eabec126

SHA256
b9fa96805bcc48394a98645b7e070a927865ac032a068386175df98b38074c7d

SHA512
0685c3f45fea9b7277f25ffdfe3449090d68382adf4197610d3b45c7d97e6412ccec48c9afe6a786cdb4ea263c8ed8ee66cf0350e4d96199d7b393f325a3c32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5b63eaf569bf5261ef63e0241f27f58a

SHA1
0750c1892e676c5b21554b9a5563efe365933c6b

SHA256
b63025433c9dd0aada24fe902899be7ab4f895ff5d7f093f964b379c475e8f75

SHA512
7c0693944cd85bdcdd9f5a7584222db250aab12ab93da213d14f4f4c53c091c7a0f5cae632b24412a5748db97320e6af049ffcf4d66bfc0a8e2e183614432398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
67adfb141b0c9e50018efea89921deab

SHA1
0759375acf444a2a468bbf9d6ebb94915688daf7

SHA256
67564b766d529ecbe4bdd633d32de60e23bac880b0d5b68b1a96cb3c0e92f8b7

SHA512
a87c7eacc9d20cff5d668015804d16da33f5e7455c70e61d2e0b5ccdae98f0016274479f5a95ffa712320d02aafb08fa76256070eff5af2ea65378d4e3326eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
ba94cce402db522bd503be050d607297

SHA1
a3268d093073c58eacd44fd43570a06b13100ab1

SHA256
e677defd4a639332956de7de7583d7e1e4cb9e3829f4e316df6457b48d97b6b7

SHA512
a6ebc4b14f7e64abc4c49567af537f57bfc7e3c07c850adf10ba309ee10d7a7d3c553b2bd4c8c717a221b93fd3cbd812b88c753a547f5e6f4343f283fd6f2853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
734B

MD5
409fcc9d4ff88c41ce7e3e0576b07788

SHA1
2e8792d6ba572dc8902bb9679613513e0c7357de

SHA256
260d3913f3065c1c9d0779ec929b2adf75ee1886b36557499b3ee4aa5a38b5e4

SHA512
d1020a90c5032a5cb36944d9b852a6c14e339cedd15925f3c41b83412c684b0d71e6cbb2344b541db51af7e9ca9bd3d5f1cf90359210a7b51dbc5e6cbf7802e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
b74a937fe371509ab78b925a386f91dd

SHA1
433298e4fd4e74d5b4552a387b77dc9777fcd470

SHA256
4f966ecab5a41a2452c279f74e44209ec311974799511f609e1e4db99fdeaeda

SHA512
54e7053c51d7a31dc85af76ddef8128d94ac8688b13513ab3bf6c9ebcc6d854b7e78e5e1879aecf486660e1bbd8c22d71c4fe15d8e35ea131a25bc60609a293a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ff637c3524b0da9c05a6d616a7de308a

SHA1
5c0b3938e8b88f5e69852b1ee5a635e125e7ae18

SHA256
88b78f6c52b706f243abecfa320e5ec2e5fb92d6ed4445c28fab076cae6b65ab

SHA512
cc4a8587a272cfb88fa3920a5ddd0cfa3bd03fb01a7d0ed1eef270a3e5df2d0e7d132337220baa440d336ac6b7f4f0643702022faa05471b242c1a89657cb216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52b88f0df04206a5331cf59941673952

SHA1
ee0a58c2a8df30a153354f4f717b79471d9f53da

SHA256
a2cfbc4be7239257cce929b0dcfccde644ab8c19d571646ccac1e6eb3d8cdfeb

SHA512
846251ed3c31b6b72c8fdca664b76878debead7ab3f055ac16a14b4f55a779bdaefe5d44933f60392e2abe61ee271f09443ac1135bab6d54f24f5602a0fd6ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ade6cc07da9991552710d567e4d050b8

SHA1
74d192421776f4ed61c658102121998318b7b41b

SHA256
85bd2bc73dd3adcbf072298cc4b5c1bfbae8761f36ed68ae8340a06dbd8e0208

SHA512
db0a64c84d9fbcbed8cdc0da17c06a49ccc7bcf8eacc2b85c20958daa9c4bc872e249f5ca38ccc5d6263f4afe312b1124bca691abb68f15471d2877f84ff42ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b926efc90aecdd9966361eadb0954503

SHA1
612fbec8994829b0e8b68396c8fae52ee7cf5ff7

SHA256
327952965a6c3bc3a1e6d8736cb9843b1fb35ccec0171c49b35cdac1abec1158

SHA512
3c22a4601f7a243618a7736ab1f9ce357c34bae6d5c9453ecb3308fee12b6ed4337e11f00b57cf1d8ec492374b2d90b6328aebe1f2f580a161037f9176401ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5341adcb3a65a2df545e693fe70be9ac

SHA1
724bcc082811a39e7b7d77d099dfe0a13df6da1e

SHA256
0e3255fc505cad2b4c0a674683d08cae971703dfa5dff9e4e63a3f6b50f60de3

SHA512
007167bcdf737f79f2c5a71a4bd8f8cfea654ea4af9fe5a9ff568e2736094cfbd8eff195590d4e0a010cb4d43694d6eaf230ad3991b61130871283b88eb29f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f4ebd9526edc6279adb4fee0fe646e9

SHA1
f242a2dec8fdd2cfe91c3773b4d22b95dd6518fe

SHA256
6bdadfb1762fb5aac6e54f8e3c377fb85efee473f61e36c78f683ec734bc9ced

SHA512
dd960d4c02b39585babe94d566ed54ce85ecfaba43dc81f5b55aef80050764d98a45acab5c3b57d477251cd351dbb4751ca1fce51008d5b0b7b099d78c94934e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b21701f267b22b342bef451eb7774949

SHA1
03ae32ef6900830fbeaac08716cb3678a099a500

SHA256
2209aa34e386398f18ad1225f8701e39e730cd3a4b86d2401b62dca7296e4a2c

SHA512
ab33034bb9902473ae6fbc273fd1ca07ac8cccca0e67784900af3a5e0f08eb22656248d3b4dc363ef5e9aef7a10736131c350792468bef7c98321dda7b69a94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1fe828353c31fd1cce4752b44799e34

SHA1
f3a3b7c1fc9e3cd18fc4624ca2a2f5e1136daba7

SHA256
514385961c3a4c4e4c19d1dcebe025ff3638155a9363c54f8cefabf6ba32d07e

SHA512
6b40da25b259d5ad0ff12d42c488f32d821b58f71cad8e8cc777d20febbb95bddf934176745bdfdb0033017292a7a8521fb486a40ebcfe43cfd6990a442aef3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58277be6718efa278427fefc0b79ec3e

SHA1
9dbea08fce1eb444608614d54276d902825dea50

SHA256
496bd2b4d876423b584fc5cf7e854b218e8757a7e76d0083419d1f8586c3ce8e

SHA512
a9d8862a12bcc78dff0b996731e7187a5d7e2f8abc6f6d8bee830eae17bd7aea870b12a798ac951a3feda8b5daa4fb742401fb342008dfff5542bc6980be7e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
418e1cfd1abada2d482f2cd2a8491506

SHA1
fcbfc94149a39cb92ab4cb319e71577154f5b19e

SHA256
6d2fdcc00c51f8483bb100dbbc455cbc9f2c7963b14eb49122073ebdf01f22a1

SHA512
8b414f99333a69524d94c8f39e5efe0b110275890373f5b1571e2c9db5dba88354b6fa9748831ff6c5c6dc45c597e1457bc8e8b810f03171c18eec02dd747e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95b7efaa81cecaf2a6b29bdf1776f220

SHA1
8dd8f17e3821da5cf4e10a09bd05fd5db27dc3f5

SHA256
6bcd9fa4c5417ba143363a7fabcfb8e7e5012c1f37a7f72fd904daa65025f8c0

SHA512
ee36ae90200552fb0b907a89bb36fe2c6c420dba5c425f49fc9312a1580b836acddb8b3655a5241a3ceeec1961ae8460548d403bd05ba41fdcf62d144c2d1214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b0b2b32e5a7bb1dc0b4ee8cc32c45d1

SHA1
cc3d23bede636382793f3a653a7b7bbee1dcd922

SHA256
0b3ba5639065f6f31164b86fbffdbe15d1e30c9928bffdd22610064778514150

SHA512
73e2ce39ca94237adaff6c37f955df899f3da013b53a557b045354f0d699bd098c2f2f4853654c184680f850551869a4b601e52d2cbecacc8b7a62bc987e86eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
2d24b0a4d0adf73d6f3cf405bbd22881

SHA1
b66439630f9e6d3444ffe87d4a978f1d3d9a1208

SHA256
07e24dde487b63a610b13c202ee7ccb80bb3ad1486428e0e363a2c62d007ac4d

SHA512
bc57df4ec629458e788f3c85c87e8a87a90a41f3b710d7c0d2ee6a56d70dc8654a822720881cffad0961dd274e75ff87281e9072d39815591287be5127bb67fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359578224077681

Filesize
2KB

MD5
90e5836df388a14e873e69b6bc05dcd6

SHA1
4e4561fe48d6622d8c7307fa72db197409fd2fdf

SHA256
ef3a434c2110e115e7ec31fe2641344634b4ad7ae746eab9a48cf6bf5da07326

SHA512
e14dc1e99de65eb3a72028996b1223edd39d39a5d70639ad03ee05b45f3c8e4e7e6fdc7bc474237e86642bebdb5b9acfb20bc7176338189651f5cb340e950639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359578224249681

Filesize
1KB

MD5
ca40f5f311df1274ff0528f2f8e4a5d6

SHA1
4a3ccab9ba6bf8e0ae86de92f58f1be9a00304e8

SHA256
eac68eca9f288ace9a7a0335fc35c5ea31c18aace16f7b2101e9da6f8c4e2a47

SHA512
6bafbaa370d8f05c795cb3c0db065a83c3545e60d9fa273bd10325d7fc3569c1152f7b9867a07307baf6d915abc44e3d0752a70ded1d331eab31e6df211466a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
90616918044dd8627bf26442c2049f0a

SHA1
b8a9e849851b761f0a3685bf8cc83f7e6c2b4ad0

SHA256
6064d1fb062401aac379d8f7cd99da23cb146e590c7baaa4a086e91f45392aea

SHA512
46f093f0d537e1b53fdaa6cd5de9cb2800755b677eee6e626e8ce7c5bed6c5f5608a7b902dbd6192571abdc47063399b9f536f20cb5159332c396cbe59d94dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d95b288f28a3393390bfe27d8afcf76b

SHA1
acb842640b8bb0d48d506d171113c566dde9a828

SHA256
fbd4d311da204333208beb802b025757f997fd0f43361a8a92d73245964ebce9

SHA512
598ba186c60d1b5a76522b77d804757b70f8d8ccb633811d15a6e17db0d64137060564df295aaf6a516878527da158f0e80003c760af14a5a75c4ed4b8a21cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f02dd91cd367ec36f5aadfca12fdf91e

SHA1
7100232287f699334c0628918bba7b42fab701a9

SHA256
cdd5724b1718873b3f8f1fcf472a3559f1ecc67b6133819283bc669d7ba02bc5

SHA512
0ceaf84f7510cd752a015a0868a20ac24c615b28ff14ab21091c593ad8915330bb0d35a12e11edd59ea383e7a440d67c3a0cf31b9128e9276648b2edd59368d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0460e9fe96fce22ee4f1addcbe3e0e8b

SHA1
f6a6b1b5b6a29b3f2aecdfd44a7c0c5c29fc9cc8

SHA256
f1701686ffc3bbb4b7867ad35f7a4abfaf499dc3060495b9f7df5ac61b7ace46

SHA512
dc52b5ec2b05195b529cae2b4abe948e53e26704e47c51b5acba5862d7b7ec4b3ffe63d319285c746aad4c25c66f1322de16a59db280e360aa8a2ae010e857ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5968e2.TMP

Filesize
538B

MD5
1728b843aa1702c45bb2940faa06745d

SHA1
8f253b0a31dc34f068e9e255f0ffefea4e4a9527

SHA256
cc176c5df22d981c80b4de2eedf2f53452c4b5367bd0c592f04b82cde6a220fe

SHA512
427a7f26ed93f325092eb2634526d4f96e6ac6420a402c65fbca6c250dbfe1f11bc65117802690a822181bd87893f6444c7400b293be6a799c1f63b28312f8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
42c81dbb4025437704cd3e7deeed1eb6

SHA1
59c8280997d7f385d61912e61cc53215466815c6

SHA256
b7848e0f7a778d73d781aaae0f58108cc54c77823d9daa3838ca44f1083ba4b6

SHA512
1f0435ec2950dd4a4217af2ba7c0751e6d4d9d66104cd82ab005117ca59499f3d80a5efe8f7676b7a2a950887a9df67ff62fa778c41ee1dc3a5d260bc27cd85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
16c53979ee15ded5cca437cd949e0906

SHA1
965c2424eadefb045146fc6cbb725d5ad97ddf4d

SHA256
fd156a68751aa9ee2c7241f28cfcbbd3c9d077bb225d874957d11548745990b6

SHA512
c92c2ac9344dc877931635c21e53259a550ae1511979460ec791cf5498a53ca155e6f6269172089453b72571b24cc47619ad7a4112fe429793b564e3d49079d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9c989bc7c2e4e1d7c81a8f8d77c7511e

SHA1
1194ca589d6df0d5a77b085502bd326cc4520e7f

SHA256
a960e05788f00981c3f7d702528ee68e85126147bdfaacc7c53521e86c53a50c

SHA512
9212635a918d7b8ee727eebc1d4cf06ed9e2080a1444e45fa38695ec5b4889f33f0e18e56a11d8b80a566fbc725eff3fd82a92dc2296bcdd8c0d211276801eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
8de767591d59e8598a12e95cfac2bdac

SHA1
f51b4fbef1e464aa2d22a6845a4bcf49649296ec

SHA256
ade651ed368e72988afecae1df700d86e8be5e5ac2de72974a4da9cb5a8832cb

SHA512
7aa08aac5db35da05bdad6f4ecf3bccd3c61992b4611c52751d0e916b6c0a130332eb0ada2dec2a0cb9d00fb44b46fee6265deaa937614b2f5f7a47880ebbdae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e18683250e7b7b84ecc445664526ff50

SHA1
6c1fc7034e58368f76eee60b3434d67c0365b089

SHA256
01e4b60175cdd8c0daa907ce3d2e440f6568fe6365e35cf366e07db301979a3a

SHA512
b09426457b4ba0476199b8ceed61d36eee9d241863ba4d1ebd46ccabee0b1c1bb1df28b1314001fe20df9f3858ae26d1605f9f20c9687323501c4163d0770ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
5f20989030f08065a11a97211289dd7a

SHA1
95e39d71fbaf8c1cf8bdefd1755c27824cb4d421

SHA256
eae620fb8cfaf290561bcaa01262162bf0936855b161ca3c36c7be8274e0077b

SHA512
97a46b4c0e47a86a9585860b3756f5cbd0d79cbda9cd844077f0849c2fe253692031ada2a82ef2c4c0c9d061a4bd4005064de0204c736e545429ee027f3dd4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8fc9553fea8607d1f9eda4209031254d

SHA1
903f695a8aec244b217b74c05c64edc4bf7c5030

SHA256
119b1003b7b27c95999dc9e7282e4c9545dafbb9871cc5889c31cf60e497acef

SHA512
85cb5eef445a790dd2ab304e3be3c360f935eb367462c3e84b324e1ba7b6f69cd22039955b65fed9465977c7330a7fa4eb0239a94eb841e0393be344628f5c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3cdf45416e6fdae605d995b01a1e00c5

SHA1
f5d2dc2ed120c31c9995beddea2563576f9ab060

SHA256
4f0dcf479aa4dc4d7fec3e34ea2ab244c5b802ae4b748cc27af7614d127da76b

SHA512
ff3b65351f9adb25d8746a676b5a7bd8c39d3cf245238e79d12937502de29d4ba5bb61585edd5014cb95298b891fc36ffd21f52bd5c8f20ca6d98885cb99f4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2deae721f2e9123f5a745845e3036b33

SHA1
8cea33f96db76d90cf009602d5b0f9cfed4eb1e8

SHA256
6062610ddb372e9a6c2f50dd893500347ac761d443ca34677591446413726e0f

SHA512
20cb565a332dcccaa1003a08b4a2d24e5f6218a5642d30938437b1b47b24b8bc2873ec9c728d4f62090d522484d6ff645b211187ce706a8a61943d8d651e89ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6f3dd70235ea5bc52ee6da9f41ed7f2e

SHA1
174b886644f3ca7871db82012dd0035690ca80cc

SHA256
9c9d48fb3f7c09bed465b20a54e47217394c627955bb3c3a2d532c334b0acdc7

SHA512
e1462482879e5ee82b4cdee0b8958b48e893246d494c9cd6105ed4b7a3357229a2a078259073be9eda12a4f98aef91fd9138a051011b7ce41faeee3e54026230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f14210be8a3e135e447f3f8a4ad1253c

SHA1
a75378ba199a234c71c4ca0e8c5e6b84860f6920

SHA256
e8007a2ab440db9ed299d3de8544962c4ac90d9cdd8fd54ed5414d6af773d693

SHA512
8adbf5a83c2dbcf94bc7e53d2883a0d63afbe5479359541cafcd7040f4e658a0685f34642a0cabfd24614edca6073128c55d3a02914f63796bacf00766d9dd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d26b1ebf2f8320c2db150fc111b7ca5e

SHA1
c988d9fa044104808a754724543ed5e76e9a3151

SHA256
3021e44c1d04aa5eb8823d83019a65730f5db591e51ea9fef3367aa56d11e9a3

SHA512
4f5208a296a775273730452a4bfbdd130a62e36f4b6dfcec85abc14c1dbc4a0daf0a7e299f09495cc5ac2836a59efe280427a9208fa5a5f796396a8b3850f621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43a9d20895ee3845fafad8e8471a2301

SHA1
c4286b37a76386c33211fe58cc7fcf656e2056d4

SHA256
0786039520161fbfd273c268457b550a033fe1255a2d283f02027424e832dd7a

SHA512
96649ffc42f7906630684a21320f00fe06c06054e82aaadd5c5c3c371f761a2719a30658239719f0b477378461687bee52a19dbe10fb8cf41fa972295ff94aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
bcd79590e6cd75eae43c4ac46d81105c

SHA1
e677f2ebd09a2645dfa752a4d4f2ee8482a8dfb7

SHA256
1bdfbc80e31d26eb4226464e8124a5b3079d9d2e7f1b81c55ea73b0958dd8989

SHA512
b3ba37e1748bcbc798560e1f661d65baa0b9b425d338d51cafc93983d335e788a0bb4990650338429aa5f0439398f933002372c7e97cbdbbaf60f3e30a4a2dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
2e36c78ea689424ce273f875122f5df4

SHA1
ca1e28b3889cc968aec7f9000cdb6899630ec6c1

SHA256
97ff19e3f129ef53ae2352487349c3a146bd2e4d74707aecffcb195e06f16a32

SHA512
49c859cedc1ee7224550bdb2a0f2699bb14e611d3fce3f136071712008df23f67d4463f7ee896fb6fc71531232be6765a0b7d32b1803da2d74e0ea7a7245b874

Download Submit
C:\Users\Admin\Desktop\New Text Document.txt

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit