hxxps://files[.]fm/u/serjy3ma6n

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.fm/u/serjy3ma6n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{342E9EFE-A021-45E9-ADAE-D4861240BA7E}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 608728.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
4540	msedge.exe
4540	msedge.exe
5424	identity_helper.exe
5424	identity_helper.exe
5644	msedge.exe
5644	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1732	4540	msedge.exe	82
PID 4540 wrote to memory of 1732	4540	msedge.exe	82
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 2896	4540	msedge.exe	83
PID 4540 wrote to memory of 3068	4540	msedge.exe	84
PID 4540 wrote to memory of 3068	4540	msedge.exe	84
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85
PID 4540 wrote to memory of 1544	4540	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/u/serjy3ma6n
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccfeb46f8,0x7ffccfeb4708,0x7ffccfeb4718
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5031530477353758316,6374212848657942010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fa381a7-bd65-4766-9877-d66fbb5d8a58.tmp

Filesize
7KB

MD5
dcc00d955e4cdd86d943c23a3ff5e655

SHA1
d60ef256c606b6774695d0effc0b077de5589f5e

SHA256
5e1673c4e98ae9a69b5758f2bbbb8cfcf3c6860a913d3535e1b5034b072204f9

SHA512
6a42d52404d53763bc048040d4311a9f5d9ea5dba502f662e2ce07bbe57e878e26cee0c3e29207d9ab9f897358a029da4e33c18c7c1ee2055f14397f4a2b9877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
e2f5339567cadf1f367ae23c6ba2fe2e

SHA1
7b44030002c1b97bd95912ff696ec34d2335017c

SHA256
cb3c31fd9cb4a76d2a6b2d5c8177d121ad4c0bd1e3c0434d5eaacefa141c3ec2

SHA512
f6310fc1f14dc9067875cc67ddc57bb34a59b4772def6b355f0e23d951489361e4e732904ed7fbdded0a2dd0414e4fbdc74ad4c3287946113b956fd7246817b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
31KB

MD5
f46e467f0ce4cfe941d7ab027d90a82c

SHA1
320c6562c1d7d1ce7d157db36ff8a3344cfda052

SHA256
c99ccba9fb436fc1d57950c7fdea18ccabf5bcc81c37079ecb789e197f6b183d

SHA512
903de351ba6a5574acf883bb7e4dd6e1a5a9ca6aa0f4607b36fe78205ba0be5e25de112b6ba4901d8f301482fabc766469f418d80b7e072e5a7a2c9aafa38509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4bad2607ccc98266_0

Filesize
84KB

MD5
08e8b08b2b9abc8876c774caa8af24a5

SHA1
0ef2b1eb919008db784f78dea4118ded1e71d9c4

SHA256
a5ae01602be8d34e19f8c8097d587bc004d73f704d739049af193ce3c08b0391

SHA512
6c6842ffddbd92f5e9aa67bb4cd381d3830ac473def1993875efef79c92da6613a16648c6c219d93231d8154e754f41c5edf8b03df7081f5ea0835306861fec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc575ca0f8bcf9ad_0

Filesize
273B

MD5
af812e760c1e0230cafd903d0bcb6f8a

SHA1
42ab7ba64436a9139248bf21baa4229648644e94

SHA256
19b66003d3c4fe2d36454c3b50cda79f52afd80978fa453ade657fbeaeff5398

SHA512
f7ed934fc782086a59cda30aa20802f2c8875501ceccefa9a2578408164b52b60fa31eee6245b5aca9657475c703f4eeb75ae08acdc15361529a0ef78b7af681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9c61b9594a89fd6_0

Filesize
224B

MD5
11b92071df2a9b4818d35df2e13b2946

SHA1
dddf5525225fd1b5a547930cd5b00e35cf591636

SHA256
749f537b4a71856eceab17f3a7735a563624a46c4b8719be522aafccfde46fb6

SHA512
2b3c261df3d1e9ebcd47c2a9ccb01838a40e6e19fcff04a0cf86caeee20d8d7854c4ced048c5250651de17973772bb3a2f93d179b02f904e42a5418e844d1ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9c61b9594a89fd6_0

Filesize
10KB

MD5
8b8cf9be90ff5b9a1230673666bd942b

SHA1
1c43d3e437e2cb6e6ff7a277363433ae4548c5db

SHA256
a5810ee2d864e1aa48a2c91f2fa96308539bc356b971624e7f45fff7c7175b20

SHA512
37c4f502ed0556ff1aed6b735405a74307ded643c51be4db922d8c460a3fe7e46077843217fc82c76a1b0aa039c17a1901e5f689db62dd6e3085b33c85d1a979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e072cc6695ae0dd6_0

Filesize
220B

MD5
92a6de9e0e04dabfce5a1e4fc119ae5d

SHA1
19c447485e49fd9b6cc02303f38e63db14817a41

SHA256
c8eee9daed33991259d0885b795bf7565fefa69d07f3fb6fc1987ac34a4e3e61

SHA512
446b5f9f3940ee949731459ecdec401fd70fdcd7a5df2a6f431f6a112c3104e896189cbda0e9ca6dfd47a5461360d2fede6364f938bcfb98b3e3b6690f6bf3b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e072cc6695ae0dd6_0

Filesize
54KB

MD5
51634c3cccd413a6499cb31918a9342f

SHA1
6172df28bafd18989840c79f9e04d3bf6fc5e09b

SHA256
4f71cb94e968e7cbcb641b70c484f6793f73898669a2b49a63f9aa79b7a0c8e8

SHA512
ecbb603ff51129e449cd9d1906ca5b768cb86873bba6c82670e6bada09c952ab3ff6377a62ece9570d7402e845ba9812d3d69ad6a1e41b97b866ca9ddc9409b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee1d5de9ff619b1a95e435c623b74ccb

SHA1
84d14ebb9339d9d18975f5a5c3416633b0fe7223

SHA256
7212c9841e712636effd0137f0a9b63e8eef09f0af0d6322ff7923c5e9eb6c1d

SHA512
bfd8dee7de37378d2ba7b730c737bb7996b8cf84b0ff110ddfcaf370589fe4e61b35785f9f9a60f98d1b1a338ef97ce6f611fb47aea364d091c15bcbc5c7c6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29cd188a72a9a99fd71d2d673aea0783

SHA1
edb4e19c7e6e2ae75c81d6915306702a8495d40c

SHA256
3a3c26055ed51a9314b2d6c36a993f9787535ad66bffe5e1823ab4069f453c58

SHA512
88367f8ad783bd867367de72405f7a7805212f297e82357b784455f599fa09f40e33394f756114b5b22c237d4fef9f908a31dd5008d21e6c8d1b17b711951a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ec915c2f8a94c93b4050f6f3979911c4

SHA1
a8c6e9d28d324872613c7f33bff83a66811b714b

SHA256
b44e84f2ed85ff8ef43c3c4cb729021c4d188a3f3cdf129ab566c8fb94aff88f

SHA512
1aa0630da3d972a0d426c78470bda577129fdda56dc6a5b1645379b6fba391b660f45a9f4b6b5cef7a4552001c9302b684702f89f5bb27a79e95a2d94f0f60bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
063942e67a3b2dcbb3b84efb5031094d

SHA1
04bc7dd1af3269c7817c8e63e5b80d69b76691f2

SHA256
0162d1c3cf52f6d89ad2ca317e92cc8fe41ce9c002d63b47b16647032c021cca

SHA512
16b14245b601cca9c71710518a651dec226a98c3de9515b1f6ea4755ce35e491d4c509c6e4061c80cdb3004db3eca1c34ac057b52a01ab5ca812cac4f8dbe3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0828429974f5eaf0990fd56e9cdba1a9

SHA1
c4ada1b91752fe8a1524abe962579a4ee23cf8cc

SHA256
4719fc282bdf3f7df641ab7e3639b3e3c2fca563176ab44c712f93d99c4c5971

SHA512
dbc4b5aa0a17e6118d2953748671784ee606af98dceced04519f04fbbf6a0b226db929047632a1a380877e5db242f757a355a9e36d4b1912a00af4b2a21abbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
788ceca7a8527a4de5d6c95c270ba28d

SHA1
8eb586beb07b448615e2b6661eae3a63f9015c7f

SHA256
0ee89e50f83e5fce18b7f1de444320b8de93fc1107939f81cf2d6092fb6b5bfb

SHA512
f18ccb5d2f987d6002b0f215587a95267f9a7b25acae263a729fe40e45d42e1e7b1db1328ab2aa92c15dcde15011b835703f1eca73ffec2b24ebed8a7326b54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
349e4b8967ecd967e8d4439676926388

SHA1
85c89bddc2d58e5459ca8d2301a26dd594188fd1

SHA256
d89d6f23eb2a7f173e82bf73c0417f588af3ad2565f2e3958e6ededd302c2a60

SHA512
bafebfb85866d96bcaae11c05de468d0c5448a4b7ac9f523a0fe7c95eb3ee401ac17a0113323d8e33befc601a42b678b22122eba5964d1ef3f9b1aa9a444edc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
36fa34b9d01c066abc358603efcb0b65

SHA1
f44ac89293a2b5c77a2f39e64d10abced3e36098

SHA256
df3a83dd280e56002674f245f1a9e8ced7a766c6db7062e27ccbb3a3f6780660

SHA512
0328343dd4b1b96741d8d1d4d7a42c0522ab382d52349aec8003a076b436a7e870f4906d23e7ce74f5558217730ebd8c12e468f8caa6af25abc93323167fb251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6084288cdf9ca5edd2ea41e8238c7ba7

SHA1
bbbe83800ec06701cc4cb57438dfb2f553841b07

SHA256
e9139b48a9dbfeebe99ac4fa61175ec09468af363baecfff9a6700badb17dc03

SHA512
982549feca9e17b65e2953e950f49d9bc41bc7a4ab684b150d7b58181d08e2fd7dd5d6b2f25fdee06a91afcba423bb714da6de46249e8d0f2d550f707493c3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f5a3697c4c5fa4ad01301fa3b2276a6

SHA1
b7e23298103d4225ca48a0c6a4491d05487566e0

SHA256
52875671621a59c8bebb682c2ea4254bcb5375557fe5cd2895eec0db031763c9

SHA512
17d3df07640b77ed9d23caa20c12e9bc5a681302dbc20d5814449ab4f510ff19fcc066d288b6f631e8827d2f80b95deb8577556c0a7a4014e31e1528edca28e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f34f12a5a6e15f1d775ea70f52c3d58e

SHA1
4fd8589a5750dca8ab64d4cf13c33b38c9b2c4a8

SHA256
5193d76089e7f7fee3f6e116270ccf60c0b5a35d8c830fc878c21233b9ea04d9

SHA512
c7ffde01eb881e37c9a4916257cf8b06fc4ef74ba2a01c834c12643976474eff16c94c418fc47caf3e5249c2689e7724f2bd76981ba40fc3713ae4e5cc2e1feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83b2d0ac2955f1de390ca00f469b50b1

SHA1
24ee02200c2cc53bf1ed15db14898ecbef7d0283

SHA256
d5a20574be8f98ce07d813c1ab68cbb28c98f08e56deb969bb0f8437fc7b27ac

SHA512
e07044d36c5d707bb91e98e3370fadf523defcd82177ddcd78e3c1e58ff6556e6ae4449572402f92f0ff911093d99b5f17fd8c1fcff70b38e9d63ca92da46fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
827e54c86ba992bb5544d707005e8585

SHA1
0d169b896d8fbb105f6cd6f2d740be0098ffa3a4

SHA256
6e0c2e4f335a5879ce82d8026627a0425ad9db2f15e2f54a0cee0b2705ece7a7

SHA512
5480b1bd77290956a9b7450b2e5db934f593380324a0e8b857d92ada7ea5a64dbfae1048eeda5865b86163797adfae03d40befb7cb67524162bcab198986d596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c3107d83a6479de791f81be593e987d7

SHA1
5246626afe6c2a50d1c0c08c06f4568d2e5f4775

SHA256
3733973f1eac9a036fe01f77b6fea88f5eef4c3ed1c676afc293c53bf6b828ca

SHA512
22500601edc10bf6f2df4e3719c384bc27b9617aa05d2e4fba87df0e3b04ce0c1c40b9fb30924fcaa826ace696e43eaa445688517d5aeec506c468f8a6c96894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577b2b.TMP

Filesize
2KB

MD5
8442e94e15e4ac7462676e96520d7ef2

SHA1
194dbf935b15e8108e68eaa7738b8f8ad0cc2225

SHA256
979268e447042dc541da1b5b5824a9b8e29b5dbc2befbae194ba9bb4cb426976

SHA512
cd5bb975ef28bf1c24c96be525882e5b094c59ec6b148a92195c4124defb2a5fe37b0ec6a3e850c601871dd4fddb1d0fc140d8fa9a6d8ccee60c5f9e129ef8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5fde4c9add0c5bd7659724ee9c5dcb1

SHA1
2c8e600d738d3d714fc898f02537dcdcc747d717

SHA256
cb00cffcfd69370b95827f48b2209d5a9faab67af6ff08b735c5fe1e5e4a2d47

SHA512
15bec4f534edee2d6ec11204622c772bbd939360ab2250f16a80840e3723553f1ae2b0673f6e3be53143929890c9df559c6096fcd9fc49263f6c5fdf3d39e189

Download Submit