d71a46f8e4e429b47a53dd1fefad51e90e2502ef87fd73d99c3850a95e34e0ba

Analysis

max time kernel
1680s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
24/05/2024, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

147KB
MD5

5e6490baaca044a9b06283f4de497207
SHA1

283a9b174c7e06fc252dc847e27dd66e0c250009
SHA256

d71a46f8e4e429b47a53dd1fefad51e90e2502ef87fd73d99c3850a95e34e0ba
SHA512

1320356be194556d94056dda70feb26413614d26be05eee1a8242d271a05f64da1895ada839e6b6c3795b74cbf0cbce03186ef329fdc19725e31bd510f15bd0f
SSDEEP

1536:oqk6HxYftVkMn1/R4Dillk0zSP30vD9328s4DiHhqiS:NkRfPnRpllBwIoHhqiS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{CC1CE633-B5EC-41CD-A18E-125EC0FC9CF4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
1448	msedge.exe
1448	msedge.exe
1016	msedge.exe
1016	msedge.exe
3912	identity_helper.exe
3912	identity_helper.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2756	1448	msedge.exe	78
PID 1448 wrote to memory of 2756	1448	msedge.exe	78
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 1112	1448	msedge.exe	79
PID 1448 wrote to memory of 2848	1448	msedge.exe	80
PID 1448 wrote to memory of 2848	1448	msedge.exe	80
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81
PID 1448 wrote to memory of 4936	1448	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd89113cb8,0x7ffd89113cc8,0x7ffd89113cd8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6700 /prefetch:6
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7477774127087440917,13318813691467090594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\785c430d-9441-404a-9733-ca6a89be59df.tmp

Filesize
11KB

MD5
244fb82eb5b7fe5867bf15a3efdb0c81

SHA1
b744da37a2d4b878f39772a4f7ebd007b125d382

SHA256
596df5a243b580b0fa37d4931159f837c5611debba2ae3359155bb5b5463df32

SHA512
ae6997f54d868268ff732e04a4e6f761f5533554f5ca33461d39de47404e772b716a95b9933aca82bc3149c8db4b720f698c7fd2338794fb293c2a02656878e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e6890ec-f962-42c8-8239-68be796f93a1.tmp

Filesize
2KB

MD5
e7d2725b1fda89903c8c83d61f26e485

SHA1
26c9d3938d496a75ab270fa15886a800f7d32ce3

SHA256
4d42e71b5008996cfa63ff0b140136b803d2d346f81999d7c7ac460bac41a4ed

SHA512
a388098bf7921f2855dcfb9c9f7255d2ac62853226afab48cf6987bcf18ade66a60055127209f4887b5f10b4a19fc86a734fbadcf924e500f5107329633cb86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
40KB

MD5
0ea3c40e1faf37122a20a202e9b52714

SHA1
ac0d594878e4160c112d7f70b5c680523dcee1a4

SHA256
ad3eac09f7aaaed3059ec039ea0477af10919a4a9be9a8865dce7fd34776c8b0

SHA512
e19363456375a8b1a0887af217befabf3dfa5c6944b9b4b62a04d20ce6e5649af4309b86ecfaf061ebcf243011eef123c3f75ebf2dba32d18ce28140adbca52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
991cdad1cf921ac5ce995a0ec9b6e312

SHA1
a3fef88dbfd32034daab4811e8446791d2481c6c

SHA256
a2590c2b03e01f0ef1181caa7c78800ede4255186ae37c1a28194698f8f19324

SHA512
807937d9f9bbf1fad83784ee802d40195edf45dcff47d11ceebdc83bd3151f773f1e36a8e8ffcaceaea707dbdf948ec0f4577f325739ad9d4f63fc6596a341ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
157b38ac152887acac7fe2872572cc97

SHA1
9cad33c07b9ff5141111275660bb1b374811a12b

SHA256
4f7968e22f5309c80e596e684325e8bb3361f553e4ccc69618c04e5385a3a85d

SHA512
9c5f72f680bb478437f0a33196ddf145605517a41e3986edc928ab59e39a17d65b4c78bfb7d456b050b5571873c64a2f7cfaeca2af6991535dbaeb581e006cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
309f04c1b56796ff81180d8b5cafe711

SHA1
ec589cc7fe73438e7d3ee49f2c0531ca7cb262b1

SHA256
07a65b6d2f7ea3433f1e5318b5b0f997fbbbc9796fa6339c2564b4a6c09868b4

SHA512
6a2098e40a75799e49b99dbd3c1a6ee5053665e287a768fc3501df136462b663e67056681b04519ec34718aed57b06d7bfc2b88e77c00f4cd2dad9b293bcc968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
268B

MD5
803f8f20578b185257ad6cc7579d0f1f

SHA1
6f6f09e04b06cc0a447c2070c2a81ca16debc7fd

SHA256
5aaebff5b15932c938a558ddce6a42c819ead87a08adefea2d9a9c8e26452991

SHA512
f522038c770f280a57fe1454f2beff8e90f1899a40b67dcc75d41dddbba6d63a34a5157b103fa7e7efc1871210121cf2000ff9f401aedb2f1858f615821e1be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
93e243dfc496ac735f51b003b5499a34

SHA1
5d59a59d10b1a64f92d3ab21342bfdfdd5b608ba

SHA256
e988c55308d2e37dcf197139f61704119d1f10490fa0f98008d665cf15d08c03

SHA512
7322a931c63ee607c7ebc3a4d1aa7dc5b2e462e699583afd86b4fe764a1da4421f39cc8178bd8fdcb3116ed9978e61a86138f8cf91d23c831c724dc7f19e0839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c198e5695d969e10291e6cfc1982005d

SHA1
5a68d93bce7bee41bc63d469fec2ec6ae111ef7c

SHA256
924ea571dc400ada2808c118de28fce71c015ad4e10969f5239797bc58ef3b9d

SHA512
fddda7574e554ab5468d8b6b1ceeb85541a058a32071aa3b42de26371bb66f5480ad5848fd0d9ada45f82393c00067dc6cff039ca353af56e51a66350a96d9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
268B

MD5
a01d74b5bef01819368739a76eb0b51e

SHA1
39cb5adec40e2a5d9babc928ec89dfc536c18c81

SHA256
7df38311c2df419f614a16a0af18f98722203915af9d195ed1a78aeacc3abbda

SHA512
afa6d433dce70bdc37f8cac281648138550d722739aaefd85c27b9f24a9237536daca4cbbc21148c89629703e3058dc7e9c6ebd1343abc6f71c1e688bafb5f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6caac053e3d1c7ab2d4aade8abb7c462

SHA1
bd22e7affb67e4ed895568cd3b1bfee8e1511e7e

SHA256
b07953b5ac8592115954598fe1e16e08652000227f42730d2f260e8133f12da8

SHA512
91657ad581e3422063e05b014a26d99fcf03c7d2c8ec2432c8ad39ea4fba34c0838d0ee6a184ec35ddc019b96b181828207a801427003f8dd46adb9e8ff8f676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b862c819e64476f5968883fffd12fbb4

SHA1
228fa83d6ff88e64b67cc7c5c1ebf9b58ebf5e27

SHA256
37e13c3be851f8f79706e2beac2e500b6f31e743baf19519567abd1d5dad5919

SHA512
40f129760db9a08796492e45569292b86303600e147d8ddb4bd0519384bf7770879a7384c262963beff328849406eb830003d9f40f27380c6a69f99e294a9050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89f0886dc2c513cd7eb399be20abc4fc

SHA1
59b3dddae4389cad506677ec463134fff212e9ab

SHA256
54c78077f38d176c566cd8cc3f5d85d91d78dfd766b5a887d724a455764020ea

SHA512
92c6d114e9769b06c58ca4a2fa5a19362c88fe6b2b3434d8bd3e1ec43dccc9a4f79f5bcbdc3589a6a4aeaee49ce0d72797243e127bbd20c719cc1d623bd12dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3215c5d692f04d3db8179b6711062f3b

SHA1
03cdac4b4325b6a48cc9ab837952761352813dd8

SHA256
6abd4430a628fe2be5e048a6c21f79fffe9f1d195ef5121a225ac36dced306a4

SHA512
f6a25a50152eb45bb2f8d7cd5c75b739c1e31296223e54af767a9e276237e3685abc339f76d051cb671ee1c35010b9563a5264fd2fa17a43895fbaa06769490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a251f25a3dede8cd1135bf2e34d4dc4

SHA1
69189c3c60baaa9316eb30a4e7b9ce03cba8ca35

SHA256
95ea693d50bb6e6216d40f3bd28db97eb1837ef93c328774dd1a790405a22ec4

SHA512
16dbd81d848995f8f587c5cebfb17522ac5d211643160684e4fd1744c2e7b88583bbc6cdbb6e6e1c802c4f37f5c0094faffc8a5348d7f764fa5af694d72d3354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aeb2b4150abfdf7dd71f78d65ba7e3df

SHA1
7d512f64a8b5a7bd04495104d86cf058e88aedf1

SHA256
61d9f689a96298819c8ef657caca8fd9e2332ffbbcc71dc498ba113d790f4427

SHA512
aa748e9b1023a01ac138eed1a1c6c111b258f55b73ac971f8f97c75c9e0f000f15189287ff2875f340e07942fecfa3be51bd23fc0f7011feeaf7ccb942a405ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
498130c25943c60370335ffce27850a9

SHA1
82cc1dc8f87b660e386d0ab7857d2a96b5d90678

SHA256
22471820eafd42667c62133fcf95595b60f2e0e3300f13113fc8d7450805b0ba

SHA512
8369e70621808f1650cc7df52efcc67675e9dcd2bd6b9a3111788c269ece159d1a041c50185bdf6ab9689be40a807f27d0784f3865588b15d84cc46214ceb2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e098171ad16ac6e3577a965737aa69b

SHA1
03879637c9f3884a92542cc59607a36310083c00

SHA256
023d46e21e3f728ad6f17723bc183ac043132c6e0cac0612a12bd141608ba35d

SHA512
66153c6e3259d0c2cf8e45c526d670e0ff060ea4d13a568cdfd5c1ddf5affae4894b728b8feb490fd942a2e5ad5482193b08c85a3c1af49dd881ce93a0da95c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69ba4577c0d63e5f3a1a2066fa968abe

SHA1
cb5fc1a060a8482f58c1801076e7d5e6fe04ce40

SHA256
5265485a2f21a1661ac87d8d21c4dc1707dd44192f65cd31c01e4319e89ba92b

SHA512
3cacb98a23eb147bd2538f3d812acff0607e280cc08837e4b55140c93f33da996f1a2d861cc979dad986631603eb8a5f55cd3cfe9346a38cfd0c10c82f416ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d97cbff1eb9893e1f2eebee97db5ad58

SHA1
8bda5a30da027881116a27f0996a8af8e0c95ec8

SHA256
6e5e20390800885a6d4d84b66f318c9faaf1684f236bfe3d276b32a36696eb54

SHA512
99201dac9a2ad536faf915a1e0f4e97ec2d69df2c37d33a90b9dc3b1cafdece230d41ee1223bc8b497070777bf8d79f991251a8bbc37067770a50077228417d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48f450f13dea2102035b77249851a868

SHA1
8a66ca0c79112638b24387cab905a9eda40e45ca

SHA256
a641560d2759e22cdc0b3ddc4433c569ca7eefe1d0164c67bcd73009d7a40c69

SHA512
025264cc743aa95cdfab79162b229ecec7d913c5be1f34d7ae6c866d43fd79996a7b0fec2e399880b48d38f82bccc6f4114899ea50982bd9f349d29725488689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a6e3c.TMP

Filesize
538B

MD5
5194918fbf90ab05cd58a37dcffc73e2

SHA1
8c1e855d5719b65fee3db658b6a81acfe71f81eb

SHA256
ebcec61a067b86617f6dc177d539513f176bec4e5e0a1debc839fed2af717170

SHA512
6580fdac6f9c455e705b1f2b4ad8480ae61c9f82eb60caaf78fdfd24d91d039136ffc31fa6e74957bbd3e73aa7434682041519139d85dc1b428c122d9c1cdcf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e925a8f8dbdde5ff7eeff5674850f39

SHA1
ed3e9283cfa19028ab211b7db4fb943903dfc0b9

SHA256
e6f2eae1102d98c82a0407891bc1e7695d22ef8322135a362c253685a2f947a2

SHA512
39ca300ed1a0b0e78b58ad25ecbae8c20bbf93526f03a7dbddd2997b6c83b38f7ffd113ab5b91c6beebe9df13374fe51f48803fe87fb6ad5d74c430ac23f0c06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f5a850e214fd30cf8f123126646ae075

SHA1
e6bbb2a065f65493857e9233e4d8ed19be2dcaec

SHA256
2731858e8c44dfe5872728dd08202a606d724e8d02624894e80fb78dc79bc5d6

SHA512
dda320d4b6164a38189d0c15c54a8fc7bc984b84b4e6c330fc83c31af99706c963cb175c7345085fb1ca0282c564b5405bfd981ef6a07e38561409b05aba9cb1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cca4d793d654de1bcd49d1632e16c536

SHA1
1b537f3a8452af2170a5c2b56ffea52f40a4ce17

SHA256
0492a40019544574a87dddbd15111a49dc134229d4292fdb59af009a73dcf512

SHA512
2cea74abf673f1f219e339caeb72a3e45e3939d9502e5b8af26167b0debe5019c16d15556174a7408e1b931e6b78720125200cbad0349c992506e9d278d2213a

Download Submit