hxxp://spy[.]pet

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://spy.pet

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{F5DB1BDC-B5C4-4341-B1CA-380E069A2AA3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
1412	msedge.exe
1412	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
3320	msedge.exe
3320	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2352	1412	msedge.exe	82
PID 1412 wrote to memory of 2352	1412	msedge.exe	82
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 464	1412	msedge.exe	83
PID 1412 wrote to memory of 4672	1412	msedge.exe	84
PID 1412 wrote to memory of 4672	1412	msedge.exe	84
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85
PID 1412 wrote to memory of 2864	1412	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://spy.pet
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da4718
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3080 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4089994587369225016,12657183922492841259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
17KB

MD5
df67f75efd267c9277fe15a3e351486f

SHA1
c07813fc28a57fc00826f5cdf72e4dc4d0a45089

SHA256
cd25d5007e57f6838fa6256b6b39c1abe30c8fdb0c510d1d0aa4bf6ec64f47a2

SHA512
ce8471510f110fc48b95d904a2f2e9504e50ca26d56ec2ce3db5e67e103b3771ea2f85abce90f5a907dd24bf7b91f0a024670e391db7d63b9b4a6633c76401d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
42KB

MD5
328534a992a7c874d501be739136a9f7

SHA1
41a91e8ba38b65d4353a298e8eca8450dcd7e472

SHA256
9293105ac6823abfd34f003e0bade99c7e51742dbbb7199cbb10352076212003

SHA512
785b839f9c4305ad04d4f29d2c97a4da93a923d2f1a2f77c23c7643739c559215663afdc06697dd2bebc950b39341ef09e6886075aaf9692a3b23a18c5583c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
69KB

MD5
c0b23ab60efb763d27f9f92b50b6728f

SHA1
259f669d1089469b1485ab4c07942c8f32431267

SHA256
c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f

SHA512
0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
793250a25e931e181b18568697f36a13

SHA1
c8b583a5bfc6d760f48a4748b4c840515b325fdd

SHA256
707005d6cd2dc87eccc390a0ae4a7e09baef733c478f4d2b2e1a8e1aa91fb4a5

SHA512
ced94ab189d2ad4b922bd2cfd3070c5816b337c4d2121a6cfd128e19b17348eae13315bfb02f80719a5b1b960bf6158087683394a2e2559bed91e7ae2b3abb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
19KB

MD5
635efe262aec3acfb8be08b7baf97a3d

SHA1
232b8fe0965aea5c65605b78c3ba286cefb2f43f

SHA256
8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

SHA512
d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
1.2MB

MD5
d3680aef2d55c3b0161785238e43bfa2

SHA1
e8a20a7231ba460d1874d327baff352ca1391707

SHA256
abea6782807eff82142be633cf9b35218fbac899f4b85eb805cb3e1d55445d80

SHA512
d236e8e08377c7a69b833aaf083249e15c58de88f93d3cb67ef146a00b918de95f90f6619e34ce38eded0477ceec9fe90ff550c2657015b29e390b766a06f174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
32KB

MD5
f7c0e32a054c3cd01031b0fd27754927

SHA1
107441264051a9079929ed661a901f9601386586

SHA256
928e8a9bb9407148b2ee34c6a1884647afcb19664dd04c88e73cfdf05e24819d

SHA512
2f0c49d25b7e88b56ca378931f23b35d09c5d4bee54aec92212dc36563b1fe7bd99533557d6b11ea8170c52b5790c755350eb499d0ea965028dda5ab982bd834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
74KB

MD5
773647c3c088ffd8e3f2d6381df83b24

SHA1
78dfbfc2c596cfc908277167e146270927bc3dbd

SHA256
fd3212ee53caae486cb2674aab45c1c93fc69fcce9c3b5d5983a0640ea6cacb3

SHA512
14f0da16e695c6fe94e066468637ca332788e473518753f2595ad26fabd97fa22a9f4735a655f0f1dd3872cd6ad4afeca38b560ebbdc0bd3193fa317892d9eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
18KB

MD5
47894d8685155e2782efa32ad0d49bfe

SHA1
e452d14dbf6c7e0a630b5142ee9196a9dce48ea0

SHA256
5f2471a2b52db08307a7453df660cf767b6b56ddbf3fc7fbdba62673ee4f4c67

SHA512
5bcd1252b9e258191fcc70669dd9279717f3d467cee8b9698d0318bf1b1b6fd501814d115e1d66a9c182162d1d54687f557490a922e78d82304246919b0709ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\930394354d9263b3_0

Filesize
10KB

MD5
ec1e24157768101da112d8c8493c5911

SHA1
c56c9fe48991583cf1fa6da9df195b8456eef983

SHA256
a50fb06b0dc1617805f0ab97d0b5b3bf6fc53df51e706c334ab0857cf8cc1cb5

SHA512
0b2b76c8a3eceea8a2b030ed83c33a831b831c75f322c2cecf9891b94e2efedc33e14c4375f3933bbb78dba6fd3d3d44eb18032828e6b35f9976f81041040418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e53eff2075414511_0

Filesize
3KB

MD5
3066debe5485e17a6176f1b9eead1009

SHA1
ebf563243a41eed63c0254c8af161438c6a1117c

SHA256
e734d8c3d7d9c38f66e33122c18d4d398ba4b82014ba0e9831083a8c83bec7f0

SHA512
f3bf2e0eb7ed91d4fc78608b8394ce9d7acc3da36565419fdb9774eba9352f904cc5fb4a84b551e6731a6a87ef0921001cd722b4503135528f212e86525957ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
371d7f1a2aa1b2db7c65a3fb5ee201f4

SHA1
911a1ddf775258e75c2fdd576de187ba3c27d1cd

SHA256
949a09938f1b9ae0a44d743635b6944746d7812d77889c07f09f85392efb2f76

SHA512
d34c6fbe768ce6ab140503661f310a2e558fa15187afcb03c1e6d0ea9f2c81880232c770c9d349ed93f1187171480d690b5753175df5a9c1b47b27039d982b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ff26b6b2ab73bb57e0ee0b9fae0c51c

SHA1
5e25873575f1d3b619b42dc880d32f582b13708f

SHA256
869c7c1699e5b90f7292fde4962bb773d05f58546025a662613d14ca36d1ae60

SHA512
3797e7d136bbfee703d49406ee3e6b1a6195958ea6311b7bf392bdc2319c8aebdf009fc20cbdd9d539d08181c5a6435345fbf965c82ef15b192acfdcaa8c9172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
828B

MD5
7be7a765ada2cedb03c02b41a7f0ea2c

SHA1
c3f3e9719e0b9c9d00193992d1e9ad7bfd3e1197

SHA256
4a0828059c5f79323ee9fd56b0d34bbdf6a95d422f67e75d0d6cf9a6cbeb0839

SHA512
5608ae01195d99c9f2e2c8a77e29255fe9b3a8693c6b1b551bc1abdaafa6ff3141b1248bb24ec08802e85e5129e13f39a0e77ea8548b8650577be750cea480d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2df8076590b6f54faaf5ae83fca13ad0

SHA1
4580c4fc304b1347e2f84f66508dc8c8c931929f

SHA256
cabedf8f162f63ed613fc88049fa497a40e69892c9c0002b30c7466f03ca2a31

SHA512
a0e024e57a4c6555001c339370edbc3d50ce553a50ba89a05bcc72a94bc57a0d464310309d408b3b391def660e13b2fac5c27db5af1240a7cd83a964b8c18048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fee095fa42372bf91abbf509298ab424

SHA1
775bb309d87ae071ce72a68587030d38f767539e

SHA256
d8021428e36b20d819e547d27f81115083a0ebbceea2e8be84e9c73e49d73fb1

SHA512
52bf56fc6909d0ce26938e4270c051e0ead226a61afecd07e04c88f1583a43c5c6d6800235de6344ce590e71746c53c10c5866a968832a18f5c0ce7f220de98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21e3f9b4686f3665e5bfcb557a9ef53e

SHA1
cc68ce789cb883f10114400322a21f24ae7cfd46

SHA256
b779f9dd1a9207f2888acb0089c6cb2ce05b9de95ed9323d9ad7f8da58d2e14e

SHA512
7fd56683ead9e7348a90f569314a29745bd7e26104c73c4b91081b88c484ab2d44e653ea358ed9a2acf611390493d374e55c0c012b2d2b29e0b32406ec6a9253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aef5c16e5782741f8327800db9babe3e

SHA1
05379676e710c1196090b22453a006da8008a77a

SHA256
c3bc5bf1012924c99e2589b3cfff434685dd1d2a8fd4204e764ca7aade4f16ef

SHA512
6ed446a61b45b402eaa46d4ec3cc2d69444fa826153e9d4bb04d006517ec7933e77f71ac948eca556f6de08a46920c4b10d79e8ca82237d3171781827a6c3228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b46de802f077409de169e47b0e87002

SHA1
550ead79e9403b675d2000895453923f4c8fa295

SHA256
5e8c821af58de990f81ddaf9f2ab1db8e80eb63f1d24b563042766dcfd8be846

SHA512
b7cbb50b52d1f2b35aa8c101f48df9c173186baf4e5a032a15d787c309a050d2d2b0ff79e6c2a51d6858bc0e5411065143d7b7703d35b37198faddab6662f819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
563085fd8c2715733f20f15cbae9ddf8

SHA1
ece14017523136678e935d3ccfa34e025a3a40ac

SHA256
ab9408ed3ec6324efcdbc9bf20fcccf977617b9f6e11dee88e02a764157fb6e2

SHA512
c7e30a8dc5fb79fce25e2d797794736bde955a689a4289d94feede2c26a22fcb9c954ce41838ec7e43558742f465e73fe62997add36c014b25cfb461eb558e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a7cd46bf1789a10cee595edbf72cbcf

SHA1
2d0876a6077154fbceeb2bef05f69ce850902587

SHA256
4b0fb48350f3bc826c72151f68655f5549ef347eff58668ee101a1cc33e0615c

SHA512
3ded4c1b613926fb66b13c164f5c1d4eeca713a9274265c4cb2f359631187d47be62a8057f03666749754a72c65ba616636adb2640790f7bc4bd6490ca7ce06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48b82fd16961ee4763bdf6fddc2b88fa

SHA1
1170f4a16766f03fb31a26931005dbae27b1e2f3

SHA256
3a5b3c2cd6289e4157c7aaf966e7e9831b4ec6c184275d2b338cd80822ae8fa5

SHA512
deae285bd8f4ac082fc8d84a880fe41784b74fa9bffd60baaffa8ae2829aa166ef93f03125d428c5fc4454e26218de1cfe46366ffcd02da04e16eaf45a322d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9adeefb7aa8bb8e9064406f683b9464f

SHA1
e09ea132a11eb8ac3be83b7b6272e67b49467f73

SHA256
c524507a4aa16b8eab408d1128752e84bf8b8b8d9b48fa39087fcba9510f23c9

SHA512
09148c23675dd91bb1fa301879a8e16d4e547583d458cbf301b78a6f750784c79b2c99884ce787c2fe32908394412bfe40ae82512779ee1167d96a13ba56666b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b627fbc0eafed5480b6b52104f1971db

SHA1
6ddaa7bbcacac802ddc266464881c276bd390734

SHA256
14ae59dcc6ae284fecd8dc08cb002d5d974420fc74632b41159ee4d62238c0e3

SHA512
ed4fef9e2e363885756e2a6fedbee5c1a57d838f913c77352ce345cdb40a8bb378557f885434f8420deb8b7672d12798ed66ff13c08fb43ddbf9230b526ec84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
86dbd4f9f3df46b4991ada4d41dbc32a

SHA1
f7936545c081610825e397d7e577d842dfbc3b7d

SHA256
c320cd54522ec303d4a532dad57f5ae94bb55506e5aa6879bd926df2792538c6

SHA512
ef5643d8aeee4f387ff91f7c3b4fef730e4c5afd12019141092f4787002116b7acaaeb86a460000655f4d22c3d21c94dabf0043975dc3e559a7d2a2fe3dc7c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dbf5b81f9f3c256e94fc89fc7fc264a9

SHA1
aec5bc79906e892ca531f11766a34d01be156a87

SHA256
58e8e7814bcf686bfd5661878b4f70f50f407df8cd9e1594990a8dc69761f896

SHA512
4621477d6edec82b9d868d7024348869f4704df67dbf80f452ed0440d7ea51f34d743b55c0783803a46cff31153bc296a64f3d4a5e1339adaba7822f20b99207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc62078bd86c64454a0c179920559c46

SHA1
7eb3e31cc6cc7880b4f574b9022799da7e756499

SHA256
c9efbb2151e59e1bd5f1c1190ad5cbda833f2399ac4b12c301aecbb428181f4d

SHA512
5f2f4b5b56e35a07e324a0be9fd3a669cf1fb91c9ffda343b087de7d8fce72ceb1898e077fbf5401b6a12e07f47db4a1fa1c1b027773cc6608f1fee3fefa06b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d85085baedbd9474187595f79214704

SHA1
f61b9fdc0026de0de5b4c07fe858e7189ecaccc5

SHA256
699c7ecfb165421d828958c724f1ef0fb411df2a0bbc08cf82c054843fff9be5

SHA512
1392b2173ea9411a52e8d80555adb4501710207e3a22b45cf4cdc751e73818db2ef4676ae64dcfa37019033a916e90daaa89abe8047d00842a8d110329c298d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5893bf.TMP

Filesize
370B

MD5
5ea753173a1934ae84470796b6da1f14

SHA1
acced6ebcc27698ceddba27972098d8ab1b12e2f

SHA256
2c0a8a5f267dead86812d39213eda70992618a96881c347fdcd610269e53d898

SHA512
ade9adec5b8a654fa933e210bd600d593d4d09fd2d8852472d431baa90fc65ad22a64a461a4a44ada4e9bda948b6dbdf4b9881c73fcaded54783109efd0ee19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
234e036cea73dadeffe7f82298893298

SHA1
d7abaab7d961323294183cf33ac7dcfbc9d05866

SHA256
b35a8bd43ed2888712fa244c5cd2cd7d11ca7e05663548eae6d2e6da278649c4

SHA512
25826c90f7807aee186724e5dfabaccc6c7b469cb7e443839f988b6fa9cdd4d65ffe4f1be621fcb4a1c0ded8f5eee4a107ef26488ff62ee292a8d6584e46d9e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit