acbcc29cf4b00dc91c77d1700f68f82ab4c13bdb66daac29bdbcf0b14dd4597a

Resubmissions

Analysis

max time kernel
113s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
05-06-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

videos.html
Size

531KB
MD5

3df4ce5c0ab9497824769549fec99540
SHA1

fb0f324a8292fdb493a077727abdf67d535c3591
SHA256

acbcc29cf4b00dc91c77d1700f68f82ab4c13bdb66daac29bdbcf0b14dd4597a
SHA512

5b0a453760ed584254c95a28a441f668292a3386afbab67b9514f0921917b07e044342532cf492237a68fcb405956acf7cdb8a3e7f11aac79a1469149cd8e986
SSDEEP

6144:/UT5c95cf5cA5c/5cI5cG5cW5cT5cN5c2kBwIocyCU:/8545A575W5z5R5T5y5o5rxCU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{CB735D7D-C46C-4604-98FE-75CE8FB451A9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2400	msedge.exe
2400	msedge.exe
3528	msedge.exe
3528	msedge.exe
1080	identity_helper.exe
1080	identity_helper.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 540	2400	msedge.exe	78
PID 2400 wrote to memory of 540	2400	msedge.exe	78
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 3128	2400	msedge.exe	79
PID 2400 wrote to memory of 2748	2400	msedge.exe	80
PID 2400 wrote to memory of 2748	2400	msedge.exe	80
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81
PID 2400 wrote to memory of 4788	2400	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\videos.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1bf53cb8,0x7ffb1bf53cc8,0x7ffb1bf53cd8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5380212363629525436,10033441757638985141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3532 /prefetch:2
  2⤵
  PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2076

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a6aa7d11940788bff13fe1ad5c5b06b

SHA1
0c7220e1a06e6cc65081b6dbfe2ae7065a066b7e

SHA256
d4743e4418eaddc30388728991a1ced08314d96b51383aa8a7b90145fe7bb305

SHA512
4fdb65d97855e62fd6fc1619af1e69a4c6e5817030de13930ec65c88ab055ad2a5dbda0f83d7e401273c8fac79da6692467fcac94e85a55391fca6d908ff3cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
baa181695f9a4328a11264c87c121d53

SHA1
b4e5d12452d38078def2b658dcde018e0a06f779

SHA256
0441782ecec37113547301d8f1650b3e56dbbd7078f542b3a564300fe1195397

SHA512
96ccb8dc9f65554bc0bad8da270309bca1be46e4749ae5787bb4e86d8e0102daffb2e3ec829a5b51ee9f3ffc7b36651418c68b0eb07c559c370011a271dc8da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91b2c6f8ec592af81c79ad9f2b619b01

SHA1
6d93dd20f8bf9b076720ec59581b29716f42a980

SHA256
f1035e643a2b1761794bcb15737b304c089902a535185b4ac23b961a09bbdd03

SHA512
e165798fd968631d9139a52f1bef33e51c8abd9f376b90ccbb5a7eea86ddf6f3bc4d117278ce7d941067716af15de91baef1299d53969448664d1ffce9ba0417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1a5da7ba3e6d528ac25a812cbeedebdc

SHA1
1e8b30740ec4cf1ff1a364dc7ebc54d7d6453436

SHA256
b5666b2c78a86a802c38ae71fdb42472442d100f18092f1b26899f96062c0188

SHA512
a35848e9975025d67e20ef5a2f88e2be7594eacb1992ec103a456687561d02847d81610706e88edc30977ac0fa0cebde5fe557ae1defd1dc7998b7a3dc82b1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0f7717fec7b16eb4bac08a0b61239cf8

SHA1
1bbafa3884c60713c4a421814964bd00eaa60dbe

SHA256
dd0645f823981f65cb8acea4d141a24da844bcb11aa9a89a77c8ed115f6ea23a

SHA512
b0aaa3cad57e4b3a0e7ab141edf4a0ff3b6584bad5df949a5f5d4852394ac957466129f03d250c1cf36a5f07057494303fd8cd3bae84f4e8e8662de4c4a61a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
743625ac0cca8f52ea624da83900c858

SHA1
b25e81b06404f943fa8c3daae94e5fdfbc900502

SHA256
ff67330e2a0e843e54514c8a7b1c2e25e04bcc8aea1a4e64a440747bcf528493

SHA512
d8c4d9e9e5c2f907d475517f2b798332514dd63abbf4413fe065f4215e4ed0b89e0aa3b1a573e0724ebb329371e829c347626af3b1e7284861c7ba8bbcfbb60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5209d33aaecc0ccb62cd6c9e59d0935

SHA1
36e1e0cd39bd7661a1c041ef9c2c907840fa5bdc

SHA256
c1e3c10fea068e6f12602dedf0b78df37d79a79bb1e0d4fa01e00f4a3042cad1

SHA512
b87dd11ad378af825629316304fda920ffeeee283bf4939ab9aaa40fbcef9fbaf027766706da9b8435b89d463d5a51ed9162708c86add0e29bd4c75665f79fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74b610c7410037e25933161c5393c234

SHA1
2f9fbd70d2d3f3b7c143a53ffee41de74ff6ffdc

SHA256
4b046d6718af45fe45c7ed51e00e8a3a96f99434e9f41aad4efcd64516bf5314

SHA512
e6369ffce0f2e85ec9e5f126469f1fcda8245750556f4cc01a508784c90b2a50041d37d81faabd43ef99e9d350b4b81ba3d5a8e9a3497ee6ad64342ed696c5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8202e607e0f87e1560bedee73924c21f

SHA1
40da41db684f84fe58609bcea6f403b0f18f6f26

SHA256
b665bded57cd9a8fa13b2194034530e5cdd743e31c1126a12b1f9d730edb2e98

SHA512
a259f8785dff05c0808a56197d7c8b3da73e1d518d6be72bc8f3eef025c7fc4ed25d242108c0fefaa90a1a4cf6a911c12c1a1c32687f79606583e79d5fa52945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\10e229c5-df97-45ae-b708-8a3afedbe60b\index-dir\the-real-index

Filesize
2KB

MD5
48caac891af2a2157fa18517dc3d4835

SHA1
eb315aec858de1f31f8b8d99b19fae6d643f4f4a

SHA256
edb182cfb02475250fb7184d3a3a1fb5ef07ac533a3a37a07f4ea4be27325fc9

SHA512
5e03b80dc0e623f1b1a4f293303990aaa2776c6fd5c1d7f862664027daaaaba91f86d505128b979fd1492f3bc0e08b887ccb5f7f65a5959267af9872a25bd7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\10e229c5-df97-45ae-b708-8a3afedbe60b\index-dir\the-real-index

Filesize
2KB

MD5
ff1fdb1632ce38cd5326bb7caece5742

SHA1
f4d1db89e83384a91b4938bcf9ce371195b8c77f

SHA256
2833bee6080288fb64ccdf19a0925c34e4a8e7d0aef36af02187f04542388840

SHA512
fe39f206b72cbc378257c678119ed3a952b2d5fa7de5afb01730c94d826f7ab49b74f88522f64d38eaf5eb14005e13214708c7cb22b5abd8d461b520b76c419f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\10e229c5-df97-45ae-b708-8a3afedbe60b\index-dir\the-real-index

Filesize
2KB

MD5
d190c740c32e98b1ea4545390bb5195e

SHA1
7e18128c68c7b5396b6dbffad1c721c570f03222

SHA256
97c4cfb70f66fb26a970a586be7adcd4220a90a7db0f3acf97a55086c66b981d

SHA512
1bc42032a411a26912f28673b58e6440eef255d9e03c766708361f5d57afafd88ea3630fffdd3b270de9b3620fe05bdf1780d96c778acdc9cda37365c2608b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\10e229c5-df97-45ae-b708-8a3afedbe60b\index-dir\the-real-index~RFe5857c0.TMP

Filesize
48B

MD5
6c321007efe8493ede180be3009c140c

SHA1
c1560a2c113c1cd8c6fe6379fc97d2a1db715965

SHA256
1026adf740827635b433e9f71d4112ded8d744c680b50ec228bb75721d484c56

SHA512
52fbb2250b517e67991d8a62fff4c2f8cd1ae89a1434394c9658a13bf4237edb26ae8b33cead42217f8e81e89f8c91e1c40ce2559e2557d89a89b897fc8cbe7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\35e92caa-5d2b-45a9-897f-2926e2714b67\6f8d9998850fb190_0

Filesize
2KB

MD5
e0a7961f186bedf343a91b17cd3fec26

SHA1
dd0c4d70eba6bb9e202d8e7428b30f506a6cf187

SHA256
3417025a3aa5861126e72fbe75d5827d3a1137942420783701dceb6051ad05fc

SHA512
86c0ee4fcfb77a460d99c30d082529c1b6deea0f6efbb11cc7e8f146fabf5d803287d261ed0a21ca127edd93effc51d6116c5bf8ee29d2ef13fbf11d4a2befcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\35e92caa-5d2b-45a9-897f-2926e2714b67\index-dir\the-real-index

Filesize
624B

MD5
9c4cb3f92d82d711e3a33c99fef91e98

SHA1
738aca3f50e025c8d7683edeb122c32cab0e2f35

SHA256
db339628f6cceb114bd2c93267a53829ab5a94ced00d0df54e61367fcdbe49bd

SHA512
229e356491cabfda6c06a33abe2a3c49a8a092e3822293ab1e0da770ed3acf8c4cddf7e259ca244ac1103d92eaae8d567da8ef852e4a314378ca00836449645d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\35e92caa-5d2b-45a9-897f-2926e2714b67\index-dir\the-real-index~RFe57cbcc.TMP

Filesize
48B

MD5
614212b999309b7a48dd2f180455e0b6

SHA1
b60e087eb9aba6cb7a4807c5a16f792c3e4d5ada

SHA256
dbfeb8f08f04e7f2cae09f57fb0f8adf13119e09d994c29a5d69769c4646d9a8

SHA512
d57a28b4a6031f40588f238377fa39357a4f3e4cb0a7e08c7e7857d6d4ff2744d090c32454ccfa1499b0a49a050af93c48dc0c0396e8a2c6c29d6d287e6db017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
5dab4ae9a0f89809bffa1315cc32a18a

SHA1
660bdf8b273ee293f20833c5be398165e331b5a2

SHA256
b334088f7050c10287bb26a633390a7e0073c4e26d737c6aa641a74da597d668

SHA512
1141d4dc57a2e4f59f234bb7966a46f18e085e5bd503a4811b3c7cfe3ef954db05ba440e04e8b027c7d2383d89069547ae8bed8d9f3ee142a815c898bf2e8335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e47df1cf9b89b265396b86810476c223

SHA1
3ea2ada1a40dcd63f366bdab03778e6740f6b43a

SHA256
9e987fb43c9f66ccf0dde00a6fb4943bad58160aba17a241863b00ffeef4295b

SHA512
9ea782ec1a2e309cd8de07aee47c8480c04c88282de222e1925ddf98f4d84f59ca9914f0100b383eb7b50a1c6cad95089eb5c710f80bb987b4f543d44289b53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
2420e92818adcb41c3829d8301d67fb6

SHA1
c3807b15bccaf2fcd5feb8109f5d6694aa5034b2

SHA256
812131bd08ebe980542d1be98c85ac983114879c01e95bca223301e1e49aa999

SHA512
35f94ff24799db3b5e0c64c8f0d9373f4a063fa1a57f73430d3546633c613d895cb62af0f84bb90a682ebb5449c59b4e53f0a6223ec6132ee0101c94cfbd84df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f3be18c0d3b501684b6291d5b60c8967

SHA1
04761b61eb0ddb6071a49a7a9a1ffa04cc3ffca0

SHA256
b1a5ad0bd5b9544daed724ed23d9491f565be52d6cd2d1e77d34fa38e2aa1759

SHA512
0e1e37352b5652e19b24f931373ad9213655847b3c12dda86f963f27775701d5e845763a673d32f69041d3ea2a43a77a50c44ab284ae9f3de7574ac4312c15bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
bec534fec06c325530e7b59ec71b0071

SHA1
7dd09133600afa59e1056d3015cf379b05612a4c

SHA256
c89b413548f76d9a088bd0849b646818b4416ff97b2a8a8599c79f64b2f56a09

SHA512
ab73069ea7460571faf8211b7d5856582cbbbf90f7d159fe8ad9e780dd605f97e1df02ef4ec3b932a789b4561e8eaa80c870e40fa7fb1d7ed8fe9ac4341f166c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
bfa854cb34f38c3dc688da5e13a44572

SHA1
13b3fcfb49f94cdaa248a0954582ec9c2325ad07

SHA256
55573d661617497e0236a5b674f9da5f3347bb2656af7abded4c69b35430a622

SHA512
3878d2fa8603af5d24e84f0250fb12741a948af98a2253d59f21c6927937ddf35b5cc935e9fb29ef4f95a6777decccc29d1e2e6d6b8f7bff97814d5e00489770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
1116c53502356b06cf1d0b40ab82e799

SHA1
4cb1d88fdb69a0e9b887fa4a3c94edcebd64e9b5

SHA256
69f6bce5d7e76ec0cd881b5e31d37a64c19cdcf5ddb03d5ab1257dbcc42e3bfd

SHA512
ac8c1a3d9f4aa9eab8a3c29034f435759979fdc605704d5a5a9b81533361cdaab35df0d47601c7b3b4008491753345cc13ad5a8effa8a933697b8b24b66e556c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dc9f38d7e7a4bc562c15568441818b71

SHA1
1efe018355543452ef2c4def6885b08f4bfd74df

SHA256
e88a45b0955fb2e3d6b363fb80335a257f84eb86d781d43f8be75c0b3dd60ca5

SHA512
19906ae67fb60e0f908057cb3eb42702f375ee3ec898e0fbf3e101671d959673cce44bcf62a0cf8fc28c01cdbb444ab7fd8b99480516a1fd7be182ca0fbb249a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c294.TMP

Filesize
48B

MD5
6f0722b87afccff46dbf3e2022bc5467

SHA1
825d9c5325fb0537df5de152093e982112299606

SHA256
1eb470342c9a8ee1e4ab116fa284f8011c58239a66b9b72220eda4c72cc3b21a

SHA512
9e5e29381a6f48cada8c5bb63b95cf917aa5857a966e3cdb014525f1dd6b0477013d94ac2548677f580f75f6b54a0fbb40afffaf8c492bdff3a31b6f638c5f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
133aa513e986431d707f9c9acda3607e

SHA1
d84dd24a37d95ffa190c20b41b15884a1f66a74f

SHA256
fd4deaa4fb7a048e532149610a6891c872569b7e686529636a09b2a9036fa8f2

SHA512
fbe42bda140b8ef02287c9ec6674f98bfc207a0bc75630ee2b50b2f4e8fa87d2819fd11b0b50641477e5929ab99ddc96c58cbef29e11af6f0fa6881e87caeeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9c320b0576ba47525d16723d5f0f22f

SHA1
5e29bbe4e58981041d81c83213efa0b3872a9e18

SHA256
79b0982ddcf4a488b417f0dc5cb603e3a1edd825080d703ef0b87f027e0108dd

SHA512
b33181432debab11d423a02f994a9755e2467fe56ace7e50d4e65f4d6a2676160cc117ddec6ddc670ab3b8a24701fc122e1aacb42f57cda7a61d8ad610a85573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b20a.TMP

Filesize
1KB

MD5
0f441a334bfda0025622d0e4b143dc8a

SHA1
a70c8ecf5ea666eb58ebf73195fb375cadb8911c

SHA256
72a50a8da81f09ac52d8d933c43a22bdb8300eb1e51a0e8245e9a60e4ff2c1e8

SHA512
819087b055b7836178abb9f9fbb1dfa7fa27dfc5078eaa08550701aecb8ae5e01619076a05600c4ae69f7a7b04c1f8b883ee7a79536d551f23447b01612795e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0acec135c9ff7d6a74aa82a5becac5f8

SHA1
34ee7c4478494dd02063f3a23ec54631d4f53cde

SHA256
902458182f66eb6b71493326bb6b7a15336e9d4ac721f845a6e2acd60f95e09e

SHA512
48cd31170d9b918a44ece1a72d73e2050a9c1e3e51964245cf7033c755ed5283930ac43b2fbabb7b64529eb11fc2207b443d5e958c03d16a7bf4053ed16b4eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
796e615f4784e7d11083f638538cc429

SHA1
611f70e3bb8ad7ccefc98a7f11235d42a436add9

SHA256
0a25ca3d091ce6c1d7d7f6190828dae02ae8dba2d38cbf7ab4357c0183531050

SHA512
3dc22785d684cc98e9724e4dfe067992d9d343e6530e663b849693a2990fa2d7177f7402da391a6eaaab7d5b78ad355c42f53fa793a23448597342aef5a767b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
cd56e155edf53e5728c46b6c9eb9c413

SHA1
14b1b0f090803c9ee39797aed4af13dc7849566d

SHA256
70a6cf268c013fb4d907bedc12af3e5f802f179f0cc8353c7b8227dde840d31a

SHA512
a4ada455d44a89fd2baa505aa9266b70913967b839522ef5da8d7afd31af6662c3ad96ac3e3531d82a72be7d019c9d88f1ce391c5b5fa0e4422a634c51491165

Download Submit