hxxps://download1532[.]mediafire[.]com/dosfxn0k7k5grWsdTVbhCyG9_7OETfNEN04JH_SPjPlcQVGZg1ep7rR8Xr8h5gFjR8pBoSWRT5bdWkVlW7gOIMGa4d9fbmmwiwNlgLM_XPxxw_kBkf3ouIzfNSll80RornFMNY4D630D85lyoaNp-fHagMLp6e1WnGZbEhC-K3w/8rbe1tt4ez9p8xd/Fukase[.]rar

Analysis

max time kernel
2519s
max time network
2521s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 23:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://download1532.mediafire.com/dosfxn0k7k5grWsdTVbhCyG9_7OETfNEN04JH_SPjPlcQVGZg1ep7rR8Xr8h5gFjR8pBoSWRT5bdWkVlW7gOIMGa4d9fbmmwiwNlgLM_XPxxw_kBkf3ouIzfNSll80RornFMNY4D630D85lyoaNp-fHagMLp6e1WnGZbEhC-K3w/8rbe1tt4ez9p8xd/Fukase.rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
3764	msedge.exe
3764	msedge.exe
3332	identity_helper.exe
3332	identity_helper.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 4928	3764	msedge.exe	83
PID 3764 wrote to memory of 4928	3764	msedge.exe	83
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4484	3764	msedge.exe	84
PID 3764 wrote to memory of 4960	3764	msedge.exe	85
PID 3764 wrote to memory of 4960	3764	msedge.exe	85
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86
PID 3764 wrote to memory of 1072	3764	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download1532.mediafire.com/dosfxn0k7k5grWsdTVbhCyG9_7OETfNEN04JH_SPjPlcQVGZg1ep7rR8Xr8h5gFjR8pBoSWRT5bdWkVlW7gOIMGa4d9fbmmwiwNlgLM_XPxxw_kBkf3ouIzfNSll80RornFMNY4D630D85lyoaNp-fHagMLp6e1WnGZbEhC-K3w/8rbe1tt4ez9p8xd/Fukase.rar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9092 /prefetch:8
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9408 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6565231169474561358,10691022839414556314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\181c22f5-c98e-44d2-9c19-ef91886a832a.tmp

Filesize
7KB

MD5
1aab416d865e30f922e99d8343f47c14

SHA1
e45b1665765a0d2fdeb785e3581bfa3aaf8dc523

SHA256
26867ca4bdb625d2b0bb161468a14aab7ddea7f77135d43749aa30e54bdfdfda

SHA512
de6c360ae51f493e7a157b7407da4cba4134e5e8c509e3157b0ce092e9bf41a2b5d49f1dade80513ed9c7d54355daf6361e9e309efa63a3762f9ad2f07fdb0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c83f4e17da2373b0f3ec555f7c0f6bb9

SHA1
26212e2b88bae594cfc6f01a88cbc1d8f3390bdc

SHA256
68ccbb8fc25cd256aba706f122e7b8dbcb9e2aef0e428a171114435457267231

SHA512
6912333bfc7f9d945d8430512d59f5b0e058f8913fb4af311c7a748f3f44c0e4f0124774c1f05098afdf674a534aa1b9a91ada19c1d0473906daae44e1f25c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ab08bac241f27f55446c96577aca4a2f

SHA1
5c9cb7f2ce85308c52cfcc1bb7975d0e10b2b613

SHA256
8ddac25c682946b59d2dba00b10918a5aa3f113f37a9ddcf5abc64a113188a7d

SHA512
3795fd09cac7712d9cfc5a4c15f328a0e5373fc6af865d8788cb729d1d86bbfd2c3dfc071e02e7a73e3967d6f0541f5bc02383c13eb6f5079f71df6553aa03b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
8ac02bc683685fc15337aaad218581ea

SHA1
52b12353ba0fdf30e96da304698178c3fdf71bf8

SHA256
b47c0f38c9ec608ae4f2f51dedc59d970d298fad1d1e5f3ac46c43d42f98aa05

SHA512
7a96576cbf6ad9c5983076db8b82b839fad6d9e64b085c5621762e3b55ea47478de6bc30fc66253a9bc00c5487dd07b91bc33d4ffceb89c62108b9439bf0b009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c8bea542551af78bdc45e5822cd4c58f

SHA1
2d6134ca63daf691679af70d9248a3908565071c

SHA256
0e2558ca42de92824bfab81370a5148added5d151d69f4a0fde499ecd3559b36

SHA512
0498499ecde6c80e1fef54d10a14c01943d754c2509e6521edd4e02bd8981da0a717509510809f8bf7c6189b128cfabd7a6d3eb39e19c2416e64f9d9b6100cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ba3456f10a59288b554315c1ebdc626

SHA1
12bd4785bfc4c8fcf5b976201d671a33081f5bad

SHA256
510178ac561ce230225bce319b70bb3952c6e46181054c203e699ed229296621

SHA512
1ca25b3357a7e401dfaddcab3e4a937517b8965e02582cea6275ee75113f1d11abe3a48bef576b3c9fdda7a472450fae17df51fb983e6560026d7dcbfbc39c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
22eab80b51ceebe5ac63a9422835e4a3

SHA1
16a74b8f09919e1cc3b7b8f2dd5f1604f5f99c0b

SHA256
62649a1f397c299edd2dccf2f3b39c10b79607eaaf5fbc4455480311d33d477e

SHA512
051a82d65efa9ffa6585e214f25f5c9224c2e00377a08cb227f653fd3c79062a3adec03cf8e6b6a577a4785abfcd33be61695da4ea61a8f4dfddaf911fb8e1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
19d7e8b97974c1e4466b605feeb0eb6e

SHA1
69b89d7188f3347186f6099fa44de3ea87ad50b9

SHA256
1bc6a86975a293f0c2fd76a0e4c55fe24477fa191d363e61d918255fd34cbd51

SHA512
7b4da4f5333171fa52acc9e6708850093d3dd855e20c119708b6353c8b590f6c8160b9f5bbd42612ed1d2b6d3569d6bc3e34ebde2cf07a4cf4181b1ec1a75977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
57c3668b453355c675cea90b14599cbe

SHA1
a6d7b32f70c1d99e51ba0052aff94f635d4954ee

SHA256
8995877b5cd2273b7e3d73686ddc93d811346373d6dd42d7e8289e97f158efa9

SHA512
7e24fa541df2f27162e729d80e664bf4900853dd49212fbe375ad1e68d3dddcdda3a9795c97144b0fd8084eed7fd06c2fb5bb8c06b3e96e4c612f6d3380fe7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
393f0a0515925c959189ea48c37261d9

SHA1
797e52fa748dbee993b4666715c9dc07d1c0b016

SHA256
d4dc5c3ad51adb794b184fa40b821c2089fb2bdec0de6b2f1bf601306594d853

SHA512
752fea4897d746436c2de2e710182a51803434976dc1bf36affd4fa9d639725c976fca5ea116289164937826510b041ea300fea960293bc6cc011cc40149205d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
44bc0e137fc5ed28bec7e37df77c552b

SHA1
b10b361e1ac4f288869fc5c1ce0c6460b4cabf1f

SHA256
433b5d17f0adde396a9a8fdd40e78c805f8d6b962d91a45c60c8df42010c7366

SHA512
8add7451a0689caae4926f40308b26a37c3ccee0b7bcb2276587cefa2247a660291f12fd14076802e0c85bc6a8113a01e6550ea2967898d491243cca4444baf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7ff76464fd2ab45248df62e66712abc6

SHA1
f735ab7ba7bdefebb6c136a7a78d55486c1f14f5

SHA256
fa32ef812b987626e0f3f44efcd27c54ef2f0d8fb94a9e1bdf4ac7b050f2b248

SHA512
56725e36f9e793f2b74b44a370a843498d884ffd7cc773484f325fd7a4c51d10e08475b77ff84411323ed0df5f548d5bd8d6596760c7b2ecc4fb0e41c15cf47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1249431839a337a36061f9c32173bde2

SHA1
907e6c86599672852a675a57a110a473b46b4e57

SHA256
26001690ee1ec85e47055fe01356b03a809ef62f3e62f3dc0e1421e8cba6f8ec

SHA512
98e5e16e884ac5d93e01d70e2464f5bfd701fde81907dbc257db448590956413576116619c303d36f173a61df608f734f7ab20456e91bd32dca9a18aa07b62c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bff4.TMP

Filesize
873B

MD5
adf9d0c7af553880cf76256dc61d8528

SHA1
86399234608ae30822e5d48008b13f13ef247c84

SHA256
6ce15adfdc7e09770180d9507f291d103f302ae443b62666563225a5579098da

SHA512
7751e51d5884c67b0494ab9b8e0380a9770cec3cb6b2a349575403cdadcb61c9aeda258753f87948788625d4c7c9c58e621c182d177f2cf898fa1e21a104e654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41a8c51acd367eddf2333b5593efd6ed

SHA1
32ada335290bd1c0425301533ce792e821e1d422

SHA256
7c086d835fbc84d02b14b7ca4746d28516bcd9f6165ce6c697ec2ace00d13e21

SHA512
d16c9e5a7617a36311d55cc71c87b0712c6f01324fd0b00f96013a66f16307092191e2204423fd90cfd7c407de9f168aba77a646690dc65c9548ad559085d151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab49bb38297b019af81ffe422fbd7833

SHA1
4e5d926226501e48c4a68d0cfa07cf4fedd0c70a

SHA256
53a5ce62c4a5befb2a1ea5dd94b736a3de281a73e1cb506d659c4e4c40f77299

SHA512
78d7efb30eb0d4bff41ecf6af036cb0b170628461bb0c66cf109e8602eb314315530835fdda01ffb0421433f0d591fe20b2fe5e08a739c4a013a995169a6a9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
800137db36b9e76d8ba21e6df981e453

SHA1
949b5f50b1027cbcadb0bbc7352e47b22687614e

SHA256
387e6b260c405a539dd98cc58ab635cc2c9b46ea26b4a719441fe82a4e01e98d

SHA512
facea5c6d0c94c5fb11493101ceb8df512b35e6d525db79c062bd04f470524781ef8ccf856e84ad1c7b3c798fa07626300fa63edd84d26d0ba474f71e085a4f6

Download Submit