7f1cb31fce29b361b5bb01bb636c9432d0fc15bbf480d95028e436f0293cf6ea

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

136KB
MD5

1b2905fea4aa898f8d0444bda349a456
SHA1

fd9bb4c38d4eb8ea982f7c55ea366479e19ab0fd
SHA256

f222af62408840ba6f75892002cf8693fcf0afd0999cd3b687a8a37a3d8e8602
SHA512

ae9ecea5096d02ca227648bb222e803265fe1068329584c25d958da89ed6fc4ce5997801ae68e6d17a534450d80a352bbf383c7e3e7fe9e94b757cacfe83ed2f
SSDEEP

1536:H8DlBYkIItVnBmKevMyQMQExWhSw9Mbx+P8Fa91eNJlpZy4KjeYa1Q1:H8DlBYWBSuP8Fa9gNO4KN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{D271838B-E4AC-4DBA-8D5F-CDCFAA3EC9A1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
1044	msedge.exe
1044	msedge.exe
3600	msedge.exe
3600	msedge.exe
6012	identity_helper.exe
6012	identity_helper.exe
6708	msedge.exe
6708	msedge.exe
6708	msedge.exe
6708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 4896	1044	msedge.exe	84
PID 1044 wrote to memory of 4896	1044	msedge.exe	84
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4272	1044	msedge.exe	85
PID 1044 wrote to memory of 4496	1044	msedge.exe	86
PID 1044 wrote to memory of 4496	1044	msedge.exe	86
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87
PID 1044 wrote to memory of 468	1044	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a3346f8,0x7ffe1a334708,0x7ffe1a334718
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10160 /prefetch:8
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10812 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11706262772055588890,7068498148867839908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x2ec
1⤵
PID:6628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
919055b00ca5492fabcf3f7e5bf9be24

SHA1
c4b569c73e40d3a5cd0bd7c3f61be7a3775d9a9b

SHA256
5b6b56ec9555fc6cec37fc2bef6fc22dd47f2786f7d1e7c03bace4227621dda8

SHA512
d477a496a9b30ca11cc7658961aca5b5eeebe969af76d31d486f027b498e7276a7825b8c8c4b717db4c1dc292ef5fe5b6ec0946270ce3ba3a1901a96d223d321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
70KB

MD5
714a028a5cc74e89dbf4f1217ba65ab8

SHA1
0311a5648577e4dcd3cb78bc50a8c4e5f2e7f992

SHA256
f9825e46e4fa9489b325ec263d2d37a10b25c9bde4359769d6c7d16425e46621

SHA512
457f3ed14fab1e1069287bb3b18119a40b9e35470fa4fec29b6d004fa7a09c117c92f9dbfd5e863d97bb3bc1f9a6c208c6f76f5aa5173b18c6ef1ec3ba681c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
29KB

MD5
fc3fc31e5e7c0933dc18e562c1c071bf

SHA1
a44c31323f6bd29e583cc585036e6eb39f7014a6

SHA256
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d

SHA512
e54f561241404a5fee5b5a87044c28d9fed16bdc7904324cd968d80456be465ac3e6235fe1c82f2181c2da1ba773c89a13b2fa333de73c1e7f693983c330882f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
99KB

MD5
537af85e0ff9ef2324b93a31af44fb0b

SHA1
d0080fd56b61dd53c2badad8dc6c63657e0f1f3a

SHA256
8f1527e125d0ae10ec1ce551280f1c9de9de898d74dbf9ae05857795a70a8d1d

SHA512
ed15d2115b637f470f6b4b83f2c8859c6c7d24a3476667dc49a59346940e7da3ef88fe772e18174ef1debebb250de9b89c158afcb48c57fcdfcce7edfb22dc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
59KB

MD5
e8ac597a32a6534318fb743ba11bdb61

SHA1
f4360466a0761ada9793a6037adadf6fc0524468

SHA256
ae8324e9e5e354d0326b11b4233e9e7e4c80a674c6c7bd6b4beb288ba1852df6

SHA512
91b2b364df490b3663c5e9def9576895ff20fc06b34946f12cc9c41e88722d31af8eb975599e948acd0df5c836430d1f47b8ac59a5618a29b85660a3579907a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
77KB

MD5
5dc01cfcd5336f696cb85da7ce53fa9b

SHA1
28a1f2fadc35c5343e0280389fe7955e3d1be607

SHA256
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

SHA512
e38f03ef448a304331e307da790021f2ba8c70ac7165af98713c23bad271f3a9748f466326854b341b1eb48857d66df816d71128b0fa73ca0ae36ae4e5530cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
52KB

MD5
3f8baa3171f6c3560fd718ae2e380b5f

SHA1
8b4e0552b6ed0ca30a9ed4f0a5d463c90e1ceff4

SHA256
aaa26d25e2d2f7f949c243b5db8444f57f8962568a3280a61fe01368934ec77f

SHA512
5cb06adb6600ca5fc52e7ed3d203fc47bdb7e85adbaf56d9512603c957a1f27bc2786a9493fd2787ae75d28fe2379bccf42eae7b318f2fb9bc2e8297010dd00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
44KB

MD5
bfbf917d5d1173156fa4b974b7aa13f3

SHA1
dd1f0a274056710c68781bf7d9311dec3f53b510

SHA256
9365f7e289b486fc6ff17e771a57e181afd96b2780ab5be4a3f5262483a29a6f

SHA512
9d2ea54a86e52662c34586223b30fc74f89ed0fb055a28995df393f6c18dab48959ad3bf49e9cc9ccb2a90fc43324e7b6b0fb1d8adcfdf3a54781b11c5e6938d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
49KB

MD5
49342833297a6c5728948c3a1ee7aac1

SHA1
2c850248ba911e372e796d99412b93b4de4ba871

SHA256
1702ec8a5d58ce605c88ecde19c1babade6884c4c578faeed7ae15a297805dac

SHA512
a4163e0e65772ca7ce2c4f06a7c2c1f1c0c9edb4d3e97defb55c898ba7c3b61f960b59dc5c41848530de2c8081ce7fc940d219ee2d741ed788bb8b6a8ba96245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
71KB

MD5
97e8bb73db50c854464357c34e34ca1b

SHA1
50ba08a081ee1e2d2e61009d3fba02e1343d2c97

SHA256
fd622f0517ba432b67f6b55793d7cf4eaa08c32cea7f20ca96c9b4f9522f71f9

SHA512
659888a81d8f704e840984a611d1513f41dd1239c43b7ba1d71cf26025e77cec0c60b182dfbaf7d589d97e0842fa8bc1ecb6b7944fd9b4deaee1f335b098469c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
323KB

MD5
b897ceeaf8f20565189bffe2b8766c4e

SHA1
9e754467a8f87d800c779d3052f2b6a60932a4df

SHA256
b1974b27171b06b1bead997558a525ef55b4b15771d3cd532782988bba701b46

SHA512
2f1ac360479b9cca8a28f30ab346bc475c770b30042533cef95cd69b0a70d1324de27e2ff101bcffc60686d5fd7a06d33f708636b47f5b64125f75f7d93aa384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9db7a960be5dd8600e617c9f5126ec70

SHA1
f14212b02831e85397a06dc08a0c8324e721a65c

SHA256
a35333fb47dabe153c5ab7be3ae83ce373b212ba95fa70dbebc1aa0775d261b9

SHA512
c77d60570609aaac67b52afaa51cce0d19d90415f3eba9e7cc8177cddac9a6538ead764c45f7ea1624e52bcbee3e5dba399817df8cca47d29153e6d72b839449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5c02dbed9c300cd6d4d801257856a010

SHA1
3bff172048fa266f57d3f599023f3d983d1cdfc7

SHA256
cdceb22fd40f9296a908c45d6d223be8d9f4495343dd8e26d54229f942728679

SHA512
7260cf14ff29bb6d5f36509cfdb183e50cc305afef3d6d9a260ed08568750a9b825370ee69d7622d82d08f85914c57bf5a8d5d222280b7ebb2c5cd208dede3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
960dac58b4b242cb3cce99bcb8b2c441

SHA1
5e1d00e87bb2dbbab7f593c6a8077db3a474966f

SHA256
df918a9136cd0c8ca8b36a6fbe79e1286332a9390ae64d1f56829af5b5975844

SHA512
c4285af5993525575ffedecaca0c806685367fe8af99b6158312fd63899b8c2d54ebe09419a6427725c512e303f204a681a0efd8c31b84c4df344670cbf9cc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36fed1b8a8b803afd798974955d52077

SHA1
f79a7e4841340a4b16db302ce0b7090ea23ae657

SHA256
3c319a5ee78458d8c240421cbd4040279e4904c6d15fc9e155ec76c676312ecc

SHA512
a90cd95d2c1010fcc68bc3a89c931e31c5c43e6925841d90b57bbf4bf858d88badab7dfbfc38660dadc47f948fccec87ef8342420db079d1b2ce3b379cff4bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ec526b4a7daed4df40b7b80f073bd89

SHA1
4f5032116cf64b22fff42caad1d69ccc30922647

SHA256
53cbcd78063578868b399ab510a7ab06074c859fe90ffaf009caffc5473970c9

SHA512
0efe6bc0ad5e393288746b54a7aff782264a4fad33c30b37bfbf2718d146f73b6b54df89353f85ba3d0237f261bdca26719916cecc691117c4ccb2bb71fc5cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8fdb6ef03ba826a936f5438d3847529f

SHA1
d7f3425ca35dfcaa256c15115791733a04ba5271

SHA256
3748989332843c5a398901771756ab728ae4be98ec29fd586146b748e969b634

SHA512
6cf83d7f348fc4147deb5ad0d7efbbd03dd15b518ed52347633a8e16aae5eeceaae86ddd1a63c52d29a993d9ca386aa214524ee10e8693398143b24a6a19131e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfcf63dba75176b00c6b386e705ea244

SHA1
16822ecc30163ce3e59ece8b29b3a6063959e68c

SHA256
1600381adf9ebd0fa1bb12f40cab7e3df80777ef1a6adb545edf5c17805db986

SHA512
9f65116b66daa5dfd20456b0a43b7bb6d4397b765bdf7908f5fe9e3d8fe220cba8b48d68f8217bbac5bbb78e1d8d379e8b7ded050a8f3ea7c7d15fba84415aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
318a70914d691fb75afc4daf91dd82b0

SHA1
34905ba515026809a9763e04f8e825f1f0f633b5

SHA256
22ad267ee939706d7d24bd6fe698ef7b7d7e05968ec6b1238a7456da0c1eee64

SHA512
1a607fd423b865df4581e1e739bbb80ecc42d42862c77ec31ae230307a7301627c14e61851d74cd8e42af2af0c561fb98660a6a2d0c9cc83d08befa61ed0d1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58748f.TMP

Filesize
48B

MD5
0c9c8c3960818b615288fad50e7d8dd5

SHA1
c97ee0f5918d29fe6fff42ebd6d40ed6a95a7804

SHA256
b8439ffc4758c5061c31134950bdf5fceabc3d0e8f0e2bf1ad8ee5b437fe1fdd

SHA512
897a91213c59df09af30e8190904b0b9442c12d662c0fb06c38268988c105955263c1e1b00f401b021d2e77f6231c801479d96e2441538fa55938322bca2d252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2f20c58c45b998238224487d81b71002

SHA1
ef47382d70957552bc098fa431b6c833e9a88084

SHA256
3024bb101f8c75e28f02f833ea5136caa046160bc55b2df259cfdfd1e5513e4c

SHA512
6c67bad485664d2b59e3d0e76f16e4136ff23267de61ae5e5f370a5fb497bcbe69926930368f4e9690f54e782335534a4628d63f61df09faf60944514347f9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e678948eeb67cab864ce5131f98ce870

SHA1
ad7e13bffb186f21d290e94446ba8d9e1576bf46

SHA256
39e947bdff5f9db9207dbb935121687f6813acc8b9397afb628dd77bde6cdd3b

SHA512
51ad33543b81b5544eda9c795ede434e57d5f646eb18771a17973f00f90730c54357eff4c21bcbef5536a941101b1063a664f33e44c9f3fca8c8b08ad9fc5aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58270b.TMP

Filesize
3KB

MD5
14525764b97d7686b46e28fb46c204f5

SHA1
9a87ff646e4bb17595ed6c688b8ab87c0c1387d5

SHA256
1cb60ad2f10fb72d6e07ded4150a70c90c3192ee261234036245e37c77ea1dd6

SHA512
bb95d6bb6fa2121b50a4ae9cc7c4c0433d1e52227460b6a2c40528f4d18d476f2df3f9d9c87cebd947753f6027252ff4117fb0004c76c845d421eb6e1ba36a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42e443d961b18330062bc211f818c39f

SHA1
9799908d549c5c54c47dfba3c0902f577a4a6f7e

SHA256
7a84c0dece783c729f58ed319f2614132ec067652e814492c51e362ff1128aa1

SHA512
95180e86443593fb9dfd55b8e2ade7e9bd5356008f72e1341278799c1de8f681bc964f7e9670de2e38bd0c0283e8443b0386d6cfae3eef301246fa2d72c4cd39

Download Submit