hxxp://em[.]yotpo[.]com/ls/click?upn=u001[.]-2FemWfc87t0MOUEjl1SkAEgJJ9JHK-2B7-2FAKHmwcZBn68F5tnZuDPD0zWu-2Ba70Zpdw4fXvMTkem1gs-2BObSeuNDukEN8NDx5V0ymstznVrFZ-2B0J9gaaRYlWrsgKz0z2LSqb-2BKylFxtJA9MwgXIZasym0GEDl8TzYPDE-2Bn4ixZCpu9rHQ5u6dBs9BdVORcMn4PRXe-2FbzKsMo-2FRi6KCIox-2F82TjIa0d-2Btv8ckUtPB-2By632wJ0FInLgkRuCHpjqZWmjuTfkpT-2B04DOix8cihQ8uogOhEvZ6kD8IfNl-2BUuUNyNhjmHG7QlzeV76M6U1cWZKqfg0YtIV-2FCJjKzA-2BzjUgzX5ZKCWdUVP-2B0pxgBznnM28TwDF66qXP-2BH2CtCf82w4-2B1jLM6Wijq5d2PpoMjTi6dtNEmay3jmAB2XAfWA1mi-2BJnsLUbEEB02UrAXYNGYAbkXkC-2BqpFFfJioQcOW-2B-2FoFYmeAXWtrtZWiczZGCgrPtp-2BNZRZrF6q9a8FjitLswXBjemAKn3D9pNPthEv-2F2dfxvuCipaQ-3D-3DZ9Vw_A8ReXKjTkWn2OSKqE-2BMH1U6kkURmHagrmR611yZrbdYcROxsFuJunKyHKZ46YCl6x8woShMXETYApEPWtHa795YaKWbzFrkEs0ZdLsIAm-2F-2Bm6Q72r4DDf1WMnIXEJ9AbvFZiof-2BzA6K2H2IM2-2FkTmf6oyUeOXLeLiPx3HPtyq9uy1WD8rk-2Bc-2BNtqvFiegjFQE-2BPRE5RsoNJy2OI5Mnj29cv3p1JzeN58VbWoDmGUGYU12h-2F60vwKa8si3F6bQdVqdHRKPJsW5NIeHBlJ9z-2Bh-2BcYqzaZUl9JeS4q2GdDNBpPqBVULS4G2t6vJAnnCjApsysLd6bQ4MxvYU7Iir9pmwflDdn1cOLeklHZkw8oZIhC-2FAhHXdW-2Fw2daFjkV-2Fjx-2BmIHYOOyChdxSKMkp1tESelAFHQH6bowrEN0kWXyhbCu7PlpMo2CzNcUSPyI9N3wGWmHNy8vrRrLyQCIFlV1RPN0broFo5LGmQhm1K9YHtD9RVFneBrUIUbEUDPTU-2FSlcDhDVbzZaKKtwelH3eDZCgTAaKn-2Fp4Qk4hTpmpuZ5lPcNphDT7S35J1qEEsrNn-2FPe7Bf3LpmPHh9Wz5DqoKOjjPh8aRtsCKUXEga3xJAO6OA8-3D

Resubmissions

27/07/2024, 00:49

240727-a6l9qawbjm 3

27/07/2024, 00:43

240727-a23qxaydld 3

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEgJJ9JHK-2B7-2FAKHmwcZBn68F5tnZuDPD0zWu-2Ba70Zpdw4fXvMTkem1gs-2BObSeuNDukEN8NDx5V0ymstznVrFZ-2B0J9gaaRYlWrsgKz0z2LSqb-2BKylFxtJA9MwgXIZasym0GEDl8TzYPDE-2Bn4ixZCpu9rHQ5u6dBs9BdVORcMn4PRXe-2FbzKsMo-2FRi6KCIox-2F82TjIa0d-2Btv8ckUtPB-2By632wJ0FInLgkRuCHpjqZWmjuTfkpT-2B04DOix8cihQ8uogOhEvZ6kD8IfNl-2BUuUNyNhjmHG7QlzeV76M6U1cWZKqfg0YtIV-2FCJjKzA-2BzjUgzX5ZKCWdUVP-2B0pxgBznnM28TwDF66qXP-2BH2CtCf82w4-2B1jLM6Wijq5d2PpoMjTi6dtNEmay3jmAB2XAfWA1mi-2BJnsLUbEEB02UrAXYNGYAbkXkC-2BqpFFfJioQcOW-2B-2FoFYmeAXWtrtZWiczZGCgrPtp-2BNZRZrF6q9a8FjitLswXBjemAKn3D9pNPthEv-2F2dfxvuCipaQ-3D-3DZ9Vw_A8ReXKjTkWn2OSKqE-2BMH1U6kkURmHagrmR611yZrbdYcROxsFuJunKyHKZ46YCl6x8woShMXETYApEPWtHa795YaKWbzFrkEs0ZdLsIAm-2F-2Bm6Q72r4DDf1WMnIXEJ9AbvFZiof-2BzA6K2H2IM2-2FkTmf6oyUeOXLeLiPx3HPtyq9uy1WD8rk-2Bc-2BNtqvFiegjFQE-2BPRE5RsoNJy2OI5Mnj29cv3p1JzeN58VbWoDmGUGYU12h-2F60vwKa8si3F6bQdVqdHRKPJsW5NIeHBlJ9z-2Bh-2BcYqzaZUl9JeS4q2GdDNBpPqBVULS4G2t6vJAnnCjApsysLd6bQ4MxvYU7Iir9pmwflDdn1cOLeklHZkw8oZIhC-2FAhHXdW-2Fw2daFjkV-2Fjx-2BmIHYOOyChdxSKMkp1tESelAFHQH6bowrEN0kWXyhbCu7PlpMo2CzNcUSPyI9N3wGWmHNy8vrRrLyQCIFlV1RPN0broFo5LGmQhm1K9YHtD9RVFneBrUIUbEUDPTU-2FSlcDhDVbzZaKKtwelH3eDZCgTAaKn-2Fp4Qk4hTpmpuZ5lPcNphDT7S35J1qEEsrNn-2FPe7Bf3LpmPHh9Wz5DqoKOjjPh8aRtsCKUXEga3xJAO6OA8-3D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{3A6C43E3-3CA2-4079-A2D4-ED4FE2E8DBDF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
804	msedge.exe
804	msedge.exe
1840	msedge.exe
1840	msedge.exe
3808	identity_helper.exe
3808	identity_helper.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4176	1840	msedge.exe	86
PID 1840 wrote to memory of 4176	1840	msedge.exe	86
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 1504	1840	msedge.exe	87
PID 1840 wrote to memory of 804	1840	msedge.exe	88
PID 1840 wrote to memory of 804	1840	msedge.exe	88
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89
PID 1840 wrote to memory of 3328	1840	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEgJJ9JHK-2B7-2FAKHmwcZBn68F5tnZuDPD0zWu-2Ba70Zpdw4fXvMTkem1gs-2BObSeuNDukEN8NDx5V0ymstznVrFZ-2B0J9gaaRYlWrsgKz0z2LSqb-2BKylFxtJA9MwgXIZasym0GEDl8TzYPDE-2Bn4ixZCpu9rHQ5u6dBs9BdVORcMn4PRXe-2FbzKsMo-2FRi6KCIox-2F82TjIa0d-2Btv8ckUtPB-2By632wJ0FInLgkRuCHpjqZWmjuTfkpT-2B04DOix8cihQ8uogOhEvZ6kD8IfNl-2BUuUNyNhjmHG7QlzeV76M6U1cWZKqfg0YtIV-2FCJjKzA-2BzjUgzX5ZKCWdUVP-2B0pxgBznnM28TwDF66qXP-2BH2CtCf82w4-2B1jLM6Wijq5d2PpoMjTi6dtNEmay3jmAB2XAfWA1mi-2BJnsLUbEEB02UrAXYNGYAbkXkC-2BqpFFfJioQcOW-2B-2FoFYmeAXWtrtZWiczZGCgrPtp-2BNZRZrF6q9a8FjitLswXBjemAKn3D9pNPthEv-2F2dfxvuCipaQ-3D-3DZ9Vw_A8ReXKjTkWn2OSKqE-2BMH1U6kkURmHagrmR611yZrbdYcROxsFuJunKyHKZ46YCl6x8woShMXETYApEPWtHa795YaKWbzFrkEs0ZdLsIAm-2F-2Bm6Q72r4DDf1WMnIXEJ9AbvFZiof-2BzA6K2H2IM2-2FkTmf6oyUeOXLeLiPx3HPtyq9uy1WD8rk-2Bc-2BNtqvFiegjFQE-2BPRE5RsoNJy2OI5Mnj29cv3p1JzeN58VbWoDmGUGYU12h-2F60vwKa8si3F6bQdVqdHRKPJsW5NIeHBlJ9z-2Bh-2BcYqzaZUl9JeS4q2GdDNBpPqBVULS4G2t6vJAnnCjApsysLd6bQ4MxvYU7Iir9pmwflDdn1cOLeklHZkw8oZIhC-2FAhHXdW-2Fw2daFjkV-2Fjx-2BmIHYOOyChdxSKMkp1tESelAFHQH6bowrEN0kWXyhbCu7PlpMo2CzNcUSPyI9N3wGWmHNy8vrRrLyQCIFlV1RPN0broFo5LGmQhm1K9YHtD9RVFneBrUIUbEUDPTU-2FSlcDhDVbzZaKKtwelH3eDZCgTAaKn-2Fp4Qk4hTpmpuZ5lPcNphDT7S35J1qEEsrNn-2FPe7Bf3LpmPHh9Wz5DqoKOjjPh8aRtsCKUXEga3xJAO6OA8-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff820a46f8,0x7fff820a4708,0x7fff820a4718
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,5238124021983722926,3963028150187106672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
46KB

MD5
336ff861514951debb41dd339c6619a5

SHA1
60c3dbf429ca95635939ac75d0164784ada3fd8b

SHA256
d1fb7d9bbe55e1a6b1c40e6a5435cc25c40ce1b8eb392f2ad41b2734b7371b4d

SHA512
9533c71b95f4485828899112176ac44d44f9f7d40f73871500a32d0c632f23773e7393504431bd8e9ae4a4b4508328e31a9fc789e93b2558357ae2f5497f4a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
f5d3fb0302e1c683acb9cae1174ef907

SHA1
1324645005b5efa10955878a1d5f5f8f8e7e3f8a

SHA256
437cf17c26254cc5b1bf6bc9ac04b76d32188b6e24ef7ccef0ddde45b37c7fdd

SHA512
66e94c4c50094b0ff537874ecbbdd6c8d31791dd80ebdcaff645fc7b4ece631b701df7cbda1eba6f8752dbb4e0e2295547f590d4ae959798670484850d6e1515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
190KB

MD5
d848aac8db3c614a09a345ad1af1dbc2

SHA1
a2dacd8f1ac831d0a1340f1121cfd99e48a17fee

SHA256
753531c47fa28c60ca3eae0b52a77855ca1863d68ae3229017af3690e42bf5e0

SHA512
28be435dba8ae62b035057ec809a79240e48512b63e01addab19f8223764d1e2cf3abc18d6c1a03fb858d8c7f7b27dd367bb7f837d398006e7c3a07c52b8b734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
32KB

MD5
df23a3e783a7253715e40c0c696569c6

SHA1
349b2698ae61e6026b6c849d31f59eaab22ec5d6

SHA256
272b7aa36e6a27bcbe0fb8c595e6186c24bf33e8b2ddc49cb967e693507c0ec4

SHA512
0008d5097906b390c84fd84a685175942e0bf68282a7e43bd776500f0a6ab8d505f77c06a90b2dc167c91ac6944c1fe096fd4ade6d6042dfac75ebdae1404c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
113KB

MD5
3c1a64118ca38ff7dff81752c4db057f

SHA1
f6a0e492ca605b2b37a477cb48053463fe495dee

SHA256
56127c1b97bdd9797b18175be94beb2c198876f1c37ebf5b444e66c0b7f2251e

SHA512
762b48f2da6ef4f5552dce0a46d5c5db991424d1f119ff8a6729000c3aa5b8d9f4f7a414a2700264423ac1c53ffd8b98aa8471caa1a2a36de9748f839b1150ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
84KB

MD5
34205392e1af30850134ef96d0db23ec

SHA1
ef75012b4e658c5c1b98fd73cdff4155730ad144

SHA256
49ecd14b6df644355bb16ad6b5d98e28a10179e7edbcfb536e86c9d0b20f5e69

SHA512
d44f73c47280f63cb80830d78a2f4999ebd4dd6adb28aa837ad0976002ba231a71b17712110f9cef0f0ba9da3c741f63a10bf51e83500ea210762f99b8a392d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
105KB

MD5
e45e4669f7be72171bebcdd6aac4dc71

SHA1
edc0f56dd3c57e1c9d5b8a52965c7bcee5d8913f

SHA256
abedd6e87081e2dde23cb7a87862301a03513f561ae18c1329bb4b926e39794f

SHA512
c65d158de59b2b444bbdcfa11c6ec5901640b355e1eb13fafcd771e9d2d3a0ec00bcd7c07c323a58483b21b5fd6bf5803fa8d64899b7c5d88baff912b25c865e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
57KB

MD5
7951997e378ba689ae8fe6679d7c6218

SHA1
def0a90bc5bc21a69258f2998e67a4b607301848

SHA256
d42729c17f21e5d94dfaae882502e5d9f4a9ad6be4425e6a265d2e425f0be5e7

SHA512
ab6955d16319273610a419420ac77caaaada72beef51d0f6efa2baf69cc9bad12dab2a6766147469665891e97b98162c0f5d2a33ae7a4dfeec60995e2694c471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8073efac6ba9adf8f257010cc192e808

SHA1
1f825c4116db46221c0c9c0e64213aec74c5aa2d

SHA256
97e68848fbd1ac72579e719a313502f6bb18f9928ded79e7fbd201904288f8fc

SHA512
1ab23877d1fc29d3b69f9adf36a385f263e57d7c82626dfb609b66a77b4f9e4402446e8e503742e9b3b26387c038b6d633de00eb727e8ee531b5b263c7f8e92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3cd88ed1c91358beb5019c4eeb2df4a1

SHA1
de8978cb2ca9b59f7ffb5e94e1bead3e742abf77

SHA256
0e39b3b0b2973838766d843172e2c887c8518b00097557eba7436ac133ac48c2

SHA512
910a24d7f64afe4739a6b73b38db81692f10878ec46a4f7208900c2200dd33ab0285bace98cf68099e3647fef68f7a73ae9046dd59670f4dcd366d4b055ad94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6dec58046348db25cc7fb6fb2e184055

SHA1
3241adf18a439c670fb7cb3d6f37e6e9895e8d7c

SHA256
d3fde0f910d57f0ade1151374a85d5a245cbdec08da87997a73defcee30c22d9

SHA512
72b465e8d02c727901f0ed69126a6b519369e2a494264741cd6d18f3a5a078c9bc79ebb3aa6111a75151da4dc820512c0c1aae0502006160fad18af8a4717b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c8cecf5cd57184caead57f26be62ecb0

SHA1
d5c9b91fd7307a9c242895e8c003b821c1c2b0b1

SHA256
8b271380d4eb0c6a5320aa5bb00882df261779a73e6635fa5d2b9f043e3bec94

SHA512
81d38f94575c58255aaca3ec78339aeb19885a2bcc561abb5cf0aaf41c70c44cdb54e3b1ad6eb1c69b0fa950dcea495a301d94b653cebb0ba9e177621b4e2b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3988a9defd672e610d74e07d03fd8888

SHA1
838f90c14c6cd7a2e28aaea96aaaf0b5d7f46d78

SHA256
bdc1804503451130db29872d0db2e69ea8f41a6b4de66afcb3c5f09caa91e7d5

SHA512
abefece5d068920735fb9400ea8989f2835390b442589209b673d827edaf6147365279128e4207fd1de9bfbdb6fef7aeccf0f3453a877cbd1af236ba873fe6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3dad890174608771d8993193c82bf88d

SHA1
89c7c277640b41b581376d21677096b68a7d4ae1

SHA256
a5c11a8a3d8a42f503e0fadeb9bc6a8a5aa0ae8f835e1f7ba60f6153a4b55af4

SHA512
90bcd23f44c0eab61715add4da2f8dddb81e1afb78a531cdffbd8ad803f7a5691d3048be5098996d18ab2d3364269991b36cf3fc791ede1e54b6dc990d5c01e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a76bd40fa88ac2ad20bc3f5c31af3e99

SHA1
e54ea45b39f0f23818dcdf4a253b11dac72de81d

SHA256
d57c1a68d728f3bb8062ead311e759266f2ad88bf4bc6aa5a8f05b31de3bca60

SHA512
ce4c46ff4d4dec391042bc5d4725f6a8a00071adeff1b37ed46dc9b79b0d14870f63ddd88392da33204309673606b6f3f5ebf17856385fc30d47c0b0eb003e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
140d920c72ec7ff2ecb40fb26f39cdc0

SHA1
45135039adfd1d4adf604732604b8eb92909fde4

SHA256
be5371ff774670aee112ad090163189fe3fe81cc74eaba138a73aa9b98686e88

SHA512
054117b981bf867511c05d76745b05d6196b863289077cf6d1ffbce6d893759f3c46d897e7a95ec3e5fbaaf2652de528fd6eeeb76096223654479f5831203056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef9409c843e5d6bbd27f5c91fb858bf4

SHA1
6d9326b34477ae2419ef49c91fc4bafde8c95efd

SHA256
19b82a1500c9eb2c0d97dee0fe2a199b1630b402fb0a5230ca7242ac3abef4aa

SHA512
a3ada21bfc35b9e59cbec49e7bb49b1aa1e9937261e4e0f47c07adbcfe84fe34de386f5532f310438aaf60c729efed44b9b1219f50b7181d9891db79290ed57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f7ace6eea3e9f9544fa0c11a9a38516

SHA1
ffb01ff5db12685ceb32a1b741dd0a5d3eb5679c

SHA256
f58a78d577cdeea842e00346b780eaa72353be4e5f590ad4b6efd8121297d071

SHA512
126d04ea34a721fd0e247c942ea6737ab7fed422574beb1fc5b551f76679a12b00ba9221129fe2883d6a428e71e18922a9a07054c515abacc554ccf4b4683cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcb7bcc9b83e50204e044084c219fb7e

SHA1
38054ff8ed383622133cb6bc060427ee459e96ff

SHA256
2ef762b78290e1fee7a24454a19d8d6e4084e9146eae01991d0fdca223c9af06

SHA512
4c900bdd2b06964b391626e4e12f1b60dc16ca73960e2f86b2533df5951acebcaa09d3636c9a13c44b29452f781ec8ea7c6585d44f0781bff1fa3c874c494a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e93108961dab7e70840d78d1684a055c

SHA1
1dd830710b3d7271eeace01ac62886b433202b43

SHA256
3563a11852a24fb24569d5d1e98f4664d958b0f12a19f021efcd9b1c17590ae2

SHA512
20c8f9bb5d2344507a2c999e6355bceb40796918b57924dea9afc72862b02ca98f6acfd96aed7326061bfdd884fcdd8fc19a37f0fdaeec97e63faee6d75287c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbd1ea9fbf8246ff5a83972bd721757b

SHA1
5d602f543fb0391461623040b2c814b278ac5a1c

SHA256
5233fb9037a2dc434463ad21faad3e43436c535a71ec1d54b9774e34ecac2e26

SHA512
7193d1903b8f610019c90dd495409796bd807f043b2ce70fee1bdbe80ad05bfa485db47e331462e8884c6fe55d6255d1693e28ffdd67e01a0a93ed2f6bbe318d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d567e57b1dfcc9d0ecf53dcbfa0270da

SHA1
a0dab509470c843efc7c242cc5f8c8975f88c789

SHA256
4065b318050bca74278240e0ea2122100e0f91ed0ac3853eaac01fc3d5adf929

SHA512
7df9744c5ad1b6cb9a281517dea25c8ff1593dece3380311553802711ed0b135e0dd94f693b03c0e9307134671e0f6b22ad570bf60b9ebedab38b7a9211852f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7d95e72fa0340f83051c83c7d0e6eca8

SHA1
c8ac0a196b3a7ab30a60b2ca96601805d791637e

SHA256
d8f2bf2c5d28b3dae5e7ba1212759b3da13937bbe11dbe861776f9570934f912

SHA512
8b1959d42bbfa2c141f148d3f4fec32482dc7efb2079017adf2d3f2a76a7adc46d57e51a60e1f55ce0aea31565efcba9b527bb10753d3cf267edbb1a8509b3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10e651ba50588c90b881a94dc1049358

SHA1
6788a33554e32a4f6e504813a0663800f72e7959

SHA256
49bbcefd795cc9dda815a089b09ffd21606c1a46afead37842abcbe1a7fc0ebf

SHA512
6dd73ceaacf15458e287a00917f8031621b318747bd22a610cdec13adcc11d917954150a5832bfb558cbf7a842b1bc2d5b3e4620c7b39a4ee7d0fb36b8304075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886af.TMP

Filesize
1KB

MD5
d920f7d292ce7a710b0e69558cb7b3ee

SHA1
b2ddfd92accc236e009cf6a86c3d885c60bab963

SHA256
d4af275045346583d4079de080dade4b01abe071e05c41c600a4960bbf2b1eef

SHA512
7e2a1f527747062e85900ac1d3ebd55b93a9c4b2de603a6ca556bb3fdd1b1d5edbcd6f36d2d7dbe83899b99ef070f98728dc391d8b3b1a8050734dc177cb3d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aa4e36c155a1dbd40df6da0ca33150f

SHA1
b867b73995a32125437bdc812ee04db409f0e73f

SHA256
a12c0b3d884a9344260d7d55a83c886af9c154dabfae48301db1a0490ab97316

SHA512
4ce6105b62d61d2605461b0ec3ca6ba490b7c546cf391fa54c085b6a4d1949605faa9876161eaadc25506d97f5a783c10ca807136e9a701628b9935c6cbb487c

Download Submit