hxxp://insecam

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://insecam

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{7F241987-C568-4C99-B71A-D3A3ED33EFEB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4468	msedge.exe
4468	msedge.exe
2204	identity_helper.exe
2204	identity_helper.exe
5128	msedge.exe
5128	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 4880	4468	msedge.exe	84
PID 4468 wrote to memory of 4880	4468	msedge.exe	84
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4436	4468	msedge.exe	85
PID 4468 wrote to memory of 4428	4468	msedge.exe	86
PID 4468 wrote to memory of 4428	4468	msedge.exe	86
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87
PID 4468 wrote to memory of 1856	4468	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://insecam
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff079446f8,0x7fff07944708,0x7fff07944718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1672 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,4428957059291099625,17682836838888945262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
36KB

MD5
406d9b826bcb858a49b38b51fe43b066

SHA1
7727771206d299598638d69e9ce5402aebc4889d

SHA256
b8d8e6ebcc4f0feea09d573f2563ba7344e0b04bbf3eab174dcf5d8eb3ea84ec

SHA512
5ad0f4c3fe69d00d46f75982a0d6f14817c3620b75a6bacfd6cb05c019fd6f6b3e5f6b8539cb911d89d84e0bf9339c6f24d52c58432c8723391ff7546679366e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
119KB

MD5
835e13f16b0bbc44f153b7979d38fe87

SHA1
9f19a1220183642826719f40bbfc71b31e6416ab

SHA256
8484c0b0e345847624acd566bfb6112bd13dbe315cbe731c977ddb073b6ea68e

SHA512
dd454b125dbf8eee55870423ebb11f163d8ad94a4e4119e38ec562fe9840c768ff36830ce610494e16c6b955c582d8265b5de2e6a039d569f58713a4d4bd2e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
36KB

MD5
40388446cf6bb9c7a8d919d8a327072d

SHA1
0cc6c23540bce210536f47dd4f1c159cc42e6246

SHA256
fb7b5ac358deea4485de73770442fd5548f9255fa3f5e10bd4b12f3555f0c294

SHA512
59fb96e0e51ed53ee69a49c92d53f7acd39c9247c2682b6d425b1caa9f1f58b57161f90bcd33ba96699722d9eaf159870f4794ac7f99ea4f47ef316fc1664159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
54KB

MD5
2cc0db607d81de320027f1e1eca45804

SHA1
ba6be4fdf7d1f140c069a36b0760bc8e72bc5499

SHA256
adbbd0a168dd9b291ad28c9f0e66c18be4e64b72f1d523b15936e643fdfc0973

SHA512
5bd7bd01eb0dec95b05185b78137215a490be4ba05b7652993db4613945b555fc7dd9319900d68d31361c67cb306ce2bd89cdc62f4c78252dbff8b27354180eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
94KB

MD5
ac8afb434aef14f8285572cca32f26d0

SHA1
cb46d30f22757ae3028315be721d43f5363b1ab2

SHA256
c3a865c61aac05f6377584609e408b7cb5b378a240260933ae61f52992a72423

SHA512
ee78bc65d3e2ce49a597820df020aa57a5cfb1405e81c9bfc7a3653f6e05aaa45efbdf5cd677aeb8e2757f29afa41b2421c3eb73248dd03a78a2007422694dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
87KB

MD5
9e32d51a982e3f6fd96c16cb45373398

SHA1
ad09bf85cb717e953e3ae58533efbefed5cdfc29

SHA256
2cad1c22822e4ed117266fe6ed3c1410c99a1a9a61a6fc5d036bb9acfb0c9e91

SHA512
e7af6eea8da6779c3a194c7f8e0de98891500e52e1bb5ee8f262dd43a23823561a1686f9e961bb5f0c7d8153ff4c47fe010f1285461a81a328c23cbb4a18052b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
55KB

MD5
3bf95563cb618a2688f5163c7e299717

SHA1
ab60be7710c20a05c7497379dacd4769141a1e8a

SHA256
458644c9bcc546a41b0fdd8e0a5249be9235a8bd7b3767b74b616c91e5cb5f61

SHA512
d48cefdabfdc9c12e26e1100cd646dd382b51b9c8f06ee1b2e08dbd269fc5d1cc0f746df8cb46eaa01824d40d3ea9c705af9bce6e7cbe49a93043410333e5220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
142KB

MD5
6c773b157fbb7089b420e845d2774f0e

SHA1
5c2b7863eadd4c8a20831f77136d83b40187f289

SHA256
487c9ca685a8ddc1067bfd0e6880b0a84d4ab33e33e4bb26d9a7e32bd98e0739

SHA512
6a1f4ff9400de536894981f635833b35365aeac89437828b4f77fe4d357366bf6114329bffaf76af3074d6f251550f3b7f05ecdfd8392044d3522990c7fcc130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
20KB

MD5
8c34c7b82f4668c975defa63ea3c9911

SHA1
01aee6e4857efb1898934c58dfbaab60a9bafb75

SHA256
6fddf44c880fa4ab45d21e764fb4371c8820b7b1c49502ece0fb5e1eab95ab3e

SHA512
7b8db2103dedf6b36759771c5b0451d6e2feb8ba889a07f1dbb869c229739e4343636ab5fe0bae8ff7ae5798d533caf3e408e34b71be72d0bfdd076da5a6104f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
631c4ff7d6e4024e5bdf8eb9fc2a2bcb

SHA1
c59d67b2bb027b438d05bd7c3ad9214393ef51c6

SHA256
27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82

SHA512
12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
51KB

MD5
48860d57a2b6a42197b2712fc4e230cb

SHA1
568ebca1dad17ba3e33f438b6508f9a6c9209c43

SHA256
b32032c8f34d30768b0d08d3fe71b6ca113d7fa90c055bb65acf46b6b3942a39

SHA512
8b63901ee3c0c7204a00febdac3e4e8076fae9f6fce06141b3a7be24b34a5702a7c8d6d46bfc59bd16e572ebacfa2f5eae96855b6aeca6939ea84bcf6b24c1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ef107062c57399_0

Filesize
266B

MD5
f076df89cbc7b1ea82f3d8847fc4b32b

SHA1
163ef44a395b4d39dded5e90234f1caeeca6c5a4

SHA256
d0f8d9eb2e36c166e750508ddd2d591869409e7324945bf33721768932b0658c

SHA512
808080e011ab660191d203f99d63c161385482bda084792e5716f09a04cdeb5dd69349e41cd78bbe802b274ff6191a17155562be2ce2edcff579904fe175eaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf8d28c029a2742f_0

Filesize
267B

MD5
0efe0770970554322de1f16072450790

SHA1
cf678f006f60ed16a51a6e5ccb2daca5a691acbb

SHA256
634440cb15a7bc57cec28756b3adf3e22bddd217c7fb489f887916ac0502f3c4

SHA512
d4ed397c717dab8c434354251767c53910689c98a7384396bb5fce9a36fc904cf2c03eb8f5dcf05af7b22f5fcbf8c67d2bf1bf573d9d16847993ef9f1bd17bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb2a3eee4aae17d8_0

Filesize
255B

MD5
e66962046977022a2a43140ae059a574

SHA1
3f529ccfd34b734807a5cda1819dcdf104c20b88

SHA256
d97cc3aa7f6cd8915e9b82e5f6471edb11289765f6046fd9969d28d8623a05e6

SHA512
0ae5412d5a7de340cdd4d05906d1e3db08580b7e21684ec9169c6596fab2e5f1b94d9451cc536351ea4f90fbb660ef8272418d87658b1044b0a0dbca3d76cead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
717a467b77e4f0cbe0f083d2c13f9f58

SHA1
aa466dcb46423bea0ce00409b93360f782299825

SHA256
a598c96efe3f9cebc78adcf28e4759f4720e5570caa24ce4ad9c58220bc901fe

SHA512
35f312c74e32538ba1ad17d4e029f9513d4136ffbb63f3678554acf9bb52a5c81a59723a846acca235763a3bdfe3e1b2b51297456a9ca500d257f7cc95779f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
425fd280bae46a8f19519889ac0bbd70

SHA1
5a5f805328104008c1aaa5bf83b3b093a06eae3d

SHA256
593e19f6ccf921c3bd27286906e5e7d3501254edab0a13a04b32477d545f0068

SHA512
44ef157d30ca2f37f1de9b7d246f2a1bdf41ad5e5e3fa167f916d2a6b1089e0cc43e689d2abd275ad9f51ef6623c297602a0046136fe97a4bfba9fb45f731e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
141275491a966ee57fe19ffc3894490a

SHA1
623de952c1ba4557d3cb94771e9d7d151cece157

SHA256
afbb04877fa6a2b9cb50e86579b85e1a65638305918a9c9cab39b00ab99bbab3

SHA512
3dba8ac026497a5330ae5dc115f62eaf481d3ed6e00a97b61f20bdaabc1752631eec03bc14eb8a1cf0ab3708900053ac664838130486b8438a3e79b5e744644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6ee0cd2e78ed38631ffa9f3330f34064

SHA1
941405152d4ec7346102bf063704fd0cc474496c

SHA256
861cab74815e36fa0222d84bee32d954741ff6a34dc713a06ba4226859cd3c48

SHA512
afb4fc244ff859dfe1650dd443e27239d0984ac141e76782950626b72712bb5c3c1940eeca6b0e8cc5997d8b8baf7cb026398125bb6798f9865898a5a4e19654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aea413d111911be048fe57e579acfa0c

SHA1
b97fa115cefdc79a2753e3a5ca5f5de96b4354d9

SHA256
56ab0ac0d34e36faa09828a3481f054edbf7f417d14994f7486ac21527a7fe96

SHA512
30b4d3aaa801918d4bae57dd92b6b2ee2dda4a014aa8ba768a98e2fcdb52ff3cabe153a311763b1d503f8ff69a2f46d3c576f79a3dd4a67cd4a2b04e9b14c526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4aff5756c829bb92203d59ab8bc0a23a

SHA1
2fde997116a9f9953bedfc5f228a084ce439d1d6

SHA256
e28e81c2233bd10ffc3e6c037b672864940d0a64ce6e177e71fc3702ee7f37a6

SHA512
c6afa68347ef5405bd896d824a5f15e39212a8139562cc07d27cd181b23e4361587499437d3ed13b9edb0e9482506986c60a325e4ce6d8b210924bb906b9076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d42585fe2b068c3c4b733d366e5fbf07

SHA1
df3c482c19a1a176706eae5999d2afca091b1f60

SHA256
26bb7e51ea0dd70e9f5e20b080b594feda92e1ea1a5edd880d20564e400232ee

SHA512
220e529a5ed03a1e66905c3bbb0fd7da28442ca3fa07489c009142b4b7f83bf86296a4ca9f2f0f40db3706f7b5537325ffe031fa65c375f31bb8148b486465e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
462210f79b627ca0880cfafcf31464b2

SHA1
e43017e58abbb8bf6800b1c742647dedfbe0165b

SHA256
107c228bc58e187034f109aa388ae634af64ceb0f1757031a980e6d8755788cc

SHA512
610f21d39d089a56a81d9aeb7294ed41be25797ac296dfc6f6b5b00869abe3145132a9fb70e0bd80f5db55c01ea51c80f170edd5ca64b40271f4d038ce792fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d468944b6fe1a927d7b01c252aaf76c9

SHA1
9d0a5cbf0167ded0f1e5f20f84d7601d263ab9dc

SHA256
619f4943b6d79989c704c81de43a33963809e94a4dbeaaeca119212c7d472001

SHA512
3789f8dd527165a542cca78e5451e0784a1291cac6c5a9c54ac8f47a58dfd7d2cf5b5b7fcba4801b32729bb98215010ebf032ec7d80c65131334b6f67bf6c4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6b839c3e53396869b0a83f6830d66222

SHA1
45fa8b39e1cf572a376f057d1ded34a9bfb1afc0

SHA256
878522019e659ee68874b95b4187dc5e4eb48260b34fb0835dfee656a7d288ab

SHA512
a83aee2937cdb1558a5566c7bb8dc7ab7d3cd7b21427a99554e4ba1d32255dcbeca8fb52809154dff6df0a6eaedc3fc3d2deab56a73a709307877e2dfc262786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e167e2ce2de04d54de7e4ac4249b421

SHA1
863eef8a50da2013229e31067a36d5ebefbb113a

SHA256
c280d7b9720b8a40c9c93b34f8f858a2340b2d09a94132efa93aa79d4979a170

SHA512
041bc1399624cfd3cc823d1c48f5e7fbf606d71ae26741399ea0bbe933e91dba752375d0739833ec9c5ad4e0666d0eca41868a91ff0c6f623a65b721771c74b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ae2664eb013d9985fac0691825abf7d

SHA1
070f60f09b428e4bbd7d9f2c0a7bf0de809dabf2

SHA256
04bd01532e99dc9df673716cc713b2a137b6afb83846ef7723822ec52a2e2311

SHA512
c984523ed92b3e084b8c09573ad6e018e0ae1e19a0bd84bf925c96d389465b9ce1efe38733225d671e51f12abf4545a06a8fac904e3d6daf6fcd02582380aad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9e5dbea2294375c53397be661ca5640

SHA1
dd42481537a7a1d64684d18ec7468c3714caf3dd

SHA256
88994b853ffac8e765c77bae1fbaf1f88488580947f9c22f7a70f44cb0713053

SHA512
239ba60cc10885c57cc7009e8240b37e57416eab69fa650beb57ef98e5ba9064e86c5aa7e939ec3e79826b2bf44a277fcc21c1b8f4406a8356263432fcdef535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58122b.TMP

Filesize
1KB

MD5
a6832de37d2c397011939c8c1fcb73c3

SHA1
dc3a0cff6bf1378bc321bc191c324f61663ce481

SHA256
1a78109233b952b69cac68196788163d1b0e6dd783a7e61b2b471fdb9ca087bd

SHA512
4c54bd4234deb31f47f92e648f1f7ddba6dab813a56f7515e28dd24850c11bc2baa8aac5f78fe7e6df3b22241fc3a6f065795dd87e78ea0bedd541e3ca244c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb67e4af8be2ca2c7f2a21df17cd2292

SHA1
b86aa94d518d7fbfc17f922da36915233b8c68bf

SHA256
d976ccfbda29111cde68b32f3222cc612611bf0c82e2e224756df88926a3f000

SHA512
4055e0628ed262ba32adef3d3bfb91585beedd84370386c4199d4300cf133935041205e0b7b002d05a8afb8fcf44b05989dee06f9b30a09a4e6412b8ce3ad441

Download Submit