c1124db091d525b594c2b61f1b6c3b253bcbb3e463f08be42e0fa7385f48642b

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

88KB
MD5

bb199d1918d0c07f86a11c6db1d46e85
SHA1

70d5ef6ee32ca4384936bf2a88ae1efc45d1b869
SHA256

c1124db091d525b594c2b61f1b6c3b253bcbb3e463f08be42e0fa7385f48642b
SHA512

20dcb40c6b48094cfbcea3e4a7f1dbd12f310750b8118809cfef6da417f13de658afad0e184b4f1416ecd357a624d80bff0a746dccd83b793db9f6e21cd90f89
SSDEEP

1536:C3WJjrOGRS60MZHoLLndR3jYeTi6/yOuicOJfjW8MEh0ODh0Ozh0O9Pq1sPq1sP+:iVp/yOuic6h0ODh0Ozh0O9Pq1sPq1sP+

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
29	pastebin.com
32	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2008	msedge.exe
2008	msedge.exe
964	identity_helper.exe
964	identity_helper.exe
6112	msedge.exe
6112	msedge.exe
5824	msedge.exe
5824	msedge.exe
1496	msedge.exe
1496	msedge.exe
5252	msedge.exe
5252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 4908	2008	msedge.exe	85
PID 2008 wrote to memory of 4908	2008	msedge.exe	85
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 1136	2008	msedge.exe	86
PID 2008 wrote to memory of 2300	2008	msedge.exe	87
PID 2008 wrote to memory of 2300	2008	msedge.exe	87
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88
PID 2008 wrote to memory of 3408	2008	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae52946f8,0x7ffae5294708,0x7ffae5294718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,1220641491252755688,8376228689634774419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4c4
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\031e9451-f503-4844-b6ed-61ab0b83d8e0.tmp

Filesize
12KB

MD5
8731b811959c6755c9eb80aaf44da960

SHA1
f83af9acca1e0b4c2def0ef950a772d38f43e5d6

SHA256
392f65895ed186e113993a490bc84c046785fe165d0019ec0c51cb1963f49a9a

SHA512
e152788627ff519477ef6e31835c059d22e25c8e305ec7ecd7afb973d9ba00f2ab41ad3645f23b3ca223afc913d5b578f11f8e0b63e4f9f560cd230640f8a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1024KB

MD5
ae78984688bad532c4b71ec4da822f3d

SHA1
64ee212978d5a0fd7578f380a50fb6f6ec0a0ca9

SHA256
17f2e5d353360de2bdb79616bd05d6cf9a96f09e949ec3c0de4abef71fbefc92

SHA512
6f1303cd2d05f551859cbd486c81377a47ca3d2da9ace7a85e76974599f8666507bee8a08764f493e416185d5e2c8477c0ec24969a4bb25146c7005422c35aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
1024KB

MD5
e3726be5903bdc3e755a9e49b13b4d75

SHA1
5bb50dda728ee519d473bc9691878ff2dd113082

SHA256
c710a0335a5fa28c7c208872aca114129517ff48ecaf6476e28ed4f52e3a32f2

SHA512
e51c2a02621075920a8a4b9584457d3f3ebacb70ed3709c105c53933781f2fc1fe682fa114b3b5a242cec1429655e392222b962f5923c58ee864089ec63234f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1024KB

MD5
312d78d27a06cee1223563ba4b0887ca

SHA1
e9bc03c9b4c6648860a4b69ba982516375390be9

SHA256
e670013f79524f44843c77d418d7321a04c38367b7f6dd3b7aec7f2c2a7572af

SHA512
333ee385de4981614c3f75407fee69b7eb6bdd007731af99b43d0b948fbbc261f473066b1a91829bc499630bfc471d52cd0ee58e83aeff45f446fae5a5b9cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1024KB

MD5
36fc86497b5b47cc031ce21ac137d566

SHA1
77ba420b1cdf51ebcfed9dd031d1d0a9c9f116db

SHA256
62df18f671119333688a9fea0693b56773f0366009682c72d2393dc329b2802e

SHA512
968013bf0eb2e758095cafc6abc4e4f1f061c0fdead456bb1521777bc0c28bf1cd161b8786ae688d7bf8f302a70a36bbe43e2d15ddd07f1716f0cdd096c6aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
1024KB

MD5
7ec01e09491fae7a17fa096bf431d04f

SHA1
084bf57c16848f1d8167b09fd3f4418b0de7cfa2

SHA256
07bb6768dc38191f0659f22478d80ed9d24d2a6b84a7f3e78e0d32bfec78c751

SHA512
72ba70222d848f7dc45d8fb0abc7780765ca31d77849658a2cfc78b188d4642922a5cb1c437c1d5984e013d70944bc9bbfee26e599212ef89b7e0ee6eaf2f1ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
1024KB

MD5
2991ed7d6e0f6cef781b41be1026153b

SHA1
35768823f8d42f8ac7421a2db8ab17c78fa6ed1d

SHA256
8890fe5a8f972c0b844db1a8837ae33cb8cfba13244b75566ecb90d54fb454fe

SHA512
18c7da9cf991178514812404d9b92c93a52c3390f24e4d7a5d4b2a9d68e81fbd2e98fb13b5abba0f063c410a7a961d454e5a8e1d389890cd14e03be06bff036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1024KB

MD5
4c186bdefadf200b9ac1bbb9856d8844

SHA1
3bd79494c4660cfd3b1ba5db7a77f2581e62e2d8

SHA256
324e1dad5e00ba645faacbe270d4a0c20b8e107f26b77db4b92025128e5faa4b

SHA512
0012aae12d5b6129d3db5f11ac6ab28c1349918f72cc26e1c2547e67fbccfd90101ba9c7fde6a7dc7b378cf9e25b1266a5658bc5baf77e09ebbc683bf5d7a1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1024KB

MD5
4f4528c9c008b046a973d6e48c0c38b7

SHA1
91571bff69b1af1df2e93bfa7e60b0a08c1e9081

SHA256
3cc9d69593fcaf1a367e19718a736edbf2c4be0fd566f43b365430512e6c2581

SHA512
eeecedf96821cd6d50fbeee72ab4340339336c476c508d26e78744c44d8cb0a1736bb2181c9b0a75514caa67bceb51f22b0c012c2b3fc71ba41e8fb86b33e652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1024KB

MD5
25ba347cfe7d7a5183eddca5946e7b08

SHA1
ad298d87ce0311c14d69cc3bd7210c64d7026679

SHA256
9f32fcc7c39d123785ca1ecef16b8a166b202560cd5ceb8caf15b0b8857cbad4

SHA512
3c956860d8abbcb717ebf0f91815c95e599a0a86261f4847ea60e25a2fb52f92c2e2e234fb199a219bc9caacbbd745f9f82e6c0b56b3237757f18607d5bf05cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
1024KB

MD5
96307038302a630b3af229c387d19f2f

SHA1
809e0c51574d579c0885ad721864759799a5f6f0

SHA256
655d6807c60ea8cbb2424d67bcf2c5835f77d12a88350efd8da7611965980cc9

SHA512
66883242228172ecb0d5a801281e677bd4dbbf5589be4c8d44a5e586aae37ef8c016e7aaff8d20cc6209558376595345c411c50a6551a10fd64c7f18952ac7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
1024KB

MD5
2432fc7522b1c64221ba3c4ab653360e

SHA1
2ad9bc92ea6682a91d665200973dddae80e3b31e

SHA256
4a52e0ff68542803a503b8c8b1c4440fe477368289ff0a4617fae736cf1ff965

SHA512
0161452007579c3d62937f9f3cf07571bc3dc5f07872ef5d93abd386ba26d8ea0ca3eec229d39fcca51d85e907d834ae82b04b64fb32dbcb1cbab7d7f0c26d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1024KB

MD5
8f318a9eaaba2f88abde1248e766ed17

SHA1
fd3aafe3f78622933b9b0fc15a18f9fd4767f397

SHA256
e451343271a602a527b8729668e5330f79ca25415ccc6ee467bf443e8e531c60

SHA512
f2ada4faa8dad49401099e1cdf792117736f6c00c39cf20798b87d73320db4106998194b7778272fda885ecb0778acc74be820e6fff88e4a4402e4f2b8fb85bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
1024KB

MD5
b1c3441c261982a5370697d959fe69df

SHA1
e4f6cd4e35d463ee55d2b4fe7fabc2bb405d1729

SHA256
f1bab0f80f62ca20f0c3f7a42a08ae9f6f0808fd20786b91df8a0db1506a9ed3

SHA512
2f4ff08bdcba035568710e37cdab83dae51e2fcf88bae415a2557acfa0a35be09460d213c3fdafb73a672250780856e18caa6315fc30c7f349118f086b76d03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
e94b638f45d475e55744b34bbfce57b5

SHA1
72073aaca8f88789685a47b4691a84df55dd4f8e

SHA256
b724b93e7a2ddf5a0b24e374536413083d7e0fc100efce1baf0c8af85b75e557

SHA512
baa4d0942417fd40ef82c25691c00548e30ac4c966d7fea0b480c1c81efd1cd1be42a700d22b4a977b9da4df21f789476d89a04abbac9c68700c681aa804461b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1024KB

MD5
777b29a02233fd17c782a101bfd0121e

SHA1
bed668b34cd61f1fe9e63ff8b642d10db4101d02

SHA256
c07aba99e183fc715e337ae822b4d872605dcfe140f5a0d1a87a2210255b3adb

SHA512
d32313f73fcc8d1966cd12596558d4e4141e5bc1a933fccbe0e5f2b765f9ade6c2eba189f1de9ee62dbea7c9c84c56208380b1ebd7436a377d2c8255559a1cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
1024KB

MD5
f9bd24626a10028ff7e5aa7db7fb3895

SHA1
825abb4fc41bdfb537c890e993f6c2c624768edc

SHA256
125d5288abc16c308915557f2fc8acf142fbf302bcc2d39a47ea3fc489297402

SHA512
8ab0d2a7ad6b738ee982fad4e775331b4638b5b7c27b2a85deeffb3367bc4e84176f2e63e686cc2a67040056a5be55335dd6dc2fa0352950173581777c3c3785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
1024KB

MD5
741dae12b77c954660ae7c51c534158e

SHA1
b95d51e429b2564a6e4b84f34d12177c43624c29

SHA256
e5d5f590db5678e8e3f35f443e51a98fc2831c9e9eb56fd237791089eb895585

SHA512
d665944b5bc1d4a04e045f6023413c21fda0d38d0a199d823c67f95aed74c1c25f7193aed81a5c8be55875f92f61f8fa7df43c481b37e2db03244ee350675466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
1024KB

MD5
cb15686d42ac82721a325cd1681dfe31

SHA1
fcfa135cd3a9b8ae05b5e8721d2225ccc9a73004

SHA256
8f4b11adefa01cb47c758c68427fe52e9cad8d284ec985b4b7990342a202a330

SHA512
a007f5ca11dd0058551d5b5862f08ab5c8327fcf2238f2141e7293d154bf488d92d68d1024734f48c72d5cd2c92b1bf899bd33cce89cdf7a1453c6dd83b771b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
1024KB

MD5
e939686d1b13ff668463fc40ab24933d

SHA1
fff26873fe5813ba0e3496cd196a1b4a40068a91

SHA256
bd3eea5151765468c6ff116dc9fb6dc54c09b8fb034414a7203b43c7b6b6e786

SHA512
587d32f3fdf4f7df2f793050c6632a840517841006ba4791516a6b3043cc7985ee52f000390c780b042f3da8a5077bb2de924f735d5a4f1269a6aaf9ee3093ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
1024KB

MD5
245ce0f35b56e762654af72c94bd9b9d

SHA1
810429f5ea3cc23dec2528550b224665369b2687

SHA256
65adfcc70fe54fa561105ad152bc77344b9dcb57d1a7f5504283119859066707

SHA512
d6c0d90279849101ede3eee2b296443a0b49e0ffd679e272718b1177f472fcca083a377d8b3ee59a3fef3802da1d5314440c2e275a77662c08af8a54763ae39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
1024KB

MD5
017d80211ae16be2a0ded5e888e749cf

SHA1
26a598c1110bbc5aa3093d20e504146a9699f785

SHA256
61f0dded834c6d6e89c9b3fec2bd95fc8db373bf4b413a4a86eb117e54ca7843

SHA512
10357a0968b2ce3123060491ae0bbbb2d3c6f52d53ddfac727be1d35440e36c4b4360b4ff8cfb17be747beef2ce67eeb7277fd912bcf77e85cd3627471a87ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
1024KB

MD5
9983a526c57c02155911a228216c9a9a

SHA1
b6e2bc05de460200001ee03197be35e6485617e4

SHA256
6dbbaa2fca2a22bb91ca1648d0c6e2bb8d82f2040bdab1a2992c2e0317988137

SHA512
fcce535c166e0093d5f97bb68de2b59f751c30049a42035b826c9128769f57b584d40f55f35b30a83501d7e6b03f64703270de4540eac53115c67a4794d05851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
1024KB

MD5
a9cb8ce97a34e1b528c4fbfd811f9281

SHA1
f99260d56cf96ea81af87fee2874883f0748b406

SHA256
49dd7f4badeeff5167b87f774c94b45dfe1ef5ba6a6b721fc91e5738523a445a

SHA512
62e642c051dd2a067513caecf746136045ffe1d35fb0dec6275f141486555c1e4b68e76fcf661b7c711cf78c67823040e0b61db6f486e0ea7068fdb57a66ea31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
1024KB

MD5
d74ad9535efbba08cae7dc626363e1f0

SHA1
e888994805114fabfe9e9f69ba745e9c40d554c7

SHA256
3c7572cad9eb5c0d872d9b37e921c7eeedaf4db677a6f59f6663b8fd021c7faa

SHA512
8c336ae75868c1a653637c15179c301ad0bae701418fec97e788c2293f41932d98bd14375e83f8deb948ac082e29131743e16d212138450306a054680612802c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
1024KB

MD5
50f24e4016a8081acc2fa5acb95f3d7c

SHA1
5d0e1f5357d871f7b5e2690722887f7ccaae933d

SHA256
932e633a2e28119974798a31dc7fa8b14dfa749e0b09a46bdb7474a14d3ffdef

SHA512
1d954a6356340c4142df14e5bb9f6aa9d805615c15d9675c340a41178c0f99dc55251c2f59efcac36ed3bd60ca4281928c08e91dda0a04ea365f61ce0510f8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
1024KB

MD5
f0cf79ec23e11e61e14974848e23d376

SHA1
a54818a7d844f812a315c042064f23a41e8563b2

SHA256
d1ea8ee152ce39bfc71f31d08dc099cb3ac1fa5540e1e12fdcfab5dc9125a6d1

SHA512
99a8826fec9eb73696088ee37e91fd052a513cb53bf39383378f00c117899bf51704610d50cdd18a56a7c23a5d27c7d5fe32f39aa925b3cda2937a1bb7f88854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
1024KB

MD5
00ce82de93e98dd387d35daea5a7b021

SHA1
9d0fb5eca4a24995c5471a8638112ad0c21d9c0d

SHA256
3bec838ea8b295829802f115b745285a6f7a3d7aae9429a8771e1300e32c248c

SHA512
97191a327e80436ee7eac61ad93c3aa651f0948192a29173d023f8b6f8af94579db02ae2c88a976e48b2d1fce2d9bcde881fc9e8ba37cc7b34d4c78abfac39c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
1024KB

MD5
fe1c3289c6dca23a81f5cc5002193cd8

SHA1
fb4d3ce8bcbdd1467506a2c3d5bd70ca355b659d

SHA256
4cdf3762bc0215f78316b594683910460452d938d4ff5d87c1cd4eb7a9da5e16

SHA512
4d98ee637b9947091a04e04de47717c37027ecc7fde2d81eb2a8b37954ef819dc823107248dd5ef605891dbacf29b2d3d656633aabb21822d147f819823cbcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
218KB

MD5
39dc95f2e15d83292985c454feb1da9b

SHA1
23a42ac3a1bdde727eb46d05a4228a4eee4b0093

SHA256
f19e35ab2145fc4684087c5c16fc96fc6f758f5665af1f47405b60f6fd138590

SHA512
7937c4199a6d123ef24916b974b641f18b5d2d033cdb5af6a402f9add87c6108b40d1df8baa5f59ec3b346d2ad0b386adbed9642325efe6a41c3c46b66d1e827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6a8269769072a76da53a4a7b6d15f4d5

SHA1
a4501dea72f06cc7b381b227aa7ff96f3d16ea4c

SHA256
42cbceeebfa2ff757c764b38a4c3891ae1b4a37eddd01cb6830557443664bbd3

SHA512
468e12f1648eabec1a38db120b0a627d04b411f057e14ece3a73b38125386a7269a369f7099feb4da4afad15045b48ac18f3d8463382dbbc4c25ccf2a2442f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c16ca80c0965e8fc6e90236c6170c0f6

SHA1
055d7e8e45ff20571f390d1308ac184a761d8a2c

SHA256
18ffe23171bf0d26f4c2c51948a5bb642d194707b905e2e0cf6b10f3c6d30da3

SHA512
f77155e200674487474f94a20715b20b447b6e68c1935dbdb737e81bc2f9c6efeab20e2d8792384945cc58871e17e2a9abd21aa38be8dbd2c00a4a89f20ff7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
47598e47b68fd2a8ec3a2e2651d9d2e7

SHA1
a65cf342962acd909776546093b8fd1399f083c4

SHA256
d8a572063a002b9ef3856e15cc586dc1fa9fceb88a2771979f4c64d8245248b6

SHA512
f8b70b92e41e6857df5c79aaf518c455aa82df6360c30a35bbd6d115258735549ba674af141afac3ec6fe4d23df4166fd61dedee6df6e7b07ad3d8f1731c6a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a681fbc1e16248d7c6352422e903ca0c

SHA1
18485b9f1e1dcca22d5a056d00b144d68b96da86

SHA256
cc54b470fd02a58ef29c08e391660120a781a3cbc5ba028fe9042f34fdc1e13a

SHA512
04b95fa3416f5f104cbd6ba28ad1c1f418c5d7e4781c7487fb9dd4b45c1a214e7897151dc90821df84fe765cbbcfa23737a977d273d2b081744a25ed98667251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e739f06f6c3572c0eb60f5aac140051f

SHA1
8fbbaf1933846241b214e6a0a97b6b0c7004f505

SHA256
83f979092cbe282fc8084616f97bdf21b9b543df2b2a3ad18c3ba90011e0abf2

SHA512
c411a20bed22a38290a552990a8fd85b72721a98750ce5f30dcab7cbd2a2e60897afe8e2cbdefa2d049c1024434107e90a10646a9e55db057dd644ec05ebd982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ce500fb3b8537b289a6b7fc7180483c

SHA1
1e3cbdbb839c0a8d46f8e48a7c62d04c700fa95d

SHA256
fbfb3c8e18adffe3fdf748d27a3338118eeebc1789c9066cbaa7c086fab96033

SHA512
b7efb90dd3c0ee69e48ede437fa4b4b9d3da6a0539791aae476d666eac61016163fb017b48aa06cab9c9728ffcd726ebc4a64adda4b5289a70a82c79ec27e8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f1974af66da9870e35d1bcb2d9262dd

SHA1
e9c4c8097d38f4b08cf688c3aaae0a2261c7fa17

SHA256
a2ccf87f78f3ce3ec8ecfa330aa9509ed4b5b805d010640af502e615dd77b322

SHA512
b3d4dbb6f3ed45dc80b4f9c9b61845c42266f82262e16360125a92b13cdf4d7193af4b6aef1d42699aa67a13ec7e4b6dd0857d93c17559476675d8afdb03f3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b26f0dcd6ab87a3450319fd9b968fa1

SHA1
a2c271e93a0d0206ded2ede963c9f4486406293b

SHA256
8e880955cd5f0b8231725ac2c0099f781bb06483f9d6e96679d562aebc321b7d

SHA512
7aa36c8ac9a423d616d5bdd7c2886d178b878ea8c4df7c13f850709d825adc5c0363c19b7aea212707bf8eb5d26efd10d192e1062d0606ed03124928b0d8774f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bfc710ff440108ceaaf3b302872bc124

SHA1
f1ceced0c5992f0c71710aa0ad87cd943235aa44

SHA256
dee6db5eb2143b0cc03924b30909162275c2dae8913d4ab871387d3e0c805087

SHA512
90405fa5fc94d3523844bfd4258730905897b1ff90e2c8e582ffad7780bb83978236cfba3e5661be1e19eaecd2d2e8fd5e8993e9004fe8e20565bf3a63d663b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ffe43ff30f5ec79e190650cb851e93e9

SHA1
4196b85f05769b5714dbf2bd0d2e9cadde175314

SHA256
0e7814846dab96f10ec612104c56921c125e1be536cc5c70c9d48523b4a912c1

SHA512
6849e23cf6a86407b48b1423da04457e80b24dd1387cb67ebb61af7fd24c1d4550e81aff0229e6f3ee295c9262f0cddd3169673c84d0e9986e48d5cde156ed19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
76f8f099371878ab6c05d7858039ce3b

SHA1
b5f7ec8d8ebcababcfbbc980b18cd39e3e60d8d1

SHA256
b06f1e545b4c000bce3854645b52f97a9a1ee5f775ea1cc078ef2f22bb6390ec

SHA512
666537c9336a8c81991e9d2f5a770b29be7dfa09535a6ce6338d2d811415fcf76854ad78340ceffc72022b45d599850f0610fb1f86cfa920c0f81b6a573247f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cf4.TMP

Filesize
204B

MD5
7a9c335bead7d5b74c872a32b3095013

SHA1
585bbfb987e9b88e2ed0361c094ac973e95408d3

SHA256
9912378a03cff9bcf36e2bcfa197bced7be976b208272408e5166f1f371cb6fc

SHA512
69985934c165f5f5f38c0c42848ef4540a64476b459d312e6af4e76dd8b2d3b99a25f0825ea4363915222b75f82fb8f1bd4253b5a69f97a5be2e8d3721e185c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7a5a82ff169f8ba09efbd2a31f8a4d6

SHA1
aafe87cb25d1ef0572778d502e5816d3781bd21b

SHA256
76741401583f2bc999781b2b7b6387a86041bff728c869ae8c47c5f91e43682f

SHA512
dcd6ba81226e01b0271cc4a44957d687f6e40bee39e2d283f5ea917289aec666d1009733fe8c237f2046108c22d1e2985f11b50236de7e0755c8af2286c20429

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
033c039bdc5062cc0b2a43c9d70036d0

SHA1
0d068507b963f94e7497dc388f68934b133117fc

SHA256
b1de485b72d836bc80afaf46329f2cc837d5e840414bdb405e8c75cdadd944a7

SHA512
730f4568352b5968f7f24ed514bf4166d8463c59767ee21dea9454baa795c0af818c0f8c2cc0164a25383068700749a9e1ef816a7eb16590c16cb8bc14015eae

Download Submit
C:\Users\Admin\Downloads\Nezur.zip

Filesize
437KB

MD5
bd241a63dc21715e0c0e4e0db32cda71

SHA1
9e4832f23ae8232fce7fb0cb8b41fc525d5c6526

SHA256
d1fd4a6680902769d39157959bcdc2b816d5f0ebff8913a02046936323c2ec8e

SHA512
96194db9892e02d51aa2bdefc9cbdc06f499a5b3b8f415a80ece184cfde3e037b5e12be9a5de2e3bfc33ca8b9ecd13663242c3b6c5636951f647820c47ff33b0

Download Submit