hxxps://www[.]mediafire[.]com/file/bonb70kgx2kx6ep/S0larhjw[.]rar/file

Resubmissions

02/09/2024, 17:38

240902-v7shcavapr 8

02/09/2024, 17:35

240902-v54gtsvhnh 3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/bonb70kgx2kx6ep/S0larhjw.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
4036	msedge.exe
4036	msedge.exe
5968	identity_helper.exe
5968	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
1260	msedge.exe
1260	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1252	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 912	4036	msedge.exe	83
PID 4036 wrote to memory of 912	4036	msedge.exe	83
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 4568	4036	msedge.exe	84
PID 4036 wrote to memory of 1844	4036	msedge.exe	85
PID 4036 wrote to memory of 1844	4036	msedge.exe	85
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86
PID 4036 wrote to memory of 884	4036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/bonb70kgx2kx6ep/S0larhjw.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28c346f8,0x7ffc28c34708,0x7ffc28c34718
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7033073332559091985,8226480031368897568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
eac1e7f53d4a059d4f6c3347cb85183e

SHA1
acb6912252f10329a1c9376c5422e275783b67d5

SHA256
cc672a6a257c456c05124ba7470f9a96c2f3ac4b6dd170a1b611c9dd5dc1cda3

SHA512
073f18fcc255e2564fd2c2e9df785d532b158dd3c2f70bd60f1f6915aa7d8db942dace0c180d6756b4132b417ff283e20fe4902bdce152b1c5815e53375d78bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
83KB

MD5
069b45da8fbae56b85dbeda306e7fd57

SHA1
978cfdde3acdf5568519e31fe546cf096115d667

SHA256
58aa5bf8d6f4681c616560ebdc7f3c1b5592f88b30fa1938031ea85ebfde1851

SHA512
6a3ef974116fa8233c5215df3ced1877babea7a70e9569a8d7d54cb31e565bba7d1ee08923ddf31f5f5d243d72feb7608eb15e0d215f173446603937c1116528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
108KB

MD5
2ffd1c65c2c44fc21a941aa9f26133da

SHA1
15594f04e7523747b8a861af189248aba2aecbb2

SHA256
64eceaf5ee0a4f442ec4c0cda36e6cd8557b06fff43344ddd6ea044c017deb7e

SHA512
102a8eec2e4310d417353bcdd37c6599fe86e0ddbbec6af99cce762849473b4f7dd0ff30cfe13b8087586791fffdbad5da1604fd140980fb223aa17be07a7fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
71KB

MD5
4e396692209612a361b397a71d1182d5

SHA1
7e3510cecc0fc3589fb9e2588f32dbd6d9edd077

SHA256
08abed86af4e5f9fa8f16bf9012ccd5184e65e30ec659dd2639788cd34b6ee77

SHA512
2a1d6a1fee315864a3b547c794d137ca46db7e02fb6dc81ac3c3f10c8c012963b54cc307880dd662dee65c2e90fcef439ec67c9ec4330a1450c36050f20fcf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\121e4705e6378877_0

Filesize
84KB

MD5
720f3bc9f2846808b0522fba7ac598f3

SHA1
0f1318a8deb5276d2320379a6ee02593124c393f

SHA256
8363891a58ab83cadd607aa527cd0d97de2b61250e187e699b4ada99c9bf33f3

SHA512
14cfd198348d7aa50d15a9bc9b253a435296d802c6aa128df14721264fa5774130c64c1e09380b7c5cbdd4f8e02f14eb54f634ee52de45f90ba02a7711ca99da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
7ec4fa5053e05163c3f5900c21508cec

SHA1
119ee232a3593c69c24865c92ccf31dfc3ecded4

SHA256
cef14a8fb9b7991e022f781b1a385f3bf4def65641de0a2d866cec26d67a048d

SHA512
726c72cb45faf2fba3eef947ac4487a1f574525a67ff3b69af9f78ab7166f4eedabfed3d2ded6406e9082f472610c9d358481312521d14a2df04ac8eebcae312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
3aeaf58ee3eb8daf651691f6ef5a4c8a

SHA1
dd55dd0f46d6550a489c40776ad8e224c7861842

SHA256
12841253c575113e53df4bad797fcd5d3b5053d65468d0620658e39827ead35d

SHA512
fffa3917693d1416556c4e99877c838feb7eee253765925a41fddd95094d466add2199cd7c88e641490fc43fd39a7d6a5ee2488d2853415c5384eb5fe747bf7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
df6d9d998f57537eed2034ce65976b5e

SHA1
a5ba1337db6e94bc8f63512ef2aa8aeeaa5dc674

SHA256
5a8f71d26f80411e23b531ab12d049cd1bcc4934c0d095a55c5f979e05a57e74

SHA512
28818cfbc8d27ee1e6cf1c21c2a957957663584d1a50dc24318d1aef51f6f4dc5470d0827334201325cd9d12130b1ba345bb1952a220c76f4da36dee5c9219aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0bc00fad603cce0_0

Filesize
325KB

MD5
472801eb69a205a2c8f28852f089e6e0

SHA1
6a8a3060dac32074026bd01f147c007f7dc95a5c

SHA256
7db34ce9e66d5b15fdf05d66139df7aac7b437c3880786daaf92be3b9fb72cfa

SHA512
35e34d3935f2b81034845d125b3140d89c19800f0ea16e048f54d9b2ba29dcbc98cc8f9132fc3d66ec24d95648086696be562331c952f5b7ab63bda14243152d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
f5f67d985267c08440460f846a476a80

SHA1
a2ebfcd787c29eb8c40f432f7b2365bc9bfc303a

SHA256
16cc34c2b48cac01e5fd260ba7f69697f8b41da7a95f23fddd18dbedae6594eb

SHA512
f4b33ff998eef8befceee8b5d5f24e70f382cf4cccb321b7b2b443903b283a596105d155e53f77607348466d22e514fa713d14d63b3f41aeec57e03aab3e87e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
2e92b7407c062d857c38cff7b53a259f

SHA1
8396b3cc89dcd9cd5be6f4bfb6ddeef201785681

SHA256
eee2b21cac3697715bdc9dfa80dbbd26ba3a9aedf152b7dd69336a5d45debee0

SHA512
b988871c794e7b930d7eea1ca66440ec3c2aa427060072a9b33b668d3d01fe414a5da0f9c3a519921aea5f8e51c2afa0fd960a72abed5cbd4d619218df2f258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
d2247838b9cb55593e5c7dc6455e7e3f

SHA1
0b5dde5525380e5a0066e52b8f4d9881e7a5596c

SHA256
ebbad6cb8f1f2eab4afa891a4a898e091e48b1e0f1e08399b918a94f718bcf64

SHA512
b18aebe029079d45667290c2b30ae48f6b6d1f6f63ff1fba64eaeaa522ae4bdb704e71202e69016b5d8a089f80b1b34f48a454e68452eb0bd401f005eb327d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
949110f543d5c3670e3ec22b6ad085b7

SHA1
7ee80f07a7e4b6723780878fdf693173dff5e7c2

SHA256
6f5531226695c889fd17efc2f052db117afd582a95c3dad2949c623084f0e9f0

SHA512
d9739c776cad34c86cb1d97645798d3893b2280e72cceb2b99868a10f775adbb6bf241df6cb7bda3eff46bb77790a4513e1214e29c308df5aaa1f2fd65d2ec5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
31c3ba86e67875df64b40c9f9c585041

SHA1
66dde9aa856f49b718bcceb856302f1354192696

SHA256
5b4876dccff998ccd0d05d38829c73764d84d6791419c5f70bc0576c025f033e

SHA512
a4148fbe84930d1d145ed6741325261bddfc0ff36e9b647546ee26bf3ac46e83315f4caac68f71c576ea6091e5b9433b182f9b8a2eddd845bbee7d8f1bb64eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8422a577dd3c1c49ab447d3ea0ca66a9

SHA1
26741927221ed37fbcc60be9040b6b2dea0781d6

SHA256
41f913db5f9122995c6abeb3b706acee4e165e254f3ab3553ae580b8075675e2

SHA512
dcb694fa6f5cf850bf2c177ea43808550efe9b7b6942d76be74ad2a16981b29d56d633c0eb82e67307ec989b2deb1ebff7b1aaa6e55e96c891a10dd98c719d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
050f49c9fdb2c79b065b836922ed947b

SHA1
0ea16ce88c251728115a840d8279dfc9896f38e1

SHA256
60c212f0593d7228146c97e28a39b733c08243a3d2ffe5bd5fa09c4be383d8cb

SHA512
12e9254eafa5ab358fc1fc95ebd9bb404ccf54fbab3fe99acca1da6e8733fb65a0eeff95b29b5614a1e7c15691c247efe9a45abcca075a0c71e0353a63cae272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
f6280ef3a2fd4d4a3e5bb85c395aa178

SHA1
2a811781e3d932728ebadfbd8e242eb36e5d6520

SHA256
52fb76ebcdf714679dc5ae5fc46884ed84a7a4323171a06b34b6bb365d96c5bf

SHA512
a400a3eb674409c2158e63a8a30f78e6c35ad7fb68badd38aa8411b6994ce7aac83227bc1d6c2311703241a77a333e3a87ddcba1c28dc3f7ef3752db1570e4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9d2439dd16f7e42e065ef242ed0fa2c

SHA1
d33ef490cf585b2d3405e15a80bea76d220e196b

SHA256
739bf35f3e491f0e9fc140d3d83be4269dd15d5c941e1e84020d44343eeba5fb

SHA512
88cd19c31b2781fb2e4628c91c927ab43e0aadd8ca4461696271f643cf3de6dba8c9177f3ff5b9ba73752ba24a9e56b41c6b5735ac36bf490645e4ff2a0ba723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5d67d12d4224ffecb1548b187f141f39

SHA1
e8a9417d2fd01bc714c2c630c19acdacded2132f

SHA256
e16091cda129d19f7e395e69fedfe57ca9f0159de145798f3c8ffc1c7393d8f3

SHA512
ee2a47a46ec615c9a5c77ef9bd7f6fd38b50a6bdd546e436d74621081193032a8b7dfcb2f30606d8a7c318aaba08e41e0cd5bc4e9f3e32b41e6c7929673ee2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e7a5a103b1b3c6381e706e2250f1ed52

SHA1
8c894942f64bb8796f47adcca2125b342d6f3f2a

SHA256
d8dd0606962d517069afcdb4ece03e22267f1da44b908282933c590f6a86eb99

SHA512
4f49f1aec2a481f95836b0ed96e968ffc464b549c101da5551679511b0b188e2269ff42c4a46d45fdc472f71a50a2aa165cac0b79da7eba4ed87c0155cf7accb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5b0b39ac41d7b0a91ea38025625f53c5

SHA1
8fd3a1febac7f7280338dcda55b04be62d10da08

SHA256
2dbd7210118ba6fd93f0faaebfd2a31cc4e4da63452232f8de716d5906996aab

SHA512
d3301e37b008af1fedc57cbfbd508613789f6ef64b7b6d029fdf5e148d6fea35abfd69665d6063eaf7045f44052bd6a05abb7385f1d781f6c41e4e1e00390d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
43c82a538e6571251419413bb1cdcf66

SHA1
fa71f668fbaaff0650d901d63590c75f2b9cba79

SHA256
dec1d3503cc747ebe91b48f10104dfc08c4fd04e5af4cb9be37a3a6566d6ee6e

SHA512
abb41d1a45d4d9e2bc522f5dd465b716f7da59175d9927e0d1650a436b3a35856a7eb3eaff0a47a61c128a4228dfa71d6448c7d32ab2ea7770ebdc336778770a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cc84e60bf99c1a25f2826137eeffe2ea

SHA1
b9f72822d6287edc8cb9bdab03da9919da706c13

SHA256
062737633f440231ba8694ecaf505ae16f362b7e2409dcc6d938569c72628765

SHA512
6830e626c970dbf0d98c2261dec6c0afc4c93bb141ace181c8296dad904370fd951b5f71260c2a77ac291fbc17dff9fd91dc8f2484d45cf4106d05122a17ad25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
85f208c02799c52b8daed048bd4cb9b8

SHA1
10468e646a02259357dc347b13d72cc7557dc344

SHA256
925d9c4d595cc760387e0852376c108e1108feec17f9737c0d801d5b3b69f680

SHA512
8c58f7422cefd0fdb93e6c572d61ca86100edcc5aa771457359bb7c5ea722d31a567908c87b343acef7d50ec1d9d5bb9fb32a803d9d0431f6a2a11b2c3f75a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0af8d8b9f6f3d0a7fd5594450b161edd

SHA1
5a15aee4952cfa6a8f582a581d056aaee033b10d

SHA256
460493ae62aeaf4392116ad5de91b16361e1d223315d5cbb5c2d130a79ac91b5

SHA512
b3d2f92de10d32c2997d190429916c0d0d7e9c4410f7ce966f70f3a8425d99da704aa566e51e424a46bc785e73fde76be1cab486449ad5a3a2309dbe7f7a6086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
31ee6ac144e5e78f1fd9b3901c6b0b7a

SHA1
471dea2158060bcdf2ef2687ecce359c24b708b9

SHA256
3756dec7e548dc8d6895c8c4626f48e40346d8827b8ea2a5739ed1ccdadf7845

SHA512
0eb7362e3560ec65035d30c67633e1f085d7ee4d4e4efa72f6055098423b70c21186bec3ecd739dfe3c8df777fd8b34d47a0f556e0ee1f0564906fb441abcd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
376f25735a1f2cc7e9db80dcec4d9693

SHA1
1b17472d7dc38efa8bb4a2a2cd78b97c2499a5a6

SHA256
556194562a557f802a5cbbce98ac7304b8ec15a22c74a2c7a331ce1137146eee

SHA512
67ac5a4668336593e1ac1601517ec9e27c2ca54c72b77f3c1059d244742ae5881ddd6c81347df79da5f136f3746cd6ab5dbb78517283a826e5a045982d10c859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ce27808b05ca71b07dc63d361b22794a

SHA1
c1f13740283be8e6722976bdb2b997b9a0207ea0

SHA256
ad5930b45c324408f8f4092faa48aebef4bc3292f93caed9821eb32a9c4b4ce7

SHA512
3191bc058d00e4e4be24c0f550de25234524bcca1db825fe1f8f45bfc36ce5f0aa4014dfbc0e5bfd6053ff5000756935461e3ec141ad4e7d30f4bbb26cbe9fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e88b.TMP

Filesize
2KB

MD5
b9d8b66d14fc6e9d5c57fb561e37e270

SHA1
b170877eda19e1b6a662de679323b04ca30942c7

SHA256
e81bcc7e3b4d3ea76ae8ed7c700397ef9027622e13792e6e2f6563045a63d4d7

SHA512
89f59bc45d9bc3250afc724b58873d56a25a381bd75048636f96d8214595f6f2dc28b75c2a3868838b493f13e2592eba9d37dde749fa777145a9f166f519b32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fa6546abe4188d6dcfa1716313d52ea

SHA1
5af7ad2aa8b18f56e0ea19552e0fc0edb5c70da4

SHA256
1b3cbb1094f7591324dba386c52c50909097ab8af072146204789beeceb4bf91

SHA512
e02681792480d4e9f3c2303c4e7a7f5e160cd9347cbf82b348dfec0d14f825e7cfe90a2ed5803b0a95322429849ba7296ff279c385c7b5156ae909b72ff52df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2f7ea4ee1943113ba10db81eb5bbd517

SHA1
db145596ffdc7137452e65f7077d240bfd7c0ced

SHA256
1505f2403c96275fafd69975e310db94937ed2b79bb0125f37841fa5b55541ea

SHA512
3cce9b29c3b14bcc91b77a8e07825e41e4cbacc7e4256e4819d5bdcd6c3867717fcb3c2393d3b0b53beeb0f3d01be8f73183850d8258307a6192f27becdded89

Download Submit
C:\Users\Admin\Downloads\859eb436-aef7-4b87-829c-b9fbe2e9110c.tmp

Filesize
3.2MB

MD5
15134cd284f17ac890612aa10b29ac9e

SHA1
8b35e7f6074a1251fa783dd5af8b975c16943dfe

SHA256
32042c0d9474144e3306df0234139412c946c52b65e34ac849e4260239c0a43e

SHA512
fe4e8fe1748be85d9c6faa6ec8471c3f37046a9c485a58c97f62f04997c855587e9fdf440d6ee48387ab30f61f83eece2fd6e538fd04a684c0e11ba1f4f7e3fe

Download Submit