e15a5297ef4440531f399d1c08e306075df9c29a0ca0ecfa569da2fd28b3ed65

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fish-Menu.dll
Size

109KB
MD5

b2f957d6dcaeb46a9a2232fc9fc9a6ad
SHA1

d995bdb7d5db896f21d8df9f6b315d012bee689d
SHA256

e15a5297ef4440531f399d1c08e306075df9c29a0ca0ecfa569da2fd28b3ed65
SHA512

ad2e8b387a9e6ac48578b05aa18b821f88f1e550b47d6464453bd3faaa1e77a62ae2e660e55434395f904a164ee26b50f380428a850da3e81807fbc45c25c8ed
SSDEEP

1536:XM5r3zhaJ0im4mhPw/ugEjlDGJtuleJuiw9hjiqbRbNOuypjiyvnW8Ny7KFdCInv:XM5sTm4mh4/18epQiq7qjiyve+FdY+

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{B1EEBA69-D2D3-4033-A8C0-1EA0BD5E7D84}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 89931.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1256	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
3904	msedge.exe
3904	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
728	msedge.exe
728	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4260	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe
4260	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 2956	3904	msedge.exe	98
PID 3904 wrote to memory of 2956	3904	msedge.exe	98
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1124	3904	msedge.exe	99
PID 3904 wrote to memory of 1760	3904	msedge.exe	100
PID 3904 wrote to memory of 1760	3904	msedge.exe	100
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101
PID 3904 wrote to memory of 4076	3904	msedge.exe	101

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fish-Menu.dll,#1
1⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe858546f8,0x7ffe85854708,0x7ffe85854718
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,13053715021764295544,8697141916700378589,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4260
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\AspectCheatPanel.dll
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
c764a116bb5f3b348177ed1b293a515f

SHA1
10bdbd5398f0e8bb180bc2773a778345529a0a85

SHA256
63cea794b8bda830d5c18a6ced98cd2ae4f6b27be723af8de0b3fd30bc56e5ba

SHA512
b33bc90182b1b40163abe370a4da6fb81a169bf11a2235c46d350a66afd0daff29a1e6959dbaf9fb969f4d32bbfd2de5ee084e6f8b8f3d3c175b6d3058306585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
76b845d603a38a7de9d05a49d5fe6701

SHA1
4a236a653af4f0612cc3cbc26a2918e20a93028f

SHA256
e8423446c98608076129d804778b9594ce28be26f5adfd3ebbeae60e20ccba19

SHA512
23f23e689350b2cc6a4bc925d7bba5d1d55e20d7a55f9a328caba929580e65da5c4ac2a63f1ab4f58f197c6e7929c14531f6f4a60013910c367ec373b6565f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4fe4d4189eeb14e27cffaeb0e711d060

SHA1
b082e074700c35eb87acc622dc22e0c2800c64f8

SHA256
4e8b7ec9f3958e3289bc6ff9ae5c65d69e1b1ee793eef2650aecc3453df2113d

SHA512
41bb7c4cc08afe1ed1931d408184f93828a8f677d24dd4b8f9358cdee612d707053ea7ff2a2bda91034573f9e27d3b3dfeaef0a2612b3395d35a158f0415e08a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43815167dda94c2de1482a6b922b87f1

SHA1
0ec005d0ff48b5ef88456b4e147d6e83d76617da

SHA256
7b00f72255e2ea8e12d5e4be2cfe585004c6f3441b4661aaf5ed5a944405b141

SHA512
e7e5e72a85d9fde54c11f1c9d8bc2f64900cd8143539c1e10af817535c97a35ce02fe78b289abf57905ef4f0e92ff7d8d69560326d5c87cc9c038fe5c3bed819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70a783a0c93e5ce50fb72af820fa0f3f

SHA1
966c48ac9fa175a9677171e680b7a79c03942e38

SHA256
b3b51cad70c289b98205299ce5fa2f243d2fb674a990188879c850668e02fab7

SHA512
e4adbccb8b0c1fe2aa4159b3e9e478fe9abbee087651d8270d0ee8b923dcb6258a0ab711891f33e851683020297403739adcb458029e8d19fcb29e4da6564f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
42d6d5cef7983b4398b135d32fab24c7

SHA1
5ae508b51edf455a9dbae5c6cc40b1116e213ac6

SHA256
9874221ede513a68bbf7ae2b598e4cf7ba0d40548048fbca08dd3cc4459b43a4

SHA512
faf4261459dcd6aba047c6ee93228100f220c3d7498e53eee11da2b2a623d5f58d192fa9623b1df58dc7f376b62f39e0be6f66ee8d1dc73565676282c655b35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9b2b3c2a4db5564f904180c7446a593

SHA1
d334bef82642b9c02b09ace067bcd9322e3f47fe

SHA256
7a9ee1eff91fc7796456eef4fa604c21be556f7f11f03818f409f0883dd03281

SHA512
4928f0681fbf24c7ec5ac7c541c1fc203d8cc31b05eb64fe0320574ae69d4df3bec39fef6af57db33fd6dd17770e3aa5a453624f36f8763639b2b850a27f69bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bf39830da7d6cd3982b28f9a5f3bd3a0

SHA1
5272eac74c78ff631f88941943cf23a2c6fcc9e6

SHA256
32618fd789c579d4eea0f7d3702b3b259fb1ccdd52e889090e3100de4706ea64

SHA512
ca9a2e3124ada8e42fd66f6e56d0af5fa785ab19b57ffe3851614a1afd376a8b1cecd420fce7df361cc59dd8bbfd544379242bcf17e5a13e7697702917d61dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e8d900e1319553a401798ff4e15f0d6

SHA1
fb369767c57c09866664ac683a66516c8722fd6b

SHA256
296d679351d8256cdae4c67251f376bffe45451f970771a79cdbeccc8c7f4ba4

SHA512
11a1eab8ebfc8e80884b1f0c6b82cbdb66b9135b3b9a1d051634112a8270062d65297a8a1b424c059e20314f8e5800dade44fbcc82ba77de66146e7b271c3c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15f104edfcbe706a1a9d43f663321806

SHA1
4b0d4dcf4d4b2d5a29b792a6fa500e333dff42d5

SHA256
24d5ce7764a883b4ff1e2e24ca3f30e0ae7bafb74f5ded9690f98acdf7b1e1dc

SHA512
9a945cf3086e95469a4d852b72af431c1931986c8b889245c11755bf52d3a95a67df2ea94a228145d60e8ff0ee4122311d7fddc16c06fb004ec7a3674eedc548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6848a3ed12df566af6d18431bcb2ea1c

SHA1
e4034d42caa9e1b6e0f2e4897ec8b1fed9ed6be3

SHA256
80e21baf985bde8c852f9d45692eba58ccc19409d8d2d0158b6857ca08e78ba7

SHA512
47be0abf2d1dfb6878ed302d864ddaa98bea015bd132dd22e40c0bd049f9c827e29e3841ea27e9f09f4daa00f22b6dd3622ce3763f93965ab6f9cde9c4f4f400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b55022d920d554e2f0b4b498998d24a9

SHA1
fb278219d67b8e727d639d4986a4e44c8f50708e

SHA256
8841d7dbc91e051798a00089e74fb9fd8325a2c9e9839d21f3da5bfe1d92d2f2

SHA512
e7a29b79b668bb81ef74e50a83dda6f287f658b25e9b2b89745b6378d61810c21f02da2d2e16f358d55ffdc93ee657f1f0a0684886cac0fdcca74e4a9b5f1ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2855f60b3a31baa078100ae0463ab714

SHA1
0627c7bc7ea9df90db0eefacb345bf4fa16678c5

SHA256
f36f8a158a9aef1c0932356a5632ac41d94daf67ddb4248a40b244a7256987e0

SHA512
d85920b4224087f0a321f095558ea697ba002f5e470fabdd88ffa39ed841a69d0353a36841e7ae5d021eaa24aea3708df030676220d58a2f7947c18880e8d4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598c58.TMP

Filesize
48B

MD5
b439f01e9c2dc7c5e4e7e738150dc570

SHA1
1e06bb5c0a5a788941115133ceaf67aba95144a2

SHA256
ea8c6268695e4cfcad6eb0298192c8962b3c67d5c70c28cd9a8f2a4a90ae745b

SHA512
9c4b8395330fec0afb7e9cadd1881af0458741d13a954a0385f63ea5b71d9bc7059879746e39fda01144f685e5a1e41d81dcf1a858596c47d2fee308eb1676ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
faf8e948efdbf0b50e6b339e0afe7e5c

SHA1
861fc499fc7b343f69cd00d6f2056df3cb93b18b

SHA256
6075dd986829fceb642eac8fad0d27762ff2d9df8382d9ca6a8ecd4c31603d28

SHA512
5808c1fa008177d353d54605d5979b57b1b31821ece0e7b3acb5e10d89e629e1ee07634ba254f918228f0d6590dd629bd96a7dc0c5681b207f85c999b74fcc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83e07bfda957b73a9a7f31357707f972

SHA1
2923c9bb0575634ff1f570363ce78c816a625e26

SHA256
169722ea16725b98103d50c1b6d3650e1f047f0f689b606d2d541d0fc111ac23

SHA512
50d8bd8d750f2605244c109c3444ebd8b6af414d3b67b29127b40eebd6052d95d68f58998123164eabf3f6a02739b739d4d780be9d5f8cf5092d57a367c78a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7af148e1037a6d8e5bb32f0294bc3d7

SHA1
3ae8f33aaf6ba3fba4797a3da24b76326a84d054

SHA256
4d17140c76e413b8654cea25702c213cb8ef6585a85873340608eaec4f35fa53

SHA512
6385c2741fdc4b31689d0db5809ed852e05fea3b00b51a969a708bfdbf1b190479bfd4472d43d0f590c8a2b3fa416b9daaa123fa424df0c02d6bf1f54fab42a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89bbe9244377506c65cb6738af691b82

SHA1
fff04bbaafe15d27d0ffd3e089b76df3c472e815

SHA256
e389954c419e601d7e9c3dd53067175b7a9791e1aea032b119ad7308c54b71f2

SHA512
c561189f1345320634f81dfc1b76fd1bd9d59e6be30a9023ad917ad7e421a93cfc232ace4d50ee228376c1b325e2ed27617036dd5b89156e374b28ac7b9f83f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a91.TMP

Filesize
538B

MD5
ee71f38f6f9c61172f4df4b164aee059

SHA1
2420702960a4c17c3025f32463d0e48666289be9

SHA256
40206d1d98d2e017203678aa97a48be13c1c7e68a7059a5e4128e71a4187f0c1

SHA512
355f9ccf07d8a61b72029883755ea60aadce8bf2f4f4ab74a2e7ffcdef5b40be119e5fd5c5adf967652bf61df7ea1f33a04404f23c2c536ef1da6868f4db5827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60c0124c899edd98c071689ec5b440db

SHA1
ab66d7e16da2a7d888c531d840d079bad13da5dd

SHA256
01090718c420e793e1e75f626c3c61be216ad1ecad34fbfbf692a2a596751da1

SHA512
3ad21abd5ce9ace3fce19922aa1ca7b2bd052b7664d0a9a94732204fde4af69afff82049f6bc6e38a07a04a16c37b6e06554c3dc9218b8f9093b51bad7365701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a8d028a3377394676a1f8cfc1dda957

SHA1
e9a7eb8faf9e4cbf900ddd967c41e6bdda5edb3b

SHA256
80c661d06af4bed6ab4011fa67be069608a454b45c6b97d2d62e9f8fa30fd04b

SHA512
1612abf360f3b4a15fcee9e89d6139356f49e0934753367824c52ae8a99f933594e11e45838c466dc5d68115509bf276787a30172ec4e8a6eecf4cac40d6b23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b94ab2821a3a1afdd687c67ebbe855b7

SHA1
09d201e3ebcb4ba5bee3037b9b73e550527c2ddd

SHA256
becf93fbeac281bcbcdfe2ac0511003fe5ebd7c71b5f57de92ad3d17c19313d7

SHA512
1e4ccd89bb8328cfe85d6f95e9d54c4b8f450ddc384a3497abd339342ef8d316ee0fe1a105cdbc73925f06a1bd85f02e78c0165cf3f362eb8a3c054173399691

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 89931.crdownload

Filesize
123KB

MD5
c8087bddb06a4935621ecc7360379b99

SHA1
afae6ce29e57a96b836f229671524744ea438cfe

SHA256
c6d69526480fb2a48f8eb424bf0fc6d9ce335e64c6a6d308355c11b7de351fa6

SHA512
de0b8d167a5b8c7325b259807f42041f90c9e8a2970208b192291be2b8852835f981df5b00afc0c4cd5f368b95301bd0feebb3f51851a31f94782d9bb8429241

Download Submit