9850e6e9809528ccbf2138df0a7fbdf854c331e807216423079640a25424e0dd

Analysis

max time kernel
201s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

1KB
MD5

d5bff93133777a7c593456760a07da9f
SHA1

9d7a3d892828e0147ed40215bebf980e0b803b45
SHA256

9850e6e9809528ccbf2138df0a7fbdf854c331e807216423079640a25424e0dd
SHA512

5aeee735f49bdb6470098d82b5e14c3afba34e7be6518385b6c57782d7611e2d701a2b293bea1aa3ff922d45772e47228fb782002f9d3a1c3d23a9302c0d2c64

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{3525E54A-9A93-45D4-AB8A-370C52565E74}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
5016	msedge.exe
5016	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
644	msedge.exe
644	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 3840	5016	msedge.exe	84
PID 5016 wrote to memory of 3840	5016	msedge.exe	84
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 368	5016	msedge.exe	85
PID 5016 wrote to memory of 3212	5016	msedge.exe	86
PID 5016 wrote to memory of 3212	5016	msedge.exe	86
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87
PID 5016 wrote to memory of 3096	5016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17218959258995904464,15474288722128254679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
58756d99d2376dcfbede6057dd25a745

SHA1
76f81b96664cd8863210bb03cc75012eaae96320

SHA256
f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

SHA512
476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
ae3e1196fc70529c6e4e126165136f5a

SHA1
e482bffe480ac101e7eb97568d67dc8e8a401737

SHA256
2fd321b046ad5f14740e970694dbbb14f5c280e1bb3929c966f7231718e4aacd

SHA512
e14bed20f1891bb4c581cfbaa164f2e455e4ba798b17ccf8f81a8b3c563a702eb5f8f50525843963b600df3fa8b699155fe1ed9e1aacf16d8568f911e9bc787c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
25KB

MD5
662a8eacbe2122448dac469755a70e37

SHA1
d921fb71699a405b09da754a733f672a54ab8bf2

SHA256
c8a9584f6a79694cf3f94984f89fc9c86ccbac676a563b821912b95b0ca578f8

SHA512
e53f54be9806e3b960e1697275b32c43679492fed694fcb6845f8bc301f5fc135e67473ebc2f6f49e7dd7509ec14a6485ddc6f538f8c76e7aaecafffcbb8776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7314c202b9da471cac88b57bd769e48b

SHA1
a7bba6c877c698b109ad4831fa7ea96513644f38

SHA256
992325d9d6288ab677885032df58e47a69bfc8806fc13e4cab034a7ad6f09b6b

SHA512
08379ad70701ac145c6666004771cb3a30e1373247ac3f8f9e5c56c9e3d51ec2bc25e7329f5a3c246d4a48a413d5337ec4ac9b45670c0ca75c9f23bbc5a1fdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e960f37fd4794acd8d96777f5d77f6bd

SHA1
ae910fb2f565e5a90114fec322da1e4818d4f6d6

SHA256
e8b69666059545d25bcffe9e4d48d24a07d99d4fcdfb8afe3274efa0b3992820

SHA512
b71c50b857f5e8b119aba679d7c3ae744a8dddb028b354d382563f4193c910ea7111a720f1577a78f9c892289ddb779e6f5141def2f9ddd7c7ca647f6da76c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
17a89d465c09ef9014345210874508bc

SHA1
f7665479b90b46119f436e6042f2d40ca132d27b

SHA256
5cbe581b2d408d248ae5376905982db0fa66eb647c9834da3bb9de95cf346fc1

SHA512
ccfe2b29af6eed89fdedb8c7626e7e251170d27a7fd4c767635c4113325fb852041a48957db0eb3e1df7dde9cd39412a1d0955cdf1fd6cf2cdcc26a3aa823a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5696500cd77658637731fa0efefa762

SHA1
20ebc52e55a5b06321f99a8914182cb3d8569a33

SHA256
70d7a11ec24b0aef00580ee1d54e7ee8515bae3d49fa46930d163fe98b566860

SHA512
abe6e2c488a53f220571fe3ef39f2152c863c04d5806ad747939e41d921b63572336e3077ff3a4323024f6e1e67078cc88cab67e226e8303789d06535c301ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a9fc34b6ab50d1bf381bb8787924677

SHA1
255309c87631fb4d5888524bac8dee8b384d06fe

SHA256
45b7bfc3506029edc5955a6e34043de2b409d6653ec4b34cc52713e8d1eefadd

SHA512
9c52f3887f6732f3f06ba19e5acd533e61ddc1babf49447b7439de7613a1d8165caf99b3c96edb6f7bebd7d19a8ba25ac003f2464d959af328f9791ed2f6e8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d2de703c568ec7a86f2ff35c28f12580

SHA1
50723aa0a2416485fbefdabfa0f93d83d088d694

SHA256
7acf3535d36a67ce41b6a65e015a1173ec75f5f61194d1af2c6ee7f9ff64102f

SHA512
f01ad0e3fc4a3dd59bbc025afd8afecb83ba8cdd90b82e165a747f6efd67371457dfa3c454f4bc1cab1f61e09de5fd3fae4f38c003fa54349d0c584c336d92bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d2735c280e4c1cfbcce68ba24d38f4f

SHA1
03c143d9bf87d65a900fc9207745d0bb26531617

SHA256
7b8fbd077c9a5297a880d4f9751d0dc597712da3757027eb7490e05a4f2b27e8

SHA512
56f313b042732d802a71299f3234d4433723a415194c6a3bbd2d085e9db8faa9429fdbcf59bd9055dda54f396125eeee37572b3dc1a7b8896988cd82a199d0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb4dcf430d3ea2cd76b7c93b7d34ff9e

SHA1
064624d5cd69ebf3b9b56c5dca151c58009b26c6

SHA256
f9ba410751d6d650b4fcc972bbdffce1fbfd0bb5cd9354645e292254908d4fb2

SHA512
16596358ffd9f0cf3afc1c07d08ebb5136992d464d6fe327edb8fbd5a6e6649a91a00aeac5017bb7d0dc17c1325954a0db1e39c75b2e5ae98cf4bb75b70ee6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7503f79a708d4ce0d1505371961d31d

SHA1
149fba81f44ba775406d407b0604d44dd5e1563c

SHA256
a40b786dcf6dc4ea73c395b9684c266eb3789585d1ad96042194a82168c9cb62

SHA512
40fac6b5194afcb4bcacb3797f50835a086570d92627e0d10158e3ba7f6b0ba93c68fc37ceb24802c27c85177eb5b4815622e6d26e69199cc7093d4faf0a6234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b7f4822b164a0d403685c0b280faec4

SHA1
bd7a5390f4d3b38e35ea50e368f51381ccd0fe22

SHA256
61ec11c0ed2aa4f14024d927937df7d80f3aff62640a0a38bff316639d94d831

SHA512
e68ed686e699295bbe9a55735af8665e0f914f9f5beb9c8153bbcdddfed36bba75bb722e50a7cf3df8678bca22698229c8d3eb9464f8f5f41bc63d4c437088ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
2908aa66c84dbc9b44b87bb800ce43fc

SHA1
3246dd8197e2f2e74499fa8a222109e33bcc1d93

SHA256
6eae3abb97f0572847f97cedf4f4f857a49b3a854cbed35286ec8bd14af26ace

SHA512
16d6d950ca302674f2ab2057c74b21f19c9d9cafa7c8c9a311bacab1791a292caf3c3f45c2428f2a9dd3e87bb21408a7d665ba3cb26dc2cc870a08d7d418ee62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dc86db140e9cb756b2be49192529a7d0

SHA1
bdbe968cef1f116fda4b0b4cc623ea3c58298d1e

SHA256
62cc3dfc8dfa7d12e62b8d0be480b763aa1f5fe5a98f49ff3c6c489f4181bb42

SHA512
7cca527d96cc2efb9639fce28c0049710c92ba0d0fb32729347affc6bcf4a6c4559e0e9b3e8b0a2c002742c7de2b9dd58fb38e1953b27c56b763b3c29b9ed64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e1fa.TMP

Filesize
48B

MD5
37864f8531050222310eba2638943f3b

SHA1
7470ff58e7e6c8bdd30b0c06779f09213df1ff4e

SHA256
36a0b89913dc0fe2e1214cca17fd899ca0b4f4ab8c4307a2e0bd50c9ed67d717

SHA512
bf4d1f45235bc74e701ce882803a21291e432d59881e5fef49736609abfd65b8694e0d30af9a40eec2e6f2b17eb0211c3062ecd9b57c2feffc0b2c3fa1ae17aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f02458895df7530a8fbf1bd65d566465

SHA1
f737bb681f6173a201a7e69919dc2a7500b0d1f4

SHA256
9c4bb524860e6b4034f6748335b0098fcbc4d6c5e7245fbc45910ff2869a1bf8

SHA512
514466ca4c364915ade4274feeccadde76f0fea4326b30ae6a81842c2bf0fb2b2a8a67e20b4ba25c72e2c39de33249226d932d232204dee2b552866abc5b7769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
0fc777ffc09ed73f9db2cc2cbba8b975

SHA1
0a92716386805a87748fab781e59650bca0acd53

SHA256
9067cb7bcaef7b6cd6f68261ed1a5c7cdb1bd17f7170d0d145c489004619e900

SHA512
cb297d2e0d2eb0e483e7b3fe3af2e463f89ec04c96a4d61ebcb971696b09390ccd02d94ac5dad22998c9e823b9c1727a467f82d2b8563d790990a84e06c36a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
38da1d01eb741f563487b93b48d3f707

SHA1
cdd79efe35e381ce1a5aefa9b07fbacdb16c6335

SHA256
2155a2a93327d41089fe5fda5fb297962c7e342d4b38cc6160c91748d0e9cbec

SHA512
9b7d63e04c491cd8c48c97c858ac2032ae8be26c2e04f10703d4e29cc0970a35e9ce1e500d611671ba027302d16674b71e9e88bc521df421ac2931671bff6f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
df75810aa8c8487bb6ffb90deadf2a1e

SHA1
e7a7f8d1bb1ccc1946ffe98b979e40f3ecd8bf9b

SHA256
8ecb76fbe41989756216628aa975ed63555b97874b703ad4a06cb8761d4ce8e1

SHA512
eb3a1b3ebafab44f64c8fe661271fa4205ec752f953de663354781aea03200ee161cbbd403fd78a23a35d6db5feb7f32924f66e3c4d263c7e82f981f2d21a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ab415f9e0ac4e0665a2326d3a810e99d

SHA1
abdbc790211d5fa1e21c62dea43399ff463199c3

SHA256
ccec73dcb124608fabaaf75c0f8bca240f4b85c219eec380ec53c6159b175e52

SHA512
525eea364d0d6ea851450120417c8562b8e59d148287648fb7e7f148ad9a72ec4de5d106cb178ba073db50ff8dc7e5e674c504d21a123b9f6999e4075ba2079b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5973ee.TMP

Filesize
538B

MD5
14e7626063565943a5896eea058489fa

SHA1
aa37c76793bb64dd1c6713c57c482c6e93b492b7

SHA256
b3a8878389b4a49646c4d5cf4d025544a5addb61b16dc8aba60fefa54f4375c2

SHA512
74f686238407e9850f46e67f024ce074c7ae5c95fef285cd70959036c4087b6696cb60ec93c68b9f7d642895c0e40c668563b2771f7fc279ca94a8ca28eaa8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9f45f9f166ab02a4fe7850fc7a2a693

SHA1
e99eb2e3cf4e24017707403e585a097871adeee4

SHA256
1ffca21301d39d098a9cdc146dcd325616c1bb4fc2f31af921dce2e824a2fd99

SHA512
3e079de8c36732711f011924d3658ccd54b02729af0b27776cc5ff7eac827e77afa31d869a16d791e2c5d90e6c3054bc28027997a3d836948e18b82e2e55f5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit