hxxp://friv[.]com

Analysis

max time kernel
600s
max time network
654s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-09-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://friv.com

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	api.ipify.org
59	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
2852	msedge.exe
2852	msedge.exe
4468	msedge.exe
4468	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5752	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 5488	2852	msedge.exe	79
PID 2852 wrote to memory of 5488	2852	msedge.exe	79
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 1176	2852	msedge.exe	80
PID 2852 wrote to memory of 3568	2852	msedge.exe	81
PID 2852 wrote to memory of 3568	2852	msedge.exe	81
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82
PID 2852 wrote to memory of 444	2852	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://friv.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd45b33cb8,0x7ffd45b33cc8,0x7ffd45b33cd8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5617909356115968881,14615048404076868841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
154KB

MD5
dff57fa8bb60ef498f986771ba26f4ab

SHA1
67e3a7e350d2f9a4128c0bd6416f210aa265bef5

SHA256
4923f67dcf35d1f81445fec1d9185f7c28a5f14e48c25ffdf24ce5bf54afef10

SHA512
71d1319110d4790d48c10b805de380918805f4a002ed59125b789359d62e3a24bc826a10e62e16b50e9c3c286e5864167ddb5fdcc4d99947c3431bfc8ad0737a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
49KB

MD5
23c0fb63fe8494ae0215722cbd01e94a

SHA1
6627c2fb841ebb4960e773d867dac1c70a2167f1

SHA256
bf2ba379efdce754541cf66d82c9c77d322f28ba2d88bc40f882f520f3781309

SHA512
f1de32e44375efd8d7f8d85cd2d8943df7d41c1596f5ea0187aaa247fbfadf9f857e595846366a9fafb5b3e23c901019a0b84222462f707137eca1461a07248f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
51KB

MD5
a6b9bc0cef9e87eb97f466b9a466621f

SHA1
e43b0d9cd481eacb8dd5688d23db8931b954f422

SHA256
a6b4c373da5db5db387a66401a3f9b7214e491ada6a6bf7d8a899aff33b1b14d

SHA512
aa509899485535d8f2d9c0d6b5903e2fbdb03a07c1a054848fdff368506a345b76828623c2713aa39e9f5e8a9d68aea3ca11129f408bb79c6a2a256651d29d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
103KB

MD5
ca2ea60cd7eb38f77f58dffb8120777c

SHA1
7c5a61bc8dd4b814db3ebfbdd2df24904bcb90ab

SHA256
6ea6a77188e1268fb56b1837d054071dbff8efb9fcd882960343af91469bf38e

SHA512
4a752615aa6977e26cc7abdc2594d48131b1d69f974c415718ad32fa3599fc1b01af6081e55a80008bbbb06c505bb4c30237fe1d896c173cd858483006aade2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
31KB

MD5
4669f7a36ffeb1f64920fabd327f9543

SHA1
9d8c24af7c4a6fce5563dc22c246a226b02309ab

SHA256
ba329ff0ea147b901c04dec47f8bc9eb0692bddfc5c023c9b9a384cd56beae4a

SHA512
3ee8c7bce39fbb66d43500bd19a25aa9697f7878c1e49dd87b2883cba4133d24cd56150a7b8a2449af0a7e332581b05aa0076fc393f0cfed04b5784d114fb621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
137KB

MD5
99c582d2ebb112c68b1f01f58c1588c6

SHA1
3a683c4028e775dd872e86958df4c1d626f96489

SHA256
d63cf1ce5c9a90dcd16dac2c6552f5940e79e6e7cd96d5d086d43f6bdf46769c

SHA512
5f1dc272876d7eb0957fce8797eb99851bf501ef006c3bd244a9c2f27653eff1e2db076b613014b0b563c8ee78c30e03cc223931439c59ee8226bc5105207941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
b91068780a0018d387b5d869bf09f309

SHA1
92c5ecfa4c11d7449ac6119cd8ec5af5236600e2

SHA256
6a70e3a2daac2f34eeb97f8394a179e245a9fad3beb00f352a1155d1d83f0228

SHA512
b001b2ea9f41523f93774e3c0b8544da69bb5e00f5cacc5647b56a3dc2bf746614985af8e1669efb4dca567a79c799202434beeaf24c9f48a6c47c7857eeb092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
63KB

MD5
c87cf6549eb181e9ff0a8ec56e0e58e2

SHA1
6109f2d395d746077b181e147c6afb36fff4d231

SHA256
9db94718331e8bb85997cb885c24d726fd5f5106b471d0fb3a10934f01b0ce29

SHA512
5527d84f4421f654710e4986a3eeff93f100a6d76ca8c5215b2b5c9915e001bfc88be40e2b677c92f0f3bb1ad9710801c7f34fc7bbb1f0316fb96eb07b7239e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
0d2b9578b9a115be4fb928c62c4beedc

SHA1
93013b18649a0ea0973e571af7ba99131ca32f34

SHA256
de369635b20283c14ae8b6d0d3f9eb0b7d9d7c0471144cc78e366d3c8f5e12ab

SHA512
1699cb781f0d00236d3bcf2c30f37d2a3a604e34316105985d5ac48ddc02b61064ee3b22363addea2144f562adccef7e77bce09d8431bf9e75498bcb7636e3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
b88197c5e99cc83c2be30b93bf7012b1

SHA1
62e9a2e402717412645b4e2572ffe23ce11dac3b

SHA256
5dd848cda762e44f454c0f96634d307e5c51d502e5f28f47065e0207dae82f82

SHA512
7ad59ba3972964911716241ffe14d39f55a6e4c39fa52eacbffc0df1552c73a726bcdefd8a068e82a31cbe6bbe47fbd440c92afff56cec8ba2fe01e3aaabdc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a6398ebef6b1f82428267eb2c83c0b94

SHA1
b98aaef9860e5a893fa23dd3dc5ff5d2460edddc

SHA256
424803531b0f45aefccca99a4695582616c01891089429cdfc85e19d2475593c

SHA512
a423fb47c1b2fdb06e8291e451e62a905ff44e2a4918fb87ca18375121425a781a0a6799c6a3bdf8e1f1726e0f0c3d35110aa4394ae05c08fa677c938d9824ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c787e441a2e4f6926575ab61446f3471

SHA1
f3744733da515cdf4975c152bec6bb2af600ef96

SHA256
d18fd4d87fc7934902faa2ae4a6ad34da345613b659828831d6269522b8fe569

SHA512
4a0c25a3649585f439a3092d5517a35ce5d0dcdbfe8290cc8c87c77b2c77fc97fa9ef078a2ee3ebdb031ab4f502cf28fa34a08a0004dea7ac38ca15d91f2b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2908c694e5ed43b47fa403a272be1292

SHA1
68e7f0c4a9fb8fc40dc51698520230bbfd24458d

SHA256
0a3da79dabba76918eb930a1d9bace0b17a22ecb329c2901a90f133022d75473

SHA512
b100be6bb31fe60e13c3bd3e7ca357edd9c56a4dd97b4b35e79f9fb28e7592fad8838e09dd9e276940db10c4d33e9fc3b73e4b53fc5a00c34e2ceb7b017c19e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
11fc37422d308140f07a4895825eea02

SHA1
afc70025182c38850d6c91bae83705009da5daf8

SHA256
0be9ed986d4576efa91e1a8480f9d01ce5c25207d88981ebc11de6cd022528d7

SHA512
de2450a7238d402813e5ab52d4ff012fea82632c15ec4a86476c536d6a082a39f5b385f026925dafc0c6c9ce0454a843e235dc5d67585d055ccb455c6b3a65f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9c0d6a5c549b142fbcca22df48e6aac6

SHA1
888569815359a28d3b1a35c914e667248524d701

SHA256
a8695950aa86b79e3c92e7118863a91a4b0102bc02c83b362f0c2ea43210c809

SHA512
ce19b39c322af61847a4e8f1e5ebbf686cadf0cc19a89ef0b463ef9e018bcf474e3219de847a19130f1671aa68d0c4ec0b4be0cb06abbb524d05a166ae02cf84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b19b6d1a597debf3138a381af6df8ea6

SHA1
73ae35646e7959bfdd8afa50f2cff4cc46f45a4a

SHA256
e6d794daa75191a0c872f108857cf39ca34c64feaf3b33c99615f59b6a25e015

SHA512
7fe5c52e0e32f6d798cfcccd8c6c4b28ffbe8336c8cd9c016cf3b4c7618d5347fc7732d9722aefe43a535656e3e9bcb4fe46342f6094a151ced75f4cdab85fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
76e956dd5196e7c6266aca6695398478

SHA1
c2fb531ed009bb17c57ccea578f9ef5ce12f569d

SHA256
eaaf2945eb7871cfa72a2700772e3f35181cdb956ddbf85f402defa8dcd0e07e

SHA512
1dc0c7e44b17dee8c9080a312f693d5f7e857ceac1b1a901ee8eebce160e76343f17281c23ee16020ab48195d837693fa543d93a3a4e7ea293b3f23d2990a5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
40b8c0e473ba03ab774ef113e61b1511

SHA1
ee537664485ca160150235dd7daea85869427197

SHA256
576dc04b2a3d4ed07136a28eef3223a2674a822e98342dc7e046727e6bf23369

SHA512
10b8cdfe80068eb125ebb24c50839656917a9f57836429886f9f715abd42397d1769606ed360bee4e72cee81b6c653e6d575cf41e384fa9928f51084cda036c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99a2bcb28690582cd606025f6b6c0258

SHA1
5a28370c386a531a858b979d39ca1bedd5ab1745

SHA256
e8da88e72ecacf68ca81aadd296ac7e1d718849cf7601f73f89d0a7d3cf5cc9f

SHA512
2c16934f645febe1895465caeab424566fd957f064ccb96237bb7fa62ac0c719bf71f8c4cf8c2b57980e91592373b599d288a2fef0eb472a1d074d9a77b88670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
efef01d7eac5000aa12408cfbf9d1b48

SHA1
c717dda3849b42c927509cdfb3c152e2ec033adb

SHA256
0653ff9e8e4c504a89682f42766b0fe3ba337846b626162d9b474e7d28dcf810

SHA512
3e3cd8d5a297944a9364a62b6fc781b6cbed9939f9bf554243402de1d46a7c4c01908705774449350fc124f05b66bdf12860775388065f50fea0daca7c863747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
64c7cd58ffb589705de8407eacb50b02

SHA1
ed3ad5b37ac46841d6fb1ff71199e8408db6a032

SHA256
7b7bf2de582ca14a7245fcc8f35457e91c253333b6d5f1dc7c275d3713f718dc

SHA512
7a330e6b375d6cda4be6100fbc2bcd3f02ec492274d3bb2770cee21d2de15d7b655ca3b0729cedc6ccb55169ee2102b3499b71d2b3734f06844b7c76ec514c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53237d40a6a0c11805799b254622fe82

SHA1
a8cdbda5751c684f1d73523ed76741c32df4d181

SHA256
8f22d6273c9e19e0b60b7b68cd675d3ca6400053ec8c0f81b5145f4f8a0d1e89

SHA512
58c2f853fd2403238b0aa148c8336388734339e1c7eba7593447710954d4dc541dbe6b9bd9d1899316d01d340097a0271ba09b572ea918b36f108d2377757de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
37d47fdc40709c5036d12bc24f7a0b30

SHA1
5fb896601d687a5843b7e9ecfabd0841b78bad74

SHA256
3fc5cb8f7bd500274aa1d8f5d694be8e3e087ba5d30a589b3b3f7b748d33e5a4

SHA512
f3acac6e8c95a0c390b16f8d1435c00c8de7e1d191acd0cd1a99dd7e473937a80bee530fce1aaaa1a9d30341ee1a0b5eabd66756bc7fe08e81badbe6d1eff030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a956790396aaf8700b51c4f92e2e6b2d

SHA1
79bf6e581bc78bea3526589998ca42061f189582

SHA256
dc7d8dc344d837d391b612e9771b48ef4f66b975cd28b47a071c904ea56a8432

SHA512
cea130c3137734146d9fd0df0ad8e1d8c23f4756d3c9e5ede357e834bb52ce26072bc6c14a2abb9ae45768922cfb93be5cea60d6e5da1d12f11356e32422b8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ec1721f983f0fca5d88d736ed69f5fe

SHA1
ec1722616b72f406b591cfe44cb7785d63a881e6

SHA256
35c36d42135ef89af72e8079df106869192bf44653262218bfe0c2933147b8fb

SHA512
53f508e6774fb58e5fe76d39591df8db18161a5e1a165ac0f27a0cefdcaee55b4320313df0d5c5bc3822a7f9f59b46025f53dd31d93f497c856a53b79e2e349e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
9869f87cc8691c549d78884329a4aaef

SHA1
bab29fb07ab50213b7bda654a9c6f7844403af9b

SHA256
48211e7261c494eb9ac847267dcfe4ba7f9243a8f03357f71249c486760cc03a

SHA512
1e45d2576758911fb7d25370ccb20feee4ab9d6c77168e4fa78f42005c62d44dee125315f974a43355c130c959c075d125efe595c5851a7d1387686e0ec53acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
686bcb83a87d764e90d3020663e7c6a7

SHA1
7d296c69bda8e3595280a97c86e4516adf48e9ce

SHA256
01d3e864f623c29d4e261ab51101196721fc6b1123a738749fb2d0594815ea79

SHA512
6f3b444041b694d442256c3de60383a0df1ed009f5044441cdefb2600059d20f559a67c0dcbc80661a1ba87bdc766e7ad2c4f4c8e3d885c543278b4f114d1f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f695.TMP

Filesize
371B

MD5
a2b961635e9ce12953aaf28851b8fdeb

SHA1
f3bbd815bb2df45e71d6c730a4db20775663241e

SHA256
30d7d7ab06ce4c2b2027cc072d8bbf1ff72dfb1ba1ec06fcdc7893a92c82f097

SHA512
88200a0c648f665b4e1afcff9fd2a022e6efef88ee766d0172069ff59f538f26c4033353ffdfc1102071855b93bf4a5885fee0d424dda677ca9fcb2f246251de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e83a0e37465830fcf2da6a5f3364d40e

SHA1
07451b2098e24c4accfb58caab04f1f9868c8f54

SHA256
d9ec08d8ae9f2ff505e9d802b52df881ea46bc23994f3baf4e6b1ce6dbd361e6

SHA512
8a79dff7c61675a536a71fa6b31796d33fc8aaec4a99feafafcec3793056246cf585c2a271411f401a8f5e6847cfc1a5e8b48fea668f8956d218c6c13e77bc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2f7fa2cbc6c342a1e3789650379a55b

SHA1
6c51136526af40e80e50c390061ef388762459eb

SHA256
8668ac6ff6e68ef949c369ef1dbf35f2e17de6cc7d4b55902bc67701723977da

SHA512
ee498e7041c4b60fdf7cd12553bd0517c96441d1e6cc50c0265dafde2d2bbb2cbfcde5b4db2770e4c759f01ccf536e1ffbd934761d1f7173182c360089c10f04

Download Submit