hxxps://zonytrade[.]com/

Resubmissions

04/10/2024, 22:23

241004-2axjcszbkq 3

04/10/2024, 22:19

241004-18vxratfne 10

04/10/2024, 22:16

241004-165deatepb 3

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zonytrade.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{C884A26E-EBBF-4554-9B52-B48F1B4EA37A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ExеًВ.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
4892	msedge.exe
4892	msedge.exe
1172	msedge.exe
1172	msedge.exe
4596	identity_helper.exe
4596	identity_helper.exe
3024	msedge.exe
2320	msedge.exe
2320	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2296	4892	msedge.exe	79
PID 4892 wrote to memory of 2296	4892	msedge.exe	79
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3424	4892	msedge.exe	80
PID 4892 wrote to memory of 3416	4892	msedge.exe	81
PID 4892 wrote to memory of 3416	4892	msedge.exe	81
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82
PID 4892 wrote to memory of 1356	4892	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zonytrade.com/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe79243cb8,0x7ffe79243cc8,0x7ffe79243cd8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1720,5200619905530780405,588639008429861497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4604

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ExеًВ.zip\README.txt
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f61d554-2185-40aa-93c4-981e23733990.tmp

Filesize
3KB

MD5
6b9ebab3474dd94518d6b56057b5ae29

SHA1
7254c03b347a7a75627faca6012626b599eb2b68

SHA256
42ca628bf5d4d4be67eb9f3ec86155be0d41aed49ce339d0bef768e785e5c557

SHA512
a0d22986aafd084ad08fec7d5133d17c7bb161fdbf34dfb5272153ed4f6644e288aa566ff119aee0bc2192ae943553baf615ef1458614d98d705a5cda391ea7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\712fc884-17a1-43d0-a7a8-c556947dce33.tmp

Filesize
4KB

MD5
846f7c4e70414af09127a8da9779d895

SHA1
2d77a450ef92c83f6269e24c92bab3d9b119d0c3

SHA256
073695b97bf8c5a00766f197cab2e412c872f3ffd7796db02174d5c453b04390

SHA512
edc7ae243b3e0d321694b314c6af0edf2ce21607a845e5f69d2aa324c13ebefcda7fb22e4d70818a8180142fceb1055d738d615ef82ce1aeb24cae5a7e052684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
27KB

MD5
17b6743977bcc7a7bb29fafc37f142d5

SHA1
a06d514d3d380b8c28696bba059c62cfc54deaa2

SHA256
7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3

SHA512
1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
58e86b5f273f507c0a8340347fcacc48

SHA1
ac1a9ffe43caecdf9274e864e65cacea82ec2fb2

SHA256
bc9b9e2c47e2591eb4166650e3fbf6c1fcc7d04d975e4da2593cfac3fb2e700e

SHA512
fbb696477faffe834d72eee282e4b710dccb43f6e199c3379b5979f12f2cdf4959b7b8d3b1b9dbcdee83498262b0b18fe4f20d8b3357084809d52f24d52c6aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
49f35cc7356aedbe30e145a1a5409485

SHA1
5cd0a804d785d9d804dc1b0f3a8dedaf9bc88977

SHA256
88b4e7415cc737665026359a254996a01a3568d4b12f571617d44d5b4fbe7ad1

SHA512
0ac584b212dcf62aa23b5ed1f77a98972c3a073eb218fad15ba861a5a8a88267b2fee22f0bc64b8d93cab056162ddfe1884c1badf3325be38e85f5c0d26a8e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
48dc1a0fd418aaf317f8206c85287189

SHA1
3ba78ebf4711a9fc40808135e84806f17389ea95

SHA256
c54bfd8400e4d9e3427db179d3448627da9a5da120e1b6902b593ea488bd34aa

SHA512
f2702f444b4c42c7d964121e1b9839c5b58c15e6b4b94d36208ff530eacd9afd3ce29b32812ef5e8aa38c238d18e6d1ed4cab996a8fba6b7b2cf302a5a811cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
35571374412e0efcc262436d8fc592ba

SHA1
917e3f318c97407d900cc75c76b5f525554691e4

SHA256
a1045d1185c50855fedaa11ebf8dec518d715fb5a0ccbee9f711cf34f068958d

SHA512
7bacaedf23df7eb923ea42b8f52677e3ba65d316a05561feb022bf0db1a419e658a315cdaf8f799bba0575366c5ecbaaee05e234b281ff908cf20f62fb182f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64d493143b9119b34a5dfcccaa0321ba

SHA1
6091bfe9e1583f1a1ce9690e21c336ab5b9177ee

SHA256
6163d1941b39ed276f1a42277873bd444959ae0e35d29557db09d053d5e9fe54

SHA512
6feae6a5da255d23d31a1fab2c69fef5471bf89b66b91ea62bf10a52344944f7778028f22213c409afa292f9f0997af682400a54dc1514dcece95babc05c19d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6cf069288db73fa15a509f105bd1b0d

SHA1
da9ca6701c88d061ed195aa297955ac408d8d100

SHA256
9f57fd1e3395398d3503bf5ac6dd451c4c28e14fa06198b084e1abfc058208b6

SHA512
924286c23c88d18a1a780cad286b8aca61f8552db96362b5b2b3d2e7d472efc579c1e32b77cb9018a84ef4f65daebc890cfdb54fd5e1d874ad7b74040827303b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64312b1877d0dc5f590ff2fc1fddf51c

SHA1
59bdbecb29ccbcd66e9de760ff0bcd1d9350ea0e

SHA256
825d6e1ff06fe7e6fbffae22a0f15ef58ee2bf8791356aae519084f027086c78

SHA512
b853906007e29dbc74c6a21e98969e26b6de24e88f7677a4d6c19a748a6f3dc188e20f834ccb885dbb041f5d5dfae91ee01ceae7e10ea15b76effbadebacd6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03d72575f7c897b12cbb3a1cbe895b23

SHA1
51d924b45d8a575945fd7906175532873cc54aa6

SHA256
1df4a9b6995678b93894e50a1b1f1cc92101b4b7c711964e92116ce79bb01dc8

SHA512
d40f889148625d72996c7f09b5598b1416b17f2f64d45583107dc2e0a6527e8b05233f638ddec529d2e2572024721afaf46fec17d88b9cf46be666d93ccbabb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28d1c3f869f9187f8d8806ff291f98fa

SHA1
29ae1602f64f9aee4996aec7ce793ca6c4bd643c

SHA256
d361a70fbba892bd755333d670df164f5c46a69b9071afc0102f884571f8a10a

SHA512
55d6820ac8f9da616879c477f4edd5412888577eabae7ad2fab0a8daf871eb890117dcb7252b7c452af45f5ef2ff17c825a1fa0a6f9d2270eb50b3bf36b2e94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e94a765da81c6c61f67d3bdb34e2383e

SHA1
3986818e2affda317572864cc66ba193f0b1c160

SHA256
46d29b95ccedb24e7141c780269826ace5634cae4fda1e789fd3b5cf4fa7b45c

SHA512
4a1e792e012b65cb3f8bc89e1e77b45880c317405f75f0ee311a87f157371406bc7884d23f712bc80ae5f096e914c8159a2a98e123329a890882553e342b3dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e30b1ae11f761d4198f53301cc3963d

SHA1
1eee533afa297c6e91fc2bd01efe5cef8d13d2e3

SHA256
a96370dead15cef31fb08e655a721bdc1b3bd7f17da43fb7085afe3d19969607

SHA512
55a685dcb931670fc5ab532b4a5cd8f92943c901983173e6991273f9a33f5255712bd49e8598492dc4a3987cfc14545b4157741f10f172f6b8a7542c9e73bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9425e7f62c1e583e50f86d8d62829b3

SHA1
a4a671f9f88aa3afcfd3c41a54b8649f073ca05c

SHA256
777ecc407dfad31aa1155c0d8ad96e8e928ff406ffa9ced821f39d9f816d47cb

SHA512
2102c4e7c5fc09df3912f7f5970bfa2d4220980d97f4c56096d5fe32d5605e8955376ce385af2bc5dd0adb6fb7207ed3007827c4867e79ad037c98345e84b85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63160ff11843312c118846822de5896a

SHA1
8d610a5a338ff8918aba3c56e1a0f9da3387f6f2

SHA256
2dfdd3536ccc12e4eb2b179273fc85e3bcb2e71a3c4b5687f8b5fcf0ca620e55

SHA512
0ec28c0ce8a6ce9e3540f1831a8832881da9db10966078a451b103c47d7481c1d30e4b467a79da47f745d8fcd1eff0e688cd9740e885291a90d5c730eae14afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
39a26c750cba362e14c2d44e8eb5da2a

SHA1
1e96c58956209c8b7b4feaaa36187f63665a70c0

SHA256
88b581d6b65d889844d7466ac982420bc8ac305d19ad176d21d3e0ef13d3762b

SHA512
8430e61cef2122528d05099b87e8a750c23be1d96a3cfbedc767acef1f6b7be417f5d4fd758cb53071c6406df0b7ede167965010619132f52ea9f94d726950fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6f41e1dc438da231b2955e6403c7466

SHA1
b24149c835cbebfdf04992247d6ef5807cad28ae

SHA256
98ca11995e5e1aef424ec2cce8496108fabb12975266c7b8b9be56c6ed31b38b

SHA512
de721292fc69cd53e3805f25430f15aafc4a076cf3fe8b6bb7381067449bbb7bae5798bc7f64bda232981d4a47e517b8177ee4bb9453db017e6820b17190fcfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5eaf598ca15c0c0df766afda20407145

SHA1
3003c74925f422ca6007b3f1b882d1e04b3a9234

SHA256
a7a9c7ae50b0d901429837a8dcdcd77d27471dd6c5cb550df4f6d423e44028c5

SHA512
09713744343abc198a97dfe751abdad6ac913c20228c44d8802c6fb836ed5ade1b6eda28bd3470baed3cda540cb2a4675b8ddf69279764a39b00f545924f90ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bc000b251ac2312be9a0b9ffefaaaf73

SHA1
1b70ac5da24652323381800931a0e9e2ae2ed9d5

SHA256
f40ba0a8eb714c0ae97d409158dc58901b3bb8f781583f63baf048a2d590cd99

SHA512
8c172d9141fd3c756cf376c1dc848524f12741071d0ce54efec5caf7c8a23b0371b42a351e038b86e26f0ecc2f655c32e4ab2275ffe30544ef42d7ac0c3b280f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a488b236e80a009c790711be47965e0f

SHA1
e24ddcae344d6c91824c833f5928cb81f67ff457

SHA256
3b246844742039881c8b9045e915256cff1f426d1daa6d36ff63c76b9aee9ccc

SHA512
489383abc6783bda8d8a82fd997e22ab8f767ad7d706c9a7c68e3840c5a6feace94c1a954403e110050c42161fa1501480d2eaf756c5bf5b234325bc57464baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
705d18d716c1b817f9b0ccc2cbbdc376

SHA1
9b951b3b6cc880b8c6f9a14c69f67135d3ab25f8

SHA256
49eb8444715ceee91398631de6d7dd71e2ce24a48163ec54d9eb5631241f40a7

SHA512
bd259cc2890d03bc4410f30fce3c4d79a5c2775374f593bbd3d11dbf09824b2f76e57d827ed0ac77de90735312aa86f18a9f6e4ced8868dd554087ac338b1860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
68a43e665c7f47127f73229dcfa486bc

SHA1
a7a0faf522f5d33caad022d8b6f102a8ccacdc72

SHA256
11937fc386299cb60dda6a801d0f3b99edadf4646abe027530bb7802494bd397

SHA512
d6699a2c5ed8fc15d33bd673767ec340258f46f2417f7709bff17674aa3853270302f0257d7ce96f002c4d956314e1964fd4517e0a9f4d75c8ac0514c41c8733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a14.TMP

Filesize
536B

MD5
af429f81e4d434e0fdc8e55085d8c72b

SHA1
ff021e8c84a1ffb8cca866259629b61164b6b5d1

SHA256
a9ff98b67341bf346e99164e449fbedd8041dac6b5f1de99a57824de333c5897

SHA512
5e7a318659635ef1f023be12eb111cf244f39a02a71ad240bbbf586122e5653c362578e5a9c4ace14a9fd5e0f036d9722c3a885e2eaf44f40fff40ae3dd30c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fffac9f69e1b34a75152a7d61b88be2f

SHA1
3d42d3917d14e24e8433947c5dc12d4630873d15

SHA256
82a837dc5b571cc96e4262153af1a34b39daa780732d59a419ddbd14388a57b1

SHA512
3b00c63501907bd5c26ce95e523e2927c0061b756d86b89dad12c46f63c64620aef33f5b81c1f8b8b9d687ab0b72c466de2cf41f98247b50c7e355cad9298771

Download Submit
C:\Users\Admin\Downloads\ExеًВ.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit