hxxp://broadbandcompare[.]co[.]nz

Resubmissions

20/11/2024, 03:26

241120-dzatwszbld 3

20/11/2024, 02:42

241120-c7hn2atmek 3

20/11/2024, 02:38

241120-c4y7lsydma 3

Analysis

max time kernel
207s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://broadbandcompare.co.nz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
1528	msedge.exe
1528	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4108	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4108	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3372	1528	msedge.exe	83
PID 1528 wrote to memory of 3372	1528	msedge.exe	83
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2952	1528	msedge.exe	84
PID 1528 wrote to memory of 2464	1528	msedge.exe	85
PID 1528 wrote to memory of 2464	1528	msedge.exe	85
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86
PID 1528 wrote to memory of 2912	1528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://broadbandcompare.co.nz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a8146f8,0x7ffa1a814708,0x7ffa1a814718
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8562451304176389231,4189484831295272585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
e23a3be6e39f48249d169acdd0e55e5e

SHA1
240a15e4ecf466d4b27e81a7b71388eb9db99afd

SHA256
23f9ca852350a597ecb9f87b96db2992cd0f36c6210ddb716e22ed575b5f7e2b

SHA512
72e1901ed4b87bb9250ace162d653d895cc923650ea04fd7cf405a7975d7a2e7ae2ea3874a52f6df34bdc021c3741c2afc51e87b3377135c7992b04c7a84585c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
e08c1a1b15db7eef49cd9bf43c9be9c8

SHA1
a66d132bedd9492acb01da566124b65ee1a71fd6

SHA256
6e3bb5d5a5e9bd7c16e368a1a87d8ff4d88014b304c48f471de075412f5649a2

SHA512
a71b60cc9b5bbdd5106a993a99cfa4839305f1dadbd09c39241d7c23df7760849412af27c69280daa271833130ff76287d4baa7c43ca61bc2c0cef38bd470fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
135KB

MD5
ed4f1414de960e382b3ebf53884f8e4e

SHA1
cf47d1888f692840cfde33bd8f7db68f279e828e

SHA256
80bb6791416a02ed08e9630ca0b14e2306f56baaf4577cccae3332c87972a7b4

SHA512
2c1236a7facd7488120514ce28359a269689781f1b067049ad2b3dbff20fe171e0d65345c34e8a52efe011f2d9c727a0e8ff3c6129474e4323e4a927bbfcbd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
52KB

MD5
a07edc9bc97e6217a128352d495fd4c0

SHA1
8fc329fbe70b67dab5693f4a4b441582161acaeb

SHA256
7c5412d5d4ea7596cf56c40edc3e48d848381f45c65d66f8809c264634431b56

SHA512
7c590c5d97f7da4b87ef54b716742af89e1b3901a7aa5b94aea1f7320af9965123d03bbeb3f3748591c34669ab2c712c8de319e662776ffcb6461823531e8b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
60KB

MD5
311e8727331f89fce948a5b4e46e0aca

SHA1
d0d739f9f1279e9c7541c04c66eba0327b4a2bcd

SHA256
09669cc3a07635ded38a7309beff842dd06e323cff18b5c3afbf1ce4139f06bd

SHA512
1aff082b367995a02c9992d1840cbea8509e279fab3950ddeba51677678b0c9b7d5bc858d1ee41970f12c4a2a6084aebce97f91824e052cf3ae12883d00d145f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
87KB

MD5
43657aa164e79d0a3dd137dce333a1aa

SHA1
e036318116bcb9228d5c6362b900fd6084d239ac

SHA256
4e9bc90d1d88557370df1f925e00e30c4d69d28363f715f3cdd769af9cd87179

SHA512
4c97f79d2c5010cc1f4ffc3d7ec540fc6010e1d35c11a54d2c540abb0998dc87d9435fbf5e8f505022ac16291f42e9fa633d36a75edded7742f67bb5cb53cb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
144KB

MD5
0ef21abf7f75ddffa8ef0a35a31b4097

SHA1
0f1c0ad15f07ed09a161035689996c4fff1d7eda

SHA256
e92faeafba565caeb9cd1aa5154d5897bc3fbbc20f7ee71d6f76bbeb8ddd4f0f

SHA512
809eea10c8f94939ea95bf09f6df59c42db2a6a89631f3fa096883e6fef67fe2066b25dbcb66fbdf32a3d3d12b11d61cc5c1594a0dc4121ecd5795dd3403dac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
54KB

MD5
56b1b49a4bdc4c874445907df778d045

SHA1
d2fe504ff66c8f1019897a489d1f228adbec1675

SHA256
ae164feded7be7bf0bacf35c024e49d9fe9691f9ea02860deabf3e777e181885

SHA512
da23e397b4009c66caabb9147b98e48f117855e03d82ff919e36d22bbd3f2fce6440f00147477ced44c77c512277e4506d41098aefee57dfecf0f0db0d47c115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
e688553c6fbe0a656a84407dd3cf282b

SHA1
18853957b35a70d61285d19d6495cb1c06e68c6f

SHA256
d66c3d59dedd75e0c6407b736716303e2a19c717c912ceb4506ef580c925bf83

SHA512
dce4ad3e23a9bfab17b844ad45a5a49a1ad1ad5bccbf79444b59dbbc54a608bfda82b35fd36a166fefa032d9cf4782fa9307e1189e30933b320acc83b45a5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
274KB

MD5
f4c6aef72455acee1a17f699603e825c

SHA1
0810c49ff36f94cac5ec870befc9c868bef2eddf

SHA256
6659f130befc716d0bb26c6723ab94b00715007565c4485d0fb94931816e393b

SHA512
5e306a2e569d1c10386c26040a10efc942dad7c67b15a48f8717abb53d71f256ba8b7e5a26c4e0f0d1903589f88e7488a74a408bd18290d6c482eeab25fa61b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
45KB

MD5
a13e1f233d681fedcf117a4b37a6f822

SHA1
4d1b3533fec0471d25eb17ba8d4339363c850042

SHA256
c4aec3740180c283bf32497f8f8986c9d0eb0f7cb7a792e8a9cf7c66a92a74cc

SHA512
313411714094d71ee7fe6c09a4e83fed1dd788ede192c6498f88712f935dbb0aea3a6ab2b14900137281a668b89442b8bd32a9541d822163e7575278d4536bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
8e016e98f27a821607bfc4a96f34b1d5

SHA1
e72704cf845f86220810341cefd3ef0d22586da2

SHA256
bff6436c8ed90d7b294ac89aa3659450de608b6fadccee744550b11d7f31873e

SHA512
7091fe8992e1e00a26d4db592e326c0f140f2bda99221568ad16381000e63c73cdb207536551a2114a8fdbcee592a32a6aa2d6ee07cf3a168e84af5b410a4372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
bb17d02bf0c71c3aed7ab0c391193162

SHA1
5be1e728eef4043cb2acc370209f324d2c9e2e63

SHA256
39ac1710c4907faa0cf7c05f99f36c34b34df58fefa35a1dba06699cdce528a8

SHA512
fa4381c5c9d473b77a61447858409725c0d4f7f9d0959c365a22e0ed7a2f3f203e64ab204570583ef6bad14306b6fa489f7d8a09baca692e13854fc84845f6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91f6da2d06e48889f7405355bd66709e

SHA1
41cbb051536a8f42fb0bc52b8cedc583b2c60b54

SHA256
b5ccb43bd8e46c03f400d9a81885f2a7b99cd2b47c849ab4e593989f2872995f

SHA512
ced4cedd65a197229239b5e3e92675d8a2e5eb74bb5813b50fb8e2213f2fc308a87903179452bd3d5ce2d6fc8281918cd2bbf7e3c9a082e51da3672d5c749639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0b7d14c0534fc1c7b1739d7ead5dbaa5

SHA1
7d0eb13dcb586d7ff0d69294dcb63c9d538df32b

SHA256
33352a266a224b35bfef0394158eb854d117f02692b52842194578918e602d2e

SHA512
dd6fa77dab4304b83200cef26fe3136295590008eec6d340908dc8a80af364be36c23f9c83a8a81dead77f824b73823b5bf408c91f24437d03f728787b138c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1b0d36c77572a5a8ef32e27a545cee86

SHA1
238aa0018790579868c371756c98152c70492730

SHA256
38fe051a888df69f30cc861abdc00cff4e41ef344fea8e4a7ae9cf444b16c362

SHA512
f1bbc52a9d240231c643eca7f4b7fcf3ebb1e1004801df9fd77cd7d1c3d6adae7cef85ec6611860fe456587b2469a2ac3d0eac3adf3af5bba283ae9766e31671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
67e688c1147d0c40807983871cdcc00c

SHA1
46eb134930c27c94af61dbc1ab492d7371599be6

SHA256
bf61708ceea82a5fa30db8876f8579b63011fdf1ec3c5d7d91ea2090bb0a2817

SHA512
7b4d28eacecd2eceacac237bfd5af16354552b0044acbae341317cb31dd534ba4a3bfa587939460d3919ba6404c72a10a6e24dfd86b6c8196cd9f9460d78a4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40f127fe105314666aa8a9082a063956

SHA1
136ee6e8043843f064c70032b22f9f12c6bf8675

SHA256
1392e7e974db1dfb2033b114b9b69e58183b4c7604506963d94d4a95c160c4fe

SHA512
de05b3a45a8686797f3772d92e0fb80d9607f707c232536e8267864b972e33b0c88406e5ede7bf7e88bdbd29a8d506ab59e44938714352b7f9085bffab9c653b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d15ae09c6284273c8bb9c2487adb53e9

SHA1
79b3f20bd35110167855c93b528a6093e48c80cf

SHA256
cd2dae8be0901058c48172baffb9d5825f5c7dc43f19dbf72e3801b0edbcb00c

SHA512
760f81efa4c4c7340e4c71f9c1ac15950ec65e63d5a9969b04c8ef8b06acfe7ed2299ac1d986718f5fdecd9077cd0abeee4866596fefc073f694fbf2e1be718b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5fe3866a19067320fbe4d5bcb22127f9

SHA1
0b421f012f2dec7946923ae2a323c312ddbc6cef

SHA256
ec469cb0de5e1c96430d364e96b3bf0abc9bea7e9ab697d11f0e9efe98716592

SHA512
dc4e8082db40c8b3c5341496171af2d2f516fa3140ed75f06a339eab614c5661c6d0208174274c5aaa88e7e28ef225bb354231a9a12d825e144d7358afe609cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b3d8d23cb563b725df6b4273f4eb3787

SHA1
337379455822b59d1e36b56007913aec7945a092

SHA256
1fb5684c2a01d0e88fda363ce9bc393961c24e240daf3079a373f8847beee4d5

SHA512
e6c33e3c42b43f30a7370406aa0a96024ef70c1ed7cec3503be5f158ca95e2f22043beb866b17cbb4f94c136169bae0e14bb5944d86ec43c990cff29eb5594fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5bd7d98b4eaf57082272dafc60ee3ee6

SHA1
40dadca409a92c4967ee1abac2af48b9c6889456

SHA256
0d99bcd3db90d79944f93fd41781473a4f2a7a1146d6e880167e1b9ce768b6a0

SHA512
c8b6847d2bf2a8b2930c3409889e85c4350cb70c64e27ab647b14b9f2b21769233d4cb2ded6a65101dccb06043cb2cc376639cba0d297d3073b1694fa0511796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afa96bb6114e699312e6ab32c4d1e393

SHA1
cacf6a20d26d9a510fa13e0bc82fabdd71401313

SHA256
dc65ae5054accfbb3805f3524a48f6eb2b134189346d2c8198629719a47bd0bb

SHA512
eb0f097c3cc799bc7ca59b61af2594b84cc9c6ee20fa27d001c5785f7c73ba8e5480edb2ad8bfda2011c92ed5dce13847a6c84c6452d5b855ef0d6cbabe6f4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ac0355ed69b6786ebd2b9572cba5bf1

SHA1
db99a13f4d1feba74ef08c23f67cecb6e901bf51

SHA256
3bac7dd5e062cd4b942afbb85281e6b54832bce57dae82db6eeeb9ac6d43c208

SHA512
5376bb9dcff3ca4273f958a98251e3c2cd2c84e34bd61aff960a765627543fdf3c8472ac66f4b41bf27f927d623a584f560bbbc132e419923e1f3f60ba8a1c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
256d6a2c86b230ed0d44898a8a309d8b

SHA1
0c4146137997bafe3520a35f387c79baa91d9857

SHA256
47c91d2f0be91dc755b5e1740a54b02177a6054173a2cf922ed057f70011dd53

SHA512
266320e5650286c8c99eec9169142dea86fd975b5953a2ca7c7d6d1707088f33699565f70d22c59f8f22478a439c887f81351421268099e171ed4f43dee41a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f6afa544be9d86aa2480c7facd47056

SHA1
6f8e02983c2c694eb54f157f6dd0bc90d0923fb9

SHA256
6cd6e9b0c1bd559bc366d6719da322e2231518515c5fa5e5df629c869952871e

SHA512
8bd88aa94fcc6f25dcea5a146eca6e29097ee78a683ff6295d49ddbabe969e1bdcb49acab449dcb5a40545e828071d58a73bcdb5107ae124cd6cbf2b2cfa21b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1d787827e13de860df18d9281e6a5c6

SHA1
764a2cb88dfd98339efb047d7454b37417990390

SHA256
e6a2a354e5b7cbc7bb5e03408ed024ff70b3785a9d305477d5e977a714bf3f66

SHA512
347c6df55d48796d2a694c5ef008b3e46ba916c3b76b74bd9f3e9689db6ae37e3c245bd54d473fe4d62ce3c0159dfe28809fc2a4e3217aba19d968efc1a3399a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4217e3309aeb178cd851bd923372a5d7

SHA1
8a15cdb983b5343ed1280f01ce0a91978255947b

SHA256
94ba242dbbd3eee406b6b53004badf6a903450ebd41d6190f0cc323b0cabf49f

SHA512
194f644c39e8e559df754fe1724e68215f45d412ad57ecc6df2646a3e0743e6040051959124d2470dad46674d6d88af7306854d1341a7abf1ed454f96ae88702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fda.TMP

Filesize
1KB

MD5
c77405dd156a91424ddb0fef81b8daef

SHA1
eb14ddcba82e89c3c74ad5403bb755bdc4e81b2c

SHA256
bf6fd056d7554d2e33e7e9d1592364c9466b76448f8de793238d39cb395dd79f

SHA512
0a0771d0a14e7d22d35f8bc90a5244fa90fc27a26be25582ea601ef51129ad3b0700501891c76a46ef0395d207f59ee42fb30dff421c511b8a2fa79b4079ae28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa93211eb0d64f468cabbc55a4a50718

SHA1
0239d32a66af069d50f7b3e6ae2efcfcc0a45a58

SHA256
ee5e15f45a6de422cc3ed7d855ac30057aebe1161f6ac3a0213280ead137cafd

SHA512
02a7d995f169171ecc7471a9deb16573c55f2073673f95be366267ce5ca21383c3c5255ded69cad851b921e1a62de5dc7af701fd1aeeab6e89e612f57e6aaa1a

Download Submit