hxxps://r[.]oblox[.]hk[.]com/users/6811659190/profile

Analysis

max time kernel
167s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r.oblox.hk.com/users/6811659190/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-100612193-3312047696-905266872-1000\{ADCC40C6-6321-4EA5-950A-F5031B78B2F2}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3620	msedge.exe
3620	msedge.exe
5140	identity_helper.exe
5140	identity_helper.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
2552	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 720	3620	msedge.exe	88
PID 3620 wrote to memory of 720	3620	msedge.exe	88
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 4244	3620	msedge.exe	89
PID 3620 wrote to memory of 3356	3620	msedge.exe	90
PID 3620 wrote to memory of 3356	3620	msedge.exe	90
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91
PID 3620 wrote to memory of 3560	3620	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://r.oblox.hk.com/users/6811659190/profile
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe278246f8,0x7ffe27824708,0x7ffe27824718
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1424415169586318502,13054652883661289184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39c51e5592e99966d676c729e840107b

SHA1
e2dd9be0ffe54508a904d314b3cf0782a9a508b7

SHA256
29f29a3495976b65de3df2d537628d260bc005da5956b262ff35e9f61d3d9ed3

SHA512
b20532d0131b12603410c3cb425cb5df0ddc740f34e688455eff757802ffc854be771b30c3ff196e56b396c6fe53928a1577c8330b00f3f7b849fcf625e51bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e376ee2f541e6b1ed0bca701e8fb59

SHA1
bfe3cc2eed8721339d433533aef6e18e0a13a9a3

SHA256
80eda1e4d8c05e257ff17ef734d606e67d8ab70b3e351430b2b231631eed5e04

SHA512
a3f082c32857db0e3dec24394a259fff85e21b6a7b057ef55933504c23ec38cbb3237eb519d38385fc53cbc584c52aaf66291f44231245d9afee509a108a3350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
105KB

MD5
16972e03d2bd4219e478f7da13b187ad

SHA1
31fdcc4d146302e809628b21013a59042e3671fa

SHA256
5315862acf4a902d55dbae7d292dd70616fe9ad76ca9eca9ecc85d776824b59b

SHA512
42cdf24190b588812987201c6c7741ed937a23b8d306324b56a9a07416a8b59fd0b34cfda6b67454b06ad1c9a03b9f99f64b5ecc4f027f8417e4259ecff9963a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
51KB

MD5
eb43e1986b4decb2f18b87705230b3a3

SHA1
3ab15041ee2e20de935c10e036c706a47b8270cf

SHA256
392756ba1e4923bc1b92d3f668d1713d7fa081e5c67a6d0cc27f0585b2a57663

SHA512
d9c79fcd526454b83078f4c1c153fdc08db204873e2ad2f95eece159ab3f06023951632557a8d754b1c2013cae3ddd3a45e66a737818396399b25674abfb8a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
28KB

MD5
e5505e3283dffc9689785e9dc4f3f044

SHA1
ca6a4c4370ca686dfb84b8088eae5d552520afa2

SHA256
a06ec2616981f51c64dab8ccf1efbcf383d061e0be4d6bad1d8faa712fd6d98b

SHA512
82111ac91e829b3eb00c2ea38aa78c553fdec7931323ae11fb60b9527223a42ff9115129b34b3c85c244d3cfe0e9a33a008811c835b80456a61663f34c652fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
17KB

MD5
d934f1bad7f6861b13a029905d3b9a8d

SHA1
cbec6a3979211dca65ea6d049fff381b96e31bd8

SHA256
e933cd9528d4069633dea1b16802c90e28c71b083ac32d301c999fbf672c2b5a

SHA512
cba2aefb591980f1d9e4c9a49cb4b14ccef6b96314a13a829076e6deaf68d2df5659a182983965b8c2e4a925a141f658339b5dd040c49c3cf08836574f437aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
25KB

MD5
ebc28ae305c7805d645c25f3432a422e

SHA1
618d2dbabb13979bb60fc6b52f2f42dbfec7484d

SHA256
6623ba7fd349c5e6e64141b6d116af61f34a5b558d47f32189f2c5358ebc8eba

SHA512
8d401a33763b5b9b3be033fccb3f567e0decebf52ca7260bbfab30d4d0d42e9e7e01a9c3de7600ddc375614ec5c2b4e66722d45d1a45514ae118ae2943afcc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
38KB

MD5
bbfebfd17b4926332719303f682f041d

SHA1
a86927e6dbeae1c6a91752d46709acb0cc873309

SHA256
1beff76975585a36777d32c1f52fba703b14e0f24aa6081ee88071b0934bc7dc

SHA512
7f4c271189f344836f995562de05076b0b76108ce3461641c6a645473c0085f15035927e8500a0a0d85dc40fedcc7e7b2f7e1a750eba2758d1577f593dc39565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
162KB

MD5
0e50491ac183a1046c8f335d0e43cced

SHA1
3e0ca653754b88b8db016495a5b903ff11353ac8

SHA256
b68eb8df94f72a0279c56282410f4de57012ded59ed189eabe3e2955fa6715d4

SHA512
67b39c976d725203b12140dd2c2762e5279ff3c400cc5b1acba145bc535c92490bfd115e42df2c594aad78c1f921067c0b6eec1d0b4c91983ee471abf578dbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
86KB

MD5
ebb8351141cf127c71d54c77ffc46199

SHA1
7a17c211313f9321b95a24b2f8fd0c75d175b10a

SHA256
33e3234e85ef8896f498dfd917c1ea8c8dcec5c80f100cdd242f23a09f0e6b45

SHA512
235a593e45bc082ec940592883b25663a1f41488b6a8c5d17315e09a5bc54d0bbb5a2cc7eb60805b0b684918709a3ad77f465f59569d6d80c14e93c99edc0d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
27a07b8d924cbf82ff5d3dc1be739298

SHA1
1760142ca7ab62abf1a1048ab9b44b582935bdcb

SHA256
a552c3bdf07cdefb15063f742e8d486a3de8f72a09a6f628be8c6b2a6c629b31

SHA512
31acbae3ec770c7974aba277db57b16509ee08bacfa0aaf528e84289db63080f125dcd4fcef917f97295a6b42a17f073494f214e931842761bb24139150b4ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4bc4dcadb0a069980d3ca42f4abd6761

SHA1
5209683809baa186c7eee46470f9135d5552e68b

SHA256
68457f9819128370348d6efe65a0407e19dab021c37eb8c27c9979188c55b160

SHA512
fc2ab406a21680213c23e7c1128716481d0cc7eb64da7ba2ae1a709e05925c44c01f0f34b77939e9012697e588016b1cf19157b08a4cc62b703ce0dcad167ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
486111c4ddcbbe0a36a2c9b38f2542b3

SHA1
2835dd998257a727af0ce969fac2cbc6fdae4ace

SHA256
2c044e94925df3f47bd694db0fe442f51981846020a582cb748949fb07a495c0

SHA512
e04d369603b56b2f738a9c4dff0963c1c91e921bfcd2707bfba248fbd31751b2243688fd5698ca8fcaa5770747c6fc9598c2d6c8c6e8b5085098b6003b6e5a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bff675f5c720ee7d3f1d9c1c3a88198a

SHA1
b36e15cf8f761b1e038adff0dfc4c089cc09aa34

SHA256
d32515e0ce4b838aa8ee386169e456cca9c5296780d7385a15f84753f7fd0879

SHA512
6bf3ae1198522b70f7d793f37efca91f32264769e3dcef750013ff7be3b89538d38c7073f4cc6ec1b852705fde930a730d63dbb8c21880261236cb4648e8f5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
95bfc05c5a9b4019ed5fddd9597e9cc6

SHA1
4114c2523d82a925c0263a02717f185d8f3bbbb1

SHA256
c5f6830ae54659c8664ce885aa6e6a65b2160fc00188ce5084a9a0205071314b

SHA512
f7c8dbc201fc9d119e6056bcea29274e71fceb916bef5020fa34776dca4214ad34f62afb660304f29bfc1140023a8f2a43b736d7592f111dd213977e23dcdeee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cbae8eec0b1ff27971fcfcd9b7c89273

SHA1
a65898107979ac92227b99cbddec424027fd707c

SHA256
7cb27a40dc4aa69c25da6a504fc7c272198af137bc5e4a51c09c1d5bf455b921

SHA512
1cb62d920d0abb3e87a6d7552900aff3c206749fd3948c3e37f2ee31ab02d5463a2d6fda0070b17c52123f784025a82fc20c1cad22c9a1f22a409155cfd9f6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d80b214d95c939a26d72b662a0214d08

SHA1
cb3de5fb85e783baac33aa0d276d3c4134d44e31

SHA256
6bf33eaafccaaa511c7ffe88733daf7058803a1f02f923e9afdd5379abbefa29

SHA512
da23ab1910f8770eec8320a67a55261ade4c22969705b4637e59f0788d91299a6d5401763349215a46668cc0a6395965361b72478a11c602ce1c4d1dff200ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b1b2c1f961b8884caee3da4df511a673

SHA1
cb1e6896d81865d04651e32ce97fd0ee7901e629

SHA256
6f4989c8b943a83d0d05862e181f8c91253749421101bc9206e106747e9e3411

SHA512
78206baac4cfd1768ac3028c5b00403e7370862a61e15441d0caa52672469f4c673f88c8fc42005527001eb328b16ee5350aceb9dd47616b105136131820eed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d384c056ec537c3ebcdf2b734cfd31c8

SHA1
f1e2576a9e764ec95ef8c7de2ade6b2c7e19215a

SHA256
f2de0c5bd0c4e70ffad19228b28487ec3544668dca9d990f3c6d0e5d05ba171e

SHA512
ab754484e0c50173f495f20b0bdd4b4e0d0bf929c1025afe25fa0bb4492fcd1c0977cb72eb59bfca0065392e610fa51226d1295a86927be3718bbe8d3f841975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a25b29c7953e8bc3800c30c00bc05d40

SHA1
6c58d1f2ebd0cef7f3adcc7bdca53e694f507f8d

SHA256
d9a6366aa925407ccc88f7f98d6bf659d2c646f4df5af1d6dcf4e9b2498f9938

SHA512
f65908a7f211acc1d05861d965983b25807c6eab32b18920c9f2ace06f7bcc47a5f5ebf453f6882701f477148107049e4e337ca11c52b42ba41c943049f28b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
15bddb42ca2184c041c508f4f57a9eaf

SHA1
f2a58f9ec9c495828e2ed16611cfacdf4a7f2ca3

SHA256
8fe36a420db97483688b0a41bda3b7dc4da9ce1f8d3a957f4dd6c7354defda09

SHA512
625fd9ee6c70eefc99aad4806e69c0e075bac20795b57c7ebcef46c8bf9b2ec2e3bdb97ee0a342102b7ec65e68d0fa744212279963c0f6df69e2e1e6406b49eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e213.TMP

Filesize
48B

MD5
fa5ae3e2cbe6dacc3042b886920e308f

SHA1
759450874aec9b1e23afa03cc2764f7089884580

SHA256
5cee2a6c5d129f81f57dd148fa9db43b41487565e613e4c9d1989e0b4e5322f7

SHA512
4b50a40337b56265625264e4166af9b3305f4c64661bde88cd428d67b98ae5b3e9f0d4f96ad837343cbb74d91c91067a2fc98ef31359b1b7bd4138dc2c48e549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d24fc027d11896a3c7554b631698397a

SHA1
2658da9a1f89e28e9764ea54271dae259d157a61

SHA256
82cca5a65bed04264756d2f82e7f14adcaa6fb8c95bed8a6200648d9b0715645

SHA512
26fba0f5faddcd0d8311aa020bcce543928427bf1c2317a478dc81c631cd8cfec29d1bb53e67b1e2fb6815c7bdc33feead5866fbdcc2bffd125b06003d717abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a05f1e2d7e60cc4080b104de9aa58d15

SHA1
33c3b89ea3c576592ad29ea437072dd171f4d42e

SHA256
d8949eaab738e92a1eeeff033e7d654ba09abeddb57eecc4012596d99b3989bd

SHA512
843fe36d81a2a1d6c64e983015b90cb30d11d2099192f5af06d95907c2c528149cc95f60c0175ac78cd58261e4a6bcf15ff9104b146165de2252fd2f74903cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6049825b42952ae7cc23e8ec360dba76

SHA1
fb269f4f93fb39cee2655733f5fe713d11e1b383

SHA256
e01e45235956715bc8a4857b7b23fb28a6ca221a9ebd3bf7a585b034eb8e50b4

SHA512
67b31c2cf5624922a81403551c77eb3ab32247f9b412c0e8ba8a0beff10e97fae17ed540643269a47948008ff725fa92251a663f24c79c89111520d2a49aa6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee85142b49e23539013ecb1a3a2debc6

SHA1
344b2c44d8217966c50e69b8f140e26618fec838

SHA256
dda9e316464f1d140dd78f7c606e62373316c56faeec56380dd583421e8706f0

SHA512
e33e8bdaa1fee5095cd11efc059ed274d0d98eac3f8fd0025370a04503c2cb16c7b115aca580d55b4539bc876fa54878b4733260f7e95845495d0e20335210dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9052ea6370ae7d0d2c7700656a7034e1

SHA1
adea5e623aca7c66a5c26739c41225326681b845

SHA256
6b38053d6622430c844adb6a0eeaf2fb219e0b51066bf88b0a9b512646895d71

SHA512
75e4f15f96b1c4001b0c24e58684e31fed8ef0f22063960b7ed640eac851ebd717eba653667e1b9c8f244a1c3222b1c66a8a1a395d48e6c567ead4251eb4f048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2b15fc146e2e8109f3ec669c60916b0e

SHA1
a3831f73276829b67a4637071468d5bf203c1f00

SHA256
2b9061ed4b32c9a8d8d8291a822fcda4158a8d70f83f27434becab82649bf7cf

SHA512
97d40f37b775427945d9eb25ef6df452a9257187db1811c054459fffb1116167c645df8d95103dd3de25a1ec76d86a558daf36cfc886dd6b1b421b6052ffb702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9603da3a3f00b7b968f9490489e0a309

SHA1
db0c4d0a6cc10a1f285a626fcfde4f1c8e58cf69

SHA256
183ac829e3160a27a69a42a020885526cadb6a477252b4c22b6954236b37b482

SHA512
8231b9d3425e4de8d36d4ba4749b03b6453dbec1671e9314c26073bc29622f244a6350645c2bbf3e9b5d7401a607541ff15a3b97d04455f9e56807e491721609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0b179098624af46b61716f6bb16bed97

SHA1
f192f8940a2505d9fd37506e26cb119577daaff6

SHA256
a06e99fb98249f7f14de1ecc2366b8d8c906aabaf33f8b834ac8a5d669d373c6

SHA512
6c73fac679bdb1c2d0ec17af3cd5b3e3df05597c3b72c43de2c6251d765d414c471a31aa8f07d5cf8d56d805edc0611417d9eadb0dabfc08894df7fb1857a918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
093351b8b369e4ea6d91f26ef26beec6

SHA1
fc2421c46b754c8a4f450d7e5535d3c9e4a6c9b5

SHA256
7b07faff0a06334739d50adef03c951a76951c4c3b705edd05d1f5b7d8ec3069

SHA512
398c76ec7be5e8cb54d200531ebf70325889b917a2d47c25ddac75bc8e24ad71f436383d6b302e61955f312b92192ab852ff78d0d96616785b212910a0750471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc75.TMP

Filesize
1KB

MD5
a5b9bd4cd60d83773dbfbafaae12edc2

SHA1
6cf86dca521cdc9f4dd36822c9df284fd2eaabb1

SHA256
39ce195ecf8016b6c3cdf3bd8af2d31d2998eed70a3fb2a834f09574faf21f37

SHA512
2b46be671e316ce7da100c5ecf44d1eae60d29d2f616c26307c90a6175ee98fe77d70248cee4c1e239dc2c58073bb032e3b30b8f839fd4d8ff1c79d09ea40898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfb18cd9-ca6a-474b-b3e4-fc0f2b1511c1.tmp

Filesize
2KB

MD5
c0dff0200d8d4911a98b576878da845a

SHA1
e9f1abc43b0980c42fe7bc78a96c2431cc424a26

SHA256
7eb18ecb933befbf8f71af2e4f82b46c6cb8cc3581705b57d717de1813140ba2

SHA512
c781d046b6ca29c4f9d909fb7674a3903a08bbc4d8cb69b452eda172fc9ccb97ac9ec4f646cd26f262f3f69ef7cc1df50057f162df9410f978714e09a738cadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d62028d73396a362a615acc3d879e76c

SHA1
13ccb8b9cd27097f582c8b2bcc0fc431cb6b9b62

SHA256
7c5d9f83039a97ee61ddcb925d04f84780cf658fad58f4fdd9b9c41c003c2e80

SHA512
fe361bb3456313d18333b79eea0708a25f1338fffdf9c4df2a0f6b705d8caea891180540d1dfe537d2f0d086890e6d988832c23c906abaa0a10fe8bf3205cc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f21f8aaf1b9a0a2292fe87afe59c3020

SHA1
eccabd684032dd3ce9fbbdd633ba7af3b4b40901

SHA256
057966f8dd6b5dc35176d4eacf0ff80d700a3592bcdf96c33e18600a7fb377f2

SHA512
f918f5e930177424f1f143d3eb6e28dce3905291455ad9668da3dee2d53287a329d4fb0a35e83610e48f281d21d2f482fac200da8c5e374ba41d4f231edd82f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit