cc97cf6b9fd7f6e12d4fb0a15ffa031bcab7509cfb04d3761c965c0986304cea

Analysis

max time kernel
148s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
45	discord.com
46	discord.com
66	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_695889363\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Part-ZH	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_44151807\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_44151807\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Part-NL	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_695889363\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\adblock_snippet.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_44151807\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Part-DE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_695889363\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-gl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Filtering Rules	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Filtering Rules-AA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_695889363\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{7F9FA629-278E-4963-B783-ADBCD7D15701}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe
5552	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2832	1112	rundll32.exe	80
PID 1112 wrote to memory of 2832	1112	rundll32.exe	80
PID 2832 wrote to memory of 5552	2832	msedge.exe	82
PID 2832 wrote to memory of 5552	2832	msedge.exe	82
PID 5552 wrote to memory of 1708	5552	msedge.exe	83
PID 5552 wrote to memory of 1708	5552	msedge.exe	83
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 3236	5552	msedge.exe	84
PID 5552 wrote to memory of 3236	5552	msedge.exe	84
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 1228	5552	msedge.exe	85
PID 5552 wrote to memory of 616	5552	msedge.exe	86
PID 5552 wrote to memory of 616	5552	msedge.exe	86
PID 5552 wrote to memory of 616	5552	msedge.exe	86
PID 5552 wrote to memory of 616	5552	msedge.exe	86
PID 5552 wrote to memory of 616	5552	msedge.exe	86

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x234,0x23c,0x240,0x238,0x254,0x7ffd3092f208,0x7ffd3092f214,0x7ffd3092f220
      4⤵
      PID:1708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:3
      4⤵
      PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2316,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:2
      4⤵
      PID:1228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:8
      4⤵
      PID:616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3396,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
      4⤵
      PID:5172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3404,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
      4⤵
      PID:5744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4996,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5204,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:1
      4⤵
      PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5940,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1
      4⤵
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5416,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5648,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
      4⤵
      PID:2376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8
      4⤵
      PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4912,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
      4⤵
      PID:4424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
      4⤵
      PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=560,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8
      4⤵
      PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6856,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
      4⤵
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      PID:2676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6472,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
      4⤵
      PID:4112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=756,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
      4⤵
      PID:1012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6844,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=124 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3980,i,2824678379354822498,14215229310308634774,262144 --variations-seed-version --mojo-platform-channel-handle=1288 /prefetch:8
      4⤵
      PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x408
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1539841319\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_2036091028\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_44151807\manifest.fingerprint

Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_44151807\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
358350a5a4ea6122e22946c4d86822b7

SHA1
215fd98fe9ce7cb4b8a29a6d5f0af9fd3d1d8ec1

SHA256
b09e501deab5af0f754d55d5a6cbed4958ba5201636a58d349496da21898b411

SHA512
a5f6ca30d4d307600fcda9b43ea97c83feb5d58a45b0e7715d81c3773bd88c008433a1e07242a214352f47d96bbb73c5fc0de55ddca342090c495c19985367c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d4c73e69ecde7783242f76a15417a8f6

SHA1
7f822e960e47cfeb7fc88f8e83804f2e3cb4c620

SHA256
73a53bb48c33b4c2573b761aae9a7d526adb20d4eec978b69415f3f58a4159d1

SHA512
34a64f4b94e82c49048ce53a261c4b44bc0e5c4a422e2289edfaad7dd5c49c390b3c06dd7557e75764dee27297213855cef4940096ff83e5bbccfa98388e8a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582f0a.TMP

Filesize
3KB

MD5
45f8ebfa2a78df2105329dd27a7bbdcb

SHA1
cb4b5c330ae8a4622b2acfd222c4e172cb4fe8cf

SHA256
ea27a66cb8bcdd62576ac9617079558fc1e5fece434f5c7d12dca520b4a9a7e5

SHA512
46244ddcc20780aa9862b3d2be7a7232e6d3a500c3bd9f4c39c557e259e7edea4bb74d015deae1217037102e582d22d8594e4ccb8873d05db6e780a4ad9421ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
704a54583609940a6a9bac228069b0ae

SHA1
6a34e712b5fa81d1835391910e2026f167507eb6

SHA256
ccb84fcdf6579ecfaf0becf282146081516bd117880bb809b53bdc6d281f01cd

SHA512
5c11a98ab1095d70dec55ef0d923809f2b1cb09b549ecc285178147570b1f1e210b9456d8c03f4c064cef4e4ea39eaf71f155dcb505be0a79a139d0ee2c746fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a1977ca93f12e43560cd926cc1089a01

SHA1
90f804054fff4d2e2158bdd42ec18ca214b01871

SHA256
b475e0837419f3f16971c1268820fc81976a9b68b00c38e09729ffaea356d207

SHA512
cf23c5952dcf81bf9ff7fec19cd932b6621871c4129b4b90d5a780727ad5196dafaf55536e9c78a25e02c3a47f50588fc81a45ffe3b2f37fe5a24fafb7b2e433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a916bf3b66fc3d0c6d511e8a4f492fc6

SHA1
8ec975943282128652faae667a434e9feb34f998

SHA256
cf49828e0004bee79927eb66e712b56300a86751f8cfee36191dea5ac405958f

SHA512
dc35df008b7e710ccf0efee2a4f289f1f039a92f1270c48bad841da6e3bb212a3f8a003df70556dc58acea80747944e365c1e64c9cc61bbc77391ac97255da40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
59c147a52c7094a7f62605584f186709

SHA1
8de8814fc8288a83e91f29cee9a09452cd2c0719

SHA256
870c11a7742ce086f258f326830553e9bd6852f412bbaa1fd9812ada3d941bc2

SHA512
326ee8520791a7ef4159c2bc5252df2cc20106c1596bf0dd37d330cd601a7aafb09d87c7f8d09b8c907fd1b37c447ad9ac6511307440045969e2d35cb886d7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a70e62ea-c637-4353-8912-a6f10719ea07.tmp

Filesize
36KB

MD5
274c08a4a32f8f31de2ab150d0165ced

SHA1
a608dd2b13e842082560e1e9fb29d930a909b766

SHA256
e967edd0c50804a56f67e7dfac9329b331eb314edc580642e9367399cb7fcfd8

SHA512
f74fcfbca59efcee052ed656cf71b02610415ad47ff557f899147b7b86d1ba209914be6e443a5812e940da0d26efe39466b0a601fdbc23012bc62d31efcd2aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
82a2749faea30598c7eb5422e3e75408

SHA1
ac23b6c6723d3a3462b7175c3cbfb927da7dc31e

SHA256
a9df65494c77cf1eb6b22618d53e6fb4700e1402390c42af8fa383323f20e9ef

SHA512
f52e73321f3394819a60de8820e54bc0e8431e143bf012a8127398971c871254a1a2bb6d87fc5d1aab51bc3cfb3f3c56356fcc45fbdb96bcb309b8ae6b098fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
65f504ea04e464b4a308494538165940

SHA1
afde4b8b0a67f28f40a96a35562640c46e489ac5

SHA256
475c06f05f49c85e5645b0aa0122a91e9fdaff571fe9563aabc9c163a1cbfa52

SHA512
3260ad5c1be919328a02521316f87787444a5f1cda325c6dd71428156899369d5c1dfe9e5a2b6532fbbd86705c70e5f40e3826259cc16657a99e1e8e5f80f916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
967af0ad377652a682c9c473cce645fe

SHA1
cde147ec89dae60dea383092c2e8e44e6b47cff1

SHA256
32552a20a79c5152aeadaca1af1980c7a1662eb9cd73c4018f8b419a687b66c1

SHA512
638d26453daa0e9ff2dc2dbacb372c06f1ece721c078a590e2629278f8657aa947c9b2cfa1aa33f7045b9cdbe083a2c61f8171292624896f9c23810724384e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
03f59984d2ee6d6b6877e3167dcf0ff4

SHA1
aa755d4f2d84bfd7e9e0d460c05ea47b662f0ee9

SHA256
256d2c1c50baa71f0186a0422226cc73452cae8de2ba98d24007341bdbb17d4a

SHA512
e59c4415e10836f6535c8de384b60622e50894ec15e1cd97bf6596b340a6b1dfe88416ef8a09f655cbb063645aca2b5df2526ebd127ff6bb45a664b2dc86e477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
7de23cbbf0f43eaf506e8bf309259c9b

SHA1
253909e0116cff6bbc37ac51d3a9503ddcfc0ce5

SHA256
d7749ea92324815f0399d7e91f20ffc3ae7323d28fcb671c4c98131a4d2fdac4

SHA512
a0c4335bbb52f289e0296f75bb7c6072be82ce5dd8c7f52de642520fff62a77ed987cc97044ae2907fc04c909817f5c5ab2e0ec920aebce07a0ca14a4f50b2cf

Download Submit