2fc5195f1f3e184fa69ee23738987a33747bd904b5cfd1ebaccf0fce5cc0a031

Resubmissions

18/05/2023, 15:11

230518-sk226abf7v 4

18/05/2023, 15:08

18/05/2023, 15:05

18/05/2023, 15:02

18/05/2023, 14:59

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Word Art.png
Size

285KB
MD5

5e1e55ce7c0e73d9aa5c24576d2bee38
SHA1

9998739431d728d3c53d6fc5d78a885a41a83cfd
SHA256

2fc5195f1f3e184fa69ee23738987a33747bd904b5cfd1ebaccf0fce5cc0a031
SHA512

95522315bc4511cfead41f34b80eb18e4b75c6ae842aed488d5b4b3fbdc5b6dfb5cf095c4b8b147f178f965269f50017b276c90df274dbaaa6c3a748570429e1
SSDEEP

6144:Rz/OcxfSfMFUxMAOtdgVFn8tVcIFKtunpO2A9itU5FIXwibFOw3MpujR1ZT:VpxfS+fdtdyn8zcIhZhU5FIvvBB

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\01b2592f-9bbb-44b5-9d54-cd27b84ef815.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230518170924.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 465703.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
1524	msedge.exe
1524	msedge.exe
2444	identity_helper.exe
2444	identity_helper.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4384	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4384	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2884	1524	msedge.exe	92
PID 1524 wrote to memory of 2884	1524	msedge.exe	92
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 3644	1524	msedge.exe	93
PID 1524 wrote to memory of 4836	1524	msedge.exe	94
PID 1524 wrote to memory of 4836	1524	msedge.exe	94
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95
PID 1524 wrote to memory of 4584	1524	msedge.exe	95

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Word Art.png"
1⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2ab846f8,0x7ffa2ab84708,0x7ffa2ab84718
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff64cbb5460,0x7ff64cbb5470,0x7ff64cbb5480
    3⤵
    PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9380193562619576714,11751423149966980377,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:6048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x448
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15c4c166-7399-4053-bda5-5f7f668ccdf6.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c9efb03-7249-4eca-9fe5-78f23461eaba.tmp

Filesize
5KB

MD5
f171277493fa0f5d1bfe08df31676c98

SHA1
dd1e830e9362880a5e62b0e1e731f3ee20e14a21

SHA256
35cfb219d5cb372f7c3d1d3ea4ee529d5bc715cf5ca86f0083b37556dacf0879

SHA512
5ffe53b5340c2c1a9f91756581a0651c54de26e2a287222f344ee3f13746ae1fb29c29d3fd8e1c78dee395ef4f0f4bf5eb59bb037528fdff7397b73c329c3481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
97KB

MD5
34b97f8b9e4296af5238fc8f67586b72

SHA1
e6c4b92901c1a9d8aa6a7247143c2560a90efaba

SHA256
70c158c98bf7abf5e0bb3167edf6ed0d378f9380fabcf281cf0fe59623a0c774

SHA512
0df677459ce64c61aa109aeabcf8f91e5a19a98ddc3426818d5cb256e05abab604b2455296e83fd4687798f6f241d470af431ac9e153df95283186c28c3ab4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fffd65bc71334b8035c9fe61092ddabc

SHA1
ab95a815aa61136928875e2e7849e3eab3461cc7

SHA256
3faf5c43620801bc221df30651a05a1636891a1658e3980b2293cffdd656e740

SHA512
c75d95d626c610b748c56f562e46b9b35ac536a2cd683b76bfc71c18626b40f3a0c9bc0a23ffd226dc50683aec419c0b26a1bed2a5c82663e24816dc3e8337e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
71592961bfff984ba9a3b12ce5f7587a

SHA1
c3dc5394db424b858a66ee9a68335bf6c660f644

SHA256
a76029ba73d04ebe00761962b65e6eca0329be3b4ef4c05b301c7f8514d0ef89

SHA512
52830936c1c56b88f3303576ce575bcb210faa6c57deb32263432a2e5168be91fa08eeec6c41075bd9ccb0568ca54645a2a5be8d3728569ac2ae724cb8a2061f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bba2cd9d3ca867b8cd14b7bbebb0d49d

SHA1
2bf28bc4e44ef9cd189cddaf6eb07c971ee620bc

SHA256
42c3da7c96e2649d790db70be707f1dcb90696c3e41d2504e2d0df433950a710

SHA512
b6a838c4bf0b865fb378941a9ba2f971a9a81fbbf0cded7242cb1cfd0e2281c253a9f49b0e2990dcbf2c4601d2895b99d69bfed122513d1846beae6d68f3169b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0db00db87070dd147a9179b7be4ec23e

SHA1
c036843c735de794bc9bfa6a54451e4d64314af6

SHA256
e200be1b70c1e2fa3ae8eb6659e07782551d6eea99b59788ee7c1ccbd5214212

SHA512
f9a7fa602f69a93e54d6f29131515d525f0399bc4e5b9234fa7094ceb7f65c1c1dba8c01ca81ea16a6d10afc98fe40239695dda71380a50a363b17f450607da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
f0dfa907573d83a67e3ccc132c1b801d

SHA1
fb3180a5a52fffcc3cbb115e7c5eee6c7429bac5

SHA256
2dc5db0c116d04e217a5a542f1a3367c23a5ad9a74273b92c4178d04775c59a5

SHA512
a0aeb17647f6d179ad1da559f236877e7dacedaa221705d208bef0773599bb7e3642f1de7c4f9495ca784cf0cc7f4bc33a622b73aadb6a543db57b67436c564e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d153dde2c47590b6fba0785b6aaa2c6

SHA1
e349bb108cc36fc85e54ab71b0cf80e6a1f7c110

SHA256
1290c3676bd97be1212789ae584e00c27812509ac74c1e4d42bca2b025e0e673

SHA512
3bc5089af5a37f9b0ec561558b5a07ef4dae64c1e0e861aec1e3ac471bb34823eeedc76cce8435fc4c4298a1d58ce50b901b0aa71d9acb486d4882b80e380136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4539609dd3626fd683b8079e6fa3f8cc

SHA1
3ba3639dbcd0249f393a2b6b7ce50db16c372463

SHA256
16281b3d29f403e96eaff6ddae713eabd77c3a103704d49f5b2a84bba79dc3b7

SHA512
07a895f5613a931c2b7f8ad73133891127d2e93188bd50e7ee73a8ec705ae1ca77dae24a0e1435f69f728a8c898eb760f455554e8e33eed1fb6ba388e0506762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de35b7d6cca6cccb142829c584e2a4a0

SHA1
b7f02271500c1db813b1111948c5b8e88269c37c

SHA256
5623e5537c6f6ac6175f4c6d330f6a069e29b2a107054d1f1629f57aea1b6654

SHA512
fff465819005090c0bc47b7fea7dccb1738abe71d6e7860513712500ad21633bcd2d8e9710109f187b18ff0586853189a05321c2c3bbe4649791fb065f260ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17b80d97e035e27d4f733d640406dae9

SHA1
8f7161903e9de293d3f1bc440c08e80ae5c2f5ed

SHA256
29190fd023e2dcd52715ab86d90be8080cd012cca1fa014195c97bb688f68b89

SHA512
b4f05af040562ae6b193a1a9f735b43a06165d493fa05a7ebdbfe0191361a37e11f2c53c0be73a66a1ec57a73391d68afc3cfd3bc39b32fd2a187e228f747d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad39ecfcf3761701ba8dcfc6fb9b2b75

SHA1
9c2b3d687096bd71a4b2beb6ec19932672aa33a6

SHA256
86bd5730f173c0f41449b932fabf7cab8bd20c02d06fd84cce0850b9bd9c6cba

SHA512
59f08d9cde6a643cc8d93a31f2505f169eeefe7afcb8c4459fc083ead478daaa1ab4d0fecfa74a7f8de958d4c37629b045150492489f9fd88761bf4f3d94bf32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d16014d2189c7b0b87e7d3ac1d2479e0

SHA1
f4252fe948c7c39ba066b6be5a12f7b5b6f2c35c

SHA256
601a3e337eab069c7b3c89e27e57fb046ab02025a0bb73a4dec7e2526ccd5ca9

SHA512
0b8bc6dadb5ef0c7c2c34458a7bd9a6f0f5ec6c52570fccf01463b5079a9620f752ff36d2171252d273b2b8618b4ec2d3b361e054b77ccb7cdf095388e4406d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3d874cbf2372e29aa7bde5be5e1db4b3

SHA1
a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

SHA256
84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

SHA512
8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc3806c1c558244c06f9c0bec115e3a5

SHA1
a380ae78ae944b493bd9acff5f2de993365a643a

SHA256
e06a3b46b88f2d5966555f29171f24f67394e328c0f32e554b2a57c630ab9a7c

SHA512
394365a2835ca93f8b59d7d03d608c18c6254bcdf259371b61058b1a2f39582c143749ee7afd9ef7f05c1bf6865a79ff8f376220a10b6f17e0b179729991dbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d2b16af201e36bcea01fb05a97dad8fb

SHA1
10f37e936e0196ac4153c80ac85ae8ea9b2adbb8

SHA256
8f519f3b75ee879eea9b62e2fc099ff5e4bc09a865a91b68530dff3896094996

SHA512
411e3a3784146e7f69174e88921376c9cacee234fb978ffa22617acac37286512e985b6259e23c3d0d8e354b17980c2c73d8b84b6fa862864f96c356dd48acf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6329c10d362356c3c926d671399e2e2a

SHA1
1584b0e10d2c916a851410f5ff39e2e8b6c7ab99

SHA256
d820f4ba700d59f0e915b18b2c6268cec2190ed22ce6308d4b47bd328c468915

SHA512
c6d7070062fd735f215fe2cd1b100f40add669d8f93a364b7d1a486ce40710e7e1941b7c43dd0cb69734599f33ed6354b86505d33251a8430ce0c66274a68690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f83f0d44517a1a517e5df84234deaf04

SHA1
1085d08fb86047fbbb999d7568aae5241c5f9d82

SHA256
04bfcb43f587b032a4552d25f712f0a119cacff88c346122c82a56850396bbfb

SHA512
1465be8a0682454d4dd8d97b7831613a27ec15210f76ff49db5c925c83e4e4302c7e753fa0a9fc6eaaf0f06a8ec2f7d2425deecbf424b9794d2461e71df0f5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2ee316d5c0af3788ee74aae7d890fb24

SHA1
12cbceef0bbaeb010c512909bbab494e5d24b303

SHA256
130497768c1bdf630c8c614766926377511d417d2d6805508c7b973d2bc555ef

SHA512
cf87649df119956e202e95f259d5d6ea4a68c006bab8c0ee831a826d1eb9be131dd6a25c1f9f283075338aabce1ca590e0041409bf0fb570f1549943ac7606ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8958d090a444e7969efaa02bd36302fc

SHA1
4c71b1cbc0b3d81efc65d680ba36288b71a83281

SHA256
22572a0cfd0ae4532066b87bf76f4c63d377f11183c4b8e2af45dc1c65fddba7

SHA512
6cee4af16b7217faab59c047a836155c22453d4d43730a241fa6191462b0071edc5e899a0f918db99aa9bfbc90ce291b58a883292c67df078bc1f7e08f64b5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e0a0413978471115593920a5f06af9ee

SHA1
642df722f47ed000154b44412117a79c2bba8818

SHA256
46845f159e877ad3a0d5d2e18a7d78f2d03470338aab6d05599a4d70502de296

SHA512
c734aa6f476eadcb9bed64aa4beb78a33f7908255330eb8d88a22c0b07b9e0e00d73b7ed7bba010f3c021bd7fa38ac7182b646f3a52fb2d06b18cec2e5cba26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bab74f985047767bb3b1f41016a02c2f

SHA1
feffd82cf3bdee98e75811e3e4d9eb7d8e63f70e

SHA256
94fcfd3565bb8e86e046e721258b85e8ba95ce067b0976ad5f20df060352c0cf

SHA512
cb75274a7ba32b80904b1813ed01d2b53e4bddbc23bcaed69a0f246c8f1dbdfb755adf3eaea87ddb442f026cd8e4c1b0e34a1975c14da7c26bd8db3012976157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe575ed9.TMP

Filesize
2KB

MD5
ece88617b53167db8732238bd76727e9

SHA1
27412dfe7aae569190f4d66c154caff207374f6c

SHA256
5d7bdb3408bd5abaf2afd1dded761a8f6cfdd230224aca4158944261589a4bfb

SHA512
b61c199641e138d15eb284e8f7487644275135c04e1896250c8e1f30668ee3899faa27ea50a5e3a1dee0ef1d2f46a94c7a5752c5e9efe828cfb09a90bead29b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ab5dc2cf33faf551bb5fe061121fc8a1

SHA1
9c6a72e8d3e77a223905996f30763ba4933b5f8c

SHA256
d819d577861fffc512ca0855a918176a5028a75c9dba8cbd53d25944bef5f610

SHA512
7d30c5db24fb034f3f0483aab24d5ed047c8ff160cd2b54f8ceeec3a1d50887384e7ce7ff38fac15b52c70d2e195db37979ac4ee5ccc4ddf6473e74c58d8b5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
54354876b5fe895ade05e56ce7bfe7a4

SHA1
096ed54104280548f709a66c400b0896562fe59b

SHA256
c0b0204f4ac7500c4140a5919dc40e5eec8c1b524121ee6d7a02b69db536141a

SHA512
129ea2c9d68b8f0633620ecb37b2add0cab8d1c98f48b9339ea5f8b23f9a0ba31a0ad1d37539de02d807cd8c77906487c10302a8489e171d58024bd2ac21546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
23f4b72eb8dd660a6adad20dbdc62601

SHA1
fc36c356e50f0dc4a0b7bc40ff8cac952d3c8204

SHA256
dce9cfa43dfcf7c7653716056994ff71a5aebb4a3398c1225cc0739c05561ad0

SHA512
28fcd7fa68474906b33b36883c3d018349ee187a4b2870389246e5c85adeedd419df13e16d8895450f417202db41396689b4501f1f8690fb93a934331a0ba2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2f5147748ee1937a4798b5bd2d82738a

SHA1
d202cb07f0be7be78638d7b7034ed2eb1db3dbd9

SHA256
8568b744fe97bcc400c76d0823866f7f3608305313c0f880163ccee95146441c

SHA512
7e5fc6870a0b28b693d25f347d3b244efaeb16f238e1750f72a72d9c23dc20a28fa1b0c0d7e643c278cb43de51508f3661503ddc835cae8be29a80d9e7f10bd0

Download Submit