hxxps://x2convert[.]xyz/

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://x2convert.xyz/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2890696111-2332180956-3312704074-1000\{2FD23E86-C7A9-4BFB-9FBE-0476C749BD84}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4288	msedge.exe
4288	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
3600	msedge.exe
3600	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5932	AUDIODG.EXE
Token: SeSystemtimePrivilege	5920	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	5920	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5920	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 4436	4288	msedge.exe	48
PID 4288 wrote to memory of 4436	4288	msedge.exe	48
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4008	4288	msedge.exe	88
PID 4288 wrote to memory of 4888	4288	msedge.exe	87
PID 4288 wrote to memory of 4888	4288	msedge.exe	87
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89
PID 4288 wrote to memory of 4848	4288	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://x2convert.xyz/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccaa846f8,0x7ffccaa84708,0x7ffccaa84718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:5152
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:dateandtime
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14743641286224275596,11536561696026245387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:dateandtime
  2⤵
  PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:548

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 1
1⤵
PID:2144

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5920

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
181KB

MD5
7d0523c8f2a44a194de34bd42be8beee

SHA1
f46afa868fcfe7c189da86e69b3f3468aab47e39

SHA256
6191b5ea83557ff03488f2d3c2aff3d73a6360521c8eaf5f4747db9809df81c9

SHA512
18e0dbac8f74153a31b0a96fcca65bf3ae7398e1a4a59a5900ef1fffc1220e702c3e1ff11dd7e994f5432a0f89ca454b89838791affe45ce50034971a43a1c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6568d5c056fd2798fe7c3541c6e7bc4a

SHA1
04810e60b8c30120742b8a875702af6e121697f8

SHA256
338ee837c692c220dcfebc62e8e25a0902cbd0df735030377ddb29b3f10971c0

SHA512
b58639599f6f9b67d5ed008c21f87cd3a5bf11ad166509c99be8b1145168b418e557d853efcca4e38928bd1a11b2bc94cf25bee5418e4b0390ca376568adf9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_x2convert.xyz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_x2convert.xyz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
9b430e4aeb5f9f234d85b403c3005b68

SHA1
b07244570712c902c95fd781914721cb53102744

SHA256
a3aa6a4bb2b8a118387e7a518d0c2d82670f1e00ed3c345d761f8bde13796b42

SHA512
215f68a4fb0e704b02253fdfdc7450e80ccebfa80968040c503c9b703bc769612fb8360c7310ce952664b39598ecfd3b770a2507e311eeaa481f2a3c7afe6f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
4ebc6e075848b0d855ef5e2515bf6b42

SHA1
fce8c6d00d3efb0481be95a631dae21bbe21a73e

SHA256
6c52c9ccfbb98043cf5c8b19ab7d8201f7f0ed76bedaef457db44f1f3d879901

SHA512
7c893e617acd4039a911e14f0b21215bbb3740d3663506d177cfaf747ec3f887b1d2552810c2c0120e807617e6e33b12989064abb93b48e39f5b8d955482d4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2eb3f64067f54a227c18ee290cf229d9

SHA1
d46056f447869f42e3243d4501403e2d626cf32e

SHA256
fe001b628dc244d0d398286d0b1d27bcdc4638a8ce08a4eea788850bd716693c

SHA512
55e3ca733f309eb381a345aad37b1ae8d0f61fd24449c77d4d2601ea37d4e5d4eed61dbb762e7dbb4502993dfa47b9e35fef63d1d155672749ca44a367bcab52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dfa3d7496eac084ada00fa9842f10a6

SHA1
a960f97f0d187a70f50201253bc9d78ba0caff19

SHA256
85cf52401879b3d420e8a7009567ee788883d1b51c6bfa6f9e752db707b5949b

SHA512
f04177950d665b17cd31210ff0c90f8e4ac81f377e640c3b5998a0c61098194e5769fdcba414488f779b6337fb04ca40cb54d283b1796764ecb8dd8530e48318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0853d5f3cb3642989b5034d7ac74073c

SHA1
bafc32d820e0f2d3e6c6676301fe852b21c39823

SHA256
eedd4af76735d97d3386077c83019f7baf9f51ca21528806c86e50e7c0bb70a0

SHA512
bc5302cb51bd233cf868d76aeb51b5e646d8689137e262858d8e50cb82207912e2dc03435c497c003e329ea79fac8b4b411b94ee72dcb0274f96257b0f575ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
662ed18ecded4cd44d5df31626fd0c28

SHA1
ca6e6b6190ccc70cca2890326039ab2cc3c0fbce

SHA256
edbe39e9b0d43c75d4a6df9859726ae6c43d53672fed675f55b2791e50df8c4e

SHA512
4d3067f12aaba80db4e0feba76208825457e093059b2b58b260a3a3db12f1899ff974392db902af5726e52dc62346e6cb0cc934bc6ccb6aa0164a54db63388dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
311527b6fcde42cfbffba1eb98806acb

SHA1
c059e16804d2293fc632688fccb4aea95fd466db

SHA256
586a2daf7378d54637ec4e1fea85ed5d2f91a34bc6e616e9c0624484ceba305f

SHA512
17b167a33b8d7b8ad5c39df82391a39bdde5ca4ce96cb129e69b7fdd1c05692b15cc11d4adc3402e93fb4cf50945462ca54137d11e2e16486a18ba47264ff8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db8451d4-0e7f-48aa-81d8-5f437ba57299\index-dir\the-real-index

Filesize
2KB

MD5
788c8417a4d81dc7e4046e59dde0eaf8

SHA1
28a5450457cfe42369ce3a833f8046814c046732

SHA256
aef54715e5f6e6649be9aab38d853998fad628806a22860865ae7e5bf4b3b1e6

SHA512
b58b055271cd6266029c5109b539b9e70568dd076f3d63d08c3eeb6bcbda4ffd0eab51aecd633523eb6788b04180b14e380d5fd27437c632836724c98b2c371e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db8451d4-0e7f-48aa-81d8-5f437ba57299\index-dir\the-real-index~RFe5880b4.TMP

Filesize
48B

MD5
c812c6e7f0924bb38c12044d689efbf7

SHA1
70a2c03bd62532ece1ee88914ea1994a80827fc1

SHA256
8873c4188b258471e0f2ba2c2692e467e1549848be5a6bc2c13853b90e631d3c

SHA512
aef0ba99e4b3cf7b320373aba07b25bf3be2244ebc29634fb9bf635c679f9ddfac93e53b62e67d96bd224b0c7d786eec3c4afafdbc6b7f2c18e8bece991e4e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f80780ec-d406-4cee-add0-21980e41f2b6\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f80780ec-d406-4cee-add0-21980e41f2b6\index-dir\the-real-index

Filesize
624B

MD5
1f89271a7ca6233e3d82636b89ffe7d8

SHA1
df3e511b4f070fbe62552b10b537effa22fd3c92

SHA256
d3d82c55db8f6996665b780f183c785f31d552c5825bd0c3d7a8821f0c046797

SHA512
b67b87d6e7f89093afbdd96e2b7296a39f024883a68b3052dfe711f96038b11ac1c85ae35f51e544279c6a6cb9a180b8c845a983a5095a96c38f06ab8134d0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f80780ec-d406-4cee-add0-21980e41f2b6\index-dir\the-real-index~RFe58560a.TMP

Filesize
48B

MD5
5bf7337dfe74d4c389724adda6132ba6

SHA1
8d0e04c62633d2f4ddd1370e42300ccf36f5fe8c

SHA256
e17f4d56cf87e7848f7ce1b99e13585bfa678ebf2fb06ea93a82f4d9298517af

SHA512
e0d26d4e8e81c4903412a1cf1fcba7ffb96b3cfc5e5cbdf3fd35666acd13aa457fde32bfdf2ce6de65e5cfb3ff12f24577aeace7042c46d721bb5abdf9625ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
2a679c2c82a83fd70ab06c34ee64eccf

SHA1
5a1fa22c9a2361a9b0dfb037aae93e4be0a3b836

SHA256
c17458cd8639ee424bacc7e87f81e0d1d446f684e9ce80dcd4b326bea906d90e

SHA512
531c039be78f9c58d844740c16dd2b90505b4143ed93169b3d6d60a6fa9c82fa8fd5a4e74e9bd4dad0def6840326dbb31c82127c0b1c75a549d330c7308dbb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1b33fe86ba60ffa0a850148f04149d1b

SHA1
cb6bcce9e3f308aa183fa142f76cdb019eedcd88

SHA256
c2ec2c1478fea0fc61ad060c82467f291630508c2c4f4eeeaaf00df350a04c63

SHA512
37fbab1f732133253d37bf445793f4fea0f15bfe0e4be1bf8b9ee315f3c3a184b9d1cdb40dbf3a8d904b3af13d947864b27d4be62221a88f5214931edfac7a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5cf15a1c5c51c0c6510433d6a9b729aa

SHA1
d5f44b2208e15cb80d64e8f36951e95264d54087

SHA256
ea6da7527929ddbf54f4a5951216f35bf131a91ebf53191a4be01af7c061871b

SHA512
691dc05b7690ac88d7f105cfb2eecb8673cd3ba7bc18c9b593b526d55e5f39d33d4f37a7a6d3e392704f9f80c6e1c8d3a5f4d99b6c4e4d1558f9000950f14555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
1b8f80be5515b4ca41db6030a3981fcc

SHA1
fdf1a7b4db381d9eaa99bfffbecbd2dfd8f07a2b

SHA256
1da2e5282faf29ee622757ff824fd189d5e327f164de3bb14f00c5a797140f3c

SHA512
de0f3e7e1c50f95ded9fb7a4fd4a9ee30005102dc4deacb61143ad5fcb5d5f5b593251cdaade6b768777bd46af62764a7843c0567c1d178e3c4c3efd2e809a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
18eda86a765223b1fbb4b5cb285707f9

SHA1
5105d5bf5c16c45e156676f1c03583a0e3c408e2

SHA256
e0ab2b679df51b4e0b0cd7908fc5a46184963faf309c648b357f08d5ce8d9cd5

SHA512
38ddc5f71ca51c96d4bb917b9df9cac00ccf89172ed0d471a676d558f65340bd65224a28232679b9b046262fe02d4d903a033f70f6f8078ca888b4e51e17566b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8c5e6dbbcd5bb21af14a0dd40e62d545cd149782\a76334c8-2674-4fb7-8b4c-d36a7c3d248b\index-dir\the-real-index

Filesize
72B

MD5
ae6aab1578290f941f199ba514ce6c54

SHA1
a40a91ad0b0e2b06aa47bc4df4c61e04449c507d

SHA256
4279e2d820bfc47c2d691a9b9ddadff28fd38acea9815480eb624b9bab5dc20c

SHA512
49060584348ba307a0f3e81a90aedd652141a257c06e2ed2dd381995bce04e4360101b6940f5175c209f720bda3f2f58f93bc7798690afaaa94a9a790e646105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8c5e6dbbcd5bb21af14a0dd40e62d545cd149782\a76334c8-2674-4fb7-8b4c-d36a7c3d248b\index-dir\the-real-index~RFe57ccd5.TMP

Filesize
48B

MD5
911b0a2298b26a0117e1d92d775ce34e

SHA1
7c4e52b80e02fe3f43192456d379a68ac4ef032f

SHA256
2beb0498bfe843e562e44515dea4bc37d0398c5c26b39c36801143d14cb24b12

SHA512
20c01f92bc4e893363908b5fd9219870dcd3d0f3d0ef052f27ee564671ff13f91be83fa4d1cd22f0d28d446890c5bbb97bd88d3cfcc919b5e3f8c32b493df787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8c5e6dbbcd5bb21af14a0dd40e62d545cd149782\index.txt

Filesize
95B

MD5
94857c94fdf1b4b020a359d9782fe778

SHA1
32f703f1941c8cdd3f4480684b7099f5827b15ca

SHA256
aef0d98eee9ae63f8f404047927e4ad967aa8f42f7aef0a9e08f7898b8c42577

SHA512
adce36c670ab9429a5aa5d30a1f53e9e2b284d9626626cfe1b5601f8b324236b4b450dc4b6666a4b9098738ae89cc282a2da23516d651f9304f48d179b36ac53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8c5e6dbbcd5bb21af14a0dd40e62d545cd149782\index.txt

Filesize
90B

MD5
284325ae83ec4559f0f6d853c238b336

SHA1
93331b945cefa4169bb7bc3f753f91e6d279dea4

SHA256
de32540789ca308544651116e476a1f3e85477c282c3f39b5feee9253078598e

SHA512
607896679979932a466a0897da3219327a8d106e307ae925a4622fb7e11f091eabcc28c564f46760c0cda67625fc918d1874257b847fdbf29a7b6b0b8555f24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2fe25d65731a4939337cce7a039df810

SHA1
28c47e1a921c0ffecc128d457df69793a742617f

SHA256
5675c6eafe2786cb426b6a73d34fd6533fa8942b9a5753e3e9a2dc81b502fe97

SHA512
b20a42385aa2e3bd3661982d2a7631702680c8d04647e99c7ab6b8dc8b5b21f91c144b0a1698cf5e8a7adbdba5583f51608149a1c6cca3722b652500aca57223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
ad2684fde1791454355dde2ea9d37f1b

SHA1
a3cb098c6e2bbbc9426d286770e6b283ab5ccb39

SHA256
6750c073195ddce3097a1066749ae9d04bbd27fb3005f861dfd63f8241127e6d

SHA512
4c37a557533332e97618a56491b3711b811d6b34ea14fae598b88059d26c69a31b8bb912758f95716cf05ad96fb2d7d97d4ad888c7c4556aa6714ae791132f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cbbc.TMP

Filesize
48B

MD5
4367ab56e79f8cd9b1dbc35358b8758f

SHA1
cca4c7c61d232597c622b6700babebc37b03d018

SHA256
8a9cd418be111abb239e0b377ab0e03204aaea109c473fb0f2589df17a63facd

SHA512
eb23dfe1942834c94c93ff434d638c5ecd4b3b7f7247ab04a41e3165d7497253e6dcc2e0be19a2968356050685a608e31b380168b40367a598e19a2295131e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00f4183dd4aae3819a910320a16d0384

SHA1
2c4fbd4b9a8db6f05b235157a848aa7fa9b65a08

SHA256
af0931028741f2cc4000c88d24ea19283703a9ddee78e8b784e29e69b439660a

SHA512
ecd9eb764b3755cdf2af3c892ffba32c8de86df7cff1d326c78488c4c9f545d3cc9ded9d09daf60c1ed5f304c92698eb086a25624ad03f286d08e35c0e4e5130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20f44a348cb926d8f77d1e4011d261ec

SHA1
3c3ff26bba206974455f5deefeb5e3dc54fa3f3f

SHA256
b3a671090f2949d8a5d927a469b1c3b7695c432e7a8b47bdb9725ef24f7b52c5

SHA512
a7461c8960e55d319c3f87814127148cb77e9b1c89046ae1b379f26c8e529370995329b4057870d607e3ea1d01a510fe04f150f744b4ca4e3e603b77cdb890fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
407dca260a4bcf607d5dd3b61bd60bb0

SHA1
c51b2b98041f4d794ec0608f3247e5a1c7d316fb

SHA256
3e46a18868bc5239f8ce629e225e5c35b041cd37e66ec1e1e3618779dee18eaf

SHA512
0c30aa315c42ce1db83e9f8bcae2b06c12c3a0af08583a40684c64f68fc29dffdd6dc9b0806a4bed14a2917eb43cdd621700ac6ecc0ccd6fe302233fe2c4aa74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f760.TMP

Filesize
1KB

MD5
6467973dd60a23b7e519fec82291a5b7

SHA1
365f4e7b97d76d012211fc1fb2892d0f9e678341

SHA256
b4738faad09dce245b4be177c76f21c2248d2b1319331cbc9a513a8c06f975ef

SHA512
a3c1200735d25e125108e9382a823d666047c69f2f0c4d48139e43fce558580b61151fd88b1c2f6d21201fc169646f4817a61e8951ab72340a9d1ba98640b405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
537a23c3ef9ce140479ab2cafcfa5392

SHA1
857b61578115ea628e7c02318481fd72b7f43711

SHA256
cdd5b199fedcc82af61951005f77eb13ea1726cb10a09a980963023306bc63ac

SHA512
ef2420947399a824652778e8e754a5b46b74fba56612886a0ca8903e4140637c712fd0a02a71c7a5dc2d5a25ea31d685b109f7a918a2c9650d0ad9703885c814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6f0560c8e7b8bb6ea24253d01ef78c8

SHA1
476235c4c53b310ca61f2ef76475e537eddca399

SHA256
2eee04bcc4abcd61104c5619cafa59a6ff561022af1c8bb8a0b18374fda0541a

SHA512
d687c7fa96c32575f1627e82772415e00e04e4f59224d1b23e82f91078ee3dbc1e10bb4732b6b00e7fb158e2d982543c36392ed9f521712e9131e6ca7bb29e33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit