31ed3580e5450ec058e207d2357217dd281f4f8175496c771b106a65e3b78e56

Analysis

max time kernel
1785s
max time network
1794s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.jpg
Size

5KB
MD5

31b43a14fd8432cff162559909983011
SHA1

d1012e357f04e686b3d783df1ea6030382ca2abe
SHA256

31ed3580e5450ec058e207d2357217dd281f4f8175496c771b106a65e3b78e56
SHA512

3a090931c81309f4ba8cc1024467f51f3f09bfbf38e5e44f8e0b1701381dd1c75ff132766da5d74cede0d881d24d62cbbaf38f2bb148199ae68d6bf760de0ba2
SSDEEP

96:5k1LUyoZoeQ4A66LbT1AHG0AyQCDE+S6y9HayMFgqjTozPyRUVhz+8qf:+1LS6H4ABL6AyQCDdS6y9Ex/ozPyaV98

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2231940048-779848787-2990559741-1000\{E1427C28-7C82-4E23-AC6F-B199B834BE41}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
1236	msedge.exe
1236	msedge.exe
3000	identity_helper.exe
3000	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4320	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2524	1236	msedge.exe	108
PID 1236 wrote to memory of 2524	1236	msedge.exe	108
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4084	1236	msedge.exe	109
PID 1236 wrote to memory of 4244	1236	msedge.exe	110
PID 1236 wrote to memory of 4244	1236	msedge.exe	110
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111
PID 1236 wrote to memory of 4372	1236	msedge.exe	111

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\download.jpg
1⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc8f346f8,0x7ffbc8f34708,0x7ffbc8f34718
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8198212293662702799,7209247556061237917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
71KB

MD5
74be0622a6019688a4008ff20ccde71d

SHA1
3a331f837f394eeb249d11c271003d3d763a2e36

SHA256
04cf99dec6533d0582a1f9d4996f36db0bb1665eedbf9b44c797d5b9f4ed7266

SHA512
8184097b177d0b517fd08a87b7f2c53dc485ee2fd47ad6b36aedb1c94755038b8642f794a401e5008a9291d555b1c1c4b9b839553f78ddc81043763f84a580a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
db0691a9545eca25c49f4dc620112110

SHA1
86c07b0b0e046761e225d50f42a6b7d95ad52a1e

SHA256
96c6b7ada92d06e0ce723545a546c3665093b45c87cecfb0bde5862f63a1f180

SHA512
acb01794975f53854d052895790e415f161e9e9895ac94a5131423b39dc3cdba870c89b6235549e3e83d29dc6f14e65a9a4fb6a859e3029d5f81f50dbe2885cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
28KB

MD5
88350501c4eb5153aa4427f47edd1bdc

SHA1
7012c7b3791ca3caad31220845ce7ff61229e0f5

SHA256
b3acdaafc0b45c52973fa297bb4dc5667fb20c59699d22b02b6e4c9c39377442

SHA512
af731d056720748cf3f4a05b8e23b39c2fc9ff7df1461520a2308cfacb68d2a34da149c5b595241bbcf3f1e65b91cddd6f01ac371d4a5836ba3e4b319cb21597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
68KB

MD5
74735b02a5024d4199b8c13f3f6bdaa8

SHA1
a2911dcdc4363176e3b2a296401cfa98d712e2fe

SHA256
385be5a28dd6e4df925408400819e7efd63b588de55932bbb9ca4fa989de6dc2

SHA512
e835fd5e643a239e98de98195b2a90e27d2f4be24123de04d47b1b241656caf8f85e68a0962a88c124f06ee75f433f321d47af910479ee7d428c6cfb1e0385c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
87KB

MD5
a9e62459d38a45e13cb45c1b61f47465

SHA1
6fcfaeedf453903cacc34f2f9df633a8a641e99b

SHA256
ba59b9670d72dc6fb15d64376daba6e7b649667cbfe92c31da9007ffaf925ed4

SHA512
053bb9c708aafe4efd9dc20c3a15854f7f32ace8601ea67c37338c8fe6886ab51dd1bf0d0d19743f85a1064f254b3633bbb7068d85abd5c0d1ef309104d6ecc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
31KB

MD5
7f8a4f124f314e0f1a6d26a2ad2606f9

SHA1
b10bfb19db2d40eb4ac17735c385493e7dd04c48

SHA256
7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676

SHA512
217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
039b19457dfca382dd5d71bc623b4ea4

SHA1
227b6f237bb5895569db844de4718a4d8f4ba793

SHA256
c6c356b4b493b76f6f872befd5412ac52a13dc69aaf4cc34ab18f186507baacb

SHA512
77b7d87202947dce58545db8aab1c6139c3e76daf67f33a578e9e6b8c91d520db1b5218b65aa56e9d199a0b1c982d390ea025cc33f714bb84bcba11a74295832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
23KB

MD5
8215f089d94fb700c3f77d69fb51a78c

SHA1
a563c90dba852e1e4cb1060c88bc8db76c62b7f5

SHA256
8802c9e11fb2c9f54acf0d88b3f2892ba753e787bfae61f3426241de95504554

SHA512
fe6bec7e39bf685d59deeeb1ca04a18795fdbd03982c56a25cdff434fe2ce2d4f6665cad9e033eae6c00a6528093ca121463814962498affdfee2c36064b6386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
25KB

MD5
160a16783c419a71e25dc3ac5e33dc35

SHA1
4ed98e87189ef03901b2b13a5e9660f634c4a180

SHA256
4e550f4add1d52b70b9fab75d95db12f936a1296ed514a75b95fd30792ba8877

SHA512
0b6bfca5df4b19044de0879a996489f6acea72eb73279f31fd7b5b3c7d61497eaca7817428e6b161b66f2cefa693b17fe15aa14c51baaf6c1f4ebead20db2002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

Filesize
104KB

MD5
b82f730a96711f21df74178b5212a518

SHA1
44da8cffbb22b0ae949e7168e6d925545cceac79

SHA256
8152dfb36195f38c6bc70ac9c237c2294742518aaa7dc9e3a78569f281c0317c

SHA512
1ccfd8c6e019e1a6eb1334e7ab6a5543a7c8cd586992e570022e37e75843a11cceb17dfe8f8291a9fe6ac4d43f1c231c4763e6846dd59a3ee9476653984bf54e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6711dedab6a78bff5c5e71c144d10df1

SHA1
e68abf55d427598b628263540510b09dffbf2e97

SHA256
987dc0bf04e13b66780da173f83991512efaf44221f69bd670b57480a660406c

SHA512
0860f2afb8f46fd130571bac640544805bf186a28f116eb786ffa712110960bfc6821686708fd84609601084b4ba646e12a60276bb7110dffe8362a89df7defc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
071151c5ddf94dc421f919d9dd4af513

SHA1
d33fce94616bda12cc4c9464011a0ac5e00b41fa

SHA256
15370ef4f25b6f59787ddc900c513f6a05af67086fada34c13d5483d99f9e6ca

SHA512
559223bb9d711cdb63016b4ce9fbac8ebdfdd8a93a9d072d939ffab5695915bc2b58d87e52f2f8a8fbfcde13ec602ae8f502aba1ca29900111cc886a3e0c6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08b944567cf5b92556e30c1e374c702b

SHA1
e864f8d62b816d681fd531a32830a53905849399

SHA256
520973374a00329bea5269d6843a81799ecb542ca50c4431c77d7b8edf74427e

SHA512
b963a65f8fde32cd47fa1a4a203ddfaf54799d5445bbccd1b49c8c192f7feedfc537aebe060e0bf45da90d9dd4990bfd30caf56748aaa20efdd2689c413d4944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0c3997b850fc5a08c23e11d37d9aa475

SHA1
c22147717abaf59180b0b211b899018006f32b58

SHA256
c118a4cdc2e99ec056abb4900097fe7238c10644e15da3787585031b2fe9522d

SHA512
688677ddc32504dbcae8766f6f70bc8ef5035b28a6d4fe16184ad101f70c8ec9094856bacf8bc5651042fc20570c60cb705c396d9c1f5d3e959323ff4afb2895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bcfd8c2adbbececd44df0187b21e456c

SHA1
8cd5105a042c4289c66e33c7402be3183753199f

SHA256
869a09cdf4b40dbc928c31cfc8e6b6ae393cf083b0fcf2ce366b8a2849ac7bbb

SHA512
7c783fd584a4c91cd1585b1f5644d39544138289f810a2288e8ba757a3ccec7bff3f9612c58962ab93f889fcc304cae6c5d364bceb2039b31000bdcfd2ca60b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
74ed883c15ed23a69ac2c9e77a69e7fd

SHA1
3179a40afefb6e5a08ed596572bd07191a934a4d

SHA256
27cf16bdc4f8e99e68e9ec536fb1b6430716bd0f6873b7a21fd5920b65225000

SHA512
aff5cfe9d37d24537a0632def08fcfdb122b4d8d8dc4d2c1b1b009c8d391fb20f62c4dd07b541fabddaf0631553fdd067227bfcc26a583b924fe9baeb9ee30ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6bf3fb5daac24113438fec3c54a1d2e3

SHA1
622e6f95f332561741669a3a233490b66d84e07f

SHA256
37d77f17825951641b0fb22d7323e5f7a12058bbc6feb222b7cf12988ae6e729

SHA512
5a41c29dbc82ffdc1e46115e9564719845f13591110d64e8c4a2d050d0a5817a82d450db7312d7716e5833fdcdd42753be5d14d2b8472e8fb66874aeb29fcd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8704ba9fa29c65e38a2a3c7a2d27bf25

SHA1
c5cd8459734090e58a38eaf945f7933e31623127

SHA256
67ead413064ed23024cf7c69626d4e02269673fc1c579cfe235ddb0c5e8ea9ab

SHA512
61408ca0f612a794bc2d500f4a71176146627610532b4ec5963d0e77cd218ae0dc6faab0e7ec847e9eb0fe1591714bda55d19ae852297b1ba3b954bad51aed21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cc50df5209dff088b15ddf98f5a1e5c

SHA1
d99f083755d936bc5944fdf71aee57dc4cc3ec66

SHA256
deacc8cd12598e41dfb28cc0f5790192bdc33ab050b5b0017ce0dafc63ff8920

SHA512
04ee2b64de541721a8ca9d321dba805df5f3e7f81e485cb28f014e74533d1f7fdc2e61e29f95812e13a2f049be89f0100f5d60f086c926040f5df72e4aa2daf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
30bfabfcf57a32f0c20af48317f0bac9

SHA1
f1ce84dc6f7db07f255d5e980006dca2faa2dfe6

SHA256
3d651fc00e8cec0c5af874b71647a4a279d0028a744109e8f3369215939e9c53

SHA512
016f9460b34646e4e15882d494d8781dc13c1bbe0e632d8c0fb244e58da6ef8d4b2004874d6179c00676f7d711ed8260eaef5ff59d0bca4084a1af7969c5e7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
91c3da632901ed02a109391e71a796db

SHA1
0fa0ae8265ae4966640488067e5305bde41639d2

SHA256
84b66ab9e35dbfce55277c9713c81800cee77c4decab3f794fc62a2153342077

SHA512
328297fc5509ccf79a3f48da8217faa48240fe72b357c76a40f4e51a04c5f00908a3c8a4e6ed245553affd0974f8f8ba01c29f3465cb46f746468c9f0f083ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39b003dfb42c912bc2fa58aec3b6b0e9

SHA1
a5f9cd38dc0b9c58e2cf0e745b5ce36ae34ff81f

SHA256
4322a1cbc2d12fb68b3f78cafde1f076a94baae3e2526368d7c3f11ef7ab8988

SHA512
f841b968fa35d17e37f6c6012837cbd9950f0a4043d7fb9c4d503dcfa8c39b31dc121a8f6e40c645e6a533d0223776a896899ebdb2626b77cda7acec956b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8279b73ad7ff88dcdc0ddfa666ee096e

SHA1
fb204d500b1780d096430ae71d7b8c63abeace66

SHA256
d6802619606bc5f1feb73522bed0e3fa405e5cf4fe7098aef3cd15d551726587

SHA512
0e60b3ef8d6cd294553599276b7a67dce80640e01d41e84799a98423d353426853289a3993cac2c23321894d652cc0f567db7b5dc944c5ad019a1bd08d4d4000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
f2657a01063b562bbee0b0bdf807daae

SHA1
7c0ea84ccf1bf3ac2210549b2e94021e84ecb9a6

SHA256
f40ddc452f396228c02f6263d97566d53687e14f43b3fdee992de76e92a592fa

SHA512
9a535bb181d1de3f1f0c2e1d6dece21a6bb0f98ea267b640f2ca8ed7de91d9873771d290c4eb535de621653b85fde25e83b64625332236577b8c7580eb03bf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
1e03e1c8a4260ae4884b39aa2a0975dd

SHA1
2371be6a569f6626768920a7feb8b2ecf130d9af

SHA256
0c1879b5fa2667b092e7024f93e4aadf1101bc58a2725a5d1bb8abd02ef3bbc5

SHA512
d905c2a460637d47b047d86e955994c04bd8a2393e9fcf6a6e0a5b153435ff8a01834ba029061d47d85e0082c1ed67696b30b7aec7620d8e2e213e1a42f4ec05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
f287d1c834620266328d027b49736658

SHA1
5c05361d99780067eb5f19773297936801bea632

SHA256
581a6cbc7164f3492d4bb4a6d2887481d5ce2b4003b40d51fba64af2af0ac134

SHA512
ce9999f5b37402bbd1725b12bbd1c45643ca81e9b74e6ef55d11421b146e03889a35d76ba81e7ae87e3bb91c936fa63437a976d7678f5fb450efca0b2fca650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
13470c468c6ec0ec1be2ddd51f4782fb

SHA1
fb497c5cd5b9c091b540fbf5aa7f867ea32d8578

SHA256
51bdf2d911639b4cbdf95a2e9081b89392182cfe5ffdb0431c688889c477a685

SHA512
323d5e3ed4ba55fd165a2ebe890509bbe4cd59a6fd25c9f34d0b1f99cfd8f232fb2d469f9684a1ca1e45c1cddd6a62f88da6da9bf4d64c38c3ee0106bbb6c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6165ed.TMP

Filesize
48B

MD5
4f1586e0ee2b1785b29c8e4ee7dbc34f

SHA1
7f5d4ff2c77fd3d04b3ad4510739e5b93da17943

SHA256
3b67a4255a13c51639c59c9b965d82ac377ded35d3ac3fa1c6f0372363e5cc5d

SHA512
d0c2d3d0c0778d4ab51c0c530cdfd1cb31ca71b170238380a789fbbf5b0a7f2168c8efe35f42befe268af22964e1248978e84bdceef6ce2d72e32b0b73904ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
08510e2488cd3a78b9d83d41a3d34cbc

SHA1
169de472b251a8750f41da80d1b592f08578f531

SHA256
3df86d3a69acaca56e97e95ba3d9654406f0a7de1c18f10c32792495da5e8b09

SHA512
7cc355716803e3faabe0a8d674993cb049d650975e90344aeb9ccc5be0a4f9aa1d99df835fb2c7437c6f4c1c1d4c5e32a1b576b91e6cbad61b5a1af1789f7815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d706bdb08753ce72101914bacdad775

SHA1
16e8f3ed2444f6b187f399a1bea407dca4000577

SHA256
df17ffc46fa5d921a04d27c65d58ea09deaeaa0c45daa9b4c76e4c2bf0096ffd

SHA512
b80194e912c6ca7cbe6b076ad527ac3f0125c500e671fef28141eed47b51f06c4f85f7c507b691c2cdfbe7f0bdb78b0b37ca002fb84bf9a138747da6aa2f777b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4bf92e0c870137693c21137448136b5

SHA1
13c448dae4e72b9b16d9872824669dccaae550d8

SHA256
01cdbb95cc9cd71406cac42763aa7cc92f4a3507d01ce7818ee3596cdfca5dce

SHA512
a3cb2ad2b7bd665d7b453bac7640f711dd110157c4c2dfdba7f4874ad692c34f505d5cd71c8d62fd3552d0ac4cdf1824731491e67b817d0a7a64bc3b12441966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
31f10e7cb755b7204d2672f0b1879e09

SHA1
67ec9a4d5b5b82b6b2f32f63b60891b3b9fe728e

SHA256
428194d14803045bf5ddd126abcef0d6f9e3f17282e63a7bac2a91b764c5a856

SHA512
c3ffda6d608dfb2e1b8e4b8eec360f9f8b86025cd4f6b624ac34a3626833d82914a82976b79e7cc662b49626d1fd3e74a1612dfffde5af1606dbca17b987e079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7d0dc673c501b733cb6c405f006d5bc6

SHA1
a7fc409656fe71b3135b8d01b69daffd0c46f118

SHA256
c74fe628ab8ff6652a166acef6288b47e9fa2d9638472e0c4ebea72168d2a1b4

SHA512
50952be9a9c6535e0b3cdced6150a9b3563e07b0dab495420e3259ef151319b15ae09ceaeb976c083681b6eed2ccbfbab30f4b84c403a1299edd17089a4a65a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc503e0d462c84cf61e5a581a6b5db12

SHA1
e1ed20b86e4071927f9d4772f6460dd266b9d870

SHA256
5404567434c78c85e70cfe599c4a0078e1c5e74aa3cce1fd35cf940cde205c50

SHA512
6d122c55b04d1af22e33ade94a9150ede6e6a6f3c88f654c8d91521945ba8a0165fc6c745ac7c0e083766f248fa664639125cdf1b30ce8dd9a517c777fe2da91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b01e9b13b16ee0ef458c564be7be1c71

SHA1
58ec7aca4c041dcfee3af76a769082fd18080624

SHA256
c40991d7bdd4c090904befe0eaac453ee7cb9d3ca4bda4c31ba90612cb53e3fe

SHA512
8ece118de0c788cd32c6a37aa9edbaf944fa0a590ed0ca44e67478a3c13a45d0556797f375cf96b0bd6358608dc6234af0f720d865e3b374759b26d352dea2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
869d8c68af89b548624bd9d078e8692a

SHA1
4098dcc9e236ec90c5f55130831296946bae5972

SHA256
a1c7bdf6bb3d11d3c620333f4a13354d1d55fd6732cdd2607c5fb59ff17546c5

SHA512
f7b2995d3a373ba9608d684c68f72964eea139308df70d3f867727c82a1f806dad3705d946e275fd0e4eadfa49d6f7d7dde8d33b1d612adcdfcfab5ac036f9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3ae269b002eafffc392d7d78c068476

SHA1
d2c8c703ec254d38453815fb528c3d7ca082ef7a

SHA256
b8c3a6f81acb8a6046d9d9b8ecb75173f8aa92bb9a254056677e433c66a660dc

SHA512
0c9cf1ddf55d7abfd0ccaa4a585b34db4e316db57c7614e24b4cdc628f2797a144517192f24b48ecb7dc64f9a5339b3797f098792d1e0bda1ba3fb6314cf8573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5966c34f6184cf13a5c7ec64b4890a81

SHA1
cdac5b6fe486ea7e95dd72dde26d8a0d3aae0a4d

SHA256
8478acfac1cdebc50973a7cfd62100dc061976c61ace0bf866a32100799c6735

SHA512
7c2ca1cdb90857f294d15cca62425f547d5e445d7f7015f5b848186c0078556ed4cfee20ffc5574485da772bfa4be1a1e0635723057e42f91a647b4fb880aff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe616f15.TMP

Filesize
1KB

MD5
5874e4fc9046b042d682152153318b35

SHA1
6d09a9b86df25dcb6142b3182565433c1bf6b417

SHA256
b28170cdae9caf1652411a0942366e2c4c86b803ef976eed0e6021d027c6e509

SHA512
3ea7233d6c05fbfeebfba97cd3dee3b9965ce4b15e9aea03fdeaf6b007c12312ca34fca2cdd8add63da15bcb691cd9f4e7d8201a596ef56ae8bb0701c3685f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df89b0739633c65a6e85da0c0d524176

SHA1
9c61a69d19d6c43a7d8aaf2b3e32fc34cf6d27cc

SHA256
2e0f7df5cee0af7bbe8b52153d098d574760fc10ead11e47900481ee37232268

SHA512
64a6e74b9e31a7b6c05f44a22e7b74613cb7e59f2435a33ee5b6ebffbab29d079a6209114632942250cc20acbfd08d669e2810848b81df8f635f25a054c4f14e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit