c5549d5cd3af35a762cdec7913cf60bdcabddc700e94e4e2e1e71bacae303329

Analysis

max time kernel
1772s
max time network
1797s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

download.jpg
Size

11KB
MD5

ad53f4d4d156c976ac6382285d50d764
SHA1

bf53aef8131a5260d50eddc10318b67066b6bd0d
SHA256

c5549d5cd3af35a762cdec7913cf60bdcabddc700e94e4e2e1e71bacae303329
SHA512

9af46d58a967ad9ad67c8aef03bc77caab55995eec49236951b29faa458bc11b90f73afd405ca818e02d6c0404af13f98a12ac00e6224efd8d07ed37e27fa960
SSDEEP

192:2+gF6aKZvLZUtHVO/dkdQCg3OngY/sOKTrvjxZKZbhu9kj00iHKYxoPUrq:2+gFQRkE/kNHgYE9HbLKvtjQfxu

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
56	discord.com
57	discord.com
58	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3336304223-2978740688-3645194410-1000\{9A9481AB-E041-4EFA-BBF7-A10BDE457445}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
1700	msedge.exe
1700	msedge.exe
3800	identity_helper.exe
3800	identity_helper.exe
3568	msedge.exe
3568	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1168	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1168	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1892	1700	msedge.exe	92
PID 1700 wrote to memory of 1892	1700	msedge.exe	92
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 680	1700	msedge.exe	95
PID 1700 wrote to memory of 4924	1700	msedge.exe	94
PID 1700 wrote to memory of 4924	1700	msedge.exe	94
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93
PID 1700 wrote to memory of 3988	1700	msedge.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\download.jpg
1⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff828ba46f8,0x7ff828ba4708,0x7ff828ba4718
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1311524680825887638,7919039082217653486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
8124b74de3249b98eeb24595ca0a0b1a

SHA1
d840917c982e4281ddacefb7e845fafbcbe57dde

SHA256
e230201f51f76d724b1f797c9221e98db0b570952c61200f28035cd920b94620

SHA512
c60fe94a65574d759788c07c7f757d1438fefbe70061f2626cf3cb4ca343a5682b4b69770c27e106cf0e95c70b9061ee7f5fe4d57c85402a547347dd8d13978f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
ebbbe0d4f05c691f3c702db6be87aa63

SHA1
d157166d0ab4fec1ede8aacda5e6401d57556b07

SHA256
741cb96e63ece07818188490a8b3c2db49b24d33c397bcfe5895a4c93564f6a0

SHA512
576a2a825d448fbe392f9a4342cd3cb07eb09b1d7b0af323839ee87cc1fc5bfd0d81a3d11632e28ad68697b793e130abedef1a01d1f3f44fe7919d652c8a964c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
61KB

MD5
1fe1859d1db4a960c79d78b5d14c1c15

SHA1
7e0fbc1bed415dfafe67b7c86c71cc3b47232a31

SHA256
018dffea3cab3c0a62c879f37a096a36d1ff871b27813c181c7b951af6725695

SHA512
cbb1d04a82f1f76b6b887772de029992afa5a907f1472f9098452961798b2617378d39068ca1367cbb1c58b06c077861d9caf9a389e698ec4395511bd1a64d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
56KB

MD5
bdea8d9d088ba63210a77703c0d186e3

SHA1
995a11834357fa7e6847e89dd7498cf2af8a795d

SHA256
cf431540bab3097d3056d69783cc866a01dc7e2ffc8f91a7c592623efbcf986b

SHA512
69868caeeb2275478a7e80bbb2cafa57a3cda516c71e62bf4f9f33243e01462ca1f4b7440bccc9ad1438d5916a455d4af47ca7927521c7e433c2204758085a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
84KB

MD5
c4608dbb09562520968fa4822b89c880

SHA1
104f0a1cb49af20289289398b718ba0af90ff39e

SHA256
d3e571d8456f1c390a13495f2605e4acce2ce77e027407454977ed69832ebc23

SHA512
aa189f7592a8533de990073eb6ec13406d4c200d7405c00ce7ee2f2b0e1fa8cfede274295d567e2b935a587839164bb9f2cafd1d18506c525747109e66aa8cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
121KB

MD5
9f338cdfd79ba484ffea2cc3adc8cbac

SHA1
ca01bf85e194cbdef33de027446e545a6fd118cd

SHA256
14cafa1f0b1a7d274731f3c8c876dcbfec86c618fbbc10ae36a2ed64d54a2662

SHA512
a9f0d5ea2e51d94fb4f7b3953c73d48daf7df116312dd943e9c40e3519c4f2420738529af0fd6b85ab30137cb21671705736fb1a48e26e5c7a6bc8e3c86fa753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
105KB

MD5
85fa10497e302b676ec403fcfb822b7b

SHA1
09be105b7c746f6c4772996fdee509dc8edd84cb

SHA256
8ce280fcc4915765e2f65b5cf2869d53f23651d5af695497145ee350f9ca17e6

SHA512
123c9904837039d60297fe5125124407bae3976d4ed34ffbf8110b79aa7eefd0dfe7a89dca73f687d40ef150e53bb98379a87e9919843798435ba1a7e1da46f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
333KB

MD5
830f3298dc56317338eb3425c349f389

SHA1
6093b68906f85bb74da6cfbb5365d73cd02d2d8c

SHA256
c7c3e7a1d06f8a75da62eb1022e7bbe68959803048f838b7d89609ee6586d689

SHA512
30ae7129479c12302aac0c25312b403cbf511bdc967351b767555bb6e56d9ad34727ea519efa0e2b470397be50a1d30f740d8e5257c418dbcf074df4b1918cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
3.2MB

MD5
e934c6c929d8ccd88d77f734f2cb56df

SHA1
cbd0ac3324488785b3971e7a0412ad37bf0e46ad

SHA256
0588bd802b4034b352119a0d76b8954817aa1cb968ea412202262236ebf1b089

SHA512
f8c4c1e48ef1339ed578f8658fc93dedef7b7d67c6db81a4a3c4de8b434ba503ef02a494fba5712cb71960e86f0a3733b7a680cb6f27485cdf7ba0c019ada2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
960KB

MD5
7fccd8cea795c86a097a23612e86d22c

SHA1
7d0b4597e54a18263d7769398a775794ddfcf40c

SHA256
4f244e709af2442710c255e493e94ef61348b0353e7d1b329e56d34488163f51

SHA512
fe9dab5b5b3c023df21ce6c26f4baebc0ba323e61815e7c40bc956f9f9019aa1e6632d2e19c81d0504c2aa2ca135d52291b39dc1171c2c95accee591398b7eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
28KB

MD5
c3435d28d793503dc1ed38112a436d29

SHA1
399683c6a54e559ae71d4886716c2267b0180a69

SHA256
0018151cb691669444b2a5ebe36d0abdb84299affe27809299393b6493eddad8

SHA512
368e55f97cd2f76616f0fa8142bfc59abb356692395a737c1a8f8b8684c591cfa082fa0415de36459be3cb6be292f4cb4e0e2b42334046df89557a0c3b37562c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0a356416cfd6b5f816f086e24627ae49

SHA1
7543f9e6961671f44eed20c7f8bf10f44748609b

SHA256
9ee2e2e815574562a3923c4cf2df4020b7d96ee7a39cb4aead60d5ca4c885eb2

SHA512
6efc2214acf0b54898b6808a77cf8ee6ea2953e8d1f71dbd33a29c218863ea97c75ce32c8963aa0a7145e06d511fcecab479c6d997a2c7555abd4b93f267a893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f4dc56418b2544a0ce905bbab2f9888f

SHA1
cb81b6c956c02f51131465c335900cb77a44e263

SHA256
7f5f5597b14e3ac56cf4db3f0ea958dd35f4a9a588cf09c0cd311cecda068b47

SHA512
7af36a12b7162850be2db60f101305b7dba48453f6651f81de12402f397deac03227a6cd3d8e3202af68cb24e437c8795269f0f8a0bbc525042de6710495adc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d9811dc4a6272626206b904f1462530

SHA1
12f777c99ef47ef7082c40606ca35b13a3d4d1c1

SHA256
c7da7a3a6c934d7daba08aac2d0e26af93990b06c53cf3e5c6e576432d307db6

SHA512
82f9263d06ea94a62ad58019d04a7c451a5f6ed6c13ba81d3ee8abdaf01dd33196c142bbece701b56e33de553820a635411f4951ba9fbb5952251c33c3dabc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d453b36a8318ae97bde90b8a0fd752c9

SHA1
ce4c97925f6120fb66c91355a50a3a6d8d81707f

SHA256
ad0bf5bc47b57047e71447fef3688e3ca169af0ae40e8f80aabd190ec51f6c40

SHA512
76ecdd0c4745ec81bdc2a6793faad2064f0dfcf87264386851995e570bbb4d5e5fcbc271e60cb6db75187893ea4bb644f28e31fa037e13b324c6409dccd9bc45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8cb24749883d2e0d7134492fce9b82b2

SHA1
61241837779860dc4a38a33fe9abe682da383bee

SHA256
e5abbe475ff6c27dc0af95a299e35be8cb9ff226f73da2653a6fa17d2632349f

SHA512
8475682dde59cbb559541a1fe16eadce4371d56e12d94de00576d7fb76a92756db5e225cdeb4172333db94879bc410b5eb0ec35c25e9f736eaa94ca5b8331388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
54dce115e5b1ad379316d5d5c70a7a1e

SHA1
84bce7163c5187925620c73490305173cbd6373d

SHA256
2f54008c35267008be813a8649f2d046d0edb178ae62a88f09e4d78b003ecf31

SHA512
a9e4f4963897c512f6bde7b6e2f88a1d5ae5d057f4593c646aeebd36accc5bd6d1736c2d8a89852fe2aa5306a1ef4ce1b8f670a0e6a3d6bcd4c1ff4694b2acfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e552107520093e2abc4c4512e9a36d48

SHA1
54ff469f41f90e5e8d7c1d7ae329e3d7a1963374

SHA256
3c8c426905e0e4e4c7ca66dd4b818b3a01017b4b6d27182eeae606e2a86c3ccb

SHA512
39e9d12885ea3e2f3a6fdce7066f889c97c9061e1925ae6c95d3fcf87afb71165340354e929aa3bfdb45b4cfdf8958ce2f41ddcb4861f6bef76f967b52196e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c04274f4e6677b017be34b7ca63364ae

SHA1
f4ac5a652c46bc7748f0543ed9fe83d3ecca277b

SHA256
65ad5a5c4262c1458784f396862ca363aeee60bfb562673dc9263c3bdd71fd54

SHA512
a3845cf9df6c18ea4fce04de89624deee0ee48832852be376bc1e1fd4d88f3c17bb7dcd37eacf497d10f497c1e3fc452618068ae310c8ff06f02e4c4037ed3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7fc14d5ed4e512637ac7578019f7ca68

SHA1
2871b775403b345d3c53de34c8493d666908d546

SHA256
8ed93f52ede9f608b6c55c6c5bb56ec0073a1593e5d1c3697bed09ac212619f7

SHA512
6de5c3efb40543cb1005f6f3a61a25dd827d417c0beeb2e0d51ffe4f9fe3100d3c918590822e19972f1711e87f347467db6c38607216aa9d7d1a85b0cd693908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
402c60ea97107af4be8dc05b60ac713b

SHA1
f2290ac38943b3def5af08d949cede59c9a0d28a

SHA256
ca1cddbd1a37261467c58ef21efa027d9ca5657a0c8e2c8ad1eb6f8f550a00d0

SHA512
a6ed1b65da3d47aac23240f86f9bc50ced92967abf1e48f08e64417c946ff63aeb081dc698339d1222678b7bfcf8dc999a646d7573872e62f736c9c74bddb67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0c24cadf433bba4623cf393357d5994

SHA1
9b7bddf697e23be4fb5790773da6c001ce549743

SHA256
d3b427627e65e2347c3e3cab6bada7fd5fea7337f030e2163bb7faa28ec09a80

SHA512
510d6d973a8bb2d3f4474e59d91d9281b6efc22dbd48aa90e9c37dc2e0f4e90c196395eda465e2bcc48f215aae54e81b1399b074ff97ab787739c59acb989f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c47d8e75ad781e0ff408ecf06283e492

SHA1
2ba2304e0808100c9d2966efe2ee78e3dd6b7b6e

SHA256
5cc55f44b4e738c529bc3e96114b0de1a653826e28ae6b90b133d617a188b7ab

SHA512
570593cb7d502cf5ce4c0a94e705bc67cb2f9f04edbf628c9229b8b88854b7b5123f3fb93d352aea112d4e442db2669d199c141af4739a06c39516a34b62bb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72bda81cd371fe1c82b5fe342c397e60

SHA1
4e78f0ef27d214fa7aae9bc1659dd72663647c4c

SHA256
05854aa7e813f8c0b274b72859a2b810257e74439dca83e08938e0e05b8f8d5b

SHA512
8abc51ad9a61b5161f3f894f4cc7586db51a00012fb5dba4a21b75922218f5dff719f4bc41f4c061c7d2d8f87dad4d98da5baa96e92d814fb8871cc6bf6f4c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
500dc7fad0af50e29725bf173c21f9b6

SHA1
aac152de98dad943c3b233285b0fe720fd0a64b5

SHA256
506ef2705b712b8e02ccd94884e903d18e610cb1c6d43331a934b81ef4eaf716

SHA512
b09e9fd39549647edcb6cc8f7d193139a590961024a0e6db0e585ea45cefd02e8656b2cbbc59bfebe49e420367edae65333ba1db34779dc1b290b9d4974a8c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6035df3fd31acde8cff29b000398e84f

SHA1
1575171c3868d3d1d208a2cabe6585d6aee9d6aa

SHA256
d2de4f225bd7bffd471bc0afdbebacaec11f6072a46be61d98dd6d61e2874825

SHA512
e2718607ec0ce288ef772c4a2ed3f94254ce81e3a3592032f8b79b6015558520ddc75ce29df112fb8f82ebc658c5db7c5773c46a61105368aa047a93f63dbf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12dccf66e6a7d6265b6f299c3344012a

SHA1
0d9c515ecf6565e45fb13d868f33191217a97c3e

SHA256
a96498ee85833b90890d74738fa2116e445b61d772ed0ffb583571659f8eb203

SHA512
7b9045169d2056579d739f1c92cd6e30a5fd5a029ec33438e0268b5c7d5bcca3c613f227843af0463ae4379c65dfef2be2b3c0b9879bd6c703d96db5bc8ad73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8544ddc35bc4c8c0cf4f67c04397e5f3

SHA1
3579885f03fee1a9008d9a853885befa0c394a56

SHA256
e99f242d34e097beb1656e1cc73ff6117ee7e41a3e157804f74fe611e2e289ac

SHA512
85b07f91590e6c96477df7ee54cc4f6f8d0fb3130afbf907a5fde653f8f14091ad8de2e92a1ff164a8f75a74b41e497e64bb49c7926c847a3a5fed0ba79c31d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef59d74697cca445fd742770d1670dd1

SHA1
a53ea04367bbe554d2fdae9b80bdd61f79cecacf

SHA256
d6dcfcc0c7b5b1274a60106d9a9c717c079fe9788453162d28edf2457ba47d53

SHA512
627a3677c2ff8da5d117b72dd20d7344ea6e19ac22e4f3d29d44ebd401dc95e0ba6aea99dc480791db4b4e17dfd4335c2417c6a82674ec0536c6ffa79ba6cbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d25100d30b4f7605375abb1bea69f808

SHA1
a646579fd04d316a774c677c3e903da19da53ba0

SHA256
316d2cd2fa51ad77babe8957fc06d7935e9bc020eafd987ed147603b62f9ff71

SHA512
67128fa07c32123b6a6bcb6d0c802b469d4fb49fe9ce54d5c13a41807c847e6067ea27d01d7f2be8beabff5b6903b182819dff9605783cdc08809796eadeb2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17e553476f18bdf81d1838882e3750ae

SHA1
32bdb5a0edc0e9c416a5b0d6baa016f52632d9c5

SHA256
72b76e2db711d524262fffdb909961dea28f63ccb68596dffa7c99120d9951f0

SHA512
7ca52ea759d63a87b95e586cc14ccf7d13e3a5ab291b9f4f08a19fd2c10a4b419869a79955b0ccf00f0daf165ed08c817dac1798c234f175edafde2e64c9919c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0f8c7818f5613299c256de526a91ae3

SHA1
25d237056c9d8db20ebf3bc6553085a3d9f1dc1c

SHA256
fc4dc7fafe2f6ee9ec182240f12ef0585640d352d73410c3c0d0af9c6b0cd7f4

SHA512
9f06b23b936f64b4a5393954eb47097e35386c2d00dae593b46ddc9a1d37b3eeb7d5cc81db2592ae01b60709de48d98c4756ed1d218e952ccab53c113de2e8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
834ceb3fbffe204ee0bac2f0695ed863

SHA1
35c608398d665f04471e5277ada712f1e479d758

SHA256
4d5513f4302ebf28c4beb7927eea9b7b27945b4f3b97e916fc9a3124f03a99d4

SHA512
a7ac232fe63ed3ae1e3fd026f4ff7b0fc660ad51e2ae0f339ada6b04d5b5a1ca1703156f3368c93581e2bce6ce51e12042179ad6941fbe5d7ef61245b652b1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
157af87c10b12a5304a416384089c624

SHA1
3087b52f2c60745ff93abf65e101a813a8b577e4

SHA256
b4ae2c514e182e8089a7f0279b3b06521e88ac60e7ba3ed6d7f9c98d64604827

SHA512
240a2052e93754cfb450f485bac1b16c4a9197108b404e9c9430ea07fab30fa2020b2ee7fde7f1e55c05b05ec12273843359e5c5dd54a47b384ea9fcbe6fb537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a456637e6cb5553436c6cc3c78f4cf23

SHA1
cb2e4b050ad260a4b02aea7ceb8a6888926d9c78

SHA256
6b7bbdc071e185686264ba5b6071a90bdde468039296fcf296692fc53784d237

SHA512
1fb06a34c1c1bf1a826f9f8e9b2b415cce4c936e1f29e89898456f82eff519ca2db6cfdf3c3cf44781e395b0f46d509473d886aa618c6d260c6689b0e8e44b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1dd27190ad4fd708afcc1f3048b5efc

SHA1
1f1f6c4099f07bb1c4d03495998ef58601b57585

SHA256
7cb47839d66767c618e199f8cd8396f132733ce2de4d34a6de02f94a39d28eb6

SHA512
a968a35ebde32acbe7511f5626bc70566fe398299ba5b1b6e19f22f1e0c73d910e9900971b8c4f1405c25cbb6a38b42fec373e38ec658c1a971c44af40156e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
362abaf8d11f4fb3c780eef34db4701c

SHA1
11edaa8b56ae5cebc5a2d3c68329bdceabbbeea0

SHA256
13d9ec1302ecb8662c201369a7085282ae2d4090c5bffad0f3fcc0c677d94470

SHA512
43c4a9e8ae9a6d3b43c16a5f74cf8df78105f66b3145053e7dd53308ab58f8da6f2fe211a042d0390fc4a03d319141364ee33b0277936d7ac8a897ce7e86b71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a1f83561a0063c35f7211ec14f686a7

SHA1
5e1da0867b119142573046f0fc82743cd7dfcd50

SHA256
ac6dcd2332d26d8c84c431cde9998eda8fd8649040ed128711407b4c772ac41a

SHA512
b641a05c1c7aa33ab3e6c059558577ddd622a97d46ad7a07d4a11ce7888ab0cd688925d23f2246676c95ac8e227721fcd5034c9cd4c0b62c3d60b1f09a5a03dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d1580354dcd0b65df2d6070fe6c52f1

SHA1
f226ed623a5462b941557a67984b5d14ac5ea74f

SHA256
4b2d028190ad7d49f48f2d54aa789ed21d70cd14f1ec00d706b58851e3f4c520

SHA512
0db6dc75dc3783c0bd13f5b5aba66c0121a991b00b00d6ba82b945b8a4859ddb4f2f421915ac0dd5794390d05f857072d3d56e479c8b4d90943a68eef88173ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f48a0637b2c0d6e8da946b05b1931976

SHA1
63cbeffa0ddf4d565d84a9f7f9531c256e4cc193

SHA256
638fac2d182e706cada228891defd142e6879f83cbc6a47c453c07626b5e0786

SHA512
0c72a39bfc6690ef15cf9c1204c09322c50667227462132a771e1270ba2283970fe9a45c618d358c9f10414f1bb154c621eb850d795d4c8b294b247a7d2f7f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32ff84b1883748bdb5dfd83ead32bbc5

SHA1
bf000df83bf7a6e90782eb0d5afad47af896b929

SHA256
9c6d37a7f15cff4cb001384223ba19dd112990048cac104724c5d185e72a2aab

SHA512
8468f6c1a833b10960f927ad6c1b7356b7ca592a2604986ca32b8116f819a9f68acbe8765c329ccc13e8b0313a94eae9f28ecf52a51b83a33bdd613db77435db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fdf79b139763446e7105c9c7c874953

SHA1
18f8707be9e7019339e63844f8c7435b03f42552

SHA256
2341674d79bb3307b0b3019d8459f22983a59aab52c3e2cfd757b9198082cab3

SHA512
8d9063b950bfca04c35b109b9f6ec7eb4240bab710eb5049dba8fbade6808cc51bf53b579e53d64af2eafef0f13781430c52be30fe9c34a261d1a42767d3f650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f56d6c89ad2d231814f949b5206cdf0

SHA1
60cee6e4178d59b9d25bf8e15304ccde87519efb

SHA256
ae29629916120459cf621dbe4da82439c16df828416f9015c0a1cc216b3864a3

SHA512
78e7d62f564c0535a54e78b0fc0be1be05aa809311016d59240d822e5c96374e82332f1cd51f55520e2f2a8dbab0c0436c219eaa7d0f1c7b7bcfd5ad77093569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7bf22cde7519967ff9919483de85f9d

SHA1
fb8c2464a397fc1164733b3f308faf0ef11d33ca

SHA256
5d2b531a2a30549554ea9ec8e6b180c2f2475d1b9237c31709908955ea8749cf

SHA512
c3d2772fd2fcb4151d31b0328f83747c3ea46dfedee65594e4aae5a13f82541d55365365a194d7b0ff7478b5e7dc2b0e32399270e71b3cfb3a5d0eb7fd508cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e1b2daf5be0e257280692820b332546

SHA1
13f9710250a891dd339a1f5b6b75614dbb4550f5

SHA256
7edca3657e0943d2bb3ba54ef1f99e4d6bc826436614702503253ad82053dd56

SHA512
27cb197bea776182263674339fa9929c8280c7118bfa0bb9887a2e7a5941edea7833f3f18313ddd02907f1e6144c1e7d23b015ddb1d7ef406f8db5f350e6e878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f71fdca405d6c8afa2f24b07cf52acf

SHA1
8ecf2a677d52aa6210c1664af0bab28d3d38c66f

SHA256
2c2c8a6158ff93303547d8d0d4012d69f9958782cb630780cb41c2435339bcb7

SHA512
56f14d63541449932f46bc9c6a4f571ee642b8d90ebb04413c2cdc77d9c609e4832edcc9fc5ebec632294d528fbb315341bff5bfc9170e7b5ecfbcd543d6ae42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6af66073b88a419f2ee130ff76742947

SHA1
0f92b5bba2e9c3370746040d060a35d70a68020e

SHA256
46d3e662580e68eedf057297b2d5dadf02a9adcf4787cefe50e3b34ce42923a4

SHA512
d0f776d5a60cde52ee68700df0d8a11aef3764507292bc3c5c98065c2cae58fb41ac6799d26cd2b655646629a921372b79238876f936418c25f40e50db8880bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b92cb653b92142ad1ddb290d48e37884

SHA1
27d26567bf0716baa0cea476d60c15471a2e52e8

SHA256
5cdaea8565b9dbca3d0cde51e6f953c6c7c747118e46b31f28cd0fb7b2e34ca2

SHA512
8e550953e4f8ad17c4a88214efc7606a585cb7b5336471f6d5b4e6c9480c1753bd353afdf05c0d0e54b2d02205e26706118bfb05b706510a04a66e01b514a242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18c9e097ad3d47a042f187a6b4423151

SHA1
00993f3e974cbffcf83116a27bf3c49236169f8e

SHA256
7914904a76d4081dd2adc3ced675010f11c4273d4bf43892ee639fad8dc051da

SHA512
24ddbe3d084a5ee53eb50d8628fdcc807907b5d2dff5ad56af036a3163639ce95c3fa7b88424f0caeae2968c9fea01bfa25ee170d24c67ffd0f124b3b2e85985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a23772596f8c7cd1b1a68e9fd8b154bd

SHA1
ecc0cf17efd3fb21c91359c3740eeb472d8935b3

SHA256
368595830bfc46bc90737f2ad14826827e65ec444b6ea86dd1f6e54fee14eb41

SHA512
46183e9cf372b258598a47c97c6f706e0d8990603b1a378b54e7dd7f290fa9225539ac4274eed5080cdcb4a7e881f2faf1611c3a4bbcfed9bca4278382c3cef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
689352fcb106f3141bae67693b5a218d

SHA1
ca4ee9b1e4e47595e16d4d95a77fcf24135ba2ca

SHA256
69f9c4959a44a5a644b794cdce505925e4fe48497af4f20fa32283d2596b3f23

SHA512
5bd020685c49a7b2452d549693aaa7ec4a1eea5f2ead63e65c5eb88295786646c692701615ba9caee71050340c8735bb24f10b649aab07f5593722c7d49d3984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1affeefcbb98304ae379206a977c1b0f

SHA1
798e507daa437db323aaf6474ee31658312c007a

SHA256
9394ff2b693e9e7b93a1676c5697c3c2ff6c07c1919fd4a8a56a6d3a3dc520c5

SHA512
19629f2283e9ecf757ab406ffb6834a18338c857da4ea8673ba99f7a9bc4258abad31bd294ba45d47f56d705ac498c30b4482a1c728a138ce3b9bb08b8b695b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c51ad4c5a8c1da66335ccccb190a4ab

SHA1
6e086ff13dd179a3bffed34f3e08850b983521c5

SHA256
d3cb237aeecf8533ba992e2f0bffaf1709a713b5478c7e7001020e9d15de3b66

SHA512
744440fa231c23d4bad592f1c7039791ba31e606406a628a2b13f70548a7123fdb4e43c1d7923ec1114a7c45539e237fac74a04c93458c4e1b2fbf42f1cd3bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
368d4471cac4e3a083afedf295b521ba

SHA1
3dd1e0aa7920f46c1a60942e51f41f7477e7a960

SHA256
6f34befbfad0f0d871a890e0692ddf07d22a5da5e28e48ca4528ae1c145580e8

SHA512
d5d89450e8de6038fbfa00f4c0497231b018295c21b9519e44bcbc442fd934820fd8f7992ccdf8791f2ea213f3916668923ae5c082272f21350282d9503e1e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab68c99644855b51abf64ff425246115

SHA1
fda6bcca8a7d515d7ac0e8625b7b699a132af45d

SHA256
f5a907e7fe0313c2b8861a3fbcf3cc0d4c46b1bd86f7576cc8a45694e0c97844

SHA512
fc7985a5d95947b54b52b86f7617d479ecde71cd92960f8358ce01d4269bc5d8c02161e091af892a0a4e652aa9f2b1237b00ea0ffc86db87eb5190d3955a81c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eafc.TMP

Filesize
1KB

MD5
e6dd88ea8aa4c76a81ae9da0dd8b87ca

SHA1
cecc46e0d64609b88576949e3e5cf8d3355abc53

SHA256
30db7048c2e8f1400e0707eb7b5eb4026cb012cf3994896cd642352f70851601

SHA512
fcbf8d68966de2e5a3a08250548de6a3f1c276db5fa9fa8149cfcf4b1ce3278843d44c08c2acd362d79cc0d8e81fa1e36ae4d1d2b6f4a4a86c0870bf76c9bf70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2d59364702418506ff404ec646d77d8

SHA1
c1edf6493f59ba90dbd27ae2b0dce159b7c846f1

SHA256
1f07bac43d688d180c39aebb66cece0ddad4c070de313cc51bab03fc5718c3fb

SHA512
83c04546ff0cfb51cb40e6a33e611eca935336222d2df525fcc1d03f7bfe0e065c93c133b0d21a4b1ac186f3159dbcfe5f52898a30415ca1620776b5be2c6c96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit