hxxp://www[.]google[.]com

Analysis

max time kernel
124s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
428	msedge.exe
428	msedge.exe
3328	identity_helper.exe
3328	identity_helper.exe
956	msedge.exe
956	msedge.exe
2828	msedge.exe
2828	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	764	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	764	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2008	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 456	428	msedge.exe	28
PID 428 wrote to memory of 456	428	msedge.exe	28
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 2840	428	msedge.exe	79
PID 428 wrote to memory of 3972	428	msedge.exe	80
PID 428 wrote to memory of 3972	428	msedge.exe	80
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81
PID 428 wrote to memory of 2288	428	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff16d03cb8,0x7fff16d03cc8,0x7fff16d03cd8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,3364347937280905941,1297573852987787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dbe72a1f5827efc08f70d06ef815d46

SHA1
6aacd61519fce53ecb92e5e61207a6c29c01f47b

SHA256
dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3

SHA512
2e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
134KB

MD5
7737266d6a522a6d4bc76671198974df

SHA1
143aa18435ea4ede8fa4897275f618da74e925b7

SHA256
3eaa65d734fabf5a7b2d9f4e7c10b72af121b5177423ec94355b23002a74ed89

SHA512
ccd0cde24dd5ed499b74ae55b57bbbc4236b24edc2c71429c39ea367ef2c5e6fc18078461b9950708a386ca8c1e9b398778eb9662479b5adc1f81edef3be42ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
337KB

MD5
9905bef5e2e26a7fcd5ab2a60ae38736

SHA1
9d7d5d9a1142712ccdefc33360354598c541078f

SHA256
5b1d5c38af031b68ad6cbbeb2b01644e028928b5ce3c7286794f71771340c0b1

SHA512
cdd3dab5325aada162e8e8058da51ec13085f6cba8fae926cf5035def40f6f776219398120d3516e600bf8c2fb3c9a87a7bb5106d07d5baab5c5e6ba62344601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
126KB

MD5
72c37cfe57d0297f769e7a901c5ed194

SHA1
64af82946fc9656287322e97f9312f3bb158c934

SHA256
c3d000a9542b3e15b6975ad8ea893acce481654919435b2d4d07f855d3666b46

SHA512
d502b886e265fc5c62cde47d4b22adac489dc60e74290bc53434627ee29c5e055a61865dc0400cfa4e8b45d81ba1f9689b61e4bdcff4d3be49349bb0b3dd53a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
68KB

MD5
f7808e60aca488b387bdeeff0a60a68c

SHA1
1a7f7d442f16a8a864560b6e77cb602c1ba06b9a

SHA256
e682dcd4e92fb99e8b2973839895ec4cee9e66de080ee38b504a3f9efd87e4d9

SHA512
e99ad83bf1953cc383a41d046693ed46c47d0fa1fb1f771de58bc05f003f5614b8a7d98ab0d3d7d4219db8af1e53e2e15f06ec840b7fe51ed6e01f45af300c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
75KB

MD5
63c29820f4c0264cd99599a07a7d96d0

SHA1
c4858990ce9a3c4f722234dea0529ab2c5889bdc

SHA256
e1b291c4d1d474956e9f06c3e9b05e4fa9fef6063cf2bedc6588891161019a88

SHA512
2b9a5b355fad836ff25b195efc748f8160653551cbc9d633de40640be785c4fd26558f815888fdc52157ae153a065bd39420a9d07aef29c2761bb3275c86e4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
219KB

MD5
26bb670961159b5122fea62b00d78860

SHA1
cef44dcdbc06b1455499aecc2f0e7474a4995ac0

SHA256
41b43f6fa8a86481914f93f198031a89e3d77403d17fcbf282bd824fcf630a8e

SHA512
366b2b0579e57188722d8e2c145e1b0c5274ca98c238833a1e4ef8ff19171c47c798115ed14830194d651d9b2250d5aab54e9d604330f6074144ced9cd068f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
28fb73ebfdcf58e9d2515f837800b4d5

SHA1
40889a1aebbf14254adea743923eb7ab797fecf3

SHA256
a1ea5ba81cf117ce13c496ef9f3efee14931d87977f7440a53889c8b95ce8613

SHA512
9b65d08c1749b9f49d629b730e76ad01e5fa1240a28fee394b94451f500563bf2c9e06b03a0fbb560f7187e1f57102e44c02d209263f56b8d5b78efb22e7c760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
211KB

MD5
47b5fd64db4d694ab8f32e2fbc04fd20

SHA1
9be6c988ca1ecce7dbb0090eca2ac1990721d3e6

SHA256
523be12e7e44b7ff06e1666345a47ef542ebce42ce4eb6ba27f64a26ea90747a

SHA512
32741a9c4ac1b710ef63f6503a845e781c5e3856773f0f62767af8770c9b8742453ee8b10e978903b1949810b0b392da7755f3c9d029bfaaaa3c3dc7cd9d36c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
151KB

MD5
a68b08184fb5b068fe20d7780fce8144

SHA1
94af5220b19d6fd0c7db2f6a3135ca8b2cb755ce

SHA256
a4b9e4222309f23eb7b5bab902b16f53f5ae1977f2da8d64b6a9365033bf12c3

SHA512
0c161929dde27a6c4383225eba0f5f384d5906d69ce908600d6438046a75b9fc72205c03c04b8f1115f307eaa5a586e77f1fe51d62386268b575c17cfdad7469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
39KB

MD5
6951dc10d27e2f21a63f25caba83ee96

SHA1
975a322bf84fdd0e6da5a5b2ece18f1f3b98c4af

SHA256
462404e8d4dd0612bac4e3f1c42310dbfebd73850af740b346d6aefb63dd1f1c

SHA512
47bb0cea2fb1eb15b9fddefb9bfb4f06e397b61dd22e8caefd8f7d2ced559cde4f9fb61fa0c22e50d296f2b91d0775c963a9fc62bb199b0054045f6774713b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
229KB

MD5
9f379824dffbfbd5c816441999cc6b6e

SHA1
21087e37d77c5f1a789aaf5da17baaed2ea3e98d

SHA256
7eeca6c2d4a11e2a7e24c4a9bab9b1427494800884210e1ed77c4de4a2aab134

SHA512
1ecda86c2c488b2752f323d73f875f8215f439f4c329218b5f5d5e7c1fb8d1bb039e7e1549682d0ea65edd977d3bae35c9ac49ceecd92f185bd3a7e5fa891b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fac7c28c0b07d5306ee426dca06754ec

SHA1
a5fb045fd4e983dc15dbe7441623992713c9d6f5

SHA256
fa7f24c61e31b23f32d5bd6a8a1e92534a2a00e1ba6696124f1fc4d16133bfe0

SHA512
20e769583c2d9acd9cad68e213b1894870f68987f3e3a123f2b09ba00da558f53eb56be3909c622f25b5d5d173e39f283fcffc2b8ef0cd150838e7b586bec659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ab805214be4b4e3f9f320f5be8886cf7

SHA1
29999a74fe702cec0a38b4ea3d377faf402a8d57

SHA256
47e77015280ff0ca09d4a28a1b199e4096a904fbd91f36e56230f5b8f49dccd0

SHA512
29d6fefe0bf2f6e2dd5e4d547a30233aec1fbc104d359d8b1afa33ddd37737d770942735289c633ee73c0eb288b116e2949aa93eaf74dfa9b713df30fbba620c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
96be8f1e1a84518c136e4b90a9236cb5

SHA1
813aba7fc04f5da08e79e661dc0dd0c77e437c00

SHA256
48c0215a21f600290e0563050bc070bd224874eb3cdc8285a33804dba549080e

SHA512
51f7123e568b47aaed79e30df687c52643b0d6be72e839570b336242673c92b819cca729b62abe1a463e33b6929baee28d2107c89113b432657663a4c35138c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a5cf1997d6d94b01928bf00f4d2210b1

SHA1
ad25ba88655f2dc9fc315ca53ff4213e9719b8d5

SHA256
96e42bf70913d324f6c65642a38250349752b26472f5680925fb359100bf3d1a

SHA512
5df043ef5b7ee5f3a2c88b6ada9c0e0f9c51d255567f9599a51480db81cf0732ded4f0fa45f0374fbe1c3d7ee334da9d4997e798b668a6795dcc4eae6064acce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
9c5fed068bcbf5db96ba095d2e321b54

SHA1
17bc6bec472f964fafa66f67f1929cbdae698d4d

SHA256
46b6fc86134ce733e7b9fe2ccf64c8cce5dd53b2f70d4d9808a99d09eac84540

SHA512
4001825b12ace1426124daf22c5d50a4114569275aacba220f2c1b4aac6dfb25761d98a54cbf42a4d73fd74a053427829737d0db070959fe08e933e2a493a797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d92fee448b217277b41cb37836b610e7

SHA1
90b255451c6dab1f825dae166b92d16162deb0b0

SHA256
a8484c63b423daf405337c012579f6bc5bf3ed2806f1fc511d1b244a0a10cf10

SHA512
0808603a9704f2bb90340c39b699d8bea834e9871e8ae08887d6104845b244375193dd39ff6257d2261388c38b5a320aa147e6814e0d3d65c0826d794590ba0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e1a3fe5d5069034ce0fed2c7bb1cd54

SHA1
1e9244a7eef88e52b27d04bf83701ca35817b27e

SHA256
c2301c57917c0c7dcb60ba567ea09e882a0c1109b01fc308155d30e4b4214695

SHA512
44059cea024f27621f5615f6b6b8ff26c2fe017eee206cb4c0d235d5f592f8c67b6af440c03a4639f1b9256815f79495bd2eef7456a85dfa942f8305647dbfaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f49f64733c6cc64daa022e1a2e1df82

SHA1
6f10a6c5fbc7d922f5bf024179a2f6eec235f350

SHA256
b20660f0b3572e8bed058961fa3d9c7e2e2d17880bf8d2639dbcea840c6ebf41

SHA512
4f0e056162a5d9eb9926dcbab6eb37f8509845c64c8495bb2d4a3f23bdaa8fbdb76626ffa3f48304bf40881742e206f2fe29093629901f72ba3ff3605f87d328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fd871739b4fedc51d5932a1402dbe55

SHA1
0bc881ebcb9e35ed219404c5ca34ff14ee3db36d

SHA256
1a4b6eea338b84d37c88bf8d3293e2cc2e0c01c076ab1f7c29ae2ab5df1452d3

SHA512
0d06f4967d1efb93f14456d52099f727f168b7f22caaab3bfe82a689f120017ff4c81a17b24ca78e22981392dee0bb1dcf80c2265d90fe789220fddf77ede23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5d9eed3aabcdf462c04d5a022bd11b1d

SHA1
6bb4179ea3f4f1e01deb881084b74eb5cae97eb1

SHA256
96cec350b8851beb8218b396619bf973ca107a998f6d003301e9e4a6e1bbb1d7

SHA512
00423d702e839f8fac044abd892edaf594a0aeb9972f92e71048cb9d90e84c48c507656b30fb3935ace1a5fd1f1fdd18b926a18bf56b6b85a0d16704ef63aa90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1eab1ea0be7d165341be71ac7be8cb3d

SHA1
922a9795a85dc59980b4d5a47ec07d1148361731

SHA256
33cc27d94da9846b16c27492e9a7367308c1f9619f96f481d1d585dc6a819ea7

SHA512
6a0b31e2eb39eac911009fa0e7ae93bbbaf28b3111a31565bdd5d1e3e1f16faa6accaf05b09938f3a57d81d6f43f6549b258c8921f8456e96ec0d8a258df11f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12c274e1bf53b44c7bf7984767a73d83

SHA1
e12abd9a6e6df80609171af7bc83918ac4e00725

SHA256
eac942606d193ee2ec7f4e953003c42860ef15e6f5dee95fddbd8d2a0842777c

SHA512
d8ee002acd6d541ad03a91a2ff0204fb6c7bda8a3133db65933b691da0cc9449f2e1fb945a9f47f476b0711e395c202a7d94f71a1684851863f178757fc7d32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bab1cdcbf15e25e01d67b2480954b54

SHA1
8fb2a07a8594a451c224b6c2d103d3d200d145b0

SHA256
88b6f96ee64ce7874f1b3146c768fe9613cf242d300787fe68feaf1937fcd50e

SHA512
0c12e3d76ec72b869487dee70319a6a5b7b5080cd61ded8cc44fa8f4b16118f7e820c6923ddf19643d8bd532d15edac32112e184003e8ebf8ce03b012fe5526b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3161eac13fb663bc0b95d1bc71e447f4

SHA1
6f3763dcddbf7014db7ef092dad52278a346812b

SHA256
0e7f0202fc48b483e23c50e704c89a2b4edfb2e5a228e7d8b784805c97ae14f4

SHA512
5b4ffc71dae58e207c554125020d22ddfe5f31cca2d9a040de782e8857a25379a4b65901cd76173939e08305c63cf5b1ac2d9ed63bc6277a820b8706e213d19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
e5477be1e6c4cc9f570c69a84dd4f681

SHA1
fdcbdc83ccfef1c270b927c6815e641f6d96a132

SHA256
f06ab204d1d24ecd2d13e473bf807a8fc65ed09114a227966b4a308bd7eaa531

SHA512
24eb3338f0a7be6df183c5d5f22831bed07ce0779dcc124e805364a128a08f571160a6809556cd1de323c9d3cc64299855978967c8693b8324cd9bb22f5ffe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ac9ea8471ed619dfe8dac504216ecdd

SHA1
a686015caed548443bc42b9c4ac26229fa341b46

SHA256
a5bf777add55d16f87707cdd8a6bbfca62d9fc97f29f974099112b80aa23f2d8

SHA512
a263b37879c77659f974459d020d3175ec9666ab18a70b8ffc4f09211347807d1d395c9e02eb895255ace594cb8c2657b411ea565c908af3cca4fe9935feaea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
71be794eaa461c6121fba74bfca9789e

SHA1
158ca8b35122022b5b26af991117e7128a104b73

SHA256
28860bf2891b5fca20ec52abe8724ca6e9bceaca58057019fa0e7331dc64b3fc

SHA512
ec80dcc644a76fa9d0a47c548dd5a49a81c7fa5e45ef519e8b20350a8f1ca035a1c765cd7e92be3ba521ef764cdbcf1bbe7b102d3a37cca74cd78236ffd7db45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d3745e4afaa107aa55051fd16b92fd92

SHA1
05943b956b4fc800519e753bf6a943e7d56f9316

SHA256
a11270c22ba95f196d2045342c1ca22af383643be20ed018c850f643b1681345

SHA512
27ace45f14185308b7de2d1fed08ffa2895dc817e2f5731882d28f945b0a64a14ed002e040ad84b13d5edace028518e2d40640fa53e5633595de7818bbca832e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1b7060e5ec44169e397f1a32d282267

SHA1
cd3acbb2fcc9a6f72627f0c2873c90c325783252

SHA256
db016e820b0a8560bb9f207ad086f2f064f66b720903ecd635051a36bb2214a2

SHA512
4c266b978c44be26362092fa9572d7e00b3e8043f4bbc40b67ba205143c9215a4ae720ff5c173c26de9a230672bd8339617a309e922cf196dbe641de6a623ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e64f1f43f53eb1b44afb25bcb8509176

SHA1
0395a28b566221142e629c66937993df821b1b56

SHA256
9a483421cc19df0a1b1b32c16b5c517570accae59f8a7f3858a532a13522f237

SHA512
f178092e6f4f2ec85d9b638d73156c3659c5e5644e5b99f6f03d1ccd19861952554453b36de292ec57c69daa4c5d89bb4ba204385521d5b55d804051d7d8b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cdf3a356a5545dce2a07fce74d6fb460

SHA1
9253a294b18658895b1516897b228c9e3815ba85

SHA256
f683f9c816ad870cac1a88f206b5d28206f630063a66f110c63a79bf3a97e27c

SHA512
e6de79db0149a41e98fc04239cb735a7baaf5a9f26fabba2ee74490e3eea74a0398d515956e8ccde7dbdf9957a0672abf01252272564926ab73c922111f7b754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b17d33155d07f85716ba1b20b2e9d421

SHA1
b97de3dcb03be3282c81c97bccd3bd3e7fe8fc80

SHA256
150205e9e7809eb3063ad33768a9d5dc3812e9eb98146ea1e5f300453b5d1ea2

SHA512
c2ddd866b6e9d3452636dd1e84ce24522cefa3a7b5ab1736ad9b9cfb8120e9852c776517f47a8065ef98497ad637eda5e860a731670e6b9d152f511131545703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c719.TMP

Filesize
204B

MD5
11659c9934ac06242bb208a4822bf721

SHA1
dc5d40dea012c2ce5b1b49bb65deeb3098375783

SHA256
2f804189687ec9440668cb304ca3ee9ff49077918ec0c9debddd8924cb9b22df

SHA512
e3dd1e4d769db76cebf974b184edecf0536b720611de1c8cd7251795815a5b2d3c9147925cc2324c001622ac48b173e2c89b51ad89f3f8a20f52dfbb61ddc5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff0f6876323939bb050b4e4eb13a0996

SHA1
1a7eaf3a6c607a2342370bc371fb8eb7669a37a9

SHA256
1cd52c795b6cf5449f6705692aa27ed82f85f5cc2f3f126ff702053c27025a6a

SHA512
f8ee9043693e218dac7e6efd96787c10aaf49ad34d4475618ec2e4a09b82a8d9599aa287fee779b15c0de15c1b2e256ebaedd1bc36bb0effeaa2ece8e2420dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\faa91bbf-f389-412b-8172-437d0ab70976.tmp

Filesize
10KB

MD5
7fc98ce328557b0da5385aea370de0ee

SHA1
c0a7e1494a66bac4f30d64ffd706eb76a874c222

SHA256
bab78109ace58c45ddd031345b64c925155018ca421a381a4f8639c0c6521186

SHA512
5399ef8132df35904174cf64d099710a2167b344e6fcfbe98a5d45bb8712263e5e2b3898983a3041adcb169326c75e0f63a0a15f9e84f32af99c0de986d73bbf

Download Submit
C:\Users\Admin\Downloads\79b1b58c-f524-4098-ac23-81054c174901.tmp

Filesize
5.2MB

MD5
37410acffce6ef757ed7baa3c253e14b

SHA1
b20b0a445547374b9d4445c96ee96d06eaa8d09b

SHA256
c50cbd0721a29fe9d3fe81c82cc32cff6da82f04f52f81c0033f0e32594f75f9

SHA512
df9228dc741b664505b90f145a7d139f25aabf66da1fb375f8e6cb0a887e11fef10f450a2a120ed19ac4a757b3e3210611e183a271a0bbc034825a1b905e4c49

Download Submit