7335664b809c8bd06d919d1d1f04b6f3c7096ce02859411be539cda72508a6a7

Analysis

max time kernel
1686s
max time network
1691s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

-2147483648_-219452.jpg
Size

37KB
MD5

a0f6ea369cfea8450703139f60236c66
SHA1

7c08c66664f7ae0f0ae61c57efeaaefd9b496383
SHA256

7335664b809c8bd06d919d1d1f04b6f3c7096ce02859411be539cda72508a6a7
SHA512

2eea0600445f58cb8dc38826148a7cce88b52bdceb89c5e40c19f7d66e267ec2e4d9041a9086ce311c4e8809c2893681e928a5e3caa245627ff5a0fa6b339516
SSDEEP

768:vtj1Nh5L12ye23ZjDLhkqGpPt2zx2O7q6XVJv9+D:7NPL12O3pDat2F2qVXL9+D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{B422ACA7-A0DD-47B7-880B-C6B53CC58D3F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
5116	msedge.exe
5116	msedge.exe
2520	msedge.exe
2520	msedge.exe
384	identity_helper.exe
384	identity_helper.exe
1980	msedge.exe
1980	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exe

pid	process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3076 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3076 AUDIODG.EXE

description	pid	process
Token: 33	3076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3076	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2520 wrote to memory of 4660	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 4660	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3996	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 5116	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 5116	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe
PID 2520 wrote to memory of 3936	2520	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\-2147483648_-219452.jpg
1⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce38046f8,0x7ffce3804708,0x7ffce3804718
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
2⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4920 /prefetch:8
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
2⤵
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
2⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9314223801045614342,11130476806925218882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
2⤵
PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x2c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1dc32cae-d2f0-4a97-9594-d860deb4b8e5.tmp

Filesize
5KB

MD5
133a3ff7217299faf4feec347d0bafe9

SHA1
cdd471460a87311646ddb6037bde0ac0bf898a57

SHA256
28584a4a50490b5f7c685e2e9e7c66aa6fd91dfeeaecc62472f0be5ec0f7bc3f

SHA512
56cf0fd63a656ef1a51c2823931d0119c51222639f6d8ac7ad15c412466139023324f1a617394284c859a3d9ac6be9288cf5b9452dbb15392bbe543caa121d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
28KB

MD5
4dec71c01919062eb657c71cc2494aea

SHA1
612ef97b7e5ad42bcc4a6b7d2b5a7cbf32ff1570

SHA256
2ea60640f02f2a66c2aaae3a6fb259b86138a47493b22b2ea7dca112dbd4f54b

SHA512
d19d331c13e2a82a28ef1ed55da54c1fc6c7117d113aafddbfcfd09dab70c2a3865fef211dda2a71efe7612fe242ef532c0117064253b11c93e1726d24ad0d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
b75287c8534e215127aae25820f00e3a

SHA1
c8107fe500f5bb01b4b3f33eb1ab8b64fa8320d8

SHA256
7543527d67f5b2e6371c1a14aa6989f5362b06619bbad053038c95ad768f038d

SHA512
7170a5f4c3d7fc04ce211f472e42ea2a8f0b75a4eb35a00471e921d7581c666247e44e484da9d5e9829da8aa789219911466d9effb1925a77033420cdd4292a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
37KB

MD5
b2d1050c9858c5af22583ebdee070362

SHA1
10f7d5242d782b6114d9e82f6abd739d6d7a2bb4

SHA256
28aeb1bacfe842936d2b25296460847034c245a14f1c028d79921256ce96ef94

SHA512
a22c4c09177d9568e4435e2dd353de936f98c2f537bb8f725c84d3d99795a812abec8ab7b6d487b27cb03bfb0ae4b0fa71caca8cb7b8e765ac2613662aebadf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
17KB

MD5
4f63cf7f7cf530285668c21675dd86ea

SHA1
8c60c678adc8c2c18e74219fc74441ef1015727d

SHA256
73f41ad718ee0f9f8e9af244dabe4f9b947efe7748d1c05aac7db2c267de226e

SHA512
c42db00c5eebeb25491cf24615ffc29134b3f5937a14f9e366742ad75518c5c74f1786a7ad1f0755182395a9e3711a00c5703f67866e4d57e3b8bf3c1efab4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
44KB

MD5
4cc5457d9b51b5b616c5ec68b77a8981

SHA1
c456a1262171cfe76898fb2aba615b53daa7ee40

SHA256
f4089c872889494b46d99dd22543bb284faddbf734e032ff7981d63e4961dca6

SHA512
b7f9a5717782b2e6b5f9ebf70d861ff9de330f830d22eeb6385662fc887d6395103ecdcb395c69924844cd8f2b501c33467c0fb6ffed3a6a90b011a51f986906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
5df721180e5e8c3dccb653da368de87b

SHA1
772925c995e2056226dacf357f1ef7eae0c6f8d5

SHA256
6c815ef68bba569cbcf103579573f7593abb8b22c514eded0d7c4797362cd1ca

SHA512
423d8984ada6a843faccb895762de2fd5fe594ad60104a2ca0eaf9b79c86ec87a2c1757b40fcfb1d482d32135f4e98e387afc0a5699dca4528b812d7f642c2e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
17KB

MD5
e8ecbd3caa74a29a6339db388cff7c17

SHA1
c02f6c7e8382053f7950e94ef3b9e1c7bfed61ce

SHA256
687fc99e322c6c306a4e4c92099c3df35735687f72a40ef6239e5ee4f5bd8f13

SHA512
4188512a9123ad35d2ee9a5b8a7a8c9674ae9ec95f411f5d1c9e59fdff30d8254190545f18c60b24ffd520d343c85a2617ee5326bb75f701996cd5da4234fe08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
42KB

MD5
6b41afba3f07a2969681cbf8092b4bda

SHA1
5782ca451815eaafb62daefd49ad7fb45e4ea970

SHA256
955aa3eb40607d864efcb8f0e1454678398c3d87ae78f3be9a782f5f7f7780aa

SHA512
86566a0e8c97d87015fd5017991dfdea98ef5a3b2d571764dc0ef62672bd0c3f1577cc27835d91134b8ea4077af9a1a74b63ada926414a21370b2de5a01d73ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
19KB

MD5
2c0be25593d16f5f6474e6ec7b915bf3

SHA1
0e781bb3ece9fa3dab8642df59fe9d9045ccbf8c

SHA256
43b20b2bc74c8f3dfb7b39e2e08284c4a0fb848a9a388d8279df1a5c2c8e2f16

SHA512
859f5db6a210e33f9120ed0f49698d2039dbcfe40344e4eea5925d8b7a260bb76d5d5c7c5673f5b6247cd4309566ca5e3042456c3ae6801f40b856b8e09fbc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
13KB

MD5
4295a54af3ee029c6c6ed32fd5f605e3

SHA1
a196953376fce63a7b76b3510fa59ca6db222931

SHA256
c89b5c2458db3fd23e5004a17f6ecd42462c6deb4d3d0d418f3bccee0b8d5a6f

SHA512
3e34b349b032a3cd1fcc6418311f297d1fb8916f2e19113f5967714502f46ee0281bc8507530a921fd71728f9cec791351a5eea0a22aa7d824a18e8ba825f223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
3e91c143a2791ebac4775d07b8a19fde

SHA1
077b1163a4bfcb0a200767fce7ce1e46de5a842b

SHA256
5dd4c87141fe780386bf8dd4e3d392bdfad52b7f3f589fa947f15bb92df9fd70

SHA512
56ad2186f4fa1695a3d7e1dbbfe6d0a8ece2c6badb6b0fffb7078fdb8595ee0abb527a396910e93306ea32315dceb5588ccbd1bffb3ebe94baeff5ee6f948fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
b355d4f626774d66d8a9712d8d16c352

SHA1
1e8657d8709bb1b0c22996cbc3f794b8e85612b4

SHA256
4a48d74323b24ab1dde8401059edb0db9c21f1d9c167e720ebe7bcf491325262

SHA512
688d1c7fc3507883dabdc6e535a19fb1c3ed02ad2710f335f4035de3f75f687549d01cd8f9aca7bbd378361756f4ad70fc0d896764f8eb4c9d7aff0c9bc95968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e91527ba5de1b6ad_0

Filesize
175KB

MD5
6cde8b84ea6cd9e99d301551cfbba677

SHA1
38d67acd10d0640f9f241555a0d06ccbcd80a35c

SHA256
a29b4296d40066d0a450298d98f061e1911cd1be13f24e21348bd4511f3399ee

SHA512
dd1547b8671728fe44aa085cde0d0be02574b00de14733c7c433dcb31829492c21d29b0c7f4f98ef81083a786d8be2ef3474072021449ff70a625e91b316fcb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4aa46380387534d63c537c510520fbe4

SHA1
191ad48c69f63a7d2e97e4fef34c5331007a6151

SHA256
0f8721aa160a58260a9578ec2ba7c431412ab774776984126d4b74ade44957ea

SHA512
895221320109479a5c28e28aab514e107d1db618e9f64f76512f74f0bacf8883c27bdc09fb4a40307ac759be2ecef4359371d80b0a55765908994f5c638d4111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
243e2a3edd94e542404ad19e2eb115ed

SHA1
c5a16d987be5f3e9e66eec4f32459799f0123883

SHA256
5e490d6bc9746c2d7a8882d85f163d5da1ab44bed143897e62cdb4aa0fe0f5d5

SHA512
b6dadb641e1523ceedec822bfa7ab7b4b1aae5411254a522a3dc3171189e485876fc392460174998a4833186fec2b2b0715d830725b51df3bb3ea3ea2094a6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
95afc51e15e324162be3af03b66fe896

SHA1
ab9abcc3e23bc0b9097dc3abdd9acc0bc1ad7a4d

SHA256
e42eeab33e0ee98bc05805252ad42ab02c93d076c089cfd73a2878b17b87660f

SHA512
2219c04d8f4a024e5b7fc950eaf7a8680521d5812ee649ebc8a15377dab73a167461dad051f62aaeb881b11213028c117f2ff7db2445dc95d41e4f2ca5d9b8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.expressvpn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
5b3ae34653c766e1ac1c993339873f6d

SHA1
7f6ae339d04669a50db36be5564d73ac89bee65f

SHA256
8415bf1946ca9e935a7e7c0fee707402504412fb24ffe11545a6ad537e6536db

SHA512
0523b8fe40bcd47716e1a29f6c80cf9489eb868b1ee5c095418c6020783a388170b5427ef37d100b77f95cb7a0700ecb04144bc404586256be3e5f4dc5681164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
683B

MD5
bedb8fbbab8530684b5a3381b2b556be

SHA1
3845244b2b5d36585aaf660460de3f40250646be

SHA256
ec2072ae93a58f1542c7d287f840d8d259ddd2e6474c1a1347aebf3d01c974c7

SHA512
eb5cfc50926a5b99f76758ec1c8b4441058fc9b7ac5df68a5a9be39d03102d24c1ec5d594b1c97b58bdab37aa5be464df12adb943766a53f47d70443d9a24506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
4513c5fdc6c6021bd2f8da59b778df2b

SHA1
4c8c17de3bbaaffd514ff7a61eb0fa4a1aa3bb58

SHA256
aabf78d91c6f226ac1b2bd7c706b5871fa1eb01eebc52c05e0558d21624cfd45

SHA512
f440120a08a496160f847150e4e93c47c7ac1df7350ee1db92994c8f5987e32e0ed1c7b07df86d1a56955a81c0907cf344dfa15a1b03882262508c25f6e15bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1903357d8c79c60204f7a7bb18587a81

SHA1
2aeaaa654887f546a380fec4a3ea014be67866bd

SHA256
238f76a5c9f039052da96da9a2f7243bcc8b85b8fe79b5b4ff866482fd09f904

SHA512
f30e1e2d5402c022d7d606267d2a580b48ec5e068ac8aab2858c0dbc67e8b33ead7698d6dbaf64bc3eb9c9d11346711d8362147511a43a62f3a441f6f16cca3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c440fd957ba52f54cfae33575f083da8

SHA1
e902aa33c488dd7fe9263f653d1fdefd243e0a3e

SHA256
e010493f1677031c6723f18f7c27fca284c8fc38b65bd1046e92ee0820bfdc0f

SHA512
812381a28f9660a9641fd58d78566d8509d0e4c2528e8d7bca516b1060a3007fe5113a079d191176cd0f718b3f3d1b4192ea5a64e8dfabbfc85bc1a445ca4a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5547a149af875b0f3131090869a8a2e1

SHA1
dfcb6de953dd03e35f6332d6ab4ef028f418759b

SHA256
8449e154026903e845f3601ac485ffd8d363fe641179bafa69b0b8ad51e9884a

SHA512
c533a348d7aec24a55ed304127bea6c9f23d9be940b3bc15e4e8af3eb3d00852578fd98ba25f0517791987148dcad3d59d07f37588862719596c73bd84886616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0327a778dab87fd3d49e9121203514fd

SHA1
5290fd11148cb352b33a1079c082eb269812d0e5

SHA256
947c28ccebb70f83d42b23532c4bf4ef72c7e5281e2a61f130aff4a82d2e1e42

SHA512
c86a76841ddc2cae21823ee2f36baadb51f3801a6585e208889043f168d71cd632602d8dee74e5180547da39c37726721e9c79cef55486f83f9240f7653590a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f14d2d126edae7d06f62765b797c6d17

SHA1
23f9f3b1c28b691edd8a38b18a93de72123e0f15

SHA256
8b274eff334d58a8aca91b9ad49d2eec4cf7d042f957a64970feef24b0b96f09

SHA512
bc954ae5cba6e5ddc0fa51650187c1ba9c176901f564757a6663745a874a1d9fe3316fb8530cba4df7efcc4fd2a9def3178cd9ec62ef799cf4f8954d365c75a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59521225152afb59a48f849bfc6f8f6d

SHA1
e5ed448c82da4a194316e2588518dceb8622e5c8

SHA256
7e686e6b830a190336d0ff39e7807eaeaaa834799a5165539fd0a27d7bca4d8e

SHA512
152b2ce7a129f79f5f2110097b188dcec61a6035b22006ad2f4f8f286313cfecf339765bd93028c021c05a3740b0d34c4c8396330cb6f7454064384783f8f450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abba1f2b67b0a94dee786c2970a6b680

SHA1
26226f8d832ed95a6cc786cca671bfa42b0b89aa

SHA256
053a8a5aabee338b572f64dcd882e1cdcd8a4f1db769fa61b9e41e8ab6afeec6

SHA512
95570f73d3e1f65a9405438164f0f65b25827958242aaca9abca401e7bef06f50e1028225a9e326d568aeaa82d07b50d518fcb0b5c0e06d1085e67fd33a0f6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9653ac4393539c1e71ddc8613de01ca8

SHA1
108f63330aaf24deb4eaa965afa95b270f4c2069

SHA256
b15b2062b9870f27c73a6c8e189073be5ffb606c264f21750606135ea8d098f4

SHA512
3e7f23729dd2488282f5db2bbaba45382e656a3d4ed42719c5af5350eb8eb917f4dc9896c7c66226454dc3ef95c4ae1b225fce7b8c6f0bf7c245ff7f713a46c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b2bd7c4f931e5a5fc6418dbc23c21ef3

SHA1
ae24bf9dca92f8f3fcadfc7351ddf6582498f5ed

SHA256
2b8cc412028a76736c7667559ca90888fd66ee72e0eb53db19964a46169bec5a

SHA512
d6bd437df4e92bb2ff1bbd340b191a3749fe75036312012d45db6cbcb574a7d88fa98a6fef77f2dbc6907e32122dead22cdf5a5542d3a025479814a2f56516c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5cafc49faa645e3bf11c432b7afbfe47

SHA1
a30b1e79a23d5766213b62aa901ca6df1be8da63

SHA256
2e9a3bb1f28dababfb85e8bbd14992cb8922504395abc6c6b94dd65731f55d0d

SHA512
1f7da482d9a70e234ba358238dc40dc31d93b89aa56dc2806e7e0b5ba40ec3a5951e4e869daa50e18cb1c152cb3c15c96ba7a83d5aece89e6846100cdb9f5559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0f1b2e320c156b244f61929a92c4b057

SHA1
677d9aa4d54e1b0d00b5c213dfc0528c2ecc3c4e

SHA256
d4055e2a1b83aed253e65def60c605af4e38bac1bae16f52fc3ea7f95b96f595

SHA512
e02f116ffc2c8e8ea0e5d8d4a111eb52d9a4af0652591f1eb556576bb3fa247158afc4142c5ecaa4f36692848b344c979d501b30c6ac107abeafc9e65019f5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a389775789dcd9deccaae89140fc9778

SHA1
e404667e055e74bebaf264c31d9dee76bf3c6ec1

SHA256
f8e25dbc0156878880df85b24a6eea7a4500786c265051e3f203257370fc7a74

SHA512
8859a164f2d7fb58de54a79899a87519cb3e6f57b3a0c45da372de4fe00373510fe59bcc14163ecb73fe90f529778b336ef8e2cae8b849b1d352d59571ee1d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4628e63a973535df97df40dd5220e733

SHA1
377d89a1655b046f6b3ad62e416ca5550e799939

SHA256
ad5909a2d5e9a2aa1fc2c35596f92d03e36a130f9507fb5b0dfe385d83987aa6

SHA512
cd875a31675f61573b917f61db5b419e09e10831a18a6ea4db01e25f6c19f8662a1440c710dd30493559ed2e41c0f05632839b428e86c283c4bdb8fcc1b9f938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59072a.TMP

Filesize
48B

MD5
8038ebd7c21de9f6cd61d870c1d8af48

SHA1
b570bf561129f4ca08226b15fda2605bee13ef59

SHA256
de8731fd956fa7ad4b1762b5be528d3cb08efa742689e1d960bb2e7ac331de1e

SHA512
6130881d29d9cf83794281c1cb6673a706a8f665bec50db22e49f8b05d6fd98097ded619077a667d6141995145e44537fe9f2a96344253931e293f999f670276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fded233cec2cebeadf4cef0799a5224f

SHA1
26a42ccbacaf4d36582b1084e073a6706eb3f20d

SHA256
562e348a1002b1c7007feadfab541c9f789e95e49588dc0900590b7e6beacbd2

SHA512
6c61d699f80cd5663beb7253dcfe3324765a5153072f10bc105ae79181e64110d00874cabd08fc59f6258e165d7b0d5879aaac8d2ffcaeafda9fb2edbf103a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fc81cecd7c2079d92d31c627dc66cda1

SHA1
96e864160803af619aee43eb4283b8dc4d5bec0a

SHA256
3bfa429ef8c1f1c3279e439d6414a4c23fba2348933672a9e431e9122782637f

SHA512
faad699ab92d75cd1ac4cc1ba559f22f6b0eab09ce479132c0003b855893f635a610bd277022c9995eab97757fa9fccfbb1298a12ad39c20bb5e6b9365628fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
806a43581b9c14f6e85a696f318d0f14

SHA1
48f642f9e49832d4c7e8e3c53769620b36e43bdf

SHA256
49a7f82af35d4a2192b95f27f17032e60fcc8b3ae2267151084779b781fbddd6

SHA512
18ed3054278fbd04d14026393e19a8c890878d797b3ba079bac487d8305576fc5ddcd92d05a12ed2fba19570628b67e61cbcfaa33a166d990fc0ff02c28f0b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
df2193e85034d32632dd05a3488192f2

SHA1
75ded8f2a09ab19650b29d69697a0e0197068a1f

SHA256
96a3cda3c9a8263ef09d63b6a0c636154e49f0d7dc983c2db0b30131a231e45c

SHA512
9b21b3984ce9081962069d5f68bfddd6fd788b9ad51b7325c8000fadd3bd9da777f41f6dedc6d9018b2dd53c6edda537118e1bc6d6ae5911c2ad5be2b50eff21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7f4c8f58823c850d2a38be21cae295e8

SHA1
de589fbc0d0bdae9bc1ba71216269cd8ec2984ff

SHA256
91abe20a7746f9249be18a46f83ddd6ea0f9f443761097459d3fdb6f1d1ff235

SHA512
a33eecdc5e015ad5c880a8ce7ce3d0a564b0530f1b30cba942b477957174738331a2ad0255b433e084e16c74ecdb6b94a57a0dec56d7d020c0f7242fcc4e919b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e7e1cb3e98999b89731d1c3eb896fa38

SHA1
68b573bc4f32fa581f1f61514b8b8f04091de15f

SHA256
5349dd46864b77040f314e8161ce1fc6e6e9fa2b70eabbb907d2dce13d2142bd

SHA512
6063834fe5cc274027b9dab1f113dbcca5c7b55dc3ca5322b97029d6dcd9e783e8866e8e9a43fc8404e0d864379ec3fcfea3a4d491bcb8bcda688a5740385eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1031050b4b65a9a9866e724b491fafac

SHA1
9957f3e1a1f0777508fd7cce679bf8d5a126d997

SHA256
04e05d211dc05489c2806e31355bf762b4039ff69bfebbfa27a35817bddd5809

SHA512
85e064e6163ab771a4f3ae47f5c08bbb51819f9f7a3a802c70347ad798669ed955284440c4a157ac4a94754166554a72cb2346b2d53d55a86f07c976283125a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8044fc7186c6e7f6045ddaefd87bef98

SHA1
db2563f0299470959e732a0c5ab5ca389a662e4a

SHA256
4fa89456fe5da8fb99cb9be9a0c4a9148eea9b1a2f8abbd603f7607f9a927d15

SHA512
9ff00cd2708e021260de2eed48969bc37d551e31f2009ca1d04cf1661d749efb6159161e4776dddb8f73b12b216128cae7336e02d1a4e1d47d9e26775da323bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6b0264078dd78d512c2cf1baeb6eb668

SHA1
0513e64468be8bf715fc80376be54ca2c0d37a3f

SHA256
cd1938d9c2c8438d4a2036e7ecc3a5528b071dc97fe4d5f8d0810b103f9e9126

SHA512
ee7b8a35fbcb4be3953da9b19fe39bda65d3c956bee736d70012a471728a3c137643da206b951fb4a52ddd9d7e3d7f177ea1f499fa17bbf87623efb00d9daaa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
63f4b467c8e62e185a98ca3ea0b1a98d

SHA1
0713100d7f63d46bbab057ae8bfb0d9bce3f967e

SHA256
9a81517b606fdbbf3e9e8eacd1e38de2102871beea9ec028bf470f48ca39b1f3

SHA512
4877e43cb5e2ef65f2801ed16088b8fd3b044494e2d4a05780f36a675663adbfd8df10984dbb364b8e33ea874d476815323b089a98c8366681194ac286a655d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ca23516d1933a923e50d96c83d8fbd07

SHA1
ec74037493644bb72bd4bc48f856ace0092327cb

SHA256
1ee47c4dd1be8e46beaac1cf99d64901d2ce2746c3fa661d31babd84f26e4f8c

SHA512
bb0a26d503d4f38efd01be51a43db36c87d8865c4a3d0f976b4ccd0b744a9653eb258f13f4444ec98c6f4e8e0a05d33e0e933f62762a113d1a37a13b60e38bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58080a.TMP

Filesize
538B

MD5
9ffbea91c014a7c2608a567700b03c73

SHA1
9bf39ede257f137b4109587655e9125e2e1b5333

SHA256
6a5e04f6f1172658946a2c4909558806e1bb2e6cc5f4f3aa3cd322b3376d6ddc

SHA512
ae2f09ac370b0aa9228fbe979cfe5175c0db02ba50a418c49e3fc2dc6859f8921c3c96a2ab5d9d6d26025820c4e5c37567001b295ab89b63a975b16831772b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f61af463c5244b1c9fa19c0b112809de

SHA1
aa813ad349f7b7f03c34c503bea93eaf1f4ab247

SHA256
4a66ff0e856babf8ef6a54c8d21d85f0a4ce6036b8413038dbc66363ef96fcf4

SHA512
f377a4ff0fa0888da5b985bedf88b7c0d20d5be6708a922398d30ff6a106b86ce8e4cc49ad88793fa84df5706491059277abdf6c854902067793d6de7b860d97

Download Submit
\??\pipe\LOCAL\crashpad_2520_TFKNKXVASROJYNWK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit