59bdf8e12fcc526e296671ff4cf704436cbba5702c0085d0f1836466b800334a

Analysis

max time kernel
1701s
max time network
1692s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.png
Size

469KB
MD5

f5ae9bf9b85c8923aeab46fcfb04ed6d
SHA1

0cc8cd509dd7d0da1d3323fe870f1b867971ed7b
SHA256

59bdf8e12fcc526e296671ff4cf704436cbba5702c0085d0f1836466b800334a
SHA512

5d987487a23d46fc03990ef1c174b43f224899e02a8e0ac0d3f09934a7606c8d73dab21aaee5234a3cf5148b4bc6c2b6154205e3827a736440f6c66974a9c84a
SSDEEP

6144:5dP6Qh4GD853zx644F+ODLUVqCBFRy4RuNPpInHd5qt5ivqwY8nRsFByjeurP+oI:zP6CDQi+OXbCDNRugru5aqwYRvyD7+vf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{E09F2458-57CD-4226-B351-851FB74C28BF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3364	msedge.exe
3364	msedge.exe
1976	msedge.exe
1976	msedge.exe
4268	identity_helper.exe
4268	identity_helper.exe
3460	msedge.exe
3460	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exe

pid	process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5332 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5332 AUDIODG.EXE

description	pid	process
Token: 33	5332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5332	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1976 wrote to memory of 4524	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 4524	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 1164	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 3364	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 3364	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe
PID 1976 wrote to memory of 2172	1976	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\R.png
1⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e3246f8,0x7ffd7e324708,0x7ffd7e324718
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2220 /prefetch:8
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:5504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
2⤵
PID:5984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
2⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6608 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16862357003534264777,11670138745585615464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5332

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
26KB

MD5
bbb30064cb1c8bf63d154d2634cddec8

SHA1
2b09ec6cf4b33a6267c29616fb79b59131946836

SHA256
d5e466ab27ef46bf2481c0f1af65bf32fae101614f590a379bc7b23f22bfb2e6

SHA512
d99d41649d3e1e8e53b9105ec3a3f33a4015566d861aede543ef97f0be5e273ee1d1a5c746c67fba5933988ff4ca3a0078742aeec3dcd7688f02a5dd023de4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
63KB

MD5
2e6fa27ceb4e7bf4da0053fca72f683a

SHA1
60d851b918322bf58d3a1db7b22e14c32a656fd4

SHA256
562552551e121e7b076082bdc222c343970dcd6ad261fdaec5aea060d61a1112

SHA512
987f21df29af74403d28212caba449b7c37c2cfe9ee5c31db11ce34abb6c9426b503822be8a9fe20e644c5924687e91e302f70d12efaa6e0a9d590bf0b87ba00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
71KB

MD5
9dfbad6e534a5b3f129755faf144c5b9

SHA1
fc82cd831f0bfeae618b3c8abd3485df251ebf9b

SHA256
c0fda46e40600e66505f2f28b267c33cc793af28986dce5fd6ec88edb30f0c6e

SHA512
3d9159cba774d97c813b8b7d930fd4cb6063e201387e7ca8005a761bc9f5552c13a51cfe01646ea74b74f4d385a7c38531e0c4e65f2c2d0a1d4f3953f57e850b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
89KB

MD5
d346baaa8fb284409c21cfa39a481c8a

SHA1
23e08fa98410c84570dca325102f378f05abeb07

SHA256
f5d8d080cbb20f090232e5c7793430cd038e7dae7232bc295b8c2aca63459661

SHA512
521cacf6b724949e1676c2c9cd1a0ec731d5f42cbcac66efd5fb79939c4acb8fbf9bd7a959d08084c0dac01cde69c5094ad17947941520ab11514136b104a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
Filesize
192KB

MD5
59bed2aa189735a341c62636446364ff

SHA1
87217a65078b729940c93dad94cd90d55d0e3582

SHA256
67fb1e6bc61f4f75d1c59dd4ec0bd3b2e4d17123ff5f83f68dc3a4e245f6f7aa

SHA512
79f28a93776437f7abd3f83fa024b8948f69eda2c7d89d824d0795a801a08ff3c4922e8ae746d4fd49ff6a6691b8aa1f9827da132af8d9860214c1e9adff7b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
5f8db6463af9a58cfa443e03dc572a3e

SHA1
c59eeed8d6a2790fdbc990830318547e593d925e

SHA256
f64ab261826ca49a5052646017c814941c1e5a42fb8f8c9526ecd9911fac6195

SHA512
4842107d0f39959f596239d6fed425c5f0f83f2b627afbd181c095fe2c919bd3e18d9afa08155359fe316b7273ad08078efd57b63e0ffacec1fecbde48c57aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0a60d481b9fb637e9ac1e990343da5d3

SHA1
781504a434d40fb26dda56271b27c60f129aa940

SHA256
19a8fe6df05bb02710804747ff1e4f9cb3ded8e631997275268aabd53e7faef1

SHA512
c1ff8e07236b6f28353b6f12aaa33ee5ac1b4d1177e9721d2242cfd57d60183a6253da62d3822a7f5d3b87bb708a8546876b6405a4039bcf1799c82f0f38aa0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c86808be58137464c6e32fbaac361b03

SHA1
ace5298d8c2c96ef415590ac41e23a9b54595d01

SHA256
5d2ef4fd64aa6e89354c5e20f9493f62265084661e82b0df151ffc77b867479b

SHA512
73f44f55dd42a7728b584d16357072ba53e4ed1790472b408dafce1f9094abb8652e223cc47a4a553f2f2131aaf4849d08ae95619965ff15fb3a4f2b178ebac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
27914629904b8b89a87ef14a34ebc597

SHA1
adff96627dd1c4a2955c6a05daf1aa2584dc94ec

SHA256
adb69490a38ab7ba67551aad9c162e66d80739d5a1dfd45b56f62354c36c729b

SHA512
c5e7a5d60f643b0f8a6ebaf2491a057d8512e272c00a8d5fb056656ae768aa1af41a9c886efecf479bff43df7b344d0183edff38bf31fbdca8cc80078d813095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
c67bb8ed7ad3bf546b33446e5377c4e4

SHA1
2554f8a8f61c2ec1652a479b79c8c6657f01010e

SHA256
3a5e4ed9599f388acd89f9d8d5e168182cddb2894fd89b64d0041b32ae1efce5

SHA512
547dca03e04bd509b172023d643a0611b3a4b6212b4f3f57764ad9fc14bb5313ef24d863a49d7dbc0fa7eac386eb8a28d6c957befda8554c43606a1d33367a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0f1cacef2fdfa8a8d4938d0175404d18

SHA1
e9624f8ccc9839b9537adba55957aab8f26f026c

SHA256
fddd90a8628841aad95fcb0f6371bf291e1f24699817c2eb245c33da0e7ae813

SHA512
b98705652645c83ae4ef98e6e6ebbe4ee650d6d5e1dbdf87fc5a5daca3f37c3d93b7bc5c5bcca39ed9d132505885edc205f1e8cee5ddc2da85e80f89fa300d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
492401981f6e6757d0e36f492558812d

SHA1
99a50b14b7a6f4d750ca51db3353f46afe516ed5

SHA256
5e63919e240f54bb762cfcde503248f0b4e421896db61995355a14ea54deef6a

SHA512
3cc27879dfeb37fec3efcab7e8d6413cdbcf77d7afbfe3cb25fee14ce6056f295f48c6d9a7f3ccd7a1c207264fa172c8b78dd2340a263acf0e4597cff5608ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a66a20b09432f4a7da24c989abcad779

SHA1
f6f27156022c94c2fce6cfe018d9099e10bde435

SHA256
0d15e22c3ec55adb9f9ed857eedac572a9173f4374f7e3b3d350937282bf22de

SHA512
c744670ac6a645a926deddebb03b8209f3e471da9f6885ca5bf2a8ada23bcea38e06325f90d61ba38cbbefafd144b5038e6a332adf9464ac8bc2dd4e22c78f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a3d344d4c72cb277cf3d7a26a83f026f

SHA1
295b7f9dc28e6f76cde31638ef4b191cf27bfbdc

SHA256
3caf83b01d9f361fddac263fcd1518e3b23b27a9c2ebf6f225d568f3474aaf51

SHA512
5dc61ba77ec8db5b9a1c47096a3ae695cf2cf4f31e2612c1f0df26f198d8790859f08ff2c33bf76cbdb913afba4b1d6a6105de4ce31416e46c56e860a81e27ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1b1a7a17cf0fc7c81429f6443d30dba4

SHA1
adad3290e38f6639867d645ab01c2af6dffce582

SHA256
cd711474221db4e1c957b45bb56a782293a74e3c6662643765b72ad6152d966f

SHA512
4a936aa481b2c8e545e6879e9526066d066e5863070c743c10f2ed97a903e6e88c65759d232e19201877ae8d04ea76376472500158ae034d2bc0ef4a15fdfde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
4KB

MD5
1e57cd6de6df10a1e51f00841e13c061

SHA1
3590d896778c311c2d8b0c6c365947fa23b8e996

SHA256
dfb777da0f96cb55a7687839373e3f7c320c075afc8ebbfd663165cef6a65c77

SHA512
86d522ec1c2957b330b40309784471647c4f18c14d8ef146c34794691e2e119cb9e65391cc3d712407c1118ae27cfc6900dfeee23c198d29108df905161e9fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
2KB

MD5
ffa8ee5d700eae487d66b7adcb06c2f6

SHA1
709400cc9f73e3c7bf00892866575ea3e857f1bc

SHA256
f8c07b1475263c542a5eb885d37bce3df81fcae9da42efbbb5857d4d5f8c9b8f

SHA512
8f745c9d3ea5aa591b97f237247978789bbb8cff33e2fcac6a0d9dfbb73839c06d9657449e008f11707ee39e61a7d826ac1f19925ecf1f6a64f0f380688a03e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize
3KB

MD5
6290f0e20fc9c7ecf3ac64cc12c6de8e

SHA1
c9775def3e8c35375902272d4fdcba5aff2bd57c

SHA256
d7aa3a46f802921c768c483a79911b93cc271926e5e0683f4ad0ea08d848a864

SHA512
1f1406c2fd924d44d75dda7d0a3ee6ba1ac93d8ba2b88747a912466f0d17167c11f7233753b0d51f66247711efcf16e14d41967cb044ce90c0bfe70fa4312449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
3003bec7f253c6e26e9397625cd1340e

SHA1
c2b5cd0465939ea2026aa17f528dac86ae4d2df9

SHA256
e6a33ee854018b9ab0540643bf0bd960a3e50ece6990d4ea43c64b19db2047be

SHA512
c58a54cb5db5c947b4d2e47ec8452936c16d0329b04d0e9d7e3ac0b5a4f8ea11489322a4144ea1d888539b0532344532251b5b8b3fc1a6dc09b7099546138a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f9c1.TMP
Filesize
48B

MD5
7d1e2925705461e5cde3eb9a46bc6697

SHA1
04263178ea60ec3139c7a6bc3a8380a1663f044f

SHA256
26a13f07cd735c9078e4e9362f383a30cdc846f3a6e7d26ee9aaf21b1c2bc74a

SHA512
deb87df45c82c94b7ead5c4cca7970bffdc05cde4dfad9c711dd7e32ec5f6306ad583f62357b1be1ddb865fd871256a24b4a59c8c47b304bb1679396f81085d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
9b910a4d17a8865dd5785bbe3a70c2cb

SHA1
cf5530c2a0fff1b62c9d2c9cdc75a619475d7fab

SHA256
2ed69b464870b218c4cd08630e8eaa5cf50731635f4ebbc91b4def0e8809d8cf

SHA512
e7bcb646f432e150f58f69750a9d41acca9e5dbe8aab92019c7c2cf2db0a2de30e5e136c409e2932ab0b0e731a931d1562b3b3f9716fb02b1340cbf1667c3e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
cb106a3a097bedb629bfdbf2b39ba80b

SHA1
1c4bd58fd39d6a83785a4103682bba7f7f4a047e

SHA256
9243af58804b201f23295a6d27c93686e125048fa1e6913a65dc45973229f400

SHA512
95f5caf40a7c6d508d3c76aa44ada18eb3f2cf692df2a3b5776800c2ebf9ac28649f37312f79e7261631b97153885a42d7841ded80fc38ce17b0462455ad48ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
56febc13fcfdabd338285b3fa39064e8

SHA1
236b84e097cd2d71577df8a1eaf13db937f222f6

SHA256
91686c35eed36d7767aac30e04f4e4d44ce61bc85b1b36913bb237fb27af01b0

SHA512
5802f156dee69d92ceaeff082306c7f7006a27bcc083dad531e7b3850cfc0c8473ab051a64c9596d6d4800a6979599eeaef97e8c62b8c3888476c7bfcf5c7c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
36e374a85aa5e882e7b04836dbf0ff6b

SHA1
0399b286248b4b913c6242011f44bf44282d709f

SHA256
612f2070a818d62396fbecd3745e87ce5ce1126d85928e040a0799e4c1424954

SHA512
f930e68bb1e2919d690999de87bee98f35a079c738197971563eb4e53d6610c8b35c6ef1e0a6d3d0bae61638d4fcd89943d045d99b5687ffd46912f36175ae13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
49af8aae9dfca88aad924e6c2af91024

SHA1
14b1b13e05b6fb7e97adad0cc88755a20d332f4d

SHA256
439dfa3234cf5c9b36faf59e18e40e79f1db49f6cc8a6f81265c6a2f47bd53e1

SHA512
b20de660700b23c612d8e8c0be34434f5df9dfda8eb18dd417a30b49020bc936f58128af393a3c9eceb6d4346b45cd01f2b279e6c66b7647ce775c02d0e71d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
cb8640c1a81af847b80d0b985f76d1f4

SHA1
41d59193f571e9c1d6edff464d03c79ac3f80ee5

SHA256
17d4b78fb2f2df5277dfb85d7fe4d0f6655c8ac1f8969d099b4b2798c32080c1

SHA512
b292b5880f69e25a3a4344cac5bedc4bbb66b85a4e6d3037342512eb1a6d3053807e866b18ddb9eb9b811b2e7bce2d546fad033c003d4f970262b9d8c01a7adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9a904937aade96571984957af35f4ed6

SHA1
ee859211248f722b92788e8559b04cebb7e92e8c

SHA256
3d7f88a80e90ae2677af60809674af9f702e68030fce0e55dbd4fbbe2e57f9d4

SHA512
ce0afa9e0fdac617dadd5ba299818937bc49816fb461d12bfa62ff7543693911af01712ee6e43e596820982b488c39b7f233f6b8faf6d24e5d0c34113c89682d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
6ee4e4d291614235b782563196f512a5

SHA1
185c3ee485b34fc283bd958eae8652e5f8762dd8

SHA256
adfa11d91829ffc45cd4cb5d57ec9b03485f815b52e352890dca05f8cb0df33b

SHA512
1aa9ce35cede18f7fe9808ef97963702464396debd55dcdaa10d10ccdb43fa4bfa7881b553b025b00e359f5bd90b032155804ab17231427eb075072367cfe6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e3dd9641ca841fb6467c319f726fab8d

SHA1
d8eee25adc0a2d22cb22d090cec99b059b3d418a

SHA256
04aca58d360e4de88caff756e7cb8230bd6bee9537a96aea3a71a3c46f668c5e

SHA512
8f623b5b662628f58e3c3407fe0e831137b4acfafc34455a73030f587fd172ee5713c464ad6ac0b9004772a3354531747eb8a4f5874b2401dd25cde2f9ae3d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
123d44adf3b375fec7d26999b69316fc

SHA1
803af18348e0922501b6be99e348f53cd3162c28

SHA256
99151791e999641613206042d0704cccd050b99bab8f417319db6de2ded9872d

SHA512
eebcbfd96b487164759e4394b1c162190140e3da34f464b4fbd3dd625ff769663647ed2ec590e116c5ebd05ed43a643cd57611cecc189bbf120228398a98fcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
15bf326c9b587be4aeb295deb9692910

SHA1
6494dbb8cb55024b02dde5bb2ae39f7510ea883a

SHA256
dffb7dac8232929bb61e31603eecd62e49a192d48f3b3fd0cb2b1b1d4c1950ae

SHA512
4c74a6f389399a5b80b2a398715dac605bdd47fca60d29d61fe0190836e6dd49d6bcbb5447942f8fc93ffb17f776f232fa65d166b1f32680b0ec5e99911fb44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e34b.TMP
Filesize
1KB

MD5
157aeadacf7ab0a6199f8067b480b86f

SHA1
ad7549b16a1f30a075a14adc1709107d73f1b884

SHA256
5c27e1cbcf361e7169c70782064f2da781bad1e90540bdad713bc593f010d91e

SHA512
c7c1e0f733b25d2982cf22b59757c402011926bb6a745e3af79a67eacd3a06e948c0730de0cf456984f59de38cf742f7138478f9d37ef56435a064a3df4ce909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
167ecd46c4ad7bf1a7d3dec2cddfda37

SHA1
2423020960b5aee77559b243b4c01e35bd3f65c8

SHA256
d85b77448a706639ff84e985edae38adf10ddf51741bb9235c90e2805499cb3f

SHA512
190c79120f4fb70a78d5aafaf4bea9fe21235c7a7765804142a8c1b05462be06d8250bf606776ef194ee08c6557d25f3f715b5b33533f302d10573affcab7a3a

Download Submit
\??\pipe\LOCAL\crashpad_1976_QKFQTWEZFMXOICDG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit