59bdf8e12fcc526e296671ff4cf704436cbba5702c0085d0f1836466b800334a

Analysis

max time kernel
1690s
max time network
1697s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.png
Size

469KB
MD5

f5ae9bf9b85c8923aeab46fcfb04ed6d
SHA1

0cc8cd509dd7d0da1d3323fe870f1b867971ed7b
SHA256

59bdf8e12fcc526e296671ff4cf704436cbba5702c0085d0f1836466b800334a
SHA512

5d987487a23d46fc03990ef1c174b43f224899e02a8e0ac0d3f09934a7606c8d73dab21aaee5234a3cf5148b4bc6c2b6154205e3827a736440f6c66974a9c84a
SSDEEP

6144:5dP6Qh4GD853zx644F+ODLUVqCBFRy4RuNPpInHd5qt5ivqwY8nRsFByjeurP+oI:zP6CDQi+OXbCDNRugru5aqwYRvyD7+vf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{116B3D9A-12A4-489F-9503-1D3AF3A37656}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
4328	msedge.exe
4328	msedge.exe
1616	identity_helper.exe
1616	identity_helper.exe
1036	msedge.exe
1036	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4332	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 1620	4328	msedge.exe	87
PID 4328 wrote to memory of 1620	4328	msedge.exe	87
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 3924	4328	msedge.exe	89
PID 4328 wrote to memory of 1772	4328	msedge.exe	88
PID 4328 wrote to memory of 1772	4328	msedge.exe	88
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90
PID 4328 wrote to memory of 1644	4328	msedge.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\R.png
1⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb7ea46f8,0x7ffcb7ea4708,0x7ffcb7ea4718
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,16834033353617527823,10578735892262635626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcb7ea46f8,0x7ffcb7ea4708,0x7ffcb7ea4718
  2⤵
  PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x420
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ee7e36f-cddd-4ce8-96f4-d51b511eee63.tmp

Filesize
5KB

MD5
bcfe1bdd3488ec3a02260be1103deefd

SHA1
5ba1236fce92f6a4bcf43e4bd28e8f0bb7384b46

SHA256
c6d35795d639be035406526b67138f094ee8026ff80e42105f3767e0d43b22d0

SHA512
0ecb04a6ddba98ad4396dd444267b00da3b8631b0ca662c21ff57a529286497a4203d496c88aa9a4574b0e4db82f3446574c5948bba97e624b5bc6f1ee143e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
bbb30064cb1c8bf63d154d2634cddec8

SHA1
2b09ec6cf4b33a6267c29616fb79b59131946836

SHA256
d5e466ab27ef46bf2481c0f1af65bf32fae101614f590a379bc7b23f22bfb2e6

SHA512
d99d41649d3e1e8e53b9105ec3a3f33a4015566d861aede543ef97f0be5e273ee1d1a5c746c67fba5933988ff4ca3a0078742aeec3dcd7688f02a5dd023de4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
c2cf0368662f14665da002581141d3d0

SHA1
bbab49e7de6d86c229ac4fdb939b13fe12052964

SHA256
f5e306e1e9877753294372af97aba4e3a9f9bf6da57afebf0fc0be5705c70ae2

SHA512
6122ce827c45ef7bfd806cdcb1f47137fefe665cdd69a999886b596c023c5887ecb7691d0659abefba80cc87b4ad4b97faf82b27913efd959f3100d8f1b2e332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
72KB

MD5
590ca75371bf11caf98b68aabc12ca63

SHA1
12f4fa625b3f7c52366599946f42381185cf494d

SHA256
b8dfb7056757309bd2ed2ccf0bf3f49b27f0f790250253d45e6dcd4b952ae15d

SHA512
5679c44f6a227446d37c576a0b7b8baabd224bf1bde85e2acaa7d349b7fc5b91f1ac43c7f6e7b6e2be1dd45d9afc434513311eb5512f0d9d061b81816c1b236e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
89KB

MD5
c8a324360e78386e136ebdc7374f1a4d

SHA1
261022a6057e9754a9bac4ff57f56ce62dda3732

SHA256
3a2667ea28f6376d7498a71d40705a8b5c3d02cc31a6c9ec3a23bf4b1ea359b1

SHA512
a494a5c6a3af2919280c1843dff1fcab5ec64f1bbfc100fb17e7287bf2467784762167f4606e0490cec394734e322096a3ee2333a0c04843447efc474201e104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e690cff07595364ccd98407f3570c5a5

SHA1
378f070f57a9618e3d4886573db53b14d6f9dccf

SHA256
2f0b5d31795665c186346431a036f281aa0828b3a3e6a85cb9972158770f6196

SHA512
223b68798e97ecbfa189dfcdbdc041a8c558d48d2c1ae878faeb08d6cdca4f9a16ef745cbb98eef057fb06a31e0134394576734a994a43ddc16e952511bf44de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6d53e81375424b3d1d0b0a0aa6c1f3d3

SHA1
d09537509d2e8bcc071005c43b4908b765ce0c4f

SHA256
b29fb8632543f5a438cc040511e81728cee2db09f38a5fb95d3c569bb9a960d9

SHA512
6d0db31bd311a24e37d3cb3d6d58f47103dc6666c196c59f8ad689293029930c816354ba48a0d0ea1e4582c97c756d45ddd143ef4a9256b6ce463261bcb29ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
32e95f78cc16197ea3281b78c20d7c50

SHA1
19ea4ad18b1a0002389fa6a6b35d5a2953ab181f

SHA256
b1ab503f992dd723eb9f1d209d441ef4bb6b10e11d44414a33b9af136db2ce9a

SHA512
f5855fd2fe016dc96fc532992e53b7dcb8b28e4860128c2df43dc796c865ee129621426783ce20cf28245e3a3da0708901f61ffbda651f5fb3842b7345b72a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dceffe69a5a04cb77b7d18842080b9a9

SHA1
d92ef7117bd78ecb91b9880636aef2ed279b9e24

SHA256
b8a61db4840ee1b586aedfe8fea0c688ba0efebb76622125cc283226b355d5ec

SHA512
455f919566d17961a7be20d8bb3d35b042c6631d8306b25192202e6ae368452d221d4f1c6d9853eb0ef596b2315aa46edba6e92054d14293aa887614c5310139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cfd0daea2c5296dc8438a9e0c86d0790

SHA1
83b91ce425268921c6ecb08d46100cfc472bd12b

SHA256
55275c25ef1884170bdaf6f32bfd8ffed7472b89aa59d2dc816f65ecf8a5eabc

SHA512
4e15b025b1591e61f26cdc5893af3e0e8124623d26cf55660b225f4a27bcce0f74f24a357874a1f4b0ec665d768dbabec9d29a5b895ce3e9becd42d83989e630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
489ba9d6736231e8cd68ff9d3d58269e

SHA1
3f8e1cb4758711ce75750038aad3b6b8e40c04ab

SHA256
4972e77140cceabf3b2dd99bc5d0ec1d82e64f281d2abe4b7c3ab7a46a5a66a9

SHA512
372d43d60ef31732a7ca6c28ac5aefdd8d90776fc9a8105daf0fea8cd424240b9c0ec0ec42568645c77069ed84fe5258e91fe19a4c676521cdc406f183651323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
19a625191e53006bf64dc6b762c917d9

SHA1
e8aa61217269a66ec2adf8a4249b74987336696d

SHA256
b814c144e04c12c67cf2f2f4e7046bc72f8682e1ad6d97dda1fc663088181e01

SHA512
39eb8cc3b7736be530298b3e9d4bae1c35ba29fc9b7f60c5a4fd19fa916216ebbcf715d4b07573e9ef13da175c16d324d1a19f666c7063a59383c6fa1011613e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b09698526b529033c93cd74dbae07f9a

SHA1
8f3bd4e9f85c60416b677aa0f11d829af7ab49fe

SHA256
81e68aae6d62fd2a80efe008f013f911d0f78e3014806b555dc42f17d066d353

SHA512
dec40cb5de9f449f05b650b451470c13c7e3c1c6763c16c6ef46ebbb21f29d14b6ffa8ceee9738786a23577be41b9c8caf8cd8d920be9205da78abf494464a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f027b2220cb82fd39591ff6a4383c691

SHA1
557278406d8785e869584f402ad2f7ccba0e86bf

SHA256
ffe8900f9007cd4165595a48e86d62d0bc456518e25bd648c8fa007f69b7a5f1

SHA512
656bea2776d79425c496ba9a8c26f30674223ae2cb4fc12172930a1b79e88ce88232377e3336a97316d7a7179bdba6b903ebe5b3bc04d5c743f2d6f8a8880fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13389486eb75f8a402843178523fd8af

SHA1
aa72cb2d8b5f89f9f2204db64767ea865129c968

SHA256
19dca3dc7af8595fddaf39a28c9b4b415603d17260db2860e520b3e3a622f014

SHA512
769b132c852767cff5f8c096e75d041bfde94db458b5193184ecc85e0a20832f30634d4045a0543d69d21803a0ec75ddb273d7a2b459b92c776450d64549d08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a95820d2bd30435e7c51c27b1f2928fc

SHA1
e5513877645d5b307de1f8823bf7ea8d3c5eb099

SHA256
c172419de44f5debeba2ebf83382f986680277ab7d3c5204378da01bf3dbcc17

SHA512
9e52dfec2227131ca9656a3e326d1c280dad53e38837d2239ef81bc7068c329c6db4fe9560f2699aa000b044ca5bf35563b1d97ca07d1c88fd94b5d989d5288d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
358b90a0c6dc08c7914ffeabaa1630bb

SHA1
3cce58195417ecbedf62e7a60a472e581688c909

SHA256
06d1894cd175e4e94fe9318f7697dfec614530e0288c8272dc0244d177f4b973

SHA512
7b41d25019f87bee05e7e999a7aa7aee10c7f2a5a94eebc370975fe8ab82deeb6d55f9ba254d779bc14804b64aa3ba39e0b60d6bad787101b581abc28f6b961a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
2fd98d75e4f7e93d1991423cc497b34d

SHA1
5e8ca6aa8d59f87fb753b0e7718904ee6d942c15

SHA256
7296b20652c2f1ff498c5884e716ff0af22553bf6184b43a625c5e35108acdea

SHA512
9e6d8b9945ff45e8e7f5030f579dd09c6176c9f4498e9471ee225fbad1fd06a561ff286af5f662f74191cdb119691686bff8b8c8e7cc982e6778b30fe2c8f2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
0544bfffb424d606df4f9241b73008a1

SHA1
84e320520b6bf4dad123f9144ba815e19d8c4421

SHA256
b3ebd3125a153a999f79a1c7defb186de71c0fefd7f54add2745817044e8a51a

SHA512
4340ca6b3b443e17148d4e3b6cc26f59d3c2a5a008b77e41fafded5c054554ff4ec78ce497a509c05a5f39f64fa16dc58d7a967de42ad6b234096fc3783e3915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
301769f76b274fddfa902ba207088c92

SHA1
011b176eb399f3f29fdfdb4fcb91b0d80a6357c8

SHA256
0cda63b786eaf425c8af7888733aa454aabc0d7271821b31d6ce630d0cd60cf3

SHA512
3371b5c92c6f7ec6326dea2faa3cd4deb3b1ac40422adbe1e60012e9ce9218b5d24305178a52d4f65a8077bf914e5b7efe788b162d56216ed2b4d4fae308933f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c791.TMP

Filesize
48B

MD5
bea331f41568f6c16c05fd4b8a8a4b58

SHA1
67c1cb6ca36f19171691a88b984d759c35fceacc

SHA256
733825f576e3cf111dd84b7c73fba6058477616e42b34552126339b6819b1d5a

SHA512
1b16206a0ca9a7bf21cf5a320a3bf1b070fe49358f528435ac073b9c983d593c793cfba5deaf1e5f7e53df80470696c2402ac73c0f9f4544b2618b27bfc3a60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65acedce48ad3d9bad1c3e8f649b668c

SHA1
171bdb5c4d4aeb80c27e479104bb31d61b88a3c1

SHA256
076758570007b602a017e58e1a64130c0322b026cf9ef22e0eacc862312dd6ee

SHA512
7d0355942ada8fd2efa9ca8a0988dc908a96d1735ddedf3c78aa18604f3b77f2881d9cca110b170b25d27b79aab4982750da36ed5cef5dcc2092f054518132a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
819f5d997cca7588830d0cd8e1683203

SHA1
0ee630b83f3b35683a0276d3b0f00b526148d8df

SHA256
d5c2f26bedbc72ab4e3316fadb4bd80ef47bc0a538288725121a07223f5f6938

SHA512
4341c94328ef3f01609c4874a56b20314772f36f9f06be54a08d0cb1f3c1facfb54e6b851dfa6890248fa4e70d68b7b9b6f89eb2069834f53619c91c112dad1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01e61f52ccee3d03df98e888bb4bfb3a

SHA1
a15ccf1f1aaa9444bb7277136b8020da5f01dd8d

SHA256
a06323893064aa7f6b4e2a41bae1b12be808b63762cb7fe39a0bde09fa7298c9

SHA512
d956d8795597b101e4d8100d360d503dba4da48ed22f7c6d5a1d11cefbd4cf966fa51369ba38c2127c830e2041c3509083dada31366933e095db38e276a656fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
937ee5878b27f625d81b04bafaaa72aa

SHA1
45089fb685cc2bcc63b6f7b944328701e5ef6882

SHA256
772651b7837a4f8d23f3100671e72445f1d3ec24ae12e2851aa6fe4c75d15f95

SHA512
a17a1838ad57f1e81afdecf725d4b61d4eb86b9a252a250ed9b307ea9ec742f57290d00b5248ddfe557f7f2e46f8b32a28febcf465b18f21afbbd3fd48d39995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48cf243326cc6f0213e876ed4fef5211

SHA1
6435d1045e4e657259bfa1497807538d51dad021

SHA256
d59045eb4c8d7b2ed44976abe6e00360fe29d01bea7609cc35b1b6dd633b5eff

SHA512
05ec87f1766369d0b7e2d8faccc2c08314efab33bff06d3686e78415c73affa53fd9304d412bd0aecace46a1b2b846756474c50a8da7ad5a590342c1f75dcdbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
723bb7e36076c531494fc82a2838a14a

SHA1
e6053e102c6321856828721ac5ae04731ba702f8

SHA256
6ffc3a97bc1096d97a5650de6a9b2495c7105f731f39215425966527f0d4e666

SHA512
ccc05191398d09eb69bab4f013302a3d2d3a3b31466f72f11de1cfced46bc502ce133d0fe9952c366996990d5bd8332d898e3c545663edd9e98b87888777102f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69c544e1178d80b82631f113fd8506b4

SHA1
018314fca7e56bcbe921cc07ff5c7d39d040a6cd

SHA256
84100af940211e9a7a32c47201785d1d96016d0c52f96172bbdde68488255f20

SHA512
e3288f9ea282102ae68c97011245f514bbe577ea51c427bafa1b86446f5b0149a6c582a38adae09af64617f83ad7dc6e85aa872a2372ffbd93b651fe9bc5492d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce7dcb13f5ea71fe3a217560d2b769ee

SHA1
c279bd948a064421d468953efaa64f900c9f59d7

SHA256
3ea9e201ff901d6cf632837b6f14a7822bd07207bfb5ee4f15d374e28fc9c6b9

SHA512
6abef9d9d47ed204ff92a24c0114c966b24ab4c6363c1fe8c3ed9a68a6851fa71276b79f6b1243023d59102f72af181606cf8ea2282149d55081aacee25c954b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c535357d1bf1038d3c4a601cf850fef6

SHA1
db62dc4c73b532b159913785df31d98944f9d38f

SHA256
e50467454b5c7cb3ab69ea0c5f8af3c8f8bfe9e2d731e148ccdc4965469aeedf

SHA512
eb428caae54c346ff4d9fefdd32189a8421bb5b1175045fbe5d21106198bc32f0ff366f0c75cad3896bce7e236dfadb85675bd5fcfea9ae98a6c33a6239afb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a3cd.TMP

Filesize
1KB

MD5
6dad6d0d5fc2fe8e75042defc4af2542

SHA1
f2d199fe5e8a59dd2b645d86a057d2eab1a5dc8f

SHA256
5274830e011904cb8917ad7caa776bf14d3a949e8fa2d1029f681f7a00163da6

SHA512
ddabafe9303887cecf238576a2162fbe5b758b6a0937669f867332093d1abc97022907cb3c5a1fcca2a5ad24b7ae3088664e43844947ef4b3aa178554519b95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b02babc4-4599-425a-aaec-fcd9fae1a215.tmp

Filesize
7KB

MD5
ec7aa8861692a97d8985f973f0c31d21

SHA1
ddbbaa765d79cb5726734dfe3c02bc58f5c792e0

SHA256
803dd5e0a90d283dc2e7e5db316110d0d014cab13cbc77ad9a5958e0b907c254

SHA512
39d771d670c740bb8b8c046148f99ecaa999fec1cf2883597a3293a8c7dbd1a70f4fadb756c7d1bcaeae517f08bf58822905ea57643b8818bd5d2ac7bc263ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a46a99496749aff064172502a5ce9d38

SHA1
51679a609be546e4f5d3680e1d4868dc7b86af05

SHA256
c8e324f44ed8fb55fd91992bb882ca2e0d10934689f63be7d6b4eeb123345943

SHA512
2e94506d3888d186dba0a9027cb0cfbce79476f69a7e88a9892dcb8f0b6d61907ea65e66e1b280508d3c0085a34abbab24dc18db851bc7a91cc649758a0f45df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1b4c8888a7978756ad71cd5381f1a124

SHA1
613eae5577e9c033bcb714ae7437afdf55edcdc9

SHA256
042c090de0a22d7151edeb77bf2d317e990391bf622cd6b9fe1ceed896cc1478

SHA512
91865f316328699b2d10e0f2e5f68f247303ffb98590d2ada2ad6e61acd565bf429478c2df2cc28729c3d791fb883483e0e24040d183a9d56d4307b55ef96806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3ccf8d4f1c9e6baf99430f76ac13941b

SHA1
a8e7c4ffb7cc35defbd080ac898f9c36f4bdecc8

SHA256
849e586dbe053fc9cd0feecc40bd57c46deb1e5aaee3ac27a252b196d8e98982

SHA512
5ba61d13704109c453e2140c4d5d213c9b23c06e149e9924066ea9bf1f09f74459d3aa77d8e1c17fd0988fd129f8d2f109695662d1e0a20abc3827cc5fbe0e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5b65b8f105a0902016a0b973588dfee

SHA1
5fee45e9d404999e037edfe5e5215a4394a0c02f

SHA256
30f5754465642535ccdd7a244a636c67073023677d211c476e38ae82411bcafc

SHA512
44c8e86d796e1c1c1365b2271e404177cfd17ead6dfba9e7d32431a352c11fe27f76a4ae0004e35647f419b9eaeaf044a24e12df550a386163b9c877c3b0719f

Download Submit