2cd55b7469903e0417934a9bffac0417db86fb1c5fcb0ae249d36ad743b1954f

Analysis

max time kernel
1787s
max time network
1797s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bg,f8f8f8-flat,750x,075,f-pad,750x1000,f8f8f8.jpg
Size

103KB
MD5

eff0af698f1efe8b8a8fb7a4e7fdd44b
SHA1

92535a70efb1f8dcd2bb33fec83aae84c7c0ab2f
SHA256

2cd55b7469903e0417934a9bffac0417db86fb1c5fcb0ae249d36ad743b1954f
SHA512

f228dfcc868ad73c4bf58479c2e134e72cc9797193220c83a15a027585efff9a7528fcf86881a3593fefc2468a44f5c64ac0a1cefe8ebfe5b31657adbc684c33
SSDEEP

1536:RTE48sQ65UmXHtRBN3mqeBNaTpT0H+zXNPWgqqXmucy97aMbi+okPOcWhp3Wdxji:RZ8A3BN4loRqcRzDNPyHWTuq6W2

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
57	discord.com
58	discord.com
59	discord.com
181	discord.com
182	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1168293393-3419776239-306423207-1000\{471D2D98-327F-4E62-B1E6-AF3E472ED4DB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
4212	msedge.exe
4212	msedge.exe
4848	identity_helper.exe
4848	identity_helper.exe
2152	msedge.exe
2152	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	5372	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5372	AUDIODG.EXE
Token: SeManageVolumePrivilege	4560	svchost.exe
Token: 33	3232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3232	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 4628	4212	msedge.exe	89
PID 4212 wrote to memory of 4628	4212	msedge.exe	89
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 3208	4212	msedge.exe	91
PID 4212 wrote to memory of 1040	4212	msedge.exe	90
PID 4212 wrote to memory of 1040	4212	msedge.exe	90
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94
PID 4212 wrote to memory of 4960	4212	msedge.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bg,f8f8f8-flat,750x,075,f-pad,750x1000,f8f8f8.jpg
1⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbd6b46f8,0x7ffbbd6b4708,0x7ffbbd6b4718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3036 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11150416397501024558,12823658609379422705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5372

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3688

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19758a38-ef30-4ee5-ab16-d423de1276a4.tmp

Filesize
1KB

MD5
b70ccd7f0f29d4670bcca1b64b646c97

SHA1
a09e44735593db354ef05c0adbc1a2aaab7c7abe

SHA256
01eacaa233bbedd2f845680718b86996d79e412c2a4779b6201ce1513520ef55

SHA512
d713b070953840eb825d68b26ea5b6a586225f6557ccb45cf41100bbddb9d0a2a96904e8319f53d551892a604f7380083db6dd5005b461c233bd2607e5677b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
ecc66f2230357c37527a8b438d137940

SHA1
9f50933ca4610ef8a5e2ecf403e7bd1019b48afd

SHA256
7dffbd6247a1e87a4e47462e270c37a50e21c551972ff2f808837f4db5762182

SHA512
c688d7f38d71af3435bfc74c6b3d0e5e5d0bf81593b05630bb2d1b2b51752dab5a7b2f9464bc9341c1310bd5f556649c948af58f7230a16bb975f92c30897682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
553607a217f5690f25ca573eff560552

SHA1
2c43c80713cfb777ffa069117c78071b8037d2a0

SHA256
fc95537de8395307f9bbf48ed935102b27e443f3f5b981d3faac93ccf9231590

SHA512
43b9854b6087866ec7bd5b1490e7437ab724c6ae115ba2cfa3f76a5582978391f908a950ee6a137697a05987375403f8e8030f24455df4859af09dbe71bc9ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0fb72bcaaa12f8d705779f63f39c5bdc

SHA1
61bc177118c3f97643d57ca9103ee09bb76ea1ef

SHA256
d5fbaef4e2db851a0da6caccaceab69c75e3ad70df098802113b0cca7296a25c

SHA512
8061def656892a4bd630d70a005dc6e675c78451d4f0c045284a340dc6c6ececa330e4cc77c4ed6473838775ed29938320a652fa6b2480ad457422997644d3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
19a3ef8673b0ab328968d9770b3bc54f

SHA1
6d226a9fefdbe2dc9c36f8c329b9ecfff1ca560a

SHA256
d85a0833cd90a70b216f6dd04e050cd5edfaa34054c26c08eb9b83e364615da1

SHA512
62c126dabf8c0a6dcab0f04ba6de71e35f9583aa77f8ae8ecaa826c5d1fbe5a3d8807ae65ce5694f42724e4881759e8b209a79b578a21e7ade66c5294d722bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a4568a0015c08555c8d7e4b8c5dc711b

SHA1
8ff69c44827cfbe7bd99f88ff9b30aa8be1ba077

SHA256
990d00b152c358856129cda8e74c3ce57f3176937ad325ef7c341849ea7b3581

SHA512
cf475109da8088f3aff239542aba17864e9063776fad58ed6c4d58015b858675ea48511a2d8f528780978d3a1058b376bf89f9733a6bcb8dfb703b28a80d57a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
59f1125d5f3043643d4fe17e1f5da1d7

SHA1
5099cf3e15718aaccd11837da4c9ae7b99c25353

SHA256
5d7274fc46fa79dee779ed00f14f458ca78c26994d5403346f8df33df300ad4a

SHA512
c1e64652d7468269d687af2fcfe3e42eb338179b8475cd9fb4f366f8f68d02e96cd24030e7f13ae23b697d7761796763150217abf38575539c7c34a94ab8456a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aaaad95de16aa2221a7ceddf9744a4ba

SHA1
dfb6c6f172bf97f7ceee4555e7f8fac2d09926ba

SHA256
5ff6a8aa9d2ea00c816a8514cdf1a4bc53642cc5e353f5bfce473da5750eed30

SHA512
2764edfedb3faf2a807e563e67cc47ec8f6ce308fdcea65d95af48dc57d14b19f40ed9dd978b6f0561f5892c6ad3ace8bdc2089e70e50c243489cc7328c0137c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
309cac1403a6fe65e5975a175e90257c

SHA1
2d4c2885410601f50232db9a9ae1a2bce4f686ef

SHA256
e0195bc4940f5a2bd4e110fcb4ebe46860a1fc0e5174a9c7d088d78b1ea49fb4

SHA512
4bff771043a26c7ede1dfe36804926b27d865f564015702b092b8416b34ecff034ce982137088fc6f28e574f3d9289099a771738379006c21afbdd3be6cc42f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
13be17996b7ff9b3d8a6370ba4290546

SHA1
f557d084a1459c2fb66ebb17de2512ce69003eb5

SHA256
44356430e7a750d7ba7b3febc13e07110af34516cd86b28297c47c855f133db9

SHA512
13130319e43ebd8e8b9f3263c8e1f9319ea0f2a27992895af99bf922bbbf2559ac5f0b5fec3f712cd3cf34866d9e354d92157cd5220e16ea78b1494d773a1e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22c63cfd04780619ef1222dce6914b52

SHA1
fa898c9ffd7264e0324c3a0f1c0797750f76024a

SHA256
fcc9d93d900c9bc019548f9f00ac207abaa0b55eab7aa0ebc8a31ec95e6b559d

SHA512
a692971492864343b97545ce9d4485a9ad903ab5ee17578d8fe0faef61ef89130a7dee3e1c862fc2c01b9a4cd24b3cde2400ec1683d6fe776153609a8f15d44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
752a2014648b2c80aa29f19700457a90

SHA1
bbc7009b47657c3e4b5a721c72e4d19de32826e8

SHA256
628a25be7aa9ad1d912eaac2d8338f96e67bb3cdd24da6dad746376507659c80

SHA512
6a9140b801276c2d9c200c292ca75b16f0b36c38c5bf4a9f0247dc5d16db6669f2152ab5766963c1738f00a9ede1f867c9f1e91d12b52395cd89b3fd395d92fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32023a3103692b832ca10583a091f08e

SHA1
1eddbe25fa4abc0a49850728ec8a4cf8e8e6b6df

SHA256
2f61b66284fa825b454648d1a301955cdebc31eaffea23b5c13579d2f420c655

SHA512
5f8c615c7e7906ec4dd7e49367c5f496d2304fe31afc66602cdd4aeac9c5a25db456362040b2bbbf11d7c0f321e7f1abf13c303cb8d8f02048b9bd5b66ee0329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b6e6e2f0b856fb1638f2bc97537867d4

SHA1
6e92391fdda7ca7d60fbe996c7937e2cdc235239

SHA256
571ddb9c751cff31b1f916f4f7f7413a5641335afa2bea756d6c91dc89d682ec

SHA512
14438675047c4fb3c2d4ba192e84aef50822b118525accd0b2a1439372e191bffe0103eb7df7835e6148a3122d2ce143ca2f5a92436cea1e0a2d20685a010824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
838c17a9c6baaf9d2f17a52abfdd14b4

SHA1
468dadb6b7fd7afdbdd0505446aa7ca6d69dfea4

SHA256
355a4406c79f38e26c19c4a15a383e99390b744f5a552a6c42c368e075f07513

SHA512
ff93d29ed9a29885ee5fdc1950099ba185da69304a10464f9326dec18e50df048760a594e59575e0db38ffe3a8d5a4e9ae2f66ded77f81c216a0be13b4d19dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45efaf07d8611d5b7f77a75a653b14ce

SHA1
0c2580fb91dfdcc13f8a3ff5d9e766a4286ef384

SHA256
41ad4461fd8d7cb7c28fd1d564c227aae54f7c50e738f3b9a69e17bd1f84e69c

SHA512
6f65df78753277724a71a0d9ffc41728a2f9295e53289dd15f8fe9acf45ac2c4e4b632e359e45b177d3b7513d23dc6244ea6f237014982c1722879ff09bd5a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33af32d9e1e518f07f5540d7368f76b1

SHA1
be98eee9f3e3c8e6b1053d2186a15ce772a71e38

SHA256
0f095c49d0eb495c9eff1685529fd6f962e636ff2082ac98cc36d1d6a9443be1

SHA512
23bedf448e9e37b8f4eb36140dc7871f9f1102feb3558681820139dbc22d23252c45bd140f8a6182ac292d9bc686fdefef60f0fe4bfc31be635001f5c37009c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6a6651f2c078533ff739670446826d3

SHA1
0187e230cbc043c0b8e8500e5a3b85059c4b42a0

SHA256
155a839c14a77709568af28512077a6378b3b2cc2e80859618f4544cf653b42c

SHA512
17699861ca79da79b89b8b3d87f0b972810c0579fcc39e94d9c8c50f5d7fc319077e8af47ef05233b0b138987395a22a4e285c7e22d083cfb8782bc0aa8a0c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e74aa51f23ecfe30245e5c20808f7e9

SHA1
06cb79a9d64af079e572d4c63ca3c1039cdb8a6b

SHA256
174a4602abefbc7ff51d98ec707c8aadb6a7b55d672c0127cdd7d5fbdbdfb40c

SHA512
1b3aabfa4b1cbf7c2738aead75d6d586ded5bef4b9201212870b41f4ddf49c947eb55a3b0e31e25c84299232ff6eabd1366a8931e346f72610df2a0893336415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7083de253571050318b711a1ad7cb6a

SHA1
9a8a8a5bd5862394cfa3b44f20c613a667990c63

SHA256
b8d70b24b4bdb3c26e3ac1a1412d57f5b9f7953018d7512d29b3d175117a827d

SHA512
5a91ea818d8a8bc0d8b2696e855c48c04c4245fa1995a6460d5eb5e39a88b60defaaf7edd88f93c87300adcb731945024ea563b9e9bf3b6e29034269e75d7652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46a78808a89869e33fd5610a8fbd3056

SHA1
9c8486bd87113139507d5e88e0f825cae663ccf4

SHA256
8ea4ce3b905a096c90b3a9c7dc447479d210fc98c7bd2ade55b65aa344d43d75

SHA512
3ea76b590f2cf67920accd78805574cf1fe4458f29eb522e79c2dd0f1465822637e7ec4d5b08cf83fd26ebb4fdef068f4bbe58c05bb02a9dcc628a2b612c56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15798d68bf25e9bd271179977a7e2d69

SHA1
7d7c1327a697fe3382eff53d9d26c9678d837f97

SHA256
5a76a9f265077b5424cf435cce18bf1b7db6e378688db7ce641ca3a03e469719

SHA512
7c63125f727cf94f46b37d88141285e88452dcf837ac05628a588ae8c7b6fe06f1ea88244370797c4701b5642556dd8f22ce73b9b85dd63f8b6427f507c6791d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c93bb1ebc52038ce9d34fd028bbee8d

SHA1
c472ffaafce53a6cefbb979bc175612884032bcd

SHA256
bd9018a3c69bae34f617770b1a2c5967e1956eeae0e94700394b93ed7349f5aa

SHA512
55244868eb7951bca348f768ff5a2277ddc3857319f05dad38568592529ba001e217731eaeac1445e2b4b33f4737d4e8912f08f4c6dff9a93616c1f8529a910e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d07764a5897f570702f7587b0d52f4e1

SHA1
8e2cce4f4218e955f044cd6a81465773e359c224

SHA256
866e952043b72b462d4b85aa5ccde4bf5e58d04205e1c1b1bf817aea6a78f435

SHA512
06ecb88710e83eb4797b24793c42ebda7f50b59b511d64bfcd3b6db216bd4147f2cc14de08c7881704e6a18fe7408446b605613c29c60c4eadd06dd5607ea6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f40547c263a065bb02300d3bbdc2d5b

SHA1
056b92de3620f03275f9d1934cbc2473f416c0ac

SHA256
0bc462a88ddaf8acf6c4626f65986edd1874807547719b7959f614c4970eea22

SHA512
9acecc8fc70000bd17e3739f40c82227732389b9c18843f05352429d43732af69474bb6a0dda77d4781f3cd69e83c68191ae9894eb1976d5fae72b1e7e4f07b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e6a73a11731d814cf409a1c33bcb240

SHA1
86a3f7ae22928ca042436c6c27998ed60cc9f35b

SHA256
c73c6fbe23577bd1290e32d09dc7505b8ecf0b57dac636f201f41f136a573925

SHA512
6307962a7bb53103321e3948036a16434679c42c4de9fa4f52479dbb7ba1767718dd8ebe6bee41b2b9b20d61f76e7307878dc069ba161807a434ec6f40dc7414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e081a27c735410a35cbc11b504d07f0

SHA1
fcac99601df969b2afa0fe9564f4efb3b4ff8772

SHA256
1ab27bfa6323c944b14aae3fac3c6d3d35ce80ca064715c65915f9d6889bbed4

SHA512
fe025561c8162faff5280640d4345d41dce001378543589ddb86e7305b9f84501597c3111d38ae59e8efbbb478256e4423597ea00cadc87a5e6cf81ce28b1653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acf445e328e2d88f5455572824d379b5

SHA1
a6cee5995458ee24f86ca0a3faca125b593342e7

SHA256
ddf57be1ef41046432fe1f0d5b8a0ef2ac80d43a841363e116fefe31086c3306

SHA512
f4401b21859e78f67baf57a084afb538fc0711ba0704b48f512a689d283e0db352d321d7575798939083ed8e09e6d65316c0ea1016ac15a84ae28b43f4c6800d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ae31f74e8cf9cd7b8cb49d2a3752d1c

SHA1
69f8555955e94a78849a3e859c3a30e32717a9ec

SHA256
24f0e9d2871194ed382361f783aaa04f68a48ae1e767790afa8e317af6a04b0a

SHA512
678aa9f688af772c76dc377d5c3d8feef6f156d990cfd78b0b3fe8f3fcfa86b8223b4f8ad822f26de91250bb6d87fdc35f685b1a2c678ad63912b0db180c9af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b84a43bdc3d2afcf60f4f2acfa48847

SHA1
c1c3b94af46ac64ff4efdb79fd41c1b934fbcae4

SHA256
dae89edc08ff8a4c7f1e6ce35b53e8fdedbde2b952c4fe008df33b4935522f7e

SHA512
05a46be97336048f99d54e331aeb3cbf4a6dd3a6991d103e88e45c70b80519a5cd7380f20a43a22afe8f2afb52dc9fc74637bec31efe85ee9ee0a1c3188f1eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9560fc86a5717e5b5d0a5759b4cf1067

SHA1
ac26b5b31bc7c2a79c66e11fbafd2f7c4db55b96

SHA256
df6d14f9b281090a518bcc65f7bd7888164b18035832f552cc5f980948032d1c

SHA512
52de438e0132ebcd51f10b939b2a7836a255eefa095f6f51f364e67311e70b5bf6dc2c83c365cc62f146da27e7c55f8ec6251d6c15199c6cdfaafc18f50030d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4f317d5b1993990b4624fb3fe5fcf05

SHA1
2e8d941ddeb2c75896586d8e7a97efa0e4dad5af

SHA256
5baf2f5b3d6fe16ff610571c6af7e42fed892fda6f36c4fe301855f5945ab486

SHA512
237e6a0037dc663caa3b65bd17e6e59c3703466e89d49ad8cd31b6de96ba352fb14344b58e82e321f5605aca5c20103211471028f8990b175b1717353fc0f989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3bb10095023a00182df0a18e25b24cee

SHA1
0a21d2cdd8564e3b7177056ce71bbd8b80f5ae2a

SHA256
54b0f5af397811658e6ed61eda5c7891624163b74d94c8eb9472c6e4cb7c8abd

SHA512
2688e1331c3978622aed236b601c06a2576532e2c973f72224ce302f8f11e6f837ec743eaa371d88a7618a6cc884ffdb1aa25f6a7c219a08e20c89697ac2de0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
966acdb0bc9b4228ff2b47b82ff6f354

SHA1
4c2598df8421100011138d559ba032278278afa5

SHA256
00e53c22405195f2dfe85d67c774d25016091a845be918787cbe28fbaa6a6c67

SHA512
e348cd0f5837b18d0b530479f089ff308a5d11d69b5a35cca5f86b3e30b9b1d014ccf76911ddb9431ac56d01080fcc74de42df585f3cea644433bc5afd817748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c841.TMP

Filesize
1KB

MD5
326f68525041c66877aebe223eea30a9

SHA1
0948b4f2ee7dddc83afe3cadd60ccfaa715ca8ff

SHA256
7ec1e03446251374ff12138fd58f29e0f35ce1ed78e82fca24585d97e08e7e12

SHA512
ecf90f59b37d753bd0fdc15784eade8e1da22cc205b57d89c9050ef500a4ca0dd78fe2bc07de7ec3cdbe86d7521b5e0f2399e674b95e57f56817465cd917f0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\aa6bc525-3cba-4c0b-a4e2-13fbf7fdac27.tmp

Filesize
10KB

MD5
4d84c4c5abca55125c295f5945a1a29e

SHA1
69c509c3e8870f750a9106d8668d86a016ccc13d

SHA256
7afad6cf1da79150917af88944c480c8db09c5fc749862c876730184900cfc2a

SHA512
071dde5faa9b2ed67e3ff8e117bc7bc2b6c5c02043d0b6332b6ccc2cdcc2d541be3b26904f36d390da20b241f7d46f48a98878e54d89a07b8489e0127e98dc54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4560-835-0x000002E0BAA20000-0x000002E0BAA21000-memory.dmp

Filesize
4KB

Download
memory/4560-800-0x000002E0B2580000-0x000002E0B2590000-memory.dmp

Filesize
64KB

Download
memory/4560-816-0x000002E0B2680000-0x000002E0B2690000-memory.dmp

Filesize
64KB

Download
memory/4560-832-0x000002E0BA9F0000-0x000002E0BA9F1000-memory.dmp

Filesize
4KB

Download
memory/4560-834-0x000002E0BAA20000-0x000002E0BAA21000-memory.dmp

Filesize
4KB

Download
memory/4560-836-0x000002E0BAB30000-0x000002E0BAB31000-memory.dmp

Filesize
4KB

Download