hxxp://ww | Triage

Analysis

max time kernel
182s
max time network
187s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ww

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3852399462-405385529-394778097-1000\{825A2E37-1BA3-42D4-8809-D2DC7C9ADC48}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
3940	msedge.exe
3940	msedge.exe
4804	identity_helper.exe
4804	identity_helper.exe
1888	msedge.exe
1888	msedge.exe
2176	msedge.exe
2176	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2352	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2352	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1336	3940	msedge.exe	80
PID 3940 wrote to memory of 1336	3940	msedge.exe	80
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2612	3940	msedge.exe	82
PID 3940 wrote to memory of 2764	3940	msedge.exe	83
PID 3940 wrote to memory of 2764	3940	msedge.exe	83
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84
PID 3940 wrote to memory of 3656	3940	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ww
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3fed3cb8,0x7ffc3fed3cc8,0x7ffc3fed3cd8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12993553873502540451,5971182141488176111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
341f6b71eb8fcb1e52a749a673b2819c

SHA1
6c81b6acb3ce5f64180cb58a6aae927b882f4109

SHA256
57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

SHA512
57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
88e9aaca62aa2aed293699f139d7e7e1

SHA1
09d9ccfbdff9680366291d5d1bc311b0b56a05e9

SHA256
27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

SHA512
d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
22KB

MD5
7a204d478c8dfe822bf86f9103bbd9b3

SHA1
7114b36ea1588d9372d730b2ee5dec7a3aee36d1

SHA256
d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

SHA512
f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
212KB

MD5
ab908f3ebb052d4c76de2bad1762e458

SHA1
dbbe2e19ae0d805fe0df01f7bd61d235a59e0a0c

SHA256
e7cbc7323dddbfde5a60654af0f4ad018524bb148f393e920d6f8d0ad877e7d1

SHA512
285f7dce99584c85ca5213cbd3e8f32d9335deb4f055d55711fee3b9d81019be9de0f2ee748a5029032794c9ad021be8bc02a4fc2bec18da622699332b104f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
ae6e1f0d93a1f21b60ff6bc31cee4272

SHA1
529e4874326dd085b8177d3c2fad6a11009ff68c

SHA256
686ec05cc67fd6f36910f1363f7be98fc5d88d8180a75789baf5fefb15e94aba

SHA512
7e6cd96e793ce118dd024136f2d356383aec1dec951c946726a3c7ecf53b0c3dbef7b7ce69dfc9d843980f12b160a340fa1f292c44697a0776f23c38747374bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
47KB

MD5
7cf459fb6a385376d557bfc91d964087

SHA1
43df1c5a3fd47487a815871ae01ff4da157bcac0

SHA256
6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979

SHA512
a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
320KB

MD5
01b9331b0c37f5cace9aef9b6dcbb86c

SHA1
d6567e1efad98737a06c0170227283f066bd25cb

SHA256
a0e72a31abde421dadd9001cbc667ff4092172b12e023411352f212849af4d33

SHA512
fbf9bbfeb43c62614ccd832ffc0d9778c869d911fb71e8e74d801e6705138698701fb0dae09ab9c2a316a8e69f87e7ac21552e6e8aa664b62b160e00e05d9376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
39KB

MD5
dc38107e5a44dd1295e3cf4522d0a124

SHA1
efdb8e755d5d58b127976c425bb0f04b273bc872

SHA256
63c2bec5bcfdf168b77793c8be912979d723db66863cfbcdc7f0c66678023339

SHA512
c031f0064212e2e58b581bcd4aa92366d6508e8db801b4d369865d5d4f075aa67cf4c05de65d436dffaa004214b583db006606b4232ddf225db2b5f87279e57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a9ecfd5ebdc6082479c7aab7e9a960cc

SHA1
48b080ebd0f459e8b90efe66c7dfa321e3a2ae1b

SHA256
6eb3de1c4a911def3001e14387794dc8b7d7b5e9fbcd56a13fa1e83d3e611999

SHA512
000bde395a4489d3fee476e5535bc2522694c2133eb26be53f59fe90129c719efeec35d95a46c14cda099d9198a2d411e5578082ea9e8313fe3b96a32f15469c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bf6e9b92497f07a07db48d9dafb29b28

SHA1
20d9fd198472386f535a85663da63e6494039f4f

SHA256
cf9bb5e6ea1cf49a8a0b44c0048b305519831b391757627ad512a5fbc53d2ce9

SHA512
e2a22c8e9386fb47ea39a4beb52cb434b3737032334c296e5449abd00e6cccf03fea20c9cd343e6fd8b13906655d4ca0fc28ff5bae489f422eb7cf1eaa54e176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c01de4f2759c9680893160c0d27e9f2

SHA1
dbd0ad27a9f6e7eeadb49b025e49541fa5de7390

SHA256
2306db56870e797b36d1d684f1e606373916b1229fb14818482202ede962da24

SHA512
7ba1244af09eef2d8924b196c71d0c427bc0b21bc905f4a57d1248022186b85ce788accfe4b87d63012d485250f14a01f447a13ad47ac2ed414e39c33207fefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b3422a2a9fbdebd08f5369b1d5f716a

SHA1
17919cde1c8b862fc6434c878fd685d185d85a95

SHA256
e28016a5dea109ea183eba3e16cd88f9fad179d8c03e5067669dba6e5e41dde5

SHA512
e041cd94f657fe3f8665238570ad23bf9d0edd8434065fcfab6eebef4876f1bce8cd67b60aaa78b04a643167fbb6ed8f1bc53754e24bcc42db16e0831a14ed52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7204f52ba0dcafd9a78c38104f7e3227

SHA1
a5118837470fbdb4cbe4829c6e192c1e3bb8a757

SHA256
2d58fe9b5e66d33bbfb489f22e4488162488302cf50556fc4b50701d00803fae

SHA512
31c3dd2c8381afe2046b1249710ec0f349fc964122299ac99368eb8bd86be3d1263436d2d858444157da438a5543dfb04089df9858ffffaeda15fecb07fa256f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1cb6f8d104233378ed4b51f9dc7232e

SHA1
d5e86956bfe7ebf43b565a795890347954fd115c

SHA256
8ec0acccab5365465aba91322bfc21021454022375d1c5f8e6dc6eeeeafa558e

SHA512
92de929141250fa393ec970d721b34ece4cc969b8714bd451e5915849b252e2eb57c1de3db8b53ee2b6b8f4286a88fc0e0e8175076d503d4b7c4df837596dfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ea646a458128c46925b7558abb3dc42

SHA1
2f88763a6575954e458cd443508500e95a979bd8

SHA256
43a4f1e09c5b400c60292bc9d64a2e3d32d304e149112fd5b595d4b64b85006f

SHA512
080c8090cb5fa0244e6977820fc88303de7fb3cdffa3ed45744d71559c091b80a39b2b0b0c68cff84fd83376e4b92dfccfea91196ea7316c78028adf546e4928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05df0ef1fbf9716343743a1dd76ee3c3

SHA1
17051141aecea2708e5ccf6f1f0af75f380f6c10

SHA256
4d30755d1e14f304c6fee0c511eac17f277158127ecbad2d2c93a5da1d3dc920

SHA512
724957608e7c12808e614126eac1632adfcdaef321cf7d53c6d27be785a2bfccd823a9787b800c46908bf6dcf5cd8f413348dba25d78e2bebf768ae5051a85f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\01ec7d5b-473b-4a7b-b66c-71b1e35503ab\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bd2bb5b-0fac-4b37-a207-bf36b01e0fc9\index-dir\the-real-index

Filesize
2KB

MD5
162ff99c4878fdb3a0e4d24d19ec694c

SHA1
ef334f539b1bfe86f23d62039375f011de3009da

SHA256
4a24010700374a782c4b7c3ed67282ffbf551f4ff3786650de534c9b02edde22

SHA512
1a5893c23312a239b0e00e8f4871c2c55347cce18a2d9bc0c87d4e9398d95099c43916c95d279f599a2512c0bacfa2f51500a42b4edd3562035a96c2135ab161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bd2bb5b-0fac-4b37-a207-bf36b01e0fc9\index-dir\the-real-index

Filesize
2KB

MD5
c55f617786a2c7982ac3ff600b1997e6

SHA1
0f52fa675d20817c40de42715244275f14809801

SHA256
d0488d163157305fe4ca60dc09a7cd767e0d736d5e29658c9bf36b47ca2e877e

SHA512
d2db2c0373a4be7545e589819de6e0d60d06bf95bdf7b6548fda4f4d1d1dab94e69a64ddc195f89d2017d936d1317ec7310bdfc1a8191e64e8170e5b08397b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bd2bb5b-0fac-4b37-a207-bf36b01e0fc9\index-dir\the-real-index~RFe57f368.TMP

Filesize
48B

MD5
c87e2c3bea3a1687ea4ac5da84cb882b

SHA1
63ed657fabb93a7037ecf2be6757e8b98a404362

SHA256
c5c731eaa1e7ea32ac6778a0aa9782168f4607a1728af579b246032262ac69a7

SHA512
f3f2c5d6fc67fd7ddd61bfb79ffde15ee10f7b34c30b47f1cb08257586b31a38605a20a7775a11cabafd067aeeaeb5f620fd572aeaa94ffb1239effac18b2c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\48cded9e-6ea2-4ef6-9971-1d9ee694d6e5\index-dir\the-real-index

Filesize
624B

MD5
41ebe37b8d5879f53eb72a5929f6f1ed

SHA1
d8cf041e8da4e56c61362449d72fbcf5a0481049

SHA256
8f06fecd3c2feb2b05b6817e14086541ea9e3aa6a8dd77ecdeaa7593fc318019

SHA512
f642a15246db4436c41d9ac717548c4f1661492e9f774a12a1560f7ddfa38a4d31a9d52cfd85a12e980ca1af1087e4d930b6e2431997b4d6aa039ee90bcf1e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\48cded9e-6ea2-4ef6-9971-1d9ee694d6e5\index-dir\the-real-index~RFe58779c.TMP

Filesize
48B

MD5
c65b0bba8d7094f453a8a6d0612f5722

SHA1
823cbc15df9816ae3edde2c0de6754148248786d

SHA256
9fef6e1f5b0e16237efff7a3a586c05639ff0c55519d9b601833ac3cc3742ecb

SHA512
ce4db3cb98e88d10917e4cc757c719be0b12e086420478c2a37b7bd1b186ceab4dac312cda851fcdfa96d7c7219fafcbe8c4c2989bf979e590467174eb098693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
2ce85513eef91223c41bd8be0fd080d2

SHA1
de5abe80792678195e54d7a7284aa4b5ca35aad1

SHA256
2528bdf07f89481ecda47044904d41513e35e27075ecdf40626148d597de564f

SHA512
c16496710da3a3af7901a5eac7baa4e0dc49d57466b41fee4b90cf6b96f7a8d755ae992982e694b3fef03316037015b9c2e19af5d0890f0829ac8e5f031c1b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
120f80ac484dddcfa231946288f955a8

SHA1
93f9a0de1cdd8f00076b1f242ea1ce013deda636

SHA256
7c31300c2def28591950d4f74cf57e8a715e6c45cf46cdfda3e012941f1b6003

SHA512
33c9bb69a5ef5eace4ac44eac2b79b803f2e6f99df0a404f100ff3128382d20f93d594820a22bda0f882acd1ebff39c95265aee03b8f0d59d4c47487cf2781bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
6ec9ddb3db2d7b8c1ff685537ac8d403

SHA1
9a5df1903eeb8d369a54c749c57f2ebf1c252008

SHA256
d0c3c70132d1b67cf9139ca463d4d13303ad17adfc016b791a557abb48615075

SHA512
f1c3694eb346bd6f565fccf5add81a96e2997d59ae533c8237c84cb7cecdf9adb2947eed7db545e24026c5421766d2d66b88362c92fae77b6df1b06adcacadaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
f493b9fbef0d2c74c3ab8b169bbab51a

SHA1
ef8f1487aabd78b6e37e3b739f99b019c2345164

SHA256
c799defdc9281ffbd23f6b59449186bc936fdb29ec2fa3e39c3375f7751f32ef

SHA512
b36419744a2459c199ccbbcb60e6e3929853ab3f818bbff0df2fadba9c408d3cd492b82f05095514b82c4fdc74e29f84650db1df491608979e4f1854cc151d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
72211128f2e0fae2791792377606530e

SHA1
6efdd20a15583d9bb803e1517f8918c32dc681ee

SHA256
26a7b5e569576f42df8df436ad046322745daacde78e58cd56037c12b4c3a93f

SHA512
27e502a561d8eef8dba68fefca9ef95fa07c717b929639fcc96f73e75bc51831e94a81f40e6c909843627437e0b946aefa0aef82f3c6997e1ef3af06764f42af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a4502bacfda7f1f2e81d9b2ce5b416c6

SHA1
95514796a836fd6059c1d31a38f1c179d400b795

SHA256
3e937ded3da2153852769761711b6c90d838894b02a0b760791e76feb560d1f9

SHA512
facf1f727f4c2cd57907e3b2d95a73a8ff208919e28db86d31f31c9dd1c75bb34ffb3be106ce90d9147df1a4094247bbdc13a0a45e3ec732da405fae43d47508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
796325c42ec0250929288c02306e4fdf

SHA1
cf926f4a66d9b66a0a769b05d0baec3fa35cf9e9

SHA256
8badbc71c12a7836dbb33eb4a9701c2ee4c25ce76d5456ccab00d70bacbf98d3

SHA512
cd83d3d36acf2a45fab49a000197e4beb2ff427ae53516584ce25ff694cd54d0cf299b85221c6b0d54b8c32b68c4f4eb5ff74d2ac41745ea91a7f2ea1714271e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d4e5ff111c8f00e19ad80612cbb1c1c6

SHA1
45ea1a3c430eb9590762a19a731d3bf3aed32ef6

SHA256
b853985a11afbfa79a184ea403030f0d368deb705833c4b8d1ab289837bec19c

SHA512
7fd93ccc9e6bd36cd6ec1950cb7f0d39f0938f35f4b32c2377789025ffdf5ab98ca0db6e93cef3fb56da58f8d6a65d8aa2ebab59ba752b3af8aa39c4220e22bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5869b2.TMP

Filesize
48B

MD5
a1fb77fff6e2b4f5bee30fe09b9fb30e

SHA1
87344e58e783185a767f30c4fde757897cda6d97

SHA256
6071830b639da9c9e141b545c5306094d0575f02778ef466edcb0b8ccf8817a2

SHA512
29137ba584b81e26208287e44fb161b8ab42dba48eb8f4ec64492ca6ff21c483b34e7bd07d6f960b9fc4af44c1d519cc409aeacf468acb6667051c8ea64589ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
251eb8c03d9c62f12e168266421d6902

SHA1
3b62422ec0fffa9f75afa6966c89adedb749045a

SHA256
5b02cc49cebffd827c9848d7dfff8626b1950bdc393400d60eb4eccea33b58e5

SHA512
8e7a68630613e2a2d9c43750b759f9b53664a1e9deba545f8d2da08779376c5e5631b8bf7a8e646c781e91a75d521e6b751f2e2a5cdd6fa1d04112f4cf61c002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29d6d5ec42ec46097b0a8be3c2b6411d

SHA1
be93c3586ed9fe771559d0264ad5ed314a2c4163

SHA256
a2ed6e3f0026387439355245b522d0f0fc39fe7af446a1bfd721bb1f08a88946

SHA512
ca722bbcdbbb58c1a4167b47531d25cae547baafade219d9f0f613ab55f28b966e1d65087f0d0862b40014fc00c1a16d634a8af404d364865cc984633eb69c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e24.TMP

Filesize
869B

MD5
27abacd40409bdeb04698fee63157a45

SHA1
a4fc927867cea79e86c25ef50e8aafa5c71d3a0a

SHA256
332d8a48619209b34b1b4687e7fb1dca2df98620a0529fb749e359b5a64cb95f

SHA512
71814d953cd0b8219dd84e31833594564b06bc86b09b00eb038a6f9c761cfa8dfafc86a82d2b64f13214c44d9f643a8c407954ded74f644885b3d5f19dc6a55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cfd8f6484a499f1926e69475cb09e313

SHA1
14b76c8dbef91ffca4ecb01d3b88d3aa3f695138

SHA256
a818ab43f523368290109ad565991fbb8199765025e3f2f4738b823331731c7e

SHA512
7a0a90fe438d583fb615c6c1c7b875bb20199118d727a3624db2f88d2ec996679620466aa1102880c0361930c88f78fa0f68365398e63a57ff2ad59061766b26

Download Submit