hxxp://google[.]com

Analysis

max time kernel
1021s
max time network
1049s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
124	msedge.exe
124	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
3640	msedge.exe
3640	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2156	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 124 wrote to memory of 1412	124	msedge.exe	80
PID 124 wrote to memory of 1412	124	msedge.exe	80
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 3164	124	msedge.exe	81
PID 124 wrote to memory of 2532	124	msedge.exe	82
PID 124 wrote to memory of 2532	124	msedge.exe	82
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83
PID 124 wrote to memory of 2368	124	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9e7763cb8,0x7ff9e7763cc8,0x7ff9e7763cd8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1120 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4012223867737704849,14944598939463512553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
63KB

MD5
63adf4a5a2f0d1bd95ebc400b97d9d04

SHA1
bb6fa30b7c18f6b21396e045adc2926484d262fb

SHA256
8bd77f557e576201501f2099e46105d5e1abfa1053378e2f37219a2e7787ac4b

SHA512
1a1eb8a497716cfb40681bd13d68dab526cbe8487e3e7e0aa74197655e2518e6132a81010efef5ca8090d6cda83d14d8ed57fea478068cbabfe2511f089187a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
7771991e13025fac892d4eb15dc6602b

SHA1
0ed9253b5c8f3b9c9a6d2082fb24d0be93234dbe

SHA256
23e1be00497c5a56cb74b7b519e0029a0bac6202e1b1b0e32c57c75b68314f3a

SHA512
185ad33b1419b9800884821a48996b6b963865346d37a7436d42f830f10eaaa78461d27ff47aaf462bff4d0f6dd5c1e8f945e3dc86cc79ee6566e5c225fbdef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
73KB

MD5
0e0e6c1a00904151a587165258cf1326

SHA1
06db49e99b6c5dddda2ded7e6a3ce020c3e91fa4

SHA256
edd268d14907738d83415a90a1cddddda5a56bb69af1766617f93a92c5df2fb8

SHA512
b989b26324b186ecc8b56b58f33a9dcee7b30fd832ad450831082fcb700722fffe0ec422a299d528f35e5ee10dd5d8911c3f4a40d65f6e4aef88402da2f7e688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
90KB

MD5
e4320bff8ecd9b230871184fcadb88bd

SHA1
3a95862273a0df96c6876ba716edf4f55bbae2a5

SHA256
b8af19427b0341c92a5091a6001c8aaa27ad1679b836a2ca73d260590f14e2e3

SHA512
25b99db48cd92440f532410563f68be8fc18cb528cc4126aaa454dbe046f1f6d8c00bc568b452614db03c822c6a28a39b7a0c5be18292228a97dd590edefbc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
21KB

MD5
08d22b7b5d3d16b28250c2c845ccfca3

SHA1
4093b14efdcb04208a0b9630bcf258813f087ff0

SHA256
aa09076eac69e0ff314523e731b03c77790a9b87dccda6ab406913fb2b56f374

SHA512
747c131ec0378273c77895258ad21218069d2cc1328773a3c0c707d9f2bc64647338f453c518a7cb129e3d4fce9fd64105383dade0b98c0131222f9b41b9e666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e2

Filesize
79KB

MD5
4352fe0c17db6bb371f66efcdc800268

SHA1
df297219ee75f61fc9d8df9b2dd9587411fa1651

SHA256
a727f2313aa74f2e5b4b033ee0513526d624aafb81a7b87f80ca0e8b40f5dc4e

SHA512
eb3a0fadd3894ee7f1c1612d87992c47a0806101bc362687682618f7d125b48b8c70d38476c189ccafed276adc10a8599e14ef499dc8434c02dde382cde1bb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
87KB

MD5
dca2d1afc30ba80e274e0c28fc16b393

SHA1
da510c1d115d0bf75a634fad6f55df4763a2b295

SHA256
177e49b499c07e42459c05269337314bf58f9232344f5e2689f22541959e5eb8

SHA512
1d4a6b365c4e28e0816c3340e8d496b08d7c9eea22dfc010e81625d72dbfb2f4c0659b157b01ef6693319a49a87eaa24aad138f85aa9c1170fae13c772895509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fd

Filesize
90KB

MD5
fe9b0219f4a1c10d462f3a1fa96b6ce1

SHA1
40d6ca3af8feceef3f008d067f088937cae2b37f

SHA256
4b800fdc716dacdb19c5ff2d5c26b0c27aa0cff4bd53f51a0076b0188f30f2f2

SHA512
1a24356f9c5c85cced98c33eee36e7c04f1b622a15560b2e0bb384946ae39e33911302b3ea445f7184a93c82729d20a83ccb077af8d9d664e5b792a5a33a4f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012d

Filesize
730KB

MD5
f7ecffd558a07259996d5d1fb5fcac1b

SHA1
1f1db6f00798eeb3db628b823bff7f4338e9ba31

SHA256
bbe1d85651a329f42f89ef17bf8566edcc040ddcb643ee6845312fb56207b6a2

SHA512
64d326fa14c97204706470971cba954db320d155f5c205378a7d87af37a4bfa9295f76ede3d1f10b65895981a364efb0e0c6b60870475428b9499527d1013df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
468f7562c6c64a6b13ead44e31dd3109

SHA1
68ace89eacd154ae53907d88d46279308fd45a0e

SHA256
56c1d26f98fd5eb61844afe5bea8812a4275defe59480ae46a1e6a8b4e1030a2

SHA512
c432cf5114831e1eca55ab7225936560cc66b94251a1a7032c8ea913eac35ba5ab93965cc8dfb5e762e60b5270e3fdd545c057bcb6b1bb4fddc20a57e10830f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ca94f7779b31ff6246b2d75bebe2acdf

SHA1
0373c3ab1bb7a05c2fbb0126ad999211d540ebb5

SHA256
f793751150c606d33d1e77f7ab216183d40ca6dd174729b1c461edfe5c414ba6

SHA512
433be39ff1ff5202ae93fa33c46704caf5480dbfe335f87b89ffc3b50a263f6b40a47870a5b06fc65ad8a77ee891519521084cf9760d82502b2d33901d93a34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5a65cd94c4e3a9127a8ca74f80ab02f3

SHA1
8cff273f94fa4598cd9435a9d9d2673a5ca00bc7

SHA256
71ed2e4751058cee50cdeff8bf8165048bdd63dd60375d7259ded616774f7247

SHA512
13988920cfaca2b345ad8f9801cd67f6ee0a0506dc724fcb5b0eea8d9db8770b0105858b688fad28fcbee798d65c478eb0471ffd218366f6b5b16a07c1b4177d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83cb44987318ec14c9627e90c6452115

SHA1
7b2ec643d725da16ea3fd2315ba67f4fa63d6998

SHA256
8d863281d7655b46ee232f92a6d8668312ccdaff11a454273af03e86239259a6

SHA512
c0febae12f7895d8fbd4a7f80e5ddf1abe2f30f21012b9230887884131501a7382be3a71809e94eb967c139f3dcb4adbf654fe94b96bd487311d16356197447f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f0fb2264bc0803edeb813b04b5d6ef4

SHA1
2bff02ba0225a4e9235f511b3dd669bd72635901

SHA256
711ed6bed46f910ecdba3c17f8e76f5f09ea42198d228d657a2f06fe9a85618c

SHA512
b59d545085058491358572b8537244fb8e11ed42cda1490cca01a36ee5dc0e3b6c0027a8a3f8560a4020a0cb10966eafedcb3d790fe548d4afaec4156e03d65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
73df8fd13233d16fb8638b4055cef717

SHA1
1f9f58bab022149619ee3706b4689f3e3646c425

SHA256
f62afedced297c264b5b74ee948395aed3575e3ee2f28d8d86525e6cb2fae8ff

SHA512
c23bdf5b29c77b8d107ae31a84af496fb6712302e887a52179fd879ddab2b83de1662870758dcf83ab4088bcc8fcec48e80ace3cba4e1ea6100da7100de47c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a3a2ddb8e5001eabcbdcff49f2fcd916

SHA1
e2a8e8fa216534843d9f80b360a76ba38526e39a

SHA256
ce163f46ed1ea195a8a6c6b4ee8694f5e378e6b2fdc31aa16782e97561f39bd0

SHA512
eadd13d61063663791094453b7d700a214e9b0af6218f6af607e4bdbc504ee6c6a194098063c4850e60bb930d615e7baab9dac0dfb7944594987aba69fc3f9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
dbd81c5b9ffc9d4eff1d01122f0ddd7f

SHA1
2dd0beffd5588d3e14961324f5c9103961200b9b

SHA256
babb6c172613312b6ff52c4e759b8a34c56b803e925460d101c04420a1b3da3a

SHA512
0a6787304ea3d6216b45a93a3d055e6a627b329db42dd6e7aa2fa5974a83a04b1a01535aeab110d4807c62d262b0df8fd225ef20aa26020ac27ef249b91711b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dacd516ce4517aa42ed810870bb29d15

SHA1
b8c3878e0b79fd66969b2001511ecc8538e6cb05

SHA256
21a0c494da5ac8145d855b1f4b0d37e4b24100ee751e9701138929cc6f5ca6d0

SHA512
eab2eaf5098578ffff375be8a0bdc7f573a7499bd37cb056700735f7365c9d6466952248782c8d9ef6a9d84e593f168fe80a2d64043e7f03b117d0b6a30c057e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9dd0261e41d80d485eef09defbb8820d

SHA1
2c6b50a8d15e71537b549c678414d9273fd63426

SHA256
d8175221e270e78e48563ed3c8e5549e1a3e2d640e9aeacff54f60d206beaf98

SHA512
706f2a9d89e27f561035510d25040d0ccbadb9a6f94c9f3491e87b443c0c1b4dedd9ea13edc2809a6b55c09465fea9bd54b4d4923cc1e0e46aff0563aa7bf417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af5b56329d242effc0d007cb65341232

SHA1
329ede78901c137159b68d782212ca941039854e

SHA256
a53e298664a04d985e4946261b3da18dba49f39de1fd7ca737a5b7e24fcda49b

SHA512
5567032213bd52ab627fa5c69d47ae16447b4d77d56651afd4065145eb4466ca80540c075b038a2390cc61aca5515f6ea0109d20f39da943e10108c7a1a2a86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4193a8bb460b5aaaffd77f3c0be3fcff

SHA1
1667fa0200bb59acfef57d011a789fb04ac4ec50

SHA256
7c1917beaf0615e049e6f255e0094e2d9497fd53f987f1a9f2fd1485f695c1b1

SHA512
2866b3d8daf9ff1d5de1b30e994833815cefc7e6b4e97accffe0c8000ac1694d5c7891a464456eb16b9e456a74f3832ebf9f7d2ecdb6126714f2bf67d2a331a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e863759f9b209b176a44e753ee6ae5c

SHA1
7dfe9e3c9fcc0623dcc651258a9e69ab4533404d

SHA256
7c233d10b2221b70d6c7d14a769b585a0941b111e133c9a25afb030731cdd91b

SHA512
f2582758765b134fdbda9728510b8b48bfa09b23f95fd63ef5680c94c5a38cb0c21b12f982250e2703868d6e4fe6cef8c7d0e8cc37b42b1cecfbfc59735a20d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b44e3f52f50729f07ca7ca987da91bd9

SHA1
da8b5894b4c3295c213134d71dcfbf088e3d703d

SHA256
f74e7ec75be7a06a3cc1e6bf65b67fd27592c99756ef72f44563f93a17201a3f

SHA512
3b77dcb13c66183a194115f868a2891a80cbbfd13faa82e504c17cb65fcb3092aa2a420455f17630d25803b7f248599b837cb292ae85a2e5a63da8f3f9ab56f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79c58f56c5350396339670eff36f5b1c

SHA1
6bea494c185966a829aa955c37d85bc223b67fba

SHA256
d3b81f2e05322a0a82135e59cb64a14d38f09205272d77cdd20c37d15e5a5c8e

SHA512
91c1d194483bb450c58735b0ac2e9079deea53695d3064d007a06993742206dc26aab8a118aa593bfab6a70b1ee8161cbff34028c43c9c288e1efe3c31cecc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
238add10981c2ddd5adeeef13bbe4ee4

SHA1
aaa6b6365dc6e901fdb479516a337920064a4756

SHA256
51ed9d3e219f2ea958d81ea82318c3dd4a391c04b96902edac06463df86678cb

SHA512
b2c00e98f8fb9f10da2c7b7f3cd5117885421578e0f0d631f93ac89362e83ef5dbe959509363aed6b549064abf75cb1273eb455a63b95821d805ac892fec2ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
776414888a7113a8ffba8b5dbb3cca1a

SHA1
565d7ac7e4be7a91b775ddbb29fa81401457ce83

SHA256
64a372ce39724ad521d097a3ada7a13193b575afdf56d40f34e0068be9ccd144

SHA512
aefcd52a2b3f85ceb7b7e37863a6a6dd92127a9a8ae72a29a7ebb559784e8ff61ebaef67bc7eee396a66edce7b56f54a5ea8f3bde4cdaa618584dfc68457f7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f220a3470bd7f3008ed875101ff4380

SHA1
d8daec08b0a9767b2a3e3948a9a87833c5186dcb

SHA256
0407a7fd0e55afb51f50578d2373a074fb96e3503df3671bac890f998f68c539

SHA512
8c4ab9707c4f24723caccf47af3d66c3017f7d267540c134bbedb347c542023f4cab60cec99e03cca40211e3f81537a5456489a9be94b227eb5f06a7b4bba8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf90b8814a941ce5bced46c4870eddde

SHA1
0126fede1c89ab261eca637c861dd72862b0ef8a

SHA256
713033aa66e0cd950fb71d16e3a10cb2845ec8cd48559a5f437b0b4f51161494

SHA512
f16ec081dc45647be3e751392ae9ddb2d23b8697feb260050d56b3a3acbffe5ec16bae0d9d3dc36e5b10f5d2b74d42990255e57994c947830e0872f621504823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80733648460befc70878543f6911566a

SHA1
6bd88a5b70364816bff6a6ca2e1dcbb83bb2cb11

SHA256
6bc28b3c45236e445ad42fa94f297425efdae5514a20ab51d334f7ae340c209d

SHA512
503ab4767e56e7e5b32d57c57b808ca5b22fe68f5d9c4deee077dd608178922173b44bf0e2d0d462fa40ea78be8108e8a606d1b56a1e7c17cb74c395dfc9feb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f21ed1f97202b180d6d0fe7009758fd

SHA1
e841a6f1bedaebfac7d8fd5a068767aa24796e45

SHA256
5c9b526860c148fa2afc431f4df23cd2dab66d98c5c39f080e3bdf8f81e24d50

SHA512
30d8ecdfed9ed777f36cf024e16eb63939a9a12ef87ca80367f499d55c69b2c7ccdc69eb15ef57b571f31572cb13d98609c9149848e68cb0d6f6dd0a36285781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
c53702bd20baef45dbe295288d572228

SHA1
f217991862afd9e53551617cf1dbaa4038b37d7a

SHA256
aed27a951a897cd07a4d7d2df4085b08f87125e00313981ffa13d50a3638f96d

SHA512
58a464a376a18b75e67a76b30810b9c24cb79d6702430b62b5e4a4948f6eaa462bd12c20fa5ed2950b72278bccd7246a510141484ff6ebe7a1674814b39fbf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
f66789acc66709fd1edab8c4c9164f61

SHA1
280701d4534793baf948da8c25fdfa8dc0669793

SHA256
be770a44fd18d66dba41080e1a03c98d050d79d1cbad86cef06143715e0f1dc8

SHA512
cd87385bc58ff84cd98ce6807aeae651fd8888a05a5289985f3be49bfa7756bc118e9d34ed33b39adc0bf86b3303d0ba3f33331c4fd4d62039370818f8793d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
b8f7014b06835f1f68291bec224e55ba

SHA1
7484df870664b8f877874faf6062d2f1b605c1cd

SHA256
0f2161813d92ea3cc6671416a3ce9b4838a621727ba308c4d03b3068011aa824

SHA512
0cab2e7c9b170ab5f5f685bdd5742c6b8e76fd886659002688760c123d58734941f68b061b48ed34d91d6a92a30ee6b28740c9f141e797ac88843a349aba4a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3bfab7eda27889fc65052bc8b1ba3ef2

SHA1
f96daccbc26a5078ab669563024561013144a8d4

SHA256
e2b67106bbd76121cf8275331a63655b3b0e1225a4be06ca2ce4341db4e501a2

SHA512
a1b76a7039f8245b0e8ed188ea567438b93dfd0bd031f71e3e4c4469cfe7b0fce0817db8ab945310afa6fe1cbb3a6b5f97d8f1e912b9af3f4f3fbb003df9d40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5885a6.TMP

Filesize
72B

MD5
9af2c0733efbef110b850e242011be40

SHA1
fa611bf81ed36e7db11babd140087e9ece193f6e

SHA256
9cb4bcc3032a6ff904765b4865ca510ebffd7e5cd6c48dd4fc02fb9cb5ae0ea0

SHA512
91bcf1fedcf456d5e5064059ef0c56d117fd30b2615ee716d01aa4bb895f6ff84ae4bd19a412c43d55361490ef0144ee10f1f9dee48d06e728501f973fde5c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
161cd349d0d488d73de882866bed63b0

SHA1
3648ab82d07b18637710ae4a30964809b49ffbf5

SHA256
61974026dcb027368ab61f909a54308b12806fcdd931070bf9d64a8d2849ce27

SHA512
29f1dc9c8b89bfea06810ff5b456d26d01509928e06c2572015614287a321bf51dd6e7122591d17e1cccc446a377bc1b7a9077d82a1d7e6cf7d0033b61e2268d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5703b87a710e7e4cbf0553ccf0e3044a

SHA1
f781a2c1b52aa82454007bed178fa0f170f63f1c

SHA256
63f7aaa632a40615fb87437c4f4ec630afae2301563838364ac6d2b79f75c4b3

SHA512
8d0bfae216084067171694330127ab44a962c59375af1e237babded290a2b478e05ccab4c12ff760f7925a8e4895cbe00cae28590ca523764624ab620c2dbf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d253ffde4865d1e314c46146684f58f

SHA1
5cffe5bd20e7f5359effaac05889680563008072

SHA256
57948ad1e19c05f7b399cbeae89beb732298f7730a6ed50a7deb21ecb189d358

SHA512
d6e046dc20221eca547364080a1fea807aea4a31b2c95f4ef52442ff6884615bb8ed22535ddf6872b550cf90db8634277dd2e4cc01f259a7ae421fd2d682be0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22975c6f2d2f0876ace22ad8d9dcd70c

SHA1
f48be84c7a1e106aef2d7e8209825ba532280140

SHA256
5ed71a91ad382c2fc07be67e6dfb637f6f123536d2e3a5d36d87315710a46348

SHA512
64d4d9bbc8d9b54b3eb4c456a8d7366c73712db0e2d6fe7f8009d992b1e14fa1681ccce468ebe3031bf7c76457ad9726856322efdb9b5caf853c5deaece5e045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2802cb3494e31f25904307d2893bdc78

SHA1
e045dc3a6fb891d97fcdb647d91390503ab94748

SHA256
781e63a6c79eafec6d4f735945e38b34956de75f97782cc927d30182905913d6

SHA512
b00a1337da633ec8ab301d5c25d43b22ac4321f78d8c313a733da6f368476b3636b850fd67ab9ffed0a211ebe29033fc3f9975c9123e0f31c37094720f8c589d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27e3b05a4fec5f55aabd6cfe511570e6

SHA1
69724f9c99c1dfcf29229acd2ac0baa089be8154

SHA256
06c8f4c7d9b19638c229f0e3f7ba736f5e5bcb1f6d977f537d996b4b99625c7d

SHA512
c89f5540ac7061ce36d62f1de5928ff09f6b7b3bfa1c5b3a894b7d0c7a26b8a1385066516a1c87c34c3e24b4299af8fc5f2140e053ebbda39cc9912cf97bdbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
636aab577751940c451e1532c43383cc

SHA1
86f7986bee894d6d629b28e2c44b301c7b3120f0

SHA256
7d698e4b4509d7662ec448b63d572477c7f250a295764658f6e9f49b38f9eafc

SHA512
8193b18e7ccdb834f77ce49532dc7dcc0c2c634461c5f35a6ee6e23a757d7c3ef27000f8f74adf5c5480a9464f89420edf028e41162bea20aea10c3cdeb8fbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bf10ac5a2fd176495cf4e04172b4a7d

SHA1
a7e5cf9de691bc8f21e1e19d52e423de9eb3c450

SHA256
9c97105f399edeada0560e9c0e2cb2d07e7913fe487a8f910f0aebfa08ef7d6d

SHA512
2290cb86f03273f8c2469d42c326cc240fe4427efea9c4769a58bf53154698fdeb1df48c782b8232893388b1ac307f0dcd2c46b9073821bb381bf439e9b1344c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c46990fc151c491228a4469697975a79

SHA1
454739b049a02d1d0d55f7f80e0e804b97386b89

SHA256
85065fe759f18616d482386f68e631d9205175c9de7c8c4bc6155aebec814083

SHA512
4205c0ec661ffd828238fd800f0ebd67ecec8e44d72de358a17b2e5f7947def8fb9c9ada49cbbfe2952bca2ced62de62f5c6565bfa62af3677e36a3a1755a985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
ed0d1ca277b5bacbcbf8948d295f41cc

SHA1
27f7afd7e6568c13a0f5c24952f2f05283293724

SHA256
ef7870e1a482f71f6b63774080840455fa3be36c2a3093d4b62703e66448274a

SHA512
a59c62ccceeda7c19cb0c0393073c5665db61aee9a19cc8a41e5ff267ffeac5c9af16428f35abaeecb28217aea76d8ac42cf02baa8fa4a73d2a61f4858bec2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b982c1be3134340c4a4e70496fd0b726

SHA1
fa936e203743b91f03bf78c931d2e07ec095580f

SHA256
64148303da6d29844370911cc7e79767d52f18ca61fe6757aa18872375b74b58

SHA512
347924c09a5f3a3523f843937a982aa92485c859adadd873a90f897a6bc8d7e69d9accc871225c9840c4ffcfadc05ef3964270df7a65c47b16561221c4bb2a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a955fe8a33409cc4189691647e4fb3fb

SHA1
53af3d73d9ac03c7e6e91257fc7ca12c9d86b2e6

SHA256
f3dd6408b8447dbbc419ac6d367a15f654bf854d73c7c55c9b23b710f8ecaacb

SHA512
24013039e32a03bcec34bd07abdc97168dd82e7e8c8d6bbd1b65a7086d61644d398d04e16e94a7b7ea24bf91d82fe01a1b1734f54683540b880af1c7a5c8ecb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
883bae5732161a6ff9f9969b4626ee95

SHA1
e58fcbd454ec5d0ba1f7c3bc7426654947016c3e

SHA256
586835529fc1046fb0434596973d614ec051f95e7720a06ad3f8d0d5ef0dd0e1

SHA512
e3b650b2683fc6bc992c66e00a04d1d8084ee7f126773a6d7048df698369d3855f2c74ddb1c2bc05ea641a09ad52303468577120c030a2f5c812d86036504f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acc08919a39b1f5eeaf966cb8e11d34c

SHA1
adba21450b8ffc078ffa3fbb76e5b9e748857549

SHA256
2e09fac7114ce3dcc716e87f226b69f9557efb999472dd2f18122896b19b185a

SHA512
7418ad329ad35ec67a46406f092564a7a7536919ecdb3ecaa50f9542791702f5f989834ec7c33ff0c5b4ceef68e3fcd8a22f0e7a6682064b5990a713a99b68b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2facb2cec9c2fb516edc997ad03e46a0

SHA1
2b16d54f9da85c157055825c66a314e099dd178d

SHA256
272eb7c973e81782db4fcb66e4ec4d1acf932754e85e93f0259ade8f565830cb

SHA512
3db35b13a5caf4171f730af0d45a8188e1e2264154589205b30042bfc9bcaa20c96c0a870f9359db11e92a8353c4d04758db48b091df1cd7af367e3493f72066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ba7d50738e07f945d2efce7fc18b680

SHA1
858e3ca81ce221895ad436028d485e999728bc61

SHA256
b64a262be7ba5124adb8dd39ba7d70965c5bfa611e6cc7a31c5491d210cf02f4

SHA512
bd9b6b39044f604bd63687cf108fdbd1062bb6bb1411355babb700fe521f4205a08629d8c90129142c693c62fb263576fcd96232ebcd33c58364ae195d6ae166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ea8cc4d860a2fcb6f906f0cf6f45a46

SHA1
0fa3e59770bd028bf873141bcb3d1fe028aac23c

SHA256
41d1b4bcb69de7bbba6589f80a611ed53b9b3e46979083a8277dec69b927f2a7

SHA512
34b4e1497d9362630d3e747be00774acc13c2de13d6897a6aa821eafed98de311bfda65df7b93d7ea47fcb0f6c4efbdf7a6a668f49339334510f30304238b770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585908.TMP

Filesize
871B

MD5
edfdc2ede5b40375d5f2d7e99879ce08

SHA1
30a1131ed3036ea4fffa362ca95d06e34b322622

SHA256
d1d2b1bf7d4f0d43ea5acf738ef666ba8ff6e71ec15564c5a108cf43d1157a34

SHA512
e801fb7b126681e4d3e75011fdf610373f073db17bc11c57106517f4759b55cb490ab2b7e927e07452686171d964a70630867508288ac1a6ba5b3891fdc54fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
43e82793b56df37ab9f8c6802a15ee0a

SHA1
ca03756d73a783ac117c75ea44e657908967a213

SHA256
209758ab7a60d9879e9340eda3085cffd2ebdd09b92c077f97fb11834f04f383

SHA512
d31e7b96db8f1ec140ee272628091ec4847f5002b47b1017872b0253ff735e780c24eee91bd6399dd3f97a9b78c6973ed551ca8b6cb2bc6685bf132ba570bd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a93601e968fb0a0beb70b90beb53a4ab

SHA1
fb86f2f679796fa42efcfb97a0bed99e8f113635

SHA256
0a39048a34b5e81de033cf0f918da91e0c564be0ae78eedc565bcfbedf64a83a

SHA512
fb2d34ecbfb768fe5e31308a591f6037721b72a9e609bbe2c0d1dd1af1ec9370bdbea73e2cf4455349897e51a703e39a0d0863d09936927ec8d38a33e4c2844a

Download Submit