hxxps://justpaste[.]it/c7689

Analysis

max time kernel
284s
max time network
287s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://justpaste.it/c7689

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
133	discord.com
134	discord.com
194	discord.com
130	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{537CA7A5-ED6D-4BF2-ACDE-13D248D9D25D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2612	msedge.exe
2612	msedge.exe
4480	msedge.exe
4480	msedge.exe
4004	identity_helper.exe
4004	identity_helper.exe
724	msedge.exe
724	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5596	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5596	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 1508	4480	msedge.exe	91
PID 4480 wrote to memory of 1508	4480	msedge.exe	91
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 3180	4480	msedge.exe	92
PID 4480 wrote to memory of 2612	4480	msedge.exe	93
PID 4480 wrote to memory of 2612	4480	msedge.exe	93
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94
PID 4480 wrote to memory of 2728	4480	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://justpaste.it/c7689
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa045946f8,0x7ffa04594708,0x7ffa04594718
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16381526560792358808,5879795628491027967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
7765b439f321e12f29af40b69ffc5cf4

SHA1
cd99147c5f89cf7f8ff5436808f28340c9be00a0

SHA256
f86998ea0b464d6c458d60eb224e7992fea2fc0d65b5cfbb72196e8291ba7c41

SHA512
ea8ca19fb78897c232a3cff3b15896d9fcd028547073d6dc2e3c94eb24b19f78f3fe84431feda7ef6231a5351b267782210079183a0be5f601decc9d2c60b763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
61KB

MD5
4853ac312c7ac692c4b2cbcf92833928

SHA1
7c0ed9490df2b6fda3023d1d2e75ca18355733e4

SHA256
2971627e84ebd5611958987c873c597f62db1a1cd5cfd698feb0b4d2d5ec476f

SHA512
0a167a05b62c09b1c551fb77a0fa5f2e8264ee0804bd216c39a8f546c7ae7bde65a5c4ef1a9e3fee9da427e2b9df2fd4c1dd9c2463d24b0876eb0f43d28e2bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
18KB

MD5
80399725912aa61c0a9e62d7ddbe4406

SHA1
5ba429cb1d9dfc2f00a6451217530d67436d6f0e

SHA256
4dd3ea8048862d29a51b7a3376cfaaae3739a4ec7ff71c368e6b5833d192956f

SHA512
5a4e7e624ac91470906161d67bc1731ecc1dd1b49e2617a0f547a9c7c49c9b39e7fbb86449bb7e1aaa267af80c89958468ec35afa55b0e648586b9f43b31d04d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
127KB

MD5
cc1e5eda776be5f0ff614285c31d4892

SHA1
020c3c6f9280a315e8425d7f92e15bcd0cdda1b2

SHA256
476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e

SHA512
8ea88eb326ce57117a24f88abf9ef1740ff55a1cf6d09d8bc1e798132d44bf237aecff44253ef60c9eb3fce108cf4f7d8ea27e6a763a9338c7d6204247b2cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
19KB

MD5
535c3cdf0d22a83b24f8cda3b0e8b281

SHA1
4602c6889c0c916c9cdb52276f37285e215afbed

SHA256
2afb39de599de3bf2bdd76f5e02ed3675e3ab69a5f26ef9657bd4b7bec43eeda

SHA512
1e3efe3ddca50398772a0dd19099ddb93c75c5a1ecb331a180ff8b64d854ebd2bfb3b010a379d9b1d1a14e59eb2aabb6e496732b77c8f00407b05bc2a1f9d3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
20KB

MD5
083867d28710d836f4d9c3f6acfd81fa

SHA1
c1cf4088d4b39605a2700565a39cb929454abf52

SHA256
c247faa7f8ba79aefb55b3eb5937996b0c392ee1a8a47ad2b56aacef7739ac30

SHA512
7443ef925f9f016754091e8010afc5f10711a119b1a2d86e9dc79d060932d70f931754df7f88d1f9e5fec064728356d4a4c173acd4546171f03c9b05f9cf90e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
22KB

MD5
aa49801432afe80026da201af5e2483a

SHA1
4e4017f512fd9de72e42534feeb74daf76aeceb3

SHA256
57d7ac89af41d96b29e2fb795ee6e38d672917b06847ae38a9fec15e6e5e2f01

SHA512
3631674d81e358ae74731901ce1b306ca268174f3e162809dda52205bc6cf7ed4df671f6c0552b170e4af3503730cde8f4ff87fe416ac8abc18a3ba7dd2de6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
18KB

MD5
198a86ec91320c4068894624c504cede

SHA1
79ed0f0e115932f88367fe0e394950eea4cb5edf

SHA256
ea8d7d0bcd2a6dd4ef0f9a6ce80923c034121bb3ad49d71f72f3b49f4666fc7a

SHA512
8da84306b7ef0776a6b6dee7bc1bea3992228149b4263e8de5899dc71609dda375dde357e35f6392ec526bcb1877f8ca74492b4aba80fadcf12af03c12164f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
30KB

MD5
5a8f70dbc32663527146bb7260126d8e

SHA1
f2f3f0cbde965579a61f50577118c7847d16df94

SHA256
933eef4eeba490d46ce2c8e1b898d1f16f1b8853bc8b993ef79d0f590b2bc310

SHA512
da7a214e38b98b75f8e99c405f9eb53b9d65ee8a62896bff9651f03328ed773f6c0e152877c6b76d16fb89c489ae725b03ef86c7f3094df136cf3c77d89745ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
25KB

MD5
986df2960862a26138af3bb35bee150e

SHA1
086046010c54daf77bcd924b761fd49a22a737b2

SHA256
f3044ffa305a91c39ec7fa7b119adb76eea222064958fcacb69536fc91053539

SHA512
3ef01d7842d08f4c3d05399e4134d146e4347c46a456074e7f5f3d67a08cff27f7dbd7f02549e3a49d5c65937ed2c43fdb49c5277245ed86f97c91176c1629cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
1224011b2f30708a14aa70ba6c670855

SHA1
9ac579d535c8ef1a4083c600ece36f7e619eafa6

SHA256
1eeb507097429d0f2b3ae17293b7d7ca0af2da438f7e1342cecae9c9af7957ee

SHA512
d7eb22d0741fa64fb9fd4a2a3895b3d7f509713703f0dae8c481a8f83cec5c539d13ecb886e9c9779666aa6c3cd226d431cc5193f6a685a46f6ff9d97b409936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
819a934f902835921666513f418b2c6f

SHA1
19b191c2c1eb2b8f3bf3839da92b7cb0a7bb7c01

SHA256
8d3f13eeeeabc68da35a947218f0590e47efcff5789ac41ee834cda1e647c645

SHA512
23addc8661b8870cef5dfdec752c292f6c0a2beede366b36e6f68214f4895bbd70470053a979c70ee47c9c0b2e169a03846c8e41bc04d04f6b6b149f9ce8bd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
57cc396e2c1f74b6337f71c8e5075a21

SHA1
7ce07d43753dc5ad807c2430354b8e6ae1b243c6

SHA256
df59baed259fd3adad7c60653dcb2e39eb2df0df363dd1767c068c3d47db0368

SHA512
95a622d00c37ffcbdca9f10cbb9542ec51ecf0898dbe1661e62744cc28d76703898770926e6a9839443ff908eb119af3220ad5beee2f75ab3bfa358b60fd2bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
b752014336601478ddcae6119f7873dc

SHA1
7912339b0923644328b56ec2c9b4269e7fb18af8

SHA256
9b8e2576ec833d3a304d2527c7d48f5d0fc89cb7f3dfd4436ff67ba852c16601

SHA512
ab11225563007b8060171206250bf9e3154ba222b4d7aa81d1a12eec2c645bb95f369ac3a1d6f427b972ede7f3458812070b35c8ab4ec8c3bcbd3796c182c9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2d4c5643587ac043a2a406eda8150cdb

SHA1
ab73133ba22e2e930ea1cb34e5a0bdff9aa1c311

SHA256
35059f569ae513e78771486d63416749aaea015cb871c20886ee94e1eb63e5ba

SHA512
75fcfdb8496ebf811ae8ab2474218aba879a160df92bb2b2e4f032b7238339897d085da511199a7ec36d000772420238e657ce3e0a117ae890a59ce7ffcdc5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c45c98e9bac318206057b54659f96dd1

SHA1
b8f31a6729dc9a98b6e589047213d603f512026e

SHA256
18ddc2a6f937a7eb426aa4c14975a5e8a4d6ebe183ae2dd8f50f709567d06e8c

SHA512
6e783af928ecd88c62aec581190cd5cb9e0481271ec35b83fadb73da800dc1f256e58a0eb3bb3e947b749aaf76254d1238f9e8279d7bb0cc99a44bf75c43c898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
415c6ed7654f9611fc546bce9fd49e89

SHA1
79caebadac28ec674e753b3a76602ba969274d10

SHA256
436684cf797024618f37ea1681c85ddaefeae4bef1b08631aee96ab76ef0c616

SHA512
b61bd53de5668616f3882ac0dae57b3225dabe97f081aaac3d3b3682d0b2fac976e5a20631ac25df8582f09336d1c326377ced232adfae6cb46e83107a66d19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d1c6bf9e8f65a6577018cd7863745018

SHA1
76a47aa2fe7249c809cbe3536be767629f41403e

SHA256
68d014c8351a80a72250f2d213fb8d46ea5f44d93053556416c2737f65063ac9

SHA512
adb5ac5b70f0924ee85d80cab413f39a670c5a9e9ea57af552402b59771e20583f1eea35a810a3217e9622df0266b938db8bbe09f2e080ee8393c29666ba867c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c094cf96f08a87f1fe6c6e5a2f2d802

SHA1
cb1b0dcf725f33596a4a747c0fa3d44f0363fc73

SHA256
e6e08cb70c7c4380abde57d3072ef0128ac5fbc3b1699cda4312fa7e9d1bd9cd

SHA512
a942d9b2030c2b5d3a48dcf7c6baa76dea0f64fe3a89991a3fe27c78ca0387d4d2e5d2970cf77eb2ee03588197f1b21e30a95694197eb8f10f845c25972e408b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5ecea6b5481b57427757a86f6ce8d1a

SHA1
25e041cbaf0c8c46534d4e480d86d170f8f8f706

SHA256
3d719ff991fc50090c7eee0d911c5ece35c99857b13a615f37a6059c230f14d7

SHA512
ecde64cfbffc69a2c55d6cc963368f6ef118ffdab9d9921f3aa41864f5c29a7b95fda5de35c3e426c15bb8d6bb139dc710ee13c77a4ae081dde7ef90e84a74b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66e05aa5ee2c0c3795888f2cd621d0a9

SHA1
8ca0849ddd67e148be0cd9733ec1ee8e75944bad

SHA256
76845e98d823e66451af0c7f3feab9e10b1300cd0a6121e4f129411555a89cad

SHA512
6e7d95bbf8933be4659926d75acb0ecc72556ddd7d60ed93666c461d4c5feda445b66c02f3aa31ce5011fd9277a171cff2583cbfc2ed020eed075c7fcb6b0bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54e158d6e26b16928e2373c7682e265b

SHA1
66c3661a8764ee34eb157df00c21ed04d105973e

SHA256
341a9ce01c95c687d19a6fd66bf4a9c89814f39ea023f70902e0c0ff3e49d10e

SHA512
15c8ba58d2f22a0b860d1bf46604b39ac18627327f46ce1db9d2bdcd6768fe28a7ad9a3f5c459e53f6707135499945002e792933897a2a42a2f6bded01f568b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed44111250a421d8f63a51c2076803f7

SHA1
eadd8f9d182c3be1d6b50597158ac0ab21c43c8b

SHA256
2162126d4537c8ea813c3ef8e1194567d3798456677581ae434aa02f00e9b4bc

SHA512
d8358eeaeac02caa99eb9c89585ac7dd2f01f987ed3d329cbb5a938f9b3c9cadd90bae23acde851c39c2ba25b70b395880f3a5cc2e721e3ac7e56d5cfbfb320d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3634676b260986fd796941d83effe29a

SHA1
60935bcff209babc6eda9c676e28aba2c6e68808

SHA256
8f02a341c256e5157e8ecc2123c63b676cb3e955b469a1ad6b51c644d37357b8

SHA512
f6640ff290f21932ec060c24823de78bc5e7a8b93eb1bd3182b6f4d0dcb520a3b4db7c78115b3561fe90f241b0bc3164a49b27306a8f112d5955a6f24e8acb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
df26d6ad83fc77854e412f843f2eaf04

SHA1
2061a09d9a9d69d274a8934fd0f0724ea41c5924

SHA256
ccb5ecceb69c77c572b4843e83721830a4c2c868f441e2de1a16ba0bb8cb95f3

SHA512
ded44a3e90a2f3ee19c0db52168770fcf698491fad33ee75cff96703ffd39d1754d399e40a0c5b6d1b1f9591e8825743375d988d589616aed5e4a1c76b2839cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d77d7f07ca7f15e24b61c98c209e7ebb

SHA1
5b69194b4d6656bda84c226bb0482cfca4e8e59b

SHA256
e4e18ee5df9608a12f96587f1ce84d97444ff33920a816b58923078164a1b4bd

SHA512
eeb1a0196c01767c961e933ec3f966aba89ecc20e715b1200a7807fd89fb74409cf8f64e225e22d5298055fe4cb6b4877df9ddf9d33fd37c2d90f2daff881eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
78e41795f4e3ba001fb00f692e401b82

SHA1
ed84373ebb3a4a4e21c0991d16a809f858609f5a

SHA256
290b86dc7ef68722a5da4f4c56ff88f63256042a5e8ebc7d6853e24180118235

SHA512
7e2940def1e8a218d9beaa6ecbe20344b66136237c3b00471a9878c32f0f505936c523afbc69412aacacf0d0a23859e1f5621554cd1342d03c3b92fe66acf55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
78902b5bbd0572c9ff63e099426d79cf

SHA1
e2aa5d9736ecacc0b7980002161bb89f31361768

SHA256
0e1c712cfe37992f1d6a0e258a09d7713b3c889791ea2256a2fe6c21a4d9534e

SHA512
4ecd7cf8e316ab17f47339f602dc32196274b52c20bcf8b00ba019adf93c2c5911fa22851d0ac7e349b50d59703518af34c6e87ad743fece7bb39b0055a6bf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
148922956ae35a68f385a324288dcf80

SHA1
23d39dd6e9d9f3cfa7a994d50b9043a6449d461a

SHA256
b471a464f9d8b449e5b9f005d150b4e46b28ada8bfe590c54439f53acbb49ccf

SHA512
232b8bdf8dce3c7c7c4b6abab952bc9cae03bb5be83da998a7f41a297c9c22aa24ead1092eb278ca06c0337da81d9dc772bb2317d7afbbb78bac3494f707cad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6bc748d7e6c508c9892d65656fc9b79e

SHA1
387e3a6c97a9516e4172401d468017b65e6b7794

SHA256
5dcc776c332a5e9a2c6458e6576b64e4fb182d2669458366f416b7cb9676c5e5

SHA512
3d5f98d2e7358ddf04d8c936fc5f807a1153724a79d25742932b184cc9ff2cf3c77fbedf03fe23674e3765adc314d0c2cdc896c0214737127033be31b13adaa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef798ea9252fbccc5cbee37985aa5429

SHA1
d8c060802563bddbb95a62a989e5fb340bba235b

SHA256
2d6f0a44a1910b5ef0ad20f191b73315af67f59ce8b9b22adb8432b378c70f45

SHA512
b65e9c1f225a69e30ba7c223606154887e0285586b77d14a6a58549b29e50f58595ae482f6c8e681be5c12b04a1d7534680247d0a4cda898a5b25e507afb8f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ed666b953d6a5bd39402ba3d748d8a4

SHA1
96f4e986027e26a403ffd234034fc2c69d7def8c

SHA256
f692a315c6375b8b312985e6b4e7a3f6a462382b4f4d457463f4b9ca6903751b

SHA512
573207062b5836854b4f70669f25e3e0138d9c88537674578aa23f8d1f679dc808dd43d3ab6eabf9ba8745b6a49e3de39fdafa44bfd8ec3c3df54982a8ab727f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
564f0256b919aa4565ea787cdf0a812b

SHA1
4443de28d227267689177a79b6be16c883917307

SHA256
2c4ef50580202ce4a0797f6bd14d84f6437eca850bd20df614137da1d9e25679

SHA512
2a224bff24023aeba208718057cd9f2ee7cadd08c94e82eb11f2953ed3e7a197137f52b297bf867270fadb5b082188e22c3ebd4e87b71feb8d7079e753fab2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6dfc34f63e943153e290d2246b7a1fe8

SHA1
601a09046eebf7b1a8b04e748d1b0f02b1f06308

SHA256
51991ef6160650b5c1d8d2347bbb6cd72a7e64cd771d2690b8664ae266f8532a

SHA512
80764229f47a1022dcc912324822c5ff744c383ce4e3e77cd1ec46ffc8c2a6f7919e54a4172eb98ad794f82d6198371c8cb8b52ceb1cf0bb666040912b0debd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a2bde75b0d680103fcde35961bc08b45

SHA1
2e0f5ff4b0e4ac4d383df786a493ee733fa1fe63

SHA256
39c55e3b8455fd2f13338696a390ff0b2775fd8aa6ebbd789b84d68e0c29d77f

SHA512
61e969d43688873cd32f51be7e755b5da3ae0c754f86325a3ef7634932d219a37d146a3f6727fa84ffbe11ea9cb56116ade2c31f390bedf9f1151282772bbfca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b445c614605eae462e47f2795ee37e38

SHA1
23d194e842a245da57eacbfd1c841a1683544561

SHA256
c55e4d4dc8d01912ff64574716bfa144596256bd4a0b863a7dd29927603ce513

SHA512
861d7858e75574952c7b16d343a43e7505df6356cd647619bf38ee1b23bb5dd244ced1ca02c561edb1117eed6ee55b3472b5330318d357ee8b10d9eece5f1f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2510e2f06e3727f34e7268487a50a1dd

SHA1
6d37effd8889182312bc320b4c400ee4fb41ba0a

SHA256
933217d6efa7bd12c97d74ad9f2eec8372c1431432bbc80a8a32266c497cc0ac

SHA512
1c8fd401e48d454ca016b9dbff018ab550e2a491d68a962fdda1764122dce0fd5be6716d68e56af55ae2cbbc5ef232f7110cc2ddf17182ef81c9ed05734583bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1e48a488e19b877372bfd646827b0dc5

SHA1
ca7c24fdf45851bdd7d54a9d33668a3e2736ec18

SHA256
258ab0daa4aa083ad5341071d25f1a113b18544cc23c5f95016746cf62959d5e

SHA512
f0a1264cf42fa71a74d606ac8fb82f1b55fd76e717f081fa1963354aebfefef9909fccc418706416e46e079a586ecb931373b0c4a5204eee2830fddb7fdaae12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
319f7c26fe3bf0f9a7660349498652b3

SHA1
1930893e3cd81eb3a31c9e3b6e70a26f2073f99e

SHA256
5be06212fceb000853710db7131335bbaf1b5fcf26666a895f243c25dbeec53d

SHA512
cb3f8ca20d072ab88673b723c1134c9406fac7099fcf8ac7e4bd32ead28015d6a0a0c15ea5e1306d866d9c9010246b931be308e39964c875ad64c7f0c3d2e327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3b419f0f020000c06d41447b63b46249

SHA1
6a3a283f9a230eba645e99d7e8840107b40dc8fa

SHA256
386989f6fd6070ae6088139f665066ff0d5d89768e14f8019d68be4bf8b2d573

SHA512
f90c147c2fb9fa93d773f35c155512f8d3c32d507ea417df8cd388c2b019d86696c573dd35d4a95e0eec9e2f9b63b0980463f7e7c4c94df40a9a5f05b01d10f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
042744bf7665fd29f7f165c46fda1139

SHA1
9317d6b60467878beefe0cbb1df4e3c093ad578f

SHA256
39662ad0b6a0d2d795607f3f9943fa5f41d8e19bf94d21aa14c1a23bfdaeeeab

SHA512
38d08ab395a79e92b56d935daa91211991768b3d9e1a4673798f8be7004e9d80b96caa160346add310970256d78472c5363de3b75b60884c3a68f97ea59813b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9f83ebe472858f4f8a7fef772ed54aa0

SHA1
f9edaad60908c8a96bf7f3f0bef390ab235d5320

SHA256
364ae9b482d91b5dc66f2136b2e874ab35fdee6c14f94b67b89224c472240d09

SHA512
116a58a4f1c758c4451efc7a2e76d9e43f8e7d2dcd0a0860c0864b456c26172d680416d08d1dc1bf96e94ac7207eef09732a5c5c651eca37eb29846710fd7d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
edaecd0ced54d1c77b8f96a25f876b97

SHA1
d99b5a9a1f3e2c2d32e7740101fb914be42beab5

SHA256
665cdab29c4a024702a139018078291c1003f15eb165e5cd3301536defb19e1a

SHA512
88d5a3bf51babc6b2ba898cc52785932009d08b0e7f09908f0c597b542c93710982f03ad6a5781b1886b8a2d0047504f8e1622f344d7abf54785db1d3a8849e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
562ff04727abacb716cc336a949103f9

SHA1
2e3edccc8b5baf9a943163309960beeed20612a3

SHA256
24f00920514fc8a28178106e0b9d31f0210a2f25bf9cf50922275a9713e98e31

SHA512
ce4219b94abce5b96fc977901432271eb6207f134cc1669862aca3f1a2022154647732939cbdc35ae31c334d895c5a7ff769bd2558b87a361ec282e0b0628799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9283dc2f4399aed7bfa2e15b753e8adb

SHA1
63e7773bf2d9b954b015e09df835089de4b181ae

SHA256
44b9956016b357f750da7eefe74dd9f7a1d0756b86005fd4bab62a3f96646ac9

SHA512
93dec13f49adc948a84c0c096de5e5c5e288f1fb1f8abb5d54ee006744a3acf9d6f6464f9b4a06f86c419d2a3fe6ab3b6894a3807ce7ee10b381148f72613de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88a1329973d6cdc298b78fa35c6717ed

SHA1
6c07bb1272e88d71aa4adf3a4fdc8fc509e0ab88

SHA256
af042429164efbde0d6822b5f6861b4e3f8c7f1a321c006d6e1ef93db5558afb

SHA512
8721c5f5c3d7218b58d732c0613def15bab9a38a72f0437ffc9b80366a320e696b28a40f4737508b5b4453f4090687f872516adcfa0c49ff2b269f2543d2f986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a42f.TMP

Filesize
370B

MD5
3ef774dc15805b1a45ba137443661158

SHA1
166c381690e6c2855cefee8b131c014ed000e1cd

SHA256
b2cd60d454125d41bbaa797e67b4d2366111ded003e7706246540d48f520890e

SHA512
7be2d4e7b49330260c59d5cd39f9517218d85f5b37e5878a3b349ab554dc3686fd43b18bdfe29684650f2cb64a62ea4e067edf0bda265bb1fccd676499ed5c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4b8f9ac52151998ebe3230cbfb4c2a4

SHA1
1c1eaf9375a6e93c0063bf64134d8e654345ea83

SHA256
aa294ac16c7362ed13a649e250aec7c06588e9b3cffdcd7ffea652aee813de29

SHA512
104caf7def88f5c0a5360b30d1b1757a2a6bd24ff1e8cbe908d49f0dba5bb7c3effbbe0afb22b6b06ec01d66fb0482a5d1d599660eaec293ccfb49dc7fd11ba8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4e419ea5d79b1911b355edd912ab6530

SHA1
870f139b6764447601c6fa7484103601b17d65e3

SHA256
65717b49164c4ceab0f6fe2d45ca63d1439c58b45ec19d7c980519c3fe79ce3a

SHA512
1417f2257e6520a01a25125a4561eaf2582d413a7e205d77636ee02b475a3882908d6091b304bb7b0a97a8ec82d5ed5c3fa3f1c3c4f355ae24b60fc42bd19876

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a06d9b6387b45130fd7efc468347875f

SHA1
1b50c7cc47b179637442db28ff0f9e71825586fe

SHA256
1ccd8dac73eafc1f75d74f1051e0507d20a79bae9a2a8e70af69acb8ca963bb9

SHA512
f72bf23baa629b0e5a743508388b5f2abdd95dbb972c1adcb9642bd9195697fedec3ff0ad59f40da8f47e1393168d815f9628d4516793d6c6a056a55ec2b5b36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
5557a964b235b6b9023e9e58a8f696dc

SHA1
f5e0b4a7639cd9ec7f282b860203bb06fbf987cd

SHA256
56c54911cc9c0f1642f9587cd6541fe5f957a2f961e33541bf8862a76e5a792f

SHA512
701f185ff910039089b9be80e3f41f138472ea4c95dbe3e2a5b9669137efbae2ef306b736ced2d56dda63b39ea08db5e1cae5cd3bb4f228ae7c32d8a186044ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2677e209fd95e8c9b2f8ac17d384d20e

SHA1
3b13bc889608882e2d17811b5f34f460ef3c2344

SHA256
10f9c4f5d318f3f02ce700c56b4cf458f57916c90f77a81c21049196fe8983a8

SHA512
2105738438bf2d65541be822e8315da7363f2834272db9ea0866cc2454a9fbfed2bc711d25c41255a6570d427f9a2ce0f8722c9420ec7d0967f8597bd001ebbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
23fd80eda677e23b41e95609e86ebe8e

SHA1
8508540af87d5157028b796339c4fb77099ab3f6

SHA256
24762b6b10274112263c6448f5689604d7e214e4cc4af730f82e068f66fa6e08

SHA512
d7335d23745768966c7387a58c631ff88fe5fbfe3892468d547099bfa0d812cfd11f9922e5661d3678fb4e3e92e1f378a3f9a89adce31cc7826378cf901d1eee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
82156336d3b9babc1276665abaa0597c

SHA1
ff5416024103ccea43e09aec75d793bf042e2007

SHA256
5667befc59fe682fa2164209bf2f5755b7d5dd484a33ed70c3a18d19316ff08e

SHA512
66d641a5f816bdeb174db4803e5da807a4ff3f7e69275a9a618c47eda5819ad704a8aa787f309165fe8cee960c9d6d0e1c9af2c50b2cb3143a597c1f326638ff

Download Submit