hxxps://docs[.]google[.]com/presentation/d/1F83-ShdeAbQq9FdhdQrcWuOXlUe-oM9jfffE_ElLTcA/edit#slide=id[.]g192e36f070b_0_87

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/1F83-ShdeAbQq9FdhdQrcWuOXlUe-oM9jfffE_ElLTcA/edit#slide=id.g192e36f070b_0_87

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{C060D61E-B2A0-4447-8E49-62D9E8021C5B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
1384	msedge.exe
1384	msedge.exe
1716	identity_helper.exe
1716	identity_helper.exe
4604	msedge.exe
4604	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1952	1384	msedge.exe	85
PID 1384 wrote to memory of 1952	1384	msedge.exe	85
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 1808	1384	msedge.exe	86
PID 1384 wrote to memory of 4392	1384	msedge.exe	87
PID 1384 wrote to memory of 4392	1384	msedge.exe	87
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88
PID 1384 wrote to memory of 4920	1384	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/presentation/d/1F83-ShdeAbQq9FdhdQrcWuOXlUe-oM9jfffE_ElLTcA/edit#slide=id.g192e36f070b_0_87
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17384139094111930128,14150597206541118808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x328
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\005de2e4-0415-49aa-b938-b5bc969520fd.tmp

Filesize
5KB

MD5
391398ef3295fb785f662b92539be3cb

SHA1
68cc461234430420e09cb3a88a4cc503cdbb9d58

SHA256
308c6d9a97fc9a27e4d6bc2a770a914aa577b16318af37dd4344d3a67f123dd4

SHA512
28538d876a146d15474e8f7dfed2e08bd8be13b27cf724758dcaeeb407ec660056ead97d11b946d8ea85ef98c821c703fb8d4fb9075cf48fa6212bacd580c853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
36KB

MD5
2f8366d4970d81733bf1d9cd15c2f56a

SHA1
07abdc5838fbacb76e1a809eb8a8c24c5acc8c2b

SHA256
881b71a043732d89df0755ab3dddd10b0d6ff774ecfa55cc4954f5ae73b3c347

SHA512
1e3befdf69c2c0da4f6d4ddf90296940cd66f924ca160b2587abbe718f75834307a9f397f9a97a94faad993c81c4f635fd351d19fda83a966d3fa4cb087f09c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
1.1MB

MD5
07a91d20c88cd93205062606e2ab5d89

SHA1
4448c7193cdd2cf8d80f04ae18b93d5ad467d96d

SHA256
3601e32eb6e6745b903097b431b2b92efe8f1a57aa58eb79668eb19067f4a593

SHA512
d4154edff2ad485a369917cfec8fbd0946ec3ded16ae4e40da3c18e233fc1eb06c512d2301d7481145ecc4dc48416f010e83dd295a345d348f99c0f2048da71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
63KB

MD5
7b4d9748ce4dae144f1bc2ee46e77e5a

SHA1
11e7d2e5bbabac4b535f1318aaea3adbf05a82fd

SHA256
b23d1e46c3747934c123c9693b2912694d9b587233535341bf0d69f09444ee7f

SHA512
257f1fad2b060be58b41809364e3c3d14ebf6fe180dcbcdf35199394ba3d2ad8b84f5d1f0b8fb20d1070e57b4a831641ffbfdec1793a61c327878bbbe15eb854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
27KB

MD5
d6f862353c2433098d82725f90a0e280

SHA1
55ab2e7e58fd35c99aec7fb52849d866eaefc438

SHA256
719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38

SHA512
0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
75KB

MD5
37daebb978ef13013a7495956ec1742a

SHA1
0ce04c689150f80154ae6fd93f3defda316e5353

SHA256
1b1b49c7082009c24b214745bb052fd4bfb2c2037b9a252bde6c916125f54f1e

SHA512
d9ec9c8ab84cdfd58b8ac7c6b6cb2af6e700f195c1e57f15c7d69a81095dfd20374bb9656f106dff3ad8bb0413f54870d89b5b6bce792665ed03cd449abaccb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
cc3b06f44facbbb6f79ab7cd5f00b069

SHA1
27b6778650e477a4a52b3ab376077cd20a305436

SHA256
f8bf4cfbb20c9490e3cc2c1ebdfae74a82e37fea5ddcfbe272e67a83b9335fa0

SHA512
76504e06635764e8ccbf6af6c377c3e5fa410fa2daed29b046c56fec2dcb2e6d7fce8b072608a0e35b89691d76f9e94227971c7600d38850978e8188bd4c570a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
0d2bd7526fab6909a871629002674481

SHA1
64cd68f600a97a75b5024d82c963252c335d4a19

SHA256
a672a810991f065d2319cadeca1f4561dd05e9028e2c705f24d29e0680cd18cc

SHA512
d8354439bcca7c7a05b85e8c3f33112defcb96c6a78ef4b4e01df897b31e6a5670c2b6e5ea0c341a298e45fd9fd54ad1363afe253f310eb61044aa0c09ae0220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
abd931f52c575e2d207d34ee21105c33

SHA1
43bb261184364e1543f9d75edb3f238a184596b6

SHA256
1593c3ac07a733594cbe408793bf428ca969c776c625d1b6661137b217e0c557

SHA512
ae90e3577310c3493b5f0a9b92379e93d86c544d7bc05bf4edf8ecc8acb97a7a3f117da96f1b453812f083e5c261b7c83f4691fa7e68e5e07de58dce33426861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b5b1ab523719c3c_0

Filesize
19KB

MD5
2c3a9e80015e1afb454e2bf85897b6ae

SHA1
9d91391350baa74c198da437f836b89f2a403ce3

SHA256
0c72270a01631766b65f2b772d8c13e2225d9e6b74e4c9bf4b444b30d9544c57

SHA512
bd9d2cc0d3878543a23bbce1cb377b5aac2cd6a2e2a18cd8d3dad0441da310d0111b1acee98fe1fd0eec85d1560da917152cd81241c32a74435e053d5c2fa890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
c868e069ff373e2e09bb487d96be8278

SHA1
e75569eea7428b85fc89d40f8cf4cbb0cce86e31

SHA256
598ada3be37783485f07013b6ecc18f423071eb51b3e91215357cda7f38984c0

SHA512
3add532dc349f4941d5ed49222293ea54fa6e040fcc9da913e1d08c81e5485f7d782db29e3a03ef74fc0a252c8bf93e1dd4df9df9918777cff940f062f318432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
8f15e37303b75dee3dd2f49928f908ae

SHA1
cce4cb5a8f181cc7a1f32abf88e5dd812c13eca0

SHA256
64b428b6c88f6f0e678c6a274bda5bb007352b411299bd1386012eb89feb1d77

SHA512
2d04e3e8176c7ff239eb18a3cb4858b497371fd91cf60ecfe4d81226fc06146cfa8b5b9af9adc424e8b658dceecc2b614e0eefbdc8dcb0218cc8b301824e61e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
d11b2e85dda39ee17cfa3f45f02830ec

SHA1
136068f697fa78eb3d21aeb723f14200833f21e9

SHA256
c938ab3b9518067702f61bbb11012f2da1685c433d953cd58cb258a91719d99d

SHA512
6ff2d1a80787ea37dc8659d657ffe104dc2a45f5364cbabcac0f80401e225f3908de1648e316ddd636a9f8b4dfef120d8cca0532bca62b90cbc15a9e2f6386fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54cd51ebd8e9e5b5_0

Filesize
5KB

MD5
4dc4399df702573ca72af0564f94b8c3

SHA1
b4bec5186978f8b4748070b64e1263a9576ccd9d

SHA256
87ef19ddaf4b0e87e48da940f302347fedd29a67daf988b602a42e9e54d088e2

SHA512
0b006fdbcd4f0c156b7ecde5f0283dff057e52a22ad6d3f25fc59e080ac30ab10cf4d3bb8f212892eeba5d4e08b3b49dd9ac987ac7e28ffcea83cd8d4a7d38c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
5889941fea5dd1e0c79979a8b255bd12

SHA1
360209c5eabb82c8c4e10fcbab267d84535dfc1e

SHA256
d67ae8e5ac8a10191085395beec77445f9ea35bce8cd975c374cf5dda6f657c6

SHA512
be2e0a128aa9cbeb14ed2c11e48378a24cf68212d2f92c723c4b1bb543b646fd7da5adb9d6cabea6ac33b683356a8c00f1acc6b1aa187ae6c6fc4cedf33765e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71da22abe269277d_0

Filesize
3KB

MD5
649f77e7df5d61a944790d5a42249eb0

SHA1
53f132e37c66a8f6a621e83ac3af7b1387ddd96c

SHA256
ca3aa34244dbb2263c1487fdbe1b9c220a7ddb7400ae001e0b6d2285f489e518

SHA512
aefd185d4731f68af41890077ff6311669cfa4501c38199696ed856436bb35b88bdaffa2ea3bea5079be819b0c0b5e260a20cce6880c188cd4acb49c4fdf3039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

Filesize
3KB

MD5
56eff70ea9a5b3af2dd342a91f32a356

SHA1
3939f275a62d2778e2f35e0c6219780dc1c4f266

SHA256
b4270c67eccf7673b693b9f1bbfcce79a6b53dbf8a4e66367a9aa39b396fe4ae

SHA512
58704d3ca2309f691b058ed51a52795390762e1b5a370657299a7c0fe6c1f322828fe76f7b67946bfcde62fe2e7e487751aa9a061c5be80774a9c720c9dcebb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
ea002352266816332ac8482d293422c5

SHA1
e18ccffc92023b9fcfe08748a67e344f1abc8b50

SHA256
543105fe9d481097d71035b07f57d3f9bdc55012c2f4ffea342fbd9ae7e6f597

SHA512
1c6bdd8855098ac3b12c06a2fb4327aac6ed22359fbf20781113fa6d1da75e375742c4fdb21988fa73433763df7b140655a5bc6b2571114f112d729b1d4be81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
ec0fcd49a07f16e46942b0da2ede677e

SHA1
50901376bf956caa36bfd15fbcecbfc250ac12b1

SHA256
fde1631acd5dedcce263116ee143cd9b253678ce05b3400d2cf0fbbcf35d320b

SHA512
fc7a6f23a9910481923483ecde98e95347347dc22a9687f85725ba30bd97f5ba54269f24ee61740e41bd2e3df6752cf905bd12ca16cb640d876704735b463d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
3b82e836cac9dd00e78b452adf88bdc8

SHA1
44826dea95c645866ec9d0f53ddade29587de04c

SHA256
18a439e45aade5660753e7d1936c8ce43ee332bf4c69ea02270a13fe7dd96ae2

SHA512
4ec390db5a43aeb4e0631bfc15b6c8c1d2312ea9b0b66c99cac51e5caccfac45b324a3c7f90b767edd1f128a8f707d0a48ae06455602e31395e4331dbb607451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
a89e8ce2ef77d2af615c9959873f8ba0

SHA1
4023dfae2076cecd2726fd12850bb702205ab09d

SHA256
eca7bf8302defeaa45cecbb36eeb154ee05952bb42ddadf95b0244c10dba61cb

SHA512
c99288eff8f6024377a1e770443ff53c816e25cb63be9cad7c51c2f7b1d84bd70b2d3df7613b6b07a71c0113e7f11d18b76d21bb936916425926046efd4a2f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
4KB

MD5
2af300e66fd57c6a2c646005723e3411

SHA1
79289a42f8c693ca94677bed92d24ef239a0d013

SHA256
ef4bbddb39d8f8bfe8d426c8c47dfebc5ede9c764ea6e8d48e69793c9eb347a9

SHA512
d843c64d4a4396ee7821a8aec080f888040487f968c2db5208d920ec1cb362310d64a8842fcc5a24473a46c7d5673a5555d5ef9c78f017a5f73a64a780bdbe62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
ad3359fe2b1514f9b4eebb8c5e8002ae

SHA1
e0673fdc22c6bbb18e3d59bac42b44a156946a6d

SHA256
ae51a976455a79b07fab8967026dee1d835285f7a450adfc39b17b8da588089c

SHA512
d8ec26fb84f3211e8b2e8fcf9d11a383652706658ab31663caa2af371ffb840153ac0c335578598f947bef4866f8b56a8548ecfbf4ec7f5cb9da16fb67e57223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a1457c75265c7fb022c152f9bd2854b2

SHA1
5ab5cf67f98551302c2d2e5437f0559d59f7c094

SHA256
b97fea2a7edf7f765687136c41765c103ad94f135257da024d04572c7e170d23

SHA512
ae666fad0b11eb29c96c5a299e0c1c62675cbf5674c0b6f4de774266c23215f2ba3bda6679ee5d5e83d16771145b8a39111ac182a1212fac938447d6687e59d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4f6f2be5d2dfe81d1eb9bfa55b9648b1

SHA1
2a0bcb8f12a3514790ddd430e30ba691b6dce39f

SHA256
1cb5334714da72dae79ed233dc10a1532b670b1446b85297dda614a7ad0c8cef

SHA512
acdcee444768264e53448e025051abe0ca8cdead4ebfc6eaa707132b0e6fce1a65f8ed42b2161b9347518a32667e9cf13b9ec0f02a7831593b12a31c3f7141e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ww2.teenfinder.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e2fe6e6d8a2a27486c6c4bb994da6f9b

SHA1
a5a54fbb2e8d02da398987bb1708246172ae0cf5

SHA256
da3d0020d764f05e6bd01d4c9f4048af047943d04fb1d43bd14a145c63bf7911

SHA512
b6dd6a1de7b9d1e2c13a3b171c3246f7a34856876650b2abfcce369391ebcb81b79304dea14ea1b2b107267e6c1b160cb1941de89414708c69aa48a2c5054989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f73aab4e872ebe46fb6d9edb84360273

SHA1
4ba6e95b6dde0b8ba803197c6474c611e3cecc12

SHA256
7a8213a3123489ecf83feae56b85ba906278177f0545b49053ef54e0b3c12547

SHA512
928efbd09f273d20483fc9c2ecd1c7e64ba3d907426331474e122c0ce108b60d32e0defc77d4cb7a41a21f6ecabfe58f10b7032ef795295b92a566bbc7753a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12a5e144845c74d93dc3989b42554d55

SHA1
af29696f2a829b2052e69ba1769c7f11c930fdee

SHA256
fa2fa4a7806c46e70298915a9726c6f6dfb82a754757fec77b0c2c348f6d02d6

SHA512
b20883566f8041baa4d71d9bb603379019f9960003517097b39e615bc2d064f6f13bd61278b39475b6cd5808eca93d9a6b69e4def2bd6d5979f9f70071eb5a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
560c2c9e4875c58a69d8896ef747aaec

SHA1
9464d2dd78f0e85a27e96e38dd7df66301119a35

SHA256
ecedfd5aeb74c3710dd77f43a3aadbea2f69ec3b95cf5275d9c4aced5ba26ee4

SHA512
4bad9299aaeabe0a9a7e1c9857888b4dbed0c94babccaf7a5f6376ced0b39968d37f6170f223355dfe751ce6f109abfed2c65e8d4c4dbec8405b07277510a241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dea455b06b748aa915c6eaec9c71c0b3

SHA1
fd3e8d81fbbaaf5e394c58a21b9f07fab121e5bb

SHA256
150f8dbdca8abaf6a537caf0158a1a08222ef1bcc6b8c2b3d37e8011fa3b7d4d

SHA512
37889f1b3ac2e478bdfdef8f846a4e84049679d48872012f4ed1eff0ff515741efeff040bbe6a1a48c549d375b8e103878f172b7f234e274dce0f3864e09cd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c7838372b8d3ada4e188b4516260895

SHA1
18685d43a1ba75ab40cfd2749ace81584679a7c4

SHA256
d9744a87523ceaf1227ffd8d33a368ddfa01a347835c9ce12f3e52e7a26d0f82

SHA512
8ec1e79cce164098cf91cdc90329b7c1f3ac5500cd0dc1fbceb39f75ae752f34fc8ca519accd4d63bce33397fc0ab14b054de803b1a02e7b511d1446798f0442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
354652eee41c1d0614469389e18721cf

SHA1
9e3a3dd8968d0727bf52f1f1e167743e41ef217c

SHA256
524f43e0378fe33073af085e8e4c716c92678146854d01369108cb580464635d

SHA512
394cc77aa472a1be51b7a88edccab6f6cc5586da706cc2593463aca45eabbbb56b1857f7afa7d81ccb9cdd4df9386fb286b870ed0754b207436adff3951372aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3a8f6eb10cb7f16b8615134db727f78

SHA1
ae5f43927e4be5741a5780292a813fc171089ae5

SHA256
5e0820c229a8e82415a69aa0f4c4568eab2c58ba49947fe27954d05c7a6cdeb6

SHA512
bc0d477b54b1d2a3067c05cdc2c0df2c7781f88c2091720a305e95bc46d9f78bd058e1e1acca81f4b9a7fcea21b7a293ab51b5078549b26e8c3ad8dec01450fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00af9ece551fbd418a5d4121ea274652

SHA1
6964abeddb7a5dc3fc116b4f978591b18b6600df

SHA256
0f739e561511040e0ce9ad874c9982196cfaa6fd525d8fd0077dde5c9e115916

SHA512
932cf2f1bcb36c9d17400794788a58b4a87f2aed4170f2ebafc8c50c5c048fab261f5b2832a9334b00047066ca4ae0141709043ffe0e216af361c7827c63b2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
986afed2fd5029bcd1fd5e0cc1b63476

SHA1
af20e58deb699bb3aa38172992f3a6684f41a5e5

SHA256
b36fa32840cf9faac338f9c9c5680f0c3738cccb8b28f412aec52e1b695b72a7

SHA512
3859a1466b6f8dd30df8254361151b397fc4620ae31b7e6d7f23e11a2ec4e98bfd356169c63207571c1f4c38cef3603eb083cb45543ea9414fe4deabfb6dc301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
898286da72cf308312dda27525dc88f3

SHA1
4dae0d57e10c3aa86f35cd4d2783c2340615b3f6

SHA256
7cb4134410a68cf6051c34b2893bddac7d81abb1b1f431fbc975e8c330d0e009

SHA512
5f52e4d7dffdadbb62eb13ff0a07b98e38ee3d41ad44d1a435083f0fe754cfe1ddb0a7fca89cdbdbe256346c2de1347ba4981aabc01879b624c582461bf675a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
936f0b5574e96007af1ea0d1dd564af7

SHA1
360f5b4313063fb8955755221ef85cc7c851b308

SHA256
c384ee810fba78a6e4f95ebcb0a368440a9c697e08e03f5ba16e239503e61413

SHA512
a2c86d3da903463057d775993ee7a9407675e43835b7e83629ba5a88212d2b9187b76dbe0eede6948c4df6cb34a914319c17e602d015959351a3e3da5309d9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5959bf.TMP

Filesize
48B

MD5
77165d90d8f6f4568e73c53284247db4

SHA1
fe209065f45d341561ab0ee6cc9e7d4750b69911

SHA256
11e0f9b0d4aca0ea653b77915b2c9c8ba0bceaa0cddbe0aa927f8f3b284cde58

SHA512
b74718883b143c00f07e18805f522424e94cb43ec5435067365b23048ece518a613928a76669d19e9c813525ba9f2bb709b0d85aa17b2fa7fa596df3aaf3e1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24cda7cd1c6b4a5860ba7cc6d3044a9f

SHA1
4c1d20ee5e2b3a39851e7e7bc49a137f029efaf3

SHA256
6742eff86b58a66c0d00593d5f4091f53c8ad4b6d95d2718df7493efa33edd9d

SHA512
7523554a02ab7a3ea0ab0199407800ed3f5575c624cab8df220ea5f092608e73f3cc58952b4a0d861d6d70c5aeb652c8e633b890fc730ae8ca1cb17573d7c117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90d92b3c4a32237415645de9d78e525c

SHA1
6eeca262941e21c56fbe0999ced9c5bf793cb1ca

SHA256
834fe26380d61ffefa80d4e42e21132ebe60c03a1b1bffdd3f601fd914cc1365

SHA512
8f3850e54737f9512ef97cb8f6958df509193d9c75f759293f9b4f3f2b84b453c9a7a5f07fc9d97d39ca8bc904e20ea10c3301f29f8eb14b98fa605694cba960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ce39ed093839a395834b7fca4dac3ad7

SHA1
a1f47877c3233c7ec780566bf74d61c187cb9a68

SHA256
10ee1b3430ab60dbc97b3db63e293e51bb6bcc06fc548efad264ee0b67f4849d

SHA512
fa128cb1b0869358cc7d17fa0da5a8b3a45666b653cbbcb781fe2a8705accb0f9bafe79b0e989b917a8a9d1cf125c7c9ba21c4cd61d1c9faa89579a6dfd698cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f14ee9821c74f6cb36a47c8925d5efa1

SHA1
95e5790cd156fcd01a5d6e7bd25395a4fe40d4a7

SHA256
2f3bc4e6cd0cbd4c3e2d5d03ac67d19dc6604b9395b17d257e0c18e9ef3cd54d

SHA512
60562af68c4e28d7f25bd619cab8fd70b467b1130455680395a7f59786ebc02dae3f1b6228220e60eaf16935ef48d5795d240f90a659b399cabdef4480680c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
945d9484151884913c349a6bd9b67ec5

SHA1
2de571b42bdb1bd83a62bc643a9498e28c25b6f0

SHA256
08c96fd7e39c50adf327afdbda916a57b264257e2a66a9f5c358ebae7e454074

SHA512
918911033b9374e410a8830d905ab8844b9d2247154ef96f841ab32075752cf57eca53c3f7083473acb82023fba327e1a0f8111fcb1b652cf429eb7bbc9273bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb16e6a5a866e3bf3e7754c6dc1b17dd

SHA1
e0e9e145e38be438c4bd6f97cec960fcfd689350

SHA256
f1e06a59e4965297169e1bc2c30d41f7e1498d4e26d1f7e34c93eda797b4d56f

SHA512
ff5f50018d23487b5a21aa42afe63f5538f02a66ddb70f6fc4dc2632a67313938485cad657e2f4869ee3fcc56a2109f4fdd8171cfea5e3c21731c922900b0c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5a2.TMP

Filesize
873B

MD5
a379597dee784980dec60eaf822cd440

SHA1
f96b85ca05a7998bd9291af496954cf37fb905a5

SHA256
1deaf2622ec5729aacde1159833d6f4b86b39486b22f60a4495151f90bb59e4c

SHA512
ad2641d62ca0e2845a639589370789d4f1809e583dd08c6f89baf4ba760e8f84953ca91fb781f570db72078b8a3d4488f3d307578082a79532d08e0e17acd612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
02bc1a46c1e9a44230f2c3de4e294f8c

SHA1
6f6a2eef6efbfc438a72fbda5da461a4a9d298b3

SHA256
e094a171aec16d0ffb9768562623992d8c1eca35770421041770d8fac751e12e

SHA512
80d81e822547caada74ad035bd354af4d7bad0bb6074f2ca7df285f31440cd8cdb6cb7deed6e10baad06056743082e8ecf427c0c540591a1fd6c5f4dc691ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f5e97c16d99f0e7756f38da801bb81b

SHA1
f610e474638586ecfd7693c6cfb745b2ffc0a217

SHA256
8415076b0600922378bcafe280b0f725d104e854be393a9175f985806924732d

SHA512
4aa2bdc077ebaa4ba756cdf235e1359cf0b3a473ea834e3262e8c9e6058c420148d054ae85de7e8a5fc11f87e35c547bae031e2c08a113a463f9e2ec459d9e36

Download Submit