hxxp://nonews[.]com

Analysis

max time kernel
373s
max time network
377s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nonews.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{1853C2E3-A923-4CC8-87AB-31B695ECF5D6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
4356	msedge.exe
4356	msedge.exe
2604	identity_helper.exe
2604	identity_helper.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	556	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 3260	4356	msedge.exe	85
PID 4356 wrote to memory of 3260	4356	msedge.exe	85
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 3636	4356	msedge.exe	86
PID 4356 wrote to memory of 2920	4356	msedge.exe	87
PID 4356 wrote to memory of 2920	4356	msedge.exe	87
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88
PID 4356 wrote to memory of 2232	4356	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://nonews.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88f7c46f8,0x7ff88f7c4708,0x7ff88f7c4718
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2212129752673335680,5951717202012999149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
27KB

MD5
d6f862353c2433098d82725f90a0e280

SHA1
55ab2e7e58fd35c99aec7fb52849d866eaefc438

SHA256
719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38

SHA512
0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
63KB

MD5
c28f6aab96639e2611786fbcbdc7be02

SHA1
d090fdcc664a9bff9fa522aea098a3cafd5905dc

SHA256
58ff4cc77308448218785c38382e9f68cb6187b9ef3b49dc3efcfd72379f6985

SHA512
1b219857e1c99a7fc049c7f144e2e78991eca1e6b3b9222b67f19ee8c0078c8b29ef7514c744d6a15c3f871176100b8c4f01a3814332f5cf37c286d2e0a7aeb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
75KB

MD5
fa2f68c35016efe47113726e2417bef9

SHA1
349958db815f27e338d734f22050985d14ce523e

SHA256
5d99818482d3c3143af1f94444caf8a6c3c301ad786492799d798e55786f4b95

SHA512
7eae33c0fb9c14df795062e55553871694bd5873f9816abc3c461eefa37cf7d9af759bcebd68fdc7937978f0d487cfb698ac148a99f5583577bdc5ab71edaf82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
94KB

MD5
dec4750e4b4168bdde37b84b810df500

SHA1
d3c624bacffdcca93e2e9d68611a99264e44043f

SHA256
af54dcb404d924c474f5f2d0d18a0b557569877815c9cc213d1dd38ac3fee4bd

SHA512
87ea4caf6628069f2908ce6ed21c7925e1f6abe72756c7bfe04755b7a9382606217d0331130b7fbc225cd6e9607a9fad222eefed309d18b8b006b5c227beda67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
21KB

MD5
08d22b7b5d3d16b28250c2c845ccfca3

SHA1
4093b14efdcb04208a0b9630bcf258813f087ff0

SHA256
aa09076eac69e0ff314523e731b03c77790a9b87dccda6ab406913fb2b56f374

SHA512
747c131ec0378273c77895258ad21218069d2cc1328773a3c0c707d9f2bc64647338f453c518a7cb129e3d4fce9fd64105383dade0b98c0131222f9b41b9e666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e3

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000139

Filesize
115KB

MD5
58b6e466d9fdc0ff3fe89fd5c9b748b5

SHA1
693d7b16c35cc45766a787dc5cdcd8fe1010e7b6

SHA256
c0a36a75a0754ff11546c8f1637c1dd81769f6e7d5747a39148d35e68ffacc94

SHA512
52955830cc451cabd46845967f83e9bcce8c2d706bc1d70526156d26efdff1dc764deec440f2ddd044edb553f0632125754e1186e04cd49166b051a8013c1554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013b

Filesize
106KB

MD5
fbb562db6687614a382f7f353c87819e

SHA1
0cbe8964bdfdd25edd7d45d17367e1f7069a12e1

SHA256
a5f170db82f3745e9ff175242fd65da6798291ee466d1dddf7b3b07cd0662cac

SHA512
1c10daf9f53e129e0f53bc56513083d83fd1e9fef61e988a92b8b8a7b657c20ec9fa188c1d883c3d5b99c9d0c06e1f25f76bd440cd9432b9c00621c4d140f55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000143

Filesize
109KB

MD5
6c2be7fff7bf8cc59a82e1616e1d30c1

SHA1
6fb27ef3f55213c01e18b41b264c6644a085d7a7

SHA256
dfdab956eb81b8ca40d08c1901b48bc12d647e81b2a6c483065e5a8828825b75

SHA512
05a7e852daab89bce45e2ea39187b2773aab859b4fb12c0b42a10ca4f4f7826492dd00cd885489b1f1d5b9d8d090264c42954cd7133043d4b34d5d34b0e3343b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000145

Filesize
109KB

MD5
a02d0e553cab8f20391cebbca502ef5c

SHA1
9c52b63ed76404938695e20e82cd70fcc451ddd9

SHA256
31f3106d141e6c837b985e36611eb0bcfd524be97046ffa3e63d0638848de86b

SHA512
058959ec8147faa0fd79e417d9348f186db6a94c53ac23749c1af9de770382d237925dd568d0365efbe509b39c419db34118d7118328ea0e3bb1db62da3ad91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014b

Filesize
101KB

MD5
40982a777c2684a201ef42d2d73cd178

SHA1
76a5b90536f0aaf3740d150f313aee33de1286ab

SHA256
37ee409c1e8181fc0c50fbef160774a0b705e8074703668cc8fb8391f782e294

SHA512
c1387d7b467679631b7832b12834557aff419e1fe25ff32447625893f4f1e78b904ffc2ad72db4aa12e17db26b952092a6fbd837e15a905e8fc6d17627111537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015b

Filesize
120KB

MD5
24e0e2023083b093cf6199d4dd6a5589

SHA1
152d14d687b60eb5b3d6df4fcf8db799a19d9c2f

SHA256
c7d7cc1dca988973415439345f26cb6ba32a7505e1ee38e3a91368a0e0860e0d

SHA512
af2e611d656823c0c1d00867fe602777253e06274c0104e65c7d29fe89631eef3113844268b620cf6fc8559e811380078e3625a45ca03e6aef787e44bf26bec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1c51221d7a169a76e01f46ad0e3706d8

SHA1
b395d014adb9f86d5fe8d9dc8b73474545e7da73

SHA256
a13106d1c3261104181bc57aea7c5b3e443be740dee091a64cbf31a11fa15077

SHA512
7c06ad87258a856733805bb06a0e58933ba87be86e455223d9863edd2d233fd13fc872b45fa88da8db06dc8048604f4bb929a44852bf6f8d56f0c2b2dc764554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
033b35c8d6d9bc27303f8d9dde119970

SHA1
4be89d05d7768f4b4d58fc72ea8fb3fedc715922

SHA256
87c9bbcdec3ed9fe9d6b11b0f23cf7fca232beb265dc2f03adf9e86f92bb8210

SHA512
9561c82428789d0bd885e273556734dc0bcc8c44baa2deb8f382aae50d2236d7f719c5219b64ac5ee521e40fe3a65c3958e8785f51f8d4e6d1005f038ccc9883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
85d9939588036ba9b9bf569e608251f5

SHA1
35ef8633f678f06c3775f13cc33da50dc36095f9

SHA256
3bd9c48ab95213176c9720622a7a0f0130f1413d99c170ed697c45f832403d40

SHA512
3422dbd61a34a89707466e36d38625165723fc207cc371dde32ad396aec9c435ff6dc7f4d484d9c3ca87b1dce9f066d2b2d8e2d929440a407bb540c316701f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9c25aed0fa085ff72b0f83efe66b5a2c

SHA1
897e6a075e1ed7cc76012b37795760643189ea67

SHA256
91878824dba2b57431147288f1ee61a3b52f40f158d51c07ff79e116e6dc2cfd

SHA512
95ef009e0e0463bc3c8a9459b563f916818384046c55e391dd13e3f6448c400b6f3135f566e50ca0497b049167b8f2db6c42c315d180966606a1382627cfbf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
982f1557b07efde91f50682c0594cde9

SHA1
710cb7fafe0f8dde8cff3c5ad793df6ca31c76a2

SHA256
1f84e8e287e44596637e9b951b7e1ac227a5eaf4816867dc3fd4accdfd467f90

SHA512
24ce8b7606e6424e5e63a5bd10db79f243bc33f1be899f0a03c5ecc44ce6afe9cf001e49b288eeb6185ff048b6c04d0adf0edc266305ff0d4fbd15a7ccfdc041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
189146dbe1d1f62a169ae1f0e63fb2df

SHA1
81d0733dfc4d349092ef0f423c478ac96327ad4c

SHA256
437ee6407790780273949ae33e21d7b748cafb8e65002a63b19b0c03564da0a4

SHA512
2c6a43c686fb7ec02c93f9520cbb792204e390a0d3b046d2afad9a9ae6ae72a9d4779ceb12bb35f9acaa024eb7319b492d5c55776d0311713fbf07369c5f4559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
9f4f189ff9a1a7858327be36a37aa3f4

SHA1
f28fc310c6c1a37cd4ea8bd3febeaef56048ffe6

SHA256
45b79996836039bf39395968fa8242329d6a1bbd3ef8eb4d3d2a390f21d6ac8c

SHA512
5a1eba3e8d655d330b13c217de8ce802580f48b8030cb770dadf70a4cbe0d4548a5661a540b843995d8a86906101aaedae9e34005a53cac68600fe4e41e79267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bb6b5a230ef133ba550c36bd0dbbe46a

SHA1
146c21cfa386220d9711bad15589f9789e8f00ed

SHA256
2544118098092a79e52bc81dd7da95fba30d77d3651e256efdd041fe244e317e

SHA512
c68c27e9290031d741b5d19cf722594072469139bbc9c13a6d31dafbe054f23753cd28fe31c5b113d1fccbd60428ea3f620e303ad380028df18532a59cb69e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fcbed7a491287269197a80d7e7841a9e

SHA1
e373554c368b7f1cd216cfabcdfd64c24c03dee7

SHA256
278378a34105910f87db8484941506798cc70547f48166ca095273524bf6119e

SHA512
8bc97334e2946f3d5f19ffdc0b1af1baa3a3cc370c442095fd90fd742fd6f5b86c3f34bde16d60a50e1bb77b0af43ad33502fa191c75668bf6a6f3ec76cdd860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1209f8b52840f1c50c4fdb2b8027a1e2

SHA1
0d485134c4d194e906010878af6caa08ca6296e4

SHA256
88548176fa570cc7100c49965befffcc4aefa68a770a1486353a22a6b7315775

SHA512
013e088075a9602f4826d2fcd135663e25efdddc7d4830555aba73427c443e6c272ccc2b72f192241d5bf5a36553f9e83c4790bfb3ff26e127a6dd271b3967f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
28b05ca80da73c9b7cd7fd0b0cf7ae67

SHA1
e04a15dc226fa5037e583260aa16b0beff2df88d

SHA256
a2d29512b8a62e0529d69485fa7389871674ff350c71a0e1bebf9b3cb61de2a3

SHA512
6bbb36d54ff4b6f04e4f05e4fe11f3783c181758b3c5beac101248f1b3d295be25a7d66a80a4e7505ee5eb93d55abd99d9aff873a2f4a80743815646a66f3a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7d08416894272983ffe41d273613500c

SHA1
af9466231ea5ecd0b787b9bc2ce85494abfc0f81

SHA256
b077a73794175e88b29162f497c49bad8748aa44b24f99e68ccd599df3e68ea2

SHA512
f2ff9a6008e7483fe6b3ff7d95b187da7993f6fefecbfd16b6fbad27e16b990de220cfafac37399cf3ab876386286e99645bd680b8fc1d697b8e1c663d315ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1a0cbc7cf6518e599b5edd65893464cf

SHA1
3317a3bc0ee84ba3255c82277990c084392edfe0

SHA256
40fbe0456cfb3080da5107ee481b2a9964d0cce77db6032ff9d10a28293e92e2

SHA512
5d10d0480710f64f36b132c9e7ab346cd1c4b088999b8b6558f44679581ea6118c1d74b71f7a66670ead6df6dc6a27e9f15f3fef970ec16b1d372a4c88f2391e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
165feecde19ac6ba8d1d06ef25178e62

SHA1
127276f784ec9a0add3c7886c130e571b699662d

SHA256
4bfbc9b554ceec90ba5d3a92687967a667e80c5a26f7358f7f20a4a6eb3d7045

SHA512
e9ae8442686e71d3a6caa33dd14972dc6661fd80db773aa0f4de591a437fc3a364a09a89167d56052003d380d2c5f41ef38d2f26b98b796032383e0607c4dc4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
0446103568e6a19bfeaffd77b69055dc

SHA1
b31e1f4e32b2ec0d8362ab2e27c4cf64b84e22b5

SHA256
97ed440b55eae9e4cf4ff0b082a9e1726aaf2a485d332bc96fb1f95e455b011b

SHA512
67aa487a174a830b5b69956791c295666a02d2b0bb3cf7b88daf139c3e1d18439b86c5422fabae4888fe65677e733a4369b71e3f899d09925fcc78a58f846eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bf3d321abfa6043b9c7eb7330816930d

SHA1
90419b5ad20d4233ed119d2c5f5991216662316c

SHA256
a0b174ff325a33550dbb5067d4c86c9ce4f432d944017c1db5575121425a34b4

SHA512
56408bb91e6619e90658f2496c4f70f272166ccdd9a5305a6096c082fd4537df4f46fde6fb8701106fc9d71bc5bd7eac87a4ddd2c66c0bf5bc8813a17cba754d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59ae57.TMP

Filesize
48B

MD5
6597b75586686d697000252d80a3b872

SHA1
080a103ae1c406633122adad96a8a5763f8fa011

SHA256
85c81cb2ed325797e61afba94eede380e695f014934abaa385d09de4999b068d

SHA512
f017c1389f7bd2b09abd70207d978a385201cbbff0e7d84d853166c0186bc5de161466bfa90b9d499754ef16d26eac358b4470efa8215ac474410570b8de9e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
495570739f81b32c5451e6c2e0af95ca

SHA1
0cf9e7842d9960f659f93f1a0c6c694bb1d5f49d

SHA256
793d6d64483c2f4d88e2bde284747b08f3d17a7738339c448df3c4c50c90bb13

SHA512
f4ee0b366694363936c838a908454389bcc2bc642b56a1ebe28dca2a546fcf347e9c49b0bf7b8c937e6163cd1a36aff8e395aaca5e055674544cd6ae2ce9928b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9e3d1b1d42391ee184938aeff9a95e7c

SHA1
5b44d7e036fb77c2d50aa09b8ce079a64abdb46a

SHA256
c8619adc8ccbb43f354a423f7bdf14e3a63abfcfbc70fa547ff87ca731fbaa78

SHA512
2ad991791207df370124862cb97637ff2d2a5d7285e16a35f6e9a39ae31bf7d34b2899a569ce7507597be09607189c7b2f58853b7afbab970f53b6cb1f0144b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3144bb08217d3a630394fb23ab6ab7a9

SHA1
7cc9528273b4a7dbe7191860a7e6092d803895b0

SHA256
fc068a9caf030a8e3993d6eecac447fa219f4949c00bd76a63e56d52cdd36b2b

SHA512
e3cc12a212b01f29c3d930619718da67037190884dbdebea9fe0d042f04733e44c97d1f752820a40fb6ae7c22d81aa14f68c22fb646c855ef51fedeafbda6bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8e4482c20e4f1b1dd348f3d27db48a6d

SHA1
d963250aac91649f2732666940179d50feca06fb

SHA256
ce36fd5644025167349670aa89cf37199d4b896e2e9c15cca2faec6113cbc2cf

SHA512
61621317351f6cf59ed05eb42e41bfc95430999db11070015714c2338c9abd58fa31809d64ee4caa8a3c611b464e5675d56a43cb71dbeb0ad7a442bf3ad0906f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bb8df88cc0455e552b887f20f0936f72

SHA1
c0b645a0b73e9a21e34176109affe64a32b9452f

SHA256
1aab49df6fa95f50c34d95227317059610a0eb45b4fc51b708b5f7a596a30ad1

SHA512
4678fea36ce2c54bd3ae07abe1ae7e7a209625315432b29f3d049957b17e92571930bfdff904e2fc6123d7988e98e285bef9152167ca5b92b39241440fb446b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596ce9.TMP

Filesize
1KB

MD5
0f2660c798249e1c3814b42153e43867

SHA1
6359879898bede4caefcad93f657fa3e4b2c80a4

SHA256
c0e63bab567ca9fbfb7b851e8f2eb1daacd22e64ad71c61bf1d2f26ce2f95b27

SHA512
b15351ae674b42ff2d3532aa37aa769fed310635a4561e0a52afad0e596433fbc9bf0ea066906093677a72eae54cceb3e77c9d98274ff16466f4cb72363b0cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e21e71d9c286c63faa4e90200a16067

SHA1
2620713102f6f92e4a3fb3fd1d8857d14a82f216

SHA256
69edd235e847ac458ba0077c6cc00a4e97591c2c53fed59de60e0a2b84abbf71

SHA512
5201eb51622017462051ca3b29f4e06426c1dc631c57c6f964327113c90412ef0171fa190f31cada84592eca7497d6a6b45073209b347e378169e581a4da3b4d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit