hxxps://wetransfer[.]com/downloads/3c4cf430b3cb6abac840e95df38ce16520240222133514/b7daf5e22de8eaf401d8243767a88f0820240222133536/8b04eb?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid

Analysis

max time kernel
623s
max time network
625s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/3c4cf430b3cb6abac840e95df38ce16520240222133514/b7daf5e22de8eaf401d8243767a88f0820240222133536/8b04eb?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{5EE68BE2-EC7C-493D-BA7C-601F6F518450}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
1036	msedge.exe
1036	msedge.exe
3900	identity_helper.exe
3900	identity_helper.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
1252	msedge.exe
1252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4016	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 872	1036	msedge.exe	83
PID 1036 wrote to memory of 872	1036	msedge.exe	83
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 1496	1036	msedge.exe	84
PID 1036 wrote to memory of 4900	1036	msedge.exe	85
PID 1036 wrote to memory of 4900	1036	msedge.exe	85
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86
PID 1036 wrote to memory of 2900	1036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wetransfer.com/downloads/3c4cf430b3cb6abac840e95df38ce16520240222133514/b7daf5e22de8eaf401d8243767a88f0820240222133536/8b04eb?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc10ed46f8,0x7ffc10ed4708,0x7ffc10ed4718
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,8038816594282198782,1180855115370082755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x53c 0x540
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b8a4b0b-31e6-48e1-b83d-30d544b0d5e4.tmp

Filesize
7KB

MD5
c552dcb93ec4b70fd3165a4bc5b240a4

SHA1
97985c9b441b4c983d0e06d4baef332913cc3c4e

SHA256
b20da6cecbe940e705b53089764c05fb5303ef91efff85e7587dd1f062d637b2

SHA512
9c33de3d46ef035836ea7abf79967531c6a9bfca1ee5a77fcd182da4a067d7ac4a4df5bb90079ab1a108fcaeb03d6b4923faf92d7aa7365bcada70e8d147363f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
108KB

MD5
ff5f6eb22cad5bfbac357077bc963f07

SHA1
7926b4fc2d292ec4e007bfbfb08b6a1ca93cbdd3

SHA256
aeb909116881e83f54f709a0cdd20f8e70c9d035b76e1e65ffa6f80d739fc523

SHA512
f10efd05b45ef5baca758c2de80c31853b25268264dfddbb0f513d33cb96c91886be7abcf343fbb347318d7df5d437d538821e4bf0ce8d165c9fa7f15840b1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
19KB

MD5
6b28c09a4e857cbdd3d2d9418429999e

SHA1
41398594c1e6b5516c44cbb42519d1524724806a

SHA256
033436ed1aae85b26a46bbb3f758fcbed68b8614e08a2fcabbb390bf5436b67f

SHA512
00a6a89437dc7086e1acdc9cb4f7336963adc43c77558c6a65045d5a5d00eaeab0ff9e40cad8e9676b1ffd3fd16b9aae39c61ffdcbe54f08cc9e10515a945624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2b72c6660afe643_0

Filesize
21KB

MD5
61b77af47d5c77c713bc23915d43da86

SHA1
9cf6e9534dfb8c20efe29a6273df936a6cd7c868

SHA256
ca0c888751f84115b390146cd54d5442be20febccde08f0333d6065c7d1fed7e

SHA512
ee27c12689bb9fd207b6c1c9df88bd85e4cd46bef5ed2b7c829c9a59065a4002751e444e0ca4bb8bcf24aadba60ce48756522e2dd963f5c1bcae5c44b94555af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
fa04288f4e5ccb3cad6d0379dc0dc30e

SHA1
0edd36dc31af7bd4df098e26d6f1789dd8d0b8d6

SHA256
3a9e3844e2d8ceac0c8397d5743f53f148f9b9b337428597d768e666cc89291a

SHA512
021d013b25bb5952f137ece48bb2d5f989524d63eced7d1de14c0b396ef2dcb08f563a430641cebcee507ffb5c8db56ba14536aabce594bcfe8033511ca928e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62480d382877a02929e49a651eef1c22

SHA1
f9b57ab2dfd4a6e8f4758dc133de133c58f21605

SHA256
b7f43622e008d6e30ba7e763b4195bf90964aa1797c09b5c2b3f6da16fc81485

SHA512
2a0bf3166343947368c93f4685ddf05953a91d4de73b6bd24657e9ea012f07315a8905647b9a6272f3061344320f19eb9b717de13cffb8cd8e4a4853d27829ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
90e5ab25a79069b3e9c324097ddb5d87

SHA1
471652017668f5895ea3ee9639b9c5f7edfe1398

SHA256
397574e53a16b2c6234ad00b2b60d058fbe21cd21309fd9ee2011be106312db9

SHA512
647f8d5816a71be8d0015b989fa54c3aa9737094b0187192573ab10c15d568022cc13c12fbc985625da89ba8383707120f0a3200eaa28c0d087ce0297cfd3638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0e99c862e876afb402d2b331b7700689

SHA1
0f22fda3c186536a42a3331c49e0f404b3341844

SHA256
657d127d9203cf945195c8fb0e7c7c3c9e4e316dcab8e323d3bc8e2b8c05c05d

SHA512
258f331fdb320935b42788f0636bce329a02ee632f253da63e8a73ae7a42a2a0f553efba4e603700a9e6f54f5ee172f2a9ba8f43adbb210cb6af23d8dc3f69e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_backgrounds.wetransfer.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5314d851d89eff66c335cd07f034805

SHA1
d6997c0097c309eb98c47cd7b9049a4bd153e671

SHA256
678703a5ab60e4ce33ef42b5449f9e4191bc7d823910b4e0373b06e456247f26

SHA512
2e0e59487fd9099d1e10a6de2c53ea671c00f79f01769124d812fd7f2f27bf138a9de0cde3c3c811d3ed06856162f6795b2ab7186d1168a73e5f2e048d6e964e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2992e9c09b7b4e8a52fed8989f3d90ff

SHA1
b093550ef65d3b67e3b1526dfb47b175c0a42cb4

SHA256
ccfc9b5204863e791e1721a7656438630fb21429f8d4ffcafd22084f2083d5ee

SHA512
248e137619b2666ac66ca4979f13d0451c3b7717be32bfe8ff4eaab6a5169821e67eaf66cfea2310e2d6cd73ce6882fdc427b150d910c01b68ca0e0d72042e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
dac354c77d8a8526303cb5e21560d19b

SHA1
1121bdc2081c0a106727c4d4f3872811068838b4

SHA256
cd797b086e9b84f1027a85c27a7ad028077e9bcb1eebdf8736cc7d78d7978ddd

SHA512
2ed943f94f2db0e10920da27031639b9d74dbb58eba81f76a1ad1ccd995b755162a73995e6d74f7a5e88eb509e918b121f879493b0d8f162096143afdb4dbb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
ec8f3ab5609b2b4029aa55eec5d4d34d

SHA1
c8e57285f606632e9e746bf71d26dafafbed1b79

SHA256
488eeb871d3fe8f2953448c08992bf20abff5d1b41577ab0f2856fda823e02b4

SHA512
af215920d0cd9d4f376c56f9307f6351190a7a9fdd58da1a00fe11ac4b90272d8d1506c800bd65ca9f7fe2667600dd4aed0405506407ba2f1943437fccb8f2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ef9429d9b362c027143c39f862713b9

SHA1
0328a23a40c0c3473dac4235f2ae107e18cdbf1c

SHA256
0265c8ed6bf9f47106995db0114416ae614b8c3d0a78a27de598ee42308a7522

SHA512
f76b8c8c8f861c1ff7a785e621efc204abc27cae24871efce825263fb9645edf12e7350053a2ca882b1185ee90db7b0ae78fe882cdf256d981e54587b3d2822d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e00f5520f89e0e32b8270118f4279ae2

SHA1
4b89a8750fffc337f6161d35caf1bda49f45e710

SHA256
0fc12e8b759829a1b6b5f76a0ccda3ca7509964bdb3847148db58b53f65ee08d

SHA512
0c3332d1e57ccb6c64fed575805d0882c99f47dc81e28b334e5be596240b32145ad4315d503923a57c1cbcd47d6983849082e6f2e3abf3676995c15f54a893e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8b313f80a7555718ba56033a26e575a

SHA1
910ae9f16e5b5a29e119476970e3fc7a749345b9

SHA256
1806eec3424c07cfbdc86fe95fe4acf0b147f7005458e3ca0ee7435289df072c

SHA512
34cb1fdd318c3f26e8f17047cb92cfb9e98a367bde7a31ef22672587e6db36d97f847b401be51c2be1c98b1f38757e4ded08fbe9b7bbf40f66d6ca469bbcc429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
75aa5a26661419fdd45c186fcb277a91

SHA1
31855f0c4585b4fbeaf73faf49c2326299587d0c

SHA256
fe185948a20cd0f354349b7972c3237ae34239a01fadd121dd2698f206b91303

SHA512
57461e43829277b9d98a3afa7235aef121da159877109961f1396ec8621842c2b42077256072ee939a64fb1e976bc8e6d4730c1e63f9aa59920084beca2b450b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
560fbd7fe68588ac39cfada77763739f

SHA1
c561f67b7359e30253a53e60077db7d44d224cc4

SHA256
d4560b2545ec8cbfb5e3fc0e1c4424b736268aef189a1b88bc148109fbdd413e

SHA512
65ee304e052aec7f11adb3a01e3ed4b580c71d9c8c753ef5e328f7fde49f978e53aa651cb50b1089539847c6821031674559de8c3e89b002ae2d691766ea785e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
acc28d3271df2c065e526de8daa4b0e9

SHA1
b87d9df8d2b03666fdbbfa8d668d160306c80dbb

SHA256
d37e0a29791cd710008735b216c0cf133e157701838414fbf5425d40bcb2e2bb

SHA512
5a9e0a33c38d1833c5ff839c841a79b548864df525321452492c3399c2f799975ee6cf50545f078afe650f9bfea6eb453c5c4a2d0f04ba0b3727ce44dab29d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\3a53ee7b-3c69-4cfb-989e-52e60a0cbbd8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\584d37f5-84a0-4b95-9969-2c81e613b537\index-dir\the-real-index

Filesize
4KB

MD5
43d6c4670599635e3323ba892f185aa9

SHA1
d92bbf0e7595b918c6b459012b3d5d054088eb33

SHA256
34a83a28aaabc0c8eec9dd4954e342ece12e49125498637c4d6e152013c84e8c

SHA512
f199a8f7108bbd3312938c9bd8a121a86912633508500376694aa4a2a345fee794c1307950ed5c26956767254549efb68a066400f12772b1ba52a01e5e0e681a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\584d37f5-84a0-4b95-9969-2c81e613b537\index-dir\the-real-index~RFe5ad979.TMP

Filesize
48B

MD5
9b8f9f619b869a311bfd57b088b4a45d

SHA1
09b356d27c99472f9e4ead95ae6216f23c3feb62

SHA256
417d3917a6b0b914f0a9ec0e12b554626dad2b9fb52cf625b70470dc83f231af

SHA512
d8d1f3da9b06ee3cfc2cb7b6d144a12cf324c50990f427904ef46be2fcf9a30c5e70f9a55b1565ca71ed37a4b06023a78dcc3f9f97475ebd079c1923cb61131a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\index.txt

Filesize
105B

MD5
ac2a216ee7493e3691303fd3705ce7ab

SHA1
af9e3b45b3575dd398d77b8b41cf24d9afd11263

SHA256
6527d2fb743182816915eb78f96ae9b9d8e58003d4222247961c780470382100

SHA512
4052b1b4f74ae47eaa32485d0572cf194059591bc3acef2fd912e87966adf913e027ed13d220fa9c5176781521a55c848983885a60af3c81871f99fab07ffb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\index.txt

Filesize
174B

MD5
e79e97969dc93a6560199a873355227f

SHA1
9f65d791261db43f5de716dbbe1548220281f62f

SHA256
e468de04dc586e610e8b86618c53e91d4dc74b0a6d5396f1566a3b014158acfa

SHA512
e9a6a805d294574ff6225d5528f07c17989e265a9a488ad34f4f685bb43048ccc7cb4147849818dc22165df80d1bd9b8f8dad2a9eb02d4fc0f086b6111680167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\index.txt

Filesize
233B

MD5
6c353b0a91f7115e2395e89d6ce8225d

SHA1
0f9f80da1baa1a49c052944cf17a4f5354c3f4eb

SHA256
042d1a2fdb6c9425e0a24c288735a15e29de5b4b989b0cdb6a7c1800fe844bd3

SHA512
e21e5d45e4044dbbf68d17187ffc82a6437c98e8c108435dab0583f16da3bfa669bf661e01475a7a91063684cc733be94c1e42137cfa161177573b35be65b834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\baea21a33cc3aaebd08b78ac1e0773fbdad22547\index.txt

Filesize
226B

MD5
82b2ff0522a9dacfdc12225a16740ffa

SHA1
0f7129896eda8ef57c97207f8c2bc6a19a8d472e

SHA256
99762b69aa4a1f7c9f1d5fd71c7c6ee30bd4fd3d3cffa7ec10317c49515ace9d

SHA512
5d79d96ece99834391ca0c482afc1dd2d6b8f48cec7f5ed573d8a7e3d83cd99c4e4ad82bd65e3a3023e96ee8c4c60f2074250ff6155e9df9f116d698c54b3097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt

Filesize
156B

MD5
1549df5e01fb001d12d0f23dfbf3f725

SHA1
e0a55727582e952b874a418f56a14a640d50444b

SHA256
54c667b711659055bfbc4a2e3a1eaf83fe177af330d91dd878baf197ec422417

SHA512
35f680b591dc2ddf143e81071c54c36b1959a48e8c0ed542ffa4124a3d09996b5516fa97e4a8c240fd00a85cdbee8efeac07156a4f6da417fce6c368f1648e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt

Filesize
149B

MD5
eecc94b2cf14aa3eee08970c3746299b

SHA1
8c68645fa85527b7a4c8c02d65319b3c6b86f1b0

SHA256
9478d56f21536a050bcd6a91ef6a6b7176b88d4524c3f4d19a010752ffd7ddd5

SHA512
64460225f8bbcf6e1a2d1a8453165d8f0b8b36f74b1fb7904c59479f8a0bae3e5a42dbd51db4b822aecb7280273dedc443162c53463f93c2db7ea1b44c260e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d8d05327c5274855b1a8796001e4dc6b8f2e344f\index.txt~RFe594be4.TMP

Filesize
90B

MD5
48a334718dbab6d13aace53c7dd02da5

SHA1
d7693b5ca7f87133f27b4258345d145e64584574

SHA256
a7c19a1fbbee86df5536a37baaf6acd85bde5f57bdc7dbd496f236dce3657d39

SHA512
49c447693723621c2e5834daf92c230d7497b75b7ddcbd3a3385f2581a80921196d5a2a507f1b666c626d1b8634b658f394e8f39096593f44c86337be4fc5abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
60c252b436849897d7531a240845f695

SHA1
f3156501cb36a4ea681e65b05c319980bcb245e6

SHA256
6b4f5fc5997cd174258b9eaa1773c242f9c783828abd24bb14b71ec119a21dc6

SHA512
38b72c8734ec2f68f3d2d3400f7a6bf1b5dac1e3414a96d53bad83fbe54f4ad04e260eb5aa5732ae6f9fdb3e7ffed43248d0d68d0e0b693173469ecb9249c701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f562.TMP

Filesize
48B

MD5
248faed97ab6e4c9c826596b3f246332

SHA1
fa367879564833856292744017b9460fa8c92e4c

SHA256
2f87cfb49ec57bfeb35b06e24df6224548a99278acf3977cfc76e6ab869a52ad

SHA512
6e27ec4677ff49e3ac4e72828154ce486d5903ed08e597a71ee062a60c1bdf2354283c16473c3c5896927e7e27d2bdc74097d0dbe676ab51c164b0505c6a35ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b8a7fb7e424a2c45d1abd7c0b705390

SHA1
af9ce99eeed339c85251ada496c71a7ca06c113f

SHA256
073cfb0380c75a5cb16e4b933da93a4bdda9f59b9219ce6e7f2ac033a7790497

SHA512
c877388d984f0417c5ebb416a89dc3e9a3d2745211880d197f3af48f078718ec6e30a2d090a9699c93063ecc1b2e71885bf0277408d96e6e439f8b02341f856b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ae283e251233e9080db032ab4b2b30cc

SHA1
26348b187134e5d0b4da6c0103df67fa0f33bfb7

SHA256
7c74304223b9dc6ad13709015a83892ac5ab2355d8593a38fca5d8b9e4d58a52

SHA512
fd096fb0fc8aee2a4fe762014679e0cf2a4af4c7a2e4562c05102f02f157c2ee70e19615b707fc4023e1c0f10715621ff88eb59a4cf8291cf7bfe9b606fbb11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d1325ce146dc3d70370755b27c7368f9

SHA1
556ebf13a1a0c307b28e0b287a79fb5fddc39f58

SHA256
02d4713aaf32c883258750cf89728d1e249385c54cdb2fd9839076b70f27218e

SHA512
9463fd83d9d0534c2ec7e4fee898bc8f6e58f5de24a436ef1be2bf563dba93b99a28e05687ce3fe661872b6ce6070c90ea3ddd9c715bfa8949bf660c9212bcc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
517f19d99e6ae74d07370c32e3079d5d

SHA1
7a829da1ef5be836f14c0339d09d1993c79d5fbc

SHA256
e6127c0d2bd1ad24b4e75c82d45d4f26af969cd63b4a4a46ac61007b178419cc

SHA512
352b58b544ee7ad19cb295ad26facab2e82376a03bc3d14ba421c56c01530b4d33ebb771a89555e79cd1664a754532de7f221e4b1c297b6d64ce5a0bd22448d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
640b2f0a3d4295f8e6daf2cf604c5989

SHA1
f51ed24d2a6aa9f50248a026a3d938fcf0cd2b08

SHA256
071c6c5ed0a41993ad665a40eaf7e17963b02c2bfb867d7db4ed7996415334ca

SHA512
26de4c75b4d94c13a3e4db0dd676bb1f051a6c84719303fb76931ceec6d29107d195b2e2b5ce5cc54e9916fe6f1cfe4571b88a2f0123f0bde0aa3d7c3a4f858b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
479237d00686395a361245b0a950454f

SHA1
6d66cc71c86e04fc0363d00991c233b1795030c6

SHA256
3ea2103c73579bf4e2565e1e76e33275b7604750d56168702d1d3a3db721b6a0

SHA512
1fd878de76bd96e03dd0b7ef28ebbbb1b0cd921d9ad1ede60900dc9445502ac3827f15a2514c8df2d651aef6fcb4e670257aa9988dc3de19e647fa67f9da7c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
62b1f2a58fa773d9addd68897c568a47

SHA1
f05d43bf461c750532ddd3ef5f72581f7e7025b0

SHA256
b53e790c6b741e37a10343bf73c56ddaa2f2298b246ca485dc004b87d47ba15b

SHA512
887d7c1b0b225f1ac583c861a5d1ec07f3d9241e997a0fab84e1ce1180032a8bc38dc444ce3b367ac4dd6f26501cf919a94d0d080e390cfe156d4ccc6d954875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
1732d1b0722f80f649e53ba3fef01ab9

SHA1
779a852eac89b6ff2d23030e7bf9825cdeaf5180

SHA256
2432fff3bc4baea382d11e1693a6f2c5bcd594a2b1a66e0984c18a2e4ba22d34

SHA512
e4ae3f0fba83ad06c0afd31f7b5e428a2f9679a9e07a6dfccef61254332f816240f6b9da8d0032c14b83099da1e5827e9c247c22159cd80e6b79d170ba3e46e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
30d502e358a777cae99976b0f7205c93

SHA1
f73a5d2252720bbb1916262fe916155a4e7fc98c

SHA256
1597190b874f5aa5fa4ad7c3f8cbbeaaf7d8c93cea2e66ca665882d3add89dca

SHA512
2967bf9e74fd04a16bfd9f6d2ce71cf3c989fcd545bdf50ea4244cceb824d09109c3a6a40b69edbf96c6ea384cda755fb00106c154e010b79ff4b91e057ba94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
0304676f7cf9219b3bb253cc98812d52

SHA1
65a951bad2c7c290d5433debcb910452f0c3426c

SHA256
d2cbe25d33e26e5dfd5a5d71e3b887295aafcbaf3de02a7c1b219f0b3cea5eee

SHA512
36790f4b295adb268a71129c1c7191ab57b4403bc91e2b15b24561bc2270ab26f84ad7fe2f0732b5eda4165ef87bc6f41dc15c3874b6b3e34832a00fb7809255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
25940b15aeb1cff77db56ce5b1b4304e

SHA1
b454b81b216178c23b6a84d43b1efc3f5bb6f026

SHA256
e3febf26504a6ca8e08b3ea8cf78f0950bf78efedd3cbe527a23b475ac2ee51a

SHA512
6312aa7ff2bc0f6a3b0a9b717225fa3ac1800547aaa280f29eb5d790abdca1fad45235d92477771a1e7060a78f803f8da944b53f8a373cf608a528676ed3c9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
235dd8388123bd7d083558885c0a2761

SHA1
9789079fec00c3a9d35ca8332ba969c6c9d95a1b

SHA256
8d0eabb5c9bce200d3a3df0c9c8f35a299992e0ecdab31f487e3f0f73fa71730

SHA512
7f83f2ef44460604b2698e4289b5d2cdd9863cffe5628819696be9529f43a142a54ec864337833d7be196021f9e5c89ba6e6668297aa45a34b207482f4e3db62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5fea59d473c72b634bba978873dd2599

SHA1
71770dad9af367231002d3d9d2d4c9a4fc7d154d

SHA256
9105178e8bfc5763b4056b9ae4d23cfd70a54f10d54ab33e898714186e950ec3

SHA512
72c616921c3e8a7d2c033a812ba371681d96a850d87e6a32a956ee65535c626b710cc18d542f0892d4939a021d68703f16742911c70df444328a38cc93a8733d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
2acad18ecd07b42c8250e20d57165083

SHA1
df1c3e7de7cc9a8d9b495f9c343f47ad2b9e8f1f

SHA256
8fa37685a620b6aff39c4b4e8a20bd457ecebefb4f1860bc960a486bdfe257c4

SHA512
1ddaeb51ea6b29bd2c3e145a5de2d211ae0d9adcd18c195ec0b1a355c3dee2d4d250a3003b4c801038c4d48c743c18e4f3c17c4fd69153e34ea538488c1afc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
1d078af567e2d4ddec13627b6a63c40d

SHA1
7f27416bd9795a8f30d42a93f839780ca496c76b

SHA256
7c724ec44b241eca827c1fb48585a622b31b04c8e19f1e8212b65d3291dd3e79

SHA512
96c805e3900fa4f8247ac18fd145c97ab4acbe276c3074cef1d6c6faa72fea7ffcd2ebbad346e2336b76a840a61206124305ee876d42e31adc78e79a6ad5b695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b55ab531bc4ce34f8f8c6d8bad3729f9

SHA1
0fdff8f32ae0f80fbaf5fd07d16f083f1eeb982b

SHA256
1222fa21d9acf76f2f05b73abb58cb7c931302f410f1dbf063a1a5c420cfc265

SHA512
1bd8e8ab1574bf4906712085566266d49329614c50210c47c85dd6ed3dc66d54819e44e29a1a68108ef427f2ce0deee4aaf27fd1ae15bf6b59414c5b61173732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b3fc896901fead3a33be42a7a7c4c907

SHA1
7327e3da7bd3980f13f5d9e5e27e2e26d6e9470a

SHA256
70546b97276fa32cc66408590eafa4eb1b6cad5c399f0eac4216de2a5f7f7029

SHA512
4e14b6c2f2a293723446127a6d0b4a7abadfa4690ca1fb10cecf3cb5f0c5a5913c621c3870ead64edf493e2592ae42e311590462f66881cbb03c3621d3e3889e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579af8.TMP

Filesize
1KB

MD5
2da39765e0aacbbde98303dd007e420b

SHA1
47410c5d1463be59d30ae13f0b2d3889e7495ab0

SHA256
9cbd0b8a39727ac22b726caa76a7e79317e93db6cebc636b0e5d2395e86cca2d

SHA512
10a62386b16a9a998fc63e3291f48adbce36321ce2157a33b6bf93e82b84ccb1f2f8b60ffb350b4d1d11bcce246cdcf289f396bfa6e6502371970f8924b838aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\0d226c42-dd18-4bf3-a5f6-21e0c5715911\1

Filesize
56.1MB

MD5
4d605f3e21fc62a5a045b111eb636889

SHA1
781405f6b3b860232ce2e4ee12ecd55bba9622c6

SHA256
dc4ce808f6a58544565d5db58a92c768331065f1b8d1def360d4cc085c4329c1

SHA512
3db53f92899bd7165964d9aa14c47fa35fcfa0d52aa1ebec5fbd5fc30f6fa0eee630772b9fbb87ef95609620b07788c3cdbf4420feb8dd0f2f1b8c791d25ef8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
43080958b5ec89aede086d9b3d9b34d4

SHA1
0620526149ab158babd6fb01e30c564eb4df4600

SHA256
b65046553bf87c87c7b328ab7eaa248d30a20588f6318cdc1161214c0068fa6b

SHA512
8bb68570f54695d51573238b5e0fdf6e40233c4b4f5be42d38aa525b82a85f4c2fddf30d1509665f4886ffbde1b58dcd71b8a6ed06a60d8a6003a793b2d7a87d

Download Submit