9eb2dc6ae95f6631e25eb8679a25eb330f1a7c463d3ccf31c53a6daa1346f007

Resubmissions

01-05-2024 18:33

240501-w7fn8aff45 10

01-05-2024 18:30

240501-w5ts3adc6s 6

01-05-2024 18:18

240501-wxwbxsda71 6

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pending_Invoice_Bank_Details.html
Size

10KB
MD5

0def2826514ff6887d5a2a6cc7db4b5b
SHA1

b6c964e67855f076e90fe5c339b02fa2fe423ddd
SHA256

9eb2dc6ae95f6631e25eb8679a25eb330f1a7c463d3ccf31c53a6daa1346f007
SHA512

cdfc1c5039bf03430d112109813915c89d6dd05592fc0b9a0e3d80e157ad7b404f55d0a1aaed2d1be1ffcdc1fb1c5513949ec713b9d22046cf9ca3de4f85d50a
SSDEEP

192:/TO8OGVCARwH8izhrnV9fxRQdjSecSc6i0bKVC:/TBCARwcizhrnV9fxRQxSecStbKVC

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3726321484-1950364574-433157660-1000\{7116BBB7-9F5D-436E-8023-FD337A0C2464}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 11645.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
4000	msedge.exe
4000	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
5152	msedge.exe
5152	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3372	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3372	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 3736	4000	msedge.exe	87
PID 4000 wrote to memory of 3736	4000	msedge.exe	87
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 1664	4000	msedge.exe	88
PID 4000 wrote to memory of 3908	4000	msedge.exe	89
PID 4000 wrote to memory of 3908	4000	msedge.exe	89
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90
PID 4000 wrote to memory of 1168	4000	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Pending_Invoice_Bank_Details.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd04646f8,0x7ffcd0464708,0x7ffcd0464718
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13188060404586284589,11840038011476891487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x394
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c65ca1b9bad091c_0

Filesize
232B

MD5
c0648b90908d73840cf13b2fa068dc7a

SHA1
f7e12fb6847b0a8c79dacb147cfbc22288cdec05

SHA256
6858a747b5a19a11ff2de42504b3bb1a151b1396839d479b30d574774d018e7b

SHA512
8801602d9b6bb9dc5c92304ae0cd184b184354128013975964024bf081b83360b81f74b43a66e097d1a21930f63753925ce8d2fade2301be6fa312bce03ab766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
316bb62d875d1a39284e95bb10c80e2f

SHA1
e77f67e702a03e249876c018df9ba9bd3e9051af

SHA256
98362551c25bf6935af096a0462fd053e1d4196dc0a0519124d7ee6df98a24a9

SHA512
bef109f39d9a22518e0617d74b11485dd0029a203796996a995c3b7f884473dfba15db3b51f4df0e399f19a60c6bb4d9f097cc6d4e64299b4dd322506b663c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b538fae04d440f4f8138372a68b39fad

SHA1
a9f7bfb8528b9321e3434b49d5ce8f1c81f1485d

SHA256
a3279c262a89ba1d25bb5661d22bf2c3bf9b96afa992891c336e202ed1decba0

SHA512
b6a3f03d777339da6b315bd27d1b003928ce40297fefe22f9216e8dfd5255bad2633b3a8cb392a7457b2061bfc35ff712db22b76c4c539e695b94f3cb528bfcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
9e44100f4962327cbfb65e6d3b1ce8dd

SHA1
3a5811e26273d2b93d8c440f6f074435f43ffbca

SHA256
78cd205403b8c1a7890908b881bd6588fb230c49f99e5eb5decfe0f19320610a

SHA512
e219c4836a6e72844a54d62e6d3ef2b277aa4ef54c5026890236856f28ffc81305d6055b036ad69654ee63d5be38e1f9cda4be104f2a7d1a8d80f98537e41128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
c67f1fb718ff404854a65e3b8a4b1cfb

SHA1
15f1b6e1cbacf20c23721d8d4ca204b26ded2fec

SHA256
bb60896d139afce18d8a25aded6c0db96666700ee357e42c9ebb96668dd08452

SHA512
3909ed4fe84372ff637d0f44082c59192071666929603cf055e5f9919966e8dcd6ca86990755f582a1dfc9e964689e01640c02b9c953fa49c48d4941a2038c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4acc5926e48a577a3170ecda2946338c

SHA1
98cdb48c94983f5c5ac89ad306e6ee921b372044

SHA256
45d0a839bea637a980d451fe57204e585a4ba92e1a02d295029d74e3da059a93

SHA512
bbe74eac8b86fc87e42204c7627b8979b1e6f1dc1acc11542a6843f44ced2e79e4c468eab8f2955494c6a799f130be3f23cb25569370ebff6a9e5e6edafd497a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
81084fcc74b4ccdc46959c399c013a53

SHA1
dd90e8adcd1efe83b7457bcd3fe040b94e403fe0

SHA256
5a4eece661e2657aeaa880186a4ce33c00c9ba23cadd8a806ee8b771b6ba7718

SHA512
04a87391ce2b337f708cea18804c7b6e2dbb69fc8e948b10f13f4039fc18b610816696a228588aa772573062958a1ba3c517ebbcc240be9bbf01b912bec5c839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40ad414c254985966852ddc56df16a0f

SHA1
a9d1d63793a8537132acaccfc6c592ded9427f85

SHA256
5f1f28f87f27ea6ea12b969073a9a1c37b04d9602f5edaa49a91a68c03bfd126

SHA512
03739d9224508a8251d8b28447a6cf18f7c499e927e4b3af05d3581bfcfbd48664e3ef57dde723e327bef61d4d7c1e6d451c4bdccf1b36618789c3fc71efa851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d118453ed5fd0f51d73fdf4ca8a0952

SHA1
eaeabbb8bbffad9e27f8cf42ea30ac502dc24d29

SHA256
06bc9ecf6361af064cdd041daadf5a1f4f6d800f4418d942e928c97729ad25e5

SHA512
e54892fb68a17860267ca85e5775fe056675f7fbeb197c07a07873b4732b30df254d91a4db841192eab78261fa6f5679a4befc76fcd86303ccd45b8818683225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
28a012901647b2eccfd65ed96bf0d4b6

SHA1
f64cea4ea2f63d4290d839926c63acef9edc1104

SHA256
d76a5d964760cecfce9a410ffd0247a76facac2ed3ed18582199472cb9172863

SHA512
b72f9562d97147624db83b04ae04152864b1e4ef57bb830be4c2861efb9dedc915a01b662a531af5dca29b18bc7293b918348900e76b0d636216cdd823bdc285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a29d000080646c4a5354b2c3563562c

SHA1
6c2bfcf961862234c35a9008ca1db0d14241e773

SHA256
3ab638c51ff721a304e02112b279b534a92e5c4ed986d0c08447621328dab0eb

SHA512
c290b95d1901b55ff68ac7ee1d1cc5017236a84c577357d186faf97ec9b7e2a9d581fe929797fbee31e5a56cea2b2a0ec1fed670da31b7e8f868d300bdb2a435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dcf8f8469c928bbf7766c89a02afd459

SHA1
37eb086a3efc31869467050f84cfb0374cd3898d

SHA256
334bf9f548a9e1e8bd85bc065e360c8876aa6445ca426c86e0598cf1d64b677c

SHA512
23c4e4dabdf7fe6502ccc678f6e2416f514a60b746a2cb419d00b8bc37762d61f2ab66f34d329907c181b032263945d84e791ce0c664b5b6aedb7b9eaf1c3f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51957a4d74357680192e7c21d911b380

SHA1
ec18742de593e32db4a14f3e73b20e9de69e849a

SHA256
52256dedb3ec461d39ed008ecdf060949ecbf5e93afe0ac8f9f182d620610a3f

SHA512
3145bdb6001b116692318e0ec7a2c735a516b5936d653359913b62e705286f6caed24e4bba4e0032a9408ee13bc791d92940682a7ff0fcafa19f9ee9dbefb1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea6ef8e7418e1e88988166d31b6cbc71

SHA1
ba52fcf51b4fee020e7be83e059804f07fc2fd11

SHA256
f236ba039c5055bb88af63854d78a248151dcff8147651e1349749ad88a18a9f

SHA512
756e262dce59def9f7b5699e663674999970ca11b8b15c2222b8cc42a86d78f3dc49b8df482a15324204fc3a3e38b9ec00dd9ebc531d24bd6b960a5ca1a42a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f8df71917f12ac0fcfd53682b1d6f733

SHA1
66b99150268b633e3f8a7ac754815cbe71638722

SHA256
dd782284d59aecf116865f1de8f06cdb2354717c3617ad29740611599b62b1c0

SHA512
25d6af62a3c401637f5e244ceb712f0dc9163ac0892d782fd6b32935c6e130fdb4e45daddc00492685c574729740ba6ada0e19656c7b7ddab4a787345a77ee67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a68bf128e2f99eace6987d524d55907e

SHA1
2300d7ed051d22372d3eb76ae544e4fd80864d06

SHA256
8b28bfc4ce9b8ba6c5e409fc800db31df9a4c755157550ed5f648c914d4e5896

SHA512
c27f0ad475eb8723db95a1052d8e95d147626b2e730d55213ba10426058f24ac865620831f266c177f4a14ca828984465a405da30f742b2f61d714333332c2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595b16.TMP

Filesize
48B

MD5
7c15ec3d20aa7bff54090bf284f2b9f0

SHA1
5940cd800295005fc47299093d52fbb57c9b93ff

SHA256
3b79047a5f7cf2281e831521e0522783c88d1fcc8d3737ded3836709b408e388

SHA512
21ee36df6d59813c5fce013ce8f00896b2d0b768019773fdde24787e605314559093fc88e35b0ca997a4750a02141f45c3a566d2a1adefa12524b329fe134d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f5aa22620d361a5c30cf5dd301864a2

SHA1
028c47cce328cdf800e34cd92a7c5d9a86b6944d

SHA256
5d90bf91374bb34eb958efc324c180e0f4efeec2203c0459e7c3d1b4bda8c4d1

SHA512
5dc4e8f31d556dd62528c5aff605a59f1dff5258bb5e986042aa25bed729d3341355709704b8b0ecc4d8a3bb32889a454814ae34a7656684230cfbbdc12a1a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10c9a29a65e40697ab109bb776ec1583

SHA1
90acf69009a11beccdea0513fdfbdddf99763982

SHA256
7873654e43e5911b761f3d06635b9e9c046db11fea056eb1e1fbacd32779f3d2

SHA512
c608aa5d13418ee5bc5df77d8ac0dd019a8490865c23664eb9415afaf58c7dd4e189cfb565a559dcd2e1497fc47301e1e8ae1a078bcd09c4e89fb8c8022e5ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2162bef0a62f1867ceb3de241944e007

SHA1
61a49dfb0767630d79c4c365ca33fb649849a6ed

SHA256
7b9548b41ffde6b8f84ee38f0ab43ae84df0546848c0fbbdb214d93049df0dbc

SHA512
ac4974514460d8979216ef23c8e532c0c242f03f61938d47d4ef54d6a12bb98f37cb2847df5e2ef7e9483f1cfd104fb5f4e6d560f0afa80866a674d9c82a6d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f6e.TMP

Filesize
371B

MD5
8a9f1772c1b84aae37ee3eeb9b8d0abc

SHA1
f5c431bdd87ac3e327ee8e9bb0e57d1c6ddf6b19

SHA256
84c41cee5780c93ab0667556d8e768e630331f66334e347f4efedef6b0f0fc32

SHA512
81220df77c623e223e8449ac67e99b1f1c027c6e1f7713f7f1b61dc5c8a6d207b69a62a6d8fea985fa9fe747c50ccba6061901aff0da940719d4b01dda5b6cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb17004c4b2378766e69977320abcc74

SHA1
5eaee1321b6789b7c267236130baf2b5365a16e8

SHA256
64435748e45f99407b7510f5b8574fb4e7f02f1d34ec4d2313f6d484e0a47aaa

SHA512
02f3fbec166f00513dafd20d4690c8d96b9b3301f4a77e57a6de3b77482e8e770b7f20088720bf8cf6b3c2da61cf632374ea95a20d85f286898112fc4716846e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70ca7ca10ce1b6706b1fdf1cea935530

SHA1
4575eef03cd8c94a9f117aa33e85c99eec940520

SHA256
4de3c4a7aefe99bbcac9022d000095b575648a878f662ceeb78bff64bed13745

SHA512
8218f1ef15e66c748789dbe7c516f0ad4ae2fd0bd4bf22ea46d250037ab77b92535d5c64ff7dd16045ef93693415e1cf859b9c6616e9aeefcb78524cf7b68ac5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 11645.crdownload

Filesize
617KB

MD5
de49780282c208213f5975bc6b3149d7

SHA1
146fa7bdffff277ccfd7e6f3cf7ba5eb3f24e447

SHA256
ad5c24066f1b316dc2d9f96afc026182d605efc92f09223052e27d94b39a0b5e

SHA512
575c3149279a3a4d9dba94e9fa3ad3f22a3425aeb4ffb24ede8905a1117e011762e586b55f9581c078385444ca7c4d107e60bf18b993735e5bbec72bdc39a110

Download Submit