hxxp://Google[.]com

Resubmissions

02/05/2024, 15:35

240502-s1kstaca4w 1

02/05/2024, 15:32

02/05/2024, 15:29

02/05/2024, 15:27

02/05/2024, 15:23

02/05/2024, 15:19

02/05/2024, 15:16

02/05/2024, 15:13

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{E67E07B1-3A03-4860-8150-163E39BEE774}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
2700	msedge.exe
2700	msedge.exe
784	identity_helper.exe
784	identity_helper.exe
832	msedge.exe
832	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1588	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1588	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 4400	2700	msedge.exe	83
PID 2700 wrote to memory of 4400	2700	msedge.exe	83
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 2432	2700	msedge.exe	85
PID 2700 wrote to memory of 4136	2700	msedge.exe	86
PID 2700 wrote to memory of 4136	2700	msedge.exe	86
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87
PID 2700 wrote to memory of 2892	2700	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3028 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5678109329194926430,15100396962633462319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x3e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\10a6eed8-2fd3-4298-b67a-adc1cf6fb0d3.tmp

Filesize
11KB

MD5
45ac2195cfd18d82d4ed18c42978d56c

SHA1
a3e56557c8213b1e3638a0a09c9f6d71ac4ff244

SHA256
3620de69c6e23d10d64265dcee95651dcaca4aeb60f8e610027571dc3c1685cf

SHA512
3238ad2cb8b2d695c0da18ef97cedaaed3c9b47a15cfe1df3b1dca0fe4d04432cc0e8b5233f487f5ff0c5a3acff659fbc819eb5b3e9fa8ee659425b2afdc71d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
134183d236f107a901bdf174e6e3a28a

SHA1
a5a7320df57866fc9341eae0ec50bcc8cf627154

SHA256
bae0937a869a0d845b8b1098996f1edc552f60504117fccc16b8a5dd80a27f01

SHA512
e1f69403d81a62d16b390b15b7782f0d46d8eaa5e76d7484f2fddaa309d3c91661e0b5c6e5d09dfa7a70822d137b59f2954049f79632c916f81b964b012f9644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
91KB

MD5
d28ea814752c1fb21ec66e51f5e6fb71

SHA1
470602b6e2250d8dc3e6b7bbe0e308fe8ca18af7

SHA256
46b339ddc887a21a2923a3de7f2b68f490d3cf5cc828808974a7f94cfbb1a78a

SHA512
7f8f1eba2c2c511301364b65d927dfb95c7f874cff672d80251d0769d38a7e9dbe988f4af9109f04bac96069f29cb723cb3286792135ee45c7d048bb164e616c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
108KB

MD5
9da3b77abee7705b94f0ea39a519ff20

SHA1
c51337aad6dde1125c348ca530964039f022aa3d

SHA256
7534f5532b393ba3c19f690656609995a00391c9c1ed30f4c5c01741d76bee1b

SHA512
c4b722ec5f927db20eee1da9d0280a8b9c4c58e868567c2b761ac62eba926d9fbfeb35e77c9eb8875e165258874bccd8d7350f634a52944ade4db267058ee701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
81KB

MD5
b777509fe4c3c5611cec2958193c97f8

SHA1
272ce93b9507f26e59146f78cecc9a671743d4ff

SHA256
8afa069bd621ce2ec3bbde4e5489ffbe4e5abfc151d9e694dd46646d07cd646b

SHA512
f1fe5cfb7e11901d59d2ae1e1c3ae425d0b7d9d6d59ca9315dfc989e10d65ef8b1103e3ddd334dcd6bb84c79b4b603de7149497186860a2f5793a48712062173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
37KB

MD5
91cef35adc9d4fa1ba9415d8b77a6b9b

SHA1
4e2e1d50bec1bd658d14f03f1554c726e9d02efd

SHA256
eb11e610212667929b5162c1774c7d5b8d3a9b1a59c21bc661fb17a9ea561885

SHA512
45ccada71cd934b7d055fb5a3db987303351eba475b2375888cf07563c2811ff459026b4d6fb61e93f6a3fe928fc31e08f462609df09ad9773d51084bacd63ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d1

Filesize
1.1MB

MD5
72d29470153d5e5782ea93886bd2a455

SHA1
bee1191570371bdf1147b76469e42e8599adae49

SHA256
6cf1cc33ce3b9484bc9a8741c24398b3f2e279a705f87a7ecd88824621d74879

SHA512
f036cff8f05902f1e2d90ae36964eb45ca34d60364811d125dcb243ea20670eeb21a4b2caba06c563d94547cf3b7ec9c0415e6436d1716ee196dc76232d56b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
097df6c7bac6b27b3c6c968dabc57b27

SHA1
62f503b4806b71806cc7e5dc4803d90c44b7606a

SHA256
9fc689fe7ee8549600b2d37004735917f7f47defdd5456a5f91aa8992645f714

SHA512
57656e249c0099119096b3e984f825e26eb7a2886510691ee67e4708c02862986de9bc1ec6eedbd780883cdcae935b45f731dde884a5ca36d7bc57dcc35b00dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a23701400d02b98df416d177b282acc7

SHA1
69819b46b2ddf865923998fcf4c62bb69c4b6a6b

SHA256
d7ec2c47e4eaf18081572a9f4bb57df06add84c5090f90b09805fbe4cf8779fb

SHA512
bab0fdf91c460d74a57c98407bf26090434d81c50b51e64df1ebce74025146cd69c3e64f97b11d36d97d19d95e02a27a1ca63623f02e2dd2ecb4d161c7f95435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32cf49e3d18c1004e542761cb9496e9b

SHA1
21ef7f70c807a04deea08ec88a45c4e3a99fc43e

SHA256
553aa2c7987f3351ef46341899ee8043a906eb78beb924e494f77d875e637984

SHA512
7b3546a576a62c7555d0f4ce75f778363f9fa35a6e545ec951e6d655944b9444b9784878f1472ac2fd2d368d24ae363940b6bb4ebb4624b359f2d39993dce461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
47492d5c73bfc724d685eaeea90909f1

SHA1
dc0c5a66f4c0c11c4b9772916c7fafb25be762cc

SHA256
481a377d8fd5120b7ee88ab49735ba961e59ffc31ad961373594e8006d580fb1

SHA512
0934158157b7729fa9cb67b4fd20de99acb5c7c0838fceb70b03b7430250413262fa10191e20554ba8cb66310eabbdd54af0c662b9ab120f78e5303a4faf6ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
766914e257b6736ef825db7564e861e7

SHA1
ed05ac2afeac8c25cc4486fb728a15ac3255b7e7

SHA256
0bb9d36dfc8d042fb9fcb43dc44be6a61ed688f52b2afab4b1596ad069dfa724

SHA512
34625a229c30b0c7a846e629a563977bc36bff7cfb0c14fbe32d868eca3457f21ddb8ce7eb1aa6e02ffac1483aa6820e661592055a869b5247bd07fb81284a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9f82a50ebc447c5e891b84aef1ff8c36

SHA1
61eaf815cc8ed151e676aecdeb8d150b29087005

SHA256
172dc7e5a454cfdb2397a12a7731e229fff197dae0411990afc0e909cff7b33c

SHA512
df720f605166d3477ada2de94c1a84d9bb814dc66bb78d5822f6da35da9bebe691325113c29a9a180e4ca84d74621708cbbaaa823c2632e287074743e4740558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f877c2a4077a8c8faff81f09244d8a93

SHA1
13c4fbea3d9bcdc0308d5eea263a5136bad0789f

SHA256
b02aed386055b5cfc3b38c9c737fe72d2982e396fe8df085bd6969b94853f5cc

SHA512
792d744f435de294cbc2d18b87eec41f6b745fd406dfd8dfa3af7af056a451ca3e8fb238c3ab9cd7f8c7dfb0e8be156945cc8a8e20d0b7e5d27744622c69c7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10c93c3150130dbfe982745129d09fa0

SHA1
2d9e849c74dbaa87c9b9c8885ebd4b0bceae1890

SHA256
81e16f6d128a8b7a35b253b7bc29c62b7674304287687f378c3568fd5f62b6cf

SHA512
2df8f4b364ccd8416d6f9ea8f1b76ab6f03d3e77fc6244d3253bfecb2e100a844a0e2308332c82f3f3ef8baeedfd518799b79f73fbd7692b66621f8561534cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
857da22c343b0688eba7ec7201d99bc4

SHA1
81d1dc0b0c7f936837f3e95e7cbb1f3dd0d0ec39

SHA256
b7e914556627479977851c58b80d077f82ac827c0a531af2d6fb9a04b7c21269

SHA512
905c04e4653763a375f2b01166aa4d72d1f7c15bc1cfde4e5cdf6c798ec1e9f61491682ab0748344a228f0f3cf14da0919315319dc1c0d68ff9821e351ef5f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b882d5088553c225ac13fe2100850c21

SHA1
a058f457967bf0e47e1f61415fe0527c4d628bcd

SHA256
1c456253a7a6d3a105324b90540d05d6f8b4d3cc4ba34d3c3b332cf3a9f5ba20

SHA512
8e07c4e83c88a8e22c89f065404651cdb3ac91b7658eb62667a6066b4f97b76be5a466c1ccf16b8837abe06a4216e42e0e9329cb4458ffdd245c88620f10e1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69cda3455576de773150fa1c2b795c6b

SHA1
a1aae2c7205e3be7e0a4dac74c7bd6bffc6db1c3

SHA256
8e16bd571d5d23cf1fab28d330c4fce8a59cac3c348163fc03fee28b97a2aac1

SHA512
4dbb9fa007a39acf801f0af3c1dc826929b8088381770f9e12917e8342707b3a284d804e4c1e851ce567c099452cce39f6c8fe228eb5698daf2d61c26467336c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
dc0988c3a69fb49f4049492010bc29fa

SHA1
cbd99efed3a4b41b58d18d4d8551e1bee8e5c8ea

SHA256
20b71caa0be9be2f496787e1c51b619ca2f562bb429647b3a110ff76e532d933

SHA512
9ec3590e7d673839e488ce22d7bb775b4acd136f9fd1ed2aab007adad5e5186d2dbb189daf3a37d254b2b8c4acb0184a3f923373541d8c89aa2139d6daac6cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59529b.TMP

Filesize
90B

MD5
f762e04dbb4283315807f72412c60930

SHA1
b4f6940c00b0561e764de2ccd55b6aed19c6fd60

SHA256
ddffc1822689a4eccaea4392b3096101ef94797ca4658375e3bbca5938bf3866

SHA512
2c2b41191ad686eb7688f8ae52c5aac67c3fc963b799e81dcf12630bf7a8f3e3127b6b4d0b193f85884688b56a5b2ae44b65b1afdc5ff8e1b2795bbda2a61cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c89a16aa5adeaf490061ea787e3dd052

SHA1
e6fd6e53299ca39dda47caec5fad91ea8964a64f

SHA256
8bef47ec4c8ab659b52cc26ce94e20d68564c7a97cb26a71715aef80e2bcae32

SHA512
7c043cd2da535049b93902ec8c25b68331e0f3b7244eb690417264fddf2a849222279dcb5d5b42ec25ef5c4ee807f430d6f619e15a890000749689cd0f1a3b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25b7b744dd284fb0977d62ed4302b886

SHA1
2596c2ee90e3ca15b97f2d1a104d5a23f4bd8196

SHA256
b622b262e20e2cd69cf44737486f4bf91a2ccda9435e55fd858b999e3c3a491d

SHA512
79f645fe3c02929f26a44dbc8b5e5aa22b5002761f170d4544621c0549833961935e9bae8ddedc7891b31a0b1a4befb2e85645b06b46e98cce2406769fc0815d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7dedc1de1bf7785ba64ac4fc70c1f89f

SHA1
c61f8fd93be095c88c3cba377f6040868491b9db

SHA256
58e0fa9ef01ed51057994d2c3c4e7caa13191d2fd489812f37f3b1af34dcfb6d

SHA512
6b62e5e975d1347809313d2c267c7dff652b6c878ac86512b386e9180375369453875bb9b7acebd7fcbc667c3eefc67748154e9ecf98c6b79f5dccb3d29ad1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d2eaacf9f4ec5b95b476d1502cd242e1

SHA1
fe1976ffe974993ad6cbb1bd5056e9a65e23f5c1

SHA256
a99e1f14d1a1cba376194af6fdc72bd18fb6ee0323bcaf9eccf8156fb16534f5

SHA512
f944e94f967b4536137588ded20d16cd6fc01072a8641bfd383ff6cfe2372260ce2f602615ed00cf732bce7324d38e241805ffeaf5b436b758b612e1142cb6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
baf4c0c49e0c2890d607bb5bcded0934

SHA1
49c932eb3eb6e8d795a954544eb746d67766d359

SHA256
4f73d10ffcffb397b934397e38381655719f5075b48fcf53c5ce0dd3865c2cb6

SHA512
583e7d1f29b4edf8ff5d70f27801d6eb71e12660cf344557dbf82ca825c00db8a1962590fde87d4089701e32a7f7a5c0a5d71bbdf338bc8e56c0475648ba70f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a02c5e54963cc262983e28adb0c011c2

SHA1
6f835f919667244493d2f39f805e3b3201cd95f4

SHA256
d47ceaa7072b74bca514005cb1c4a6808a5ea954bd8c745d9a81b42e88436517

SHA512
ddaeca581e86d42e122c9fc0977cd397bb265b36c5e3387ee5c59ca7c6b7916d81e9c963ce2a31b4e9d028786f3023b621b87ea0eb1920036c10284cb6f5fe3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
274ff89a2004f0952e52b254b9f58b7f

SHA1
c217c3f2205fe0f289f144ca014c704d4f71ab22

SHA256
939613a28a559434f48911da1636843497c458f8af53c60856e79915f2fe1be7

SHA512
5df39e9d42aec086c5cc9c0c44b7d86eae6bc4f23823c87ddda31a35b446b783f5a2e5de56f03bbc0c30793e13d384eadd1c350df30c2d436e4205bc1ea88faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5eb.TMP

Filesize
204B

MD5
e771ca5fcf2a3038ecc29de349fd4d84

SHA1
8e38f2467b609c7b17dd011c72353100ca7f8fdf

SHA256
17e433c7989dae78a52b73fc154548719b6e001debacfa0768bf98b1ffbc547d

SHA512
0dd9d7959eec496e1ec3a9cff5c32e6cf334a490ba0ce8431efdc771373fd52b72b390555410b2ebe4e2d7dc76e849fe91e825c0bd7da1b30d74faf88257ba5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\4df83b51-0e8d-4b7a-83ad-5bd03a5db3b4\0

Filesize
5.1MB

MD5
065bcea624bbba74c2adbb8e4ca25404

SHA1
daee652390679410786d78b7375c895a01a6fdb0

SHA256
ea1e2c9389ae0520e8fbcad3ee290176ca3a30d1c892b2632968ecc4786df28f

SHA512
ff3ef116fd6eb22b0a5a4b4026b665de7dd88989899d3d8ae10aa7c8952244e185682ff40b2d477102830a36fdeb86beb7b992270e62d32f5e0f960fa95fb44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit