hxxp://Google[.]com

Analysis

max time kernel
183s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

344 api.ipify.org
345 api.ipify.org

flow	ioc
344	api.ipify.org
345	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{EFFEBD1C-7585-4C3C-A0E7-C1A1A918E013}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3708	msedge.exe
3708	msedge.exe
3676	msedge.exe
3676	msedge.exe
2392	identity_helper.exe
2392	identity_helper.exe
3220	msedge.exe
3220	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1632 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1632 AUDIODG.EXE

description	pid	process
Token: 33	1632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1632	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3676 wrote to memory of 5112	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 5112	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2136	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 3708	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 3708	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe
PID 3676 wrote to memory of 2628	3676	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 /prefetch:8
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
2⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
2⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3275121126264504667,13945801374406485632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
2⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x554 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
1024KB

MD5
b407a1cb9a4dba052061868c9f529a73

SHA1
0ec5b2d81ba8f0b3684455757837271a822f5f41

SHA256
1d4858561b6f84957c9bb86adb33652726f5f82dd5338f4535b98b278dc05ba3

SHA512
6fa4f007107d9350a5ce8e7711a77679ed6fabaf6279e278a0ada65e077e3e03c6a1a6e42ffea278d40018f3c56d75374f702960d7524a4e753a9b5b8be2af23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
64KB

MD5
323ddefcd2303d3286e1fe220681e370

SHA1
5eb04d24925d19fd1763417ea998397b550d0de5

SHA256
945ab12b72924f0df1e59cbc1da9e7636986ca1a2ed6b3ae8299bbda6b9f62de

SHA512
5612948570ddd85e721e7dd22e401f1f3777af575b6c492dc07b3ddd1b6e5d0212125fd1b93bcd09860ec299c58f557ebc73ec2d2697be860cb8640ce67290b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6884270c354aa192e126f5bfe6512ff3

SHA1
a9df691743985a9f099541a961efea0b5937e1ba

SHA256
667b731c3ade38bb83768c620b892373baf3a8f748bb5259bd1ca9ad86c2fea1

SHA512
6d4e239a2fa64655bf9ee61e4ddaa5deb89f46209f7c2788409ceef3e71f23c7dcd7922c4c4936282f2aab644baa0ef751894834d93f4991c5bd70392da35cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de9f941db487f01ce087b03886a1f807

SHA1
d7ade900af4af09d4962a015c763745bb3bfce8f

SHA256
4be62f7da866954fc992947cc1ea64b7446cf9122574b53d0361991665ba8d6f

SHA512
bac57c1663e8afdf473f8097794f26ef1ec5883edb787eb534eacb926b6d14163848d4f3f7b9470a65c5aa39a41da4bfc4a9d9c9065eb9b2c23ad1040ca1daaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
64ca347b1dc02559596b779c91030bae

SHA1
dfeec301d3755b8e3a596bffca0f38f6f3347311

SHA256
c8563b2f1294e29bb009faab2d79d418ef9cbd8b613ebb53b1e78077cd0084d2

SHA512
a70183dca8134f476fa044ae6ae2afe190ada7d2293ae84992fc33a4aeeaa98690a5eb48ab523f6b3f2ef0d2a84bf4e00048ce25d50260c6db9b173deb12feb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3750389e0c32673392fda9e322ffa77

SHA1
ee23a9d3e19a95d19f65255b7b096e4f176e8dd3

SHA256
1231ee927448ce62ab2b185a0530684c7ba35ac91555fb01e86317f523b42d09

SHA512
b65e0f6e17be3827bc93632a72c13c7d9fc245de1790624e32816864d094313ed89a5195f97a2ecaf81dfc7ebde0e1af1e4093add7d590fac3c1c701b7314359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b09170bd1c01a01f3dfa1df1c1e31373

SHA1
921f79bf20833fd22b60237473c7cc6330eea152

SHA256
577b434414cdb79a6ae6ae0e300801267483dc42c97dd99fc07728dd7a683e50

SHA512
fc7bfce94fa0b26f50ca833dc673d0fcecc165774f80807066c07fc77b05432b188692ef2a65946da56294bea081f4767f8caf9a90b95e05fa181368a8228e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c5a1e1677cdfff2c83ceee31e7863849

SHA1
21b3b57df2d9c886cc308c5d8187b983a982c254

SHA256
6308d7c3425143e0825961d90b1395f2a052728b300e04f04b0623f32f5da76f

SHA512
40ccc563d9df8634949e3cbc56ed9cf725d450cf65d1ac7b6a820e91c247cbcca716c577b3ccbcf637bc2a78264e7140c531ed77dc2cdd1ac0b94b2e44af638a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
783473267c80babee127a74e6a5e9cb4

SHA1
621968d208ac15168fb1f96d92ffc1b6d905c834

SHA256
1210f9bc405a230dfe2105abb69906add3e0685225abe00dce1759fac246fbf2

SHA512
ebe35b02ebdda68e25a475f834c3cf745ac45a1e14e9dc6b772c368f90586541406f78bcc585d1e19c8da5db76e427b33f07f4692ffc2a812a3435a4e192a19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1fa66edc1c14db6f07ae576d41da7bb9

SHA1
dc2d53c9eb896951d25af1c3e4d96114414cd5a9

SHA256
54b8ec70f0b4c3a5c5147c4e1c4fa142f2a771ffa9c8c70e41aaf1ffb3ab62fc

SHA512
8a7de150076a378bd39d6728041071fb895ab029b9920cf3407eeb434a3067de4e0fd54ce7501d546f3278bfa28f4825e39ea9aac07c7122811e61a2ccb8c31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2caf2474f0f00371a14912efe53d2cc4

SHA1
b8d93dc06dfc365d4e150eb123517f85e9305380

SHA256
b1f7d8c60949d1811c6801a72233add4248cccc907bfbfcf17762bbb0e0b9ec1

SHA512
5accec6aeabfe8991585ad261083d8b1d60c20f2d9ab667369ec7bd13970b4b3ec109250023f10b9a937779bd5168e894e61e52da0313c49e06bc274b8c2327a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
be1682f70cc8ef49f1e236459a6aeb18

SHA1
92b5658f932b103bdf788760fd6d83493a2832f3

SHA256
d0bd35e1c74a19d425a8170cfeb1468e216db0ff12fe399c0075455764d3d627

SHA512
80623cfb13deba094f07ba9870f72c248e47afeacc62cff422268150aec4b283af808b32cb1b2900a548c43f7f050c6fb32fbd3beb0065bc715ad4de2a79d141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66b8746cee2d395db95304606fca624a

SHA1
5393ac7e2a3623e8b0e9612479a217c1f6c844d5

SHA256
c89f1c1f95b3b05d3d98dc6342eb57ee6f2cc096695d236193caaedd994c4a62

SHA512
1b389931a2a758cb464de9566e309fb37e047b58c7795a80576dd4f2d7c6e8bd3c6c60bfb002862bc9842d52d885c175c3aadbfbe234ef934c85226b1b5697f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
557e1f569028ab9fe78f24f7136c18a4

SHA1
21c9150467b79e4cac74f00ba1aae8b49b44d466

SHA256
8d51e63c7653fda281a826e7c036573a2dc05cc74d425c08f887bfb64794f322

SHA512
4c4877407a415f7d878c0e8f2e5d4c62142a63660fd660bc3a07a99858b144aceefab31af09e7a8493523677c262c33bc6e8671ac7b9297c40f97a6e0b2c6cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e4c4aa56093ef3cf27beba2fb29e5e4

SHA1
31347bcdec663f93267491d7ae82618a8e55baaa

SHA256
b811dc1421fc219f40dbee24a604070c3b64831c8a9996f877ab9832e34b10e6

SHA512
c49619e7c05dc3833c591a120bd097073282142e5875ef38865a52dde0259c850210b32100e290e16ced63c4cd6722d491eaf86f5a8b538bbf0752fb83252c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d150afef8f7cb8b8f7575d136c22f94

SHA1
c8e80da1de41c8a6c322a2c01936850c7892735c

SHA256
1afed87bd5724de8ce779db9e5d40fe89de9cd374ef908d6a0769b75dd1e5ca3

SHA512
850be711bec5148cc26cefcdcc54d3f018f75eeb3a45d4b174fbc913df0a62c1286eda0965d5a70f87a910178976852424e23f2e63e20a709410bde68d47aadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\13792f1e-6fbe-4efe-9f74-9943676cba9f\index-dir\the-real-index

Filesize
1KB

MD5
0ec2dc0d64d5bbd61a36f5ca48196141

SHA1
53e2f5f8023fb1b5663b59a783357d4769e0f63d

SHA256
e6b6f3f285c9b670aee06a6af4067fb826359048792d604541e18120277c963a

SHA512
ea6cd9d9bacc2df29fbd17bd8c1530eb8f302a3f10e06d4e0fe19f168a44f90775d9b806606154924330206edaedb49a21529275fdcf7580bf5831ca670ffe78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\13792f1e-6fbe-4efe-9f74-9943676cba9f\index-dir\the-real-index~RFe5a183c.TMP

Filesize
48B

MD5
9d3edb93191e3435b3112aeb1f67fa0f

SHA1
87c32c658623a4f0c94d03b85f3c17c0f7f56f03

SHA256
23fd285d5ef00bff94fa2129da569e85cfb7f268eeeeb8f641506cdd59c59b9b

SHA512
ac358ea9f7cbda5b4d12f7f3234829e7ce3379509d60d977feffe1d892051a28a62be1e4a8564d6cc351a7744ceeb97bdf701f17605b24ca2ce8b56e547817b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\4f9719d9-8254-4bdf-9314-c353106bc340\index-dir\the-real-index

Filesize
144B

MD5
51c8d400af567c5f204e4cd9765f5594

SHA1
3c82e6a17db8ab5a4904169b65ce49f86318296a

SHA256
75a880233c4effe2abcf031425e1d9fd8ee6092cbe379fec7507a7f729f6b413

SHA512
402a70df0c7641244139655f6c79ee68630675c62870daa4e6cb3855570f9dee16540eb5417b0223208e7b1c5da4d22934dc471dec16b543b0bbdf9d26aad099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\8c4aeebe-ed58-44bb-bd29-55556db52d43\index-dir\the-real-index

Filesize
72B

MD5
2d0f5485ecb9c48b53abd96908c1bc65

SHA1
8e29d36a66473e5e4c16d2792eddb6cbc9dd28fe

SHA256
054d016a395954fbc589b793e3e0eed566971d99150914d75f8fde95a71d168e

SHA512
6a0ff0ffcc617fc0c38711620b8a87e95efcdf1b048e5abee9e62faf34fd839c97f3dc0326e435e8013966f22b5a367e97d327e703651abb296db6bf8ce3b983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\8c4aeebe-ed58-44bb-bd29-55556db52d43\index-dir\the-real-index~RFe59fcb5.TMP

Filesize
48B

MD5
c5eeab75b86a840a9fb4631bdad6e8e1

SHA1
b7b15532a0e3bcf51ab01d79a4177a337db85e56

SHA256
bc11663c5b6f6239cdb843c791a37b6f8506b4ff0a4caf3cf53f5da9374b5069

SHA512
a58bee47c34eaface897c7bd6d77c51d0db1aa648c3ade9f02d2ba3735ab0db3b7812b2c7b79acab2c62f70a79e2819182467d6925acfd10e35c901b85bdc9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\8d64aca6-b56b-49f1-a3d2-6e36e884398b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\8d64aca6-b56b-49f1-a3d2-6e36e884398b\index-dir\the-real-index

Filesize
72B

MD5
fd3f2e3e289dd799bdeb3f1185afdc08

SHA1
aad141a1a8fab137a19fa42e29e7afdbf928f97b

SHA256
1e81f32c3ce3e0ce82df7bdc6e88e5881ce178b12c85fa7edf7d4968418ba849

SHA512
5fe6b596016f568ae066822167541090bc6967799db29300d9fe68858672bb9bdca352cb947c8914da8f35d86e1c938ae27421ea06bfb1e48b645cff68ecd1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\8d64aca6-b56b-49f1-a3d2-6e36e884398b\index-dir\the-real-index~RFe59ff55.TMP

Filesize
48B

MD5
122a0e69e13900fc78dea442f9e68657

SHA1
21bc75a0aa9c9fdb09c96d8dfd5cc1252418d12e

SHA256
cf725523e2d2fb18c83ce5d5608569f93c3e610d46c93a2f4515f7847085af2f

SHA512
261c3896bb861a1a0c2bfb44fc855a0ed9d3c7754edffea4f2a30418dcbbb2ffa7b5eed313dff977270331ba816741c036a05853bf99ca9494db9859ea8921dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\index.txt

Filesize
157B

MD5
9e01dba2732ecaf65c190b820da4a6d7

SHA1
6f96e7cf48eb0712353ce1b09fa9cc831a8318a9

SHA256
06c9ecddcfd4594e8454549d61dec0056c642b9b4fbcfb43a32376c2150400e1

SHA512
87a5e1b86d091a3dd086c9c6b03a9bc543cd72fd5e4bceb9d84422bf57c8b0ac4f4591ed218cae08027a54628992371800c06b0c2a845a7a84730842398bd41a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\index.txt

Filesize
224B

MD5
783aa6d648c101b5bfc0ac261b93fc63

SHA1
d978d1653c373a0f8c25e70f3318f4b7e69f2968

SHA256
c1134a57fbb2167a2e3c3de94ec549f27d81160b8ac41770760ea31ca055b8e6

SHA512
67b591a0f0a4ffa2d204a3c5513f4e73c1f4fdf6ce000b9828834945e48379d7cda2d143f979ab927365931a937ca5c7b7bc2a1e5609ac621abd9429e0095020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\index.txt

Filesize
288B

MD5
112577d1728dd8b7a7c52aedd75caff1

SHA1
3ffcfdfa4e095d5f8e150cb391f4bb12821eead1

SHA256
3e3b44eb3767db9b1343a5948f2ed97ed9707e18b05b4f306cf83676f0842432

SHA512
68be2f1d41c66641260d72c65bf739f862f1124f1c7ac745df20fbc56a4c24fa80c481342c75ad83e6d1927f927b8a8203b1de2d50fc8d771e501f4f7bebbb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\index.txt

Filesize
283B

MD5
a1a7e0c06e5fc8d5a9eb9d22703f34a7

SHA1
24b24def856b72cc31f93cfee23426bc3543e6e6

SHA256
30a1ee575dc9181b3eb76b1a05188725c25035945a9ecd6d714da29e4a906671

SHA512
69e69efa0767d603c887df7c887ebd4371544709da0430112c13b8a539c47356e61f8a13e2bd94ddb715f0166c1abac7ff43119c1706cb6e46d400807322261b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\489979c5438a11dc8542d34910485d7a7192a2be\index.txt~RFe59ae38.TMP

Filesize
92B

MD5
3f151ced59fc569d54a883a6698cc97a

SHA1
468e77ad0bee853d0fb0e77e5950391aeef88ec8

SHA256
a026055ca79b8db0f64ba4083d212dc226e5455f99c11c24d6bfe73d729c6573

SHA512
4ea84a06545f008088d49b65b3572917aa1e50652972363382806a0bfb1f88416403bb893ccfaf567c9b211350d30caac2bb377c0bc463d4eacbe3953920cd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fe1c8b9ac4600bc4ce2da221e512d66d

SHA1
5e973166a52736555ceeb2163062fcc5eb1154d2

SHA256
4675ea796746e2ed633bba9e629d385cf30d1597639d08754c061216d83c13c7

SHA512
b20cddb0dce718b18a8695e30a46742ac73f71415975f2672616106a8ea4678f5817d8a8c70ddc8c94bd7c22be10b0809bfeffaafe24e056e82366e2219c7dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f9c7.TMP

Filesize
48B

MD5
c59f8c585484a874d5c2e735399a88e0

SHA1
c29482eac9a2ae5d928401cd8d796af766ac6943

SHA256
f127ba5e11caa081d36035bedcf17bb553921d4e3e53699fdfd7df7a976008e0

SHA512
3264086e89c1c839d0d191f60c1df97c79880e9980f7737f5d5756d618d0b3a1a38ba492be28a2e233543dca67e058fdd5858201a42221ef289a695696bd16e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15d1dde5f2dfc8329a56eeb90e6952f9

SHA1
5f8ddebc36fff5288a1672f4a4fc3027333b87b6

SHA256
fe0339a37cf47d8bf44ed7abf99251227214ae2f00a161dac5dae64f8b714a1c

SHA512
c6d9d889496b109fc90f0bb0e94d5bffc57e2f93e8c1af915b59e513a2380d19051c845b8929c353c2523a6d0d2b07b03990092f929b79f7eb35b38f01bba64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a57fc5f6b1dd1d700f22a743e310376

SHA1
7e2663fb58f1fbcae3af8158b6e199c4a10562c7

SHA256
fc2d0f8ecbca6956f2677b2aebbee27f30449e75da15b69f39378861fb15feb8

SHA512
cf192f233d559781ffd791ab9177d9ed3f1f6d6ffda99083f75e5705b28fc46454ac941501046d6cfe345f40396d97a9724a615e42fb027ca36958b0ecc07b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a82e263b5b3e009ed82eaa302c09cc53

SHA1
6fe3d11d5822f556d4ada02404d54751b8aa9b21

SHA256
1a6b5a3fe61d7f1bd2cd93a5214cda6c9ddc02d497fbfade61af29d4b2f07c8c

SHA512
b6b60e2ce2022990b3feacd91e6d71cf88ce2aaa76f40fcc4d3a6970eca0d48bf72062689ef7cc8c50c36bd608017175d61205e168c654f0469ed66832916161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
4d8b9c0b015a41055db84b74613b3a1c

SHA1
6cbc9ffd8c8abe295348a6b1050e876da4518c03

SHA256
7b36f8d3c0372ff9a460a165e93e0d8945e9470934ca9f4c9b9f6298181a3322

SHA512
a336410e27afc0e70ce1b83de6bd5f6c3f95e3ef1424f0bd71a890c94946f12cf0272f433e02e9f0a51043c0ffd321e6cd54588487d65ab3f8d68b9ca2ebcf85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
91f1320c068458396a175ef79464cd88

SHA1
b1faeff794fe95f54ad285982ed1d13185324366

SHA256
ca97cdeb3f9ad67053a41fba0b10a16dc3fc4b4acfc0447748b5ef950793e497

SHA512
633c3e6800bdf385461c91a50da19f481fc9d37b3da781eb95f9f69b8d4f501febdabe607940d144f681f395fa2e6ce1172d2e7092444351c86085d233480c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a6a2d888c8b32f8383e731f50527efc

SHA1
e083dcc5c9a51c5ceae2a67842fe477da3188445

SHA256
c7de31f68391a153d2ccd9998e9848ca873880a12ec98df7f7e4649a48bbfd79

SHA512
c0865449037db2322c1b3fe221e15d0d9ed3bf301c2b50fbb8e98cef77cf3fc1ec98985cf0732887ebb7ed975f2dcb16a616677056f3c2e160dfb9289fc8a78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b7a7.TMP

Filesize
204B

MD5
643cc31488e730a0fd268736b94af3dd

SHA1
0fbe71406edec11f34dc4d3f92499cf6ba3e6413

SHA256
80e906f38c76654eac2feb3c7c9d7e71236e06e2d048ea31e2ec11dddf716f38

SHA512
493b4c6e85bee5a9b1b31db300f4c674248d399fc6fd61339a192fc00e2549bf199c7a19d3f910ac5afe34789ea610aca0455f3a8fb94b4c3e35355b22319b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc2e707a994c4f8682cfeb69b2416ffc

SHA1
cfbb5d6c8f7aadbe5cace943fc64a09c2aefaa22

SHA256
518623e3163b5555934b371f9d9258b936855dbe1a3e1900e98aeb0410cb30a8

SHA512
a56a35d955d17a158f3c232a301fb0a24e6ef5f16d9c40e9b191216ccae970bb98668ee897af34337f1e0d3da200f60ef940905505564780c7126700c3d05cbf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
ba62efadc7a6b5e5000f19eb4c07a12c

SHA1
07e1fcd04c6772a03ebb08f5a89fe0567ac9c7c2

SHA256
900c76306a48b94472bb8ed705a1b982569de186ff1c8aaa4ed341f27c5743dc

SHA512
6e19ceb6ae65f79578098356650307d38316158754a28285131a49490c4477b44202b761b30c4379bb1080cc93bbebe5e00fadb16909570c45c848d0cd8268ee

Download Submit
\??\pipe\LOCAL\crashpad_3676_UEXBQGXUMOHOIOYT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit