hxxps://google[.]com

Analysis

max time kernel
1199s
max time network
1200s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04-06-2024 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{0CEC2298-EA1A-42E5-8434-107DF4802E5C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
4452	msedge.exe
4452	msedge.exe
5084	msedge.exe
5084	msedge.exe
4700	identity_helper.exe
4700	identity_helper.exe
2736	msedge.exe
2736	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3272	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 2052	4452	msedge.exe	76
PID 4452 wrote to memory of 2052	4452	msedge.exe	76
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 4856	4452	msedge.exe	77
PID 4452 wrote to memory of 5020	4452	msedge.exe	78
PID 4452 wrote to memory of 5020	4452	msedge.exe	78
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79
PID 4452 wrote to memory of 2108	4452	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb03723cb8,0x7ffb03723cc8,0x7ffb03723cd8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17957912325174718419,8223474350476156683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x0000000000000480
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
529edc477a5ea6c49c361eba4b4be204

SHA1
420da0dc082faf80d8e4c7ded4653b8463a2a046

SHA256
354724e6a949d32de95997d57ddf9454efb252aef94b885266f4b108c39af513

SHA512
d247786e438f7727c17f6a60034b971f74df93fd05929875a76ed86e35180e8e349a398704c2b280d2be52097162b942d986f44a4c20f788e788e40b5b5f84e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
463c9afadba38affc6b9e418fc768ead

SHA1
64aab4787de162a5a6404c84d24ce58d5ccf9682

SHA256
87e21072bf03b521923525fed24a669d91b0fbbb1b20f76b4a52661c6435014a

SHA512
653744cd4b276f3e901172e935383ae4a69706e14069526f47142b603a03e797507214c197dfb661abfd2a31189172033b36b1c60b217b78466c19bfdfb811cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c295fffcf5ac222666493c4a8ee74771

SHA1
4eed9fd516c4216a374eb4705d63268593443258

SHA256
a0ac48b5ca086d65a2e192baa507f93b73f82d7c47dd021ded81ea09fcb4a445

SHA512
5b5f94f7ca06cbd154329709b8c3d2219b73d9bdfbae2da2507211ea92be05dca8146d2bdccc36d46da468537fe51fb52390e09486ea4a943aad51d7799d8c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
8d0c34a2158a60dd0967386a080fc4fe

SHA1
d8923e421602c13f27cdcf207dae90274326f2e3

SHA256
a178f368d5baf30336243c651ec6eecf3d9135653424452ad767803c8d0ca84e

SHA512
1e79715934b2cf7ef8e7b7c420a59a712d5cde7a9579c68d767859ea3f700730183224f300425441b8e6e00f2dc87f22d8c8a073cc4aec873944936a8cecf567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
89e7eff0d193181a1c5e07c9f0f85333

SHA1
7e8a3eef110b4a17e910465cb48894f18b396bbc

SHA256
6f8502e3c684f6cf7b14411bb6ce328f2278833583df33a06201200fc5b2094c

SHA512
78135d01e813932b273cf7bd73ceefd257cde83e00f386268d10fa70a605fd678996483500602f674d5ccdf2fc79c04a9837f37d5297cf440c8f18c955ee6b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\19

Filesize
1.6MB

MD5
63a5fa2b9a9a559f42d204129b9681cd

SHA1
32711bb285e04e33a2ee8f26a5213913f0c7355e

SHA256
f9fb9db15e1aa9701f289c5324e1259bcde26992dee1c9fbdd0d6c534ffc517f

SHA512
e6608c77c097017359c8d1de67b0509d9b42804442c92c9ea4b42aed518617f36fd0c54a85836fa71570f33ad415e17f0674e3e685528cecdc719acd7d275745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\1a

Filesize
512KB

MD5
a16737359714f6c0d7241f2246c26416

SHA1
160c0cf2654c66116a778169065bd7a64feae064

SHA256
64a6760d66f2e3efdc42cd0dadeecf9705bc417180af212155d02b8522e50eaa

SHA512
99cd87d35a28748f86b09c5051554d4d7cbb4bf848b9273b7ba51421a8663a1fa033a958103f4b0d6da141872b74c64a9e96452b43cd02fa43e065921b6c4655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\1c

Filesize
64KB

MD5
2a76c72bb578e2dbd3fc3b1c144263b7

SHA1
ea3bfd31d7af4b22ea145b594d8b6761ea5e13e0

SHA256
9baf75fde6d6727bbfc848041ed162e87bb113d65791804fcb73280d3bca9e11

SHA512
e65c6de3424a8ecfb034f4f83f94afe924fec757b8e1fb8f5f499047bd85b896f5e89a7bcafd915058249945923ef8123619f59c14501682d8cb4d839d49a7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\2d

Filesize
1.6MB

MD5
0db8ac5f572a131be52b52a56fb7a622

SHA1
16f1acd2c3f91b9abbd4ec0b92b1455f8c162a25

SHA256
b916b371545702c6c8f98b5e465485dc6b6773598ac15ea8c9b3193fe953137b

SHA512
7dcbb67d6f17f2e1beccdb58f402be80cb8ddafc658b0524381d114fad39e48ccc9229a2761459d70b79165566f991001eb7bbd1e0ee7b8591399f903053be4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\34

Filesize
20.0MB

MD5
3a4c3dabbf66ee48838dc4cd7575f71c

SHA1
fda3adf7cf943c6e95956da2784b6f0d19881fef

SHA256
133e5f495379e7c79a5446c489269dcfaf7e54c00511e2d65e8bb5eb27fb1092

SHA512
9a5a858f5d3f09144776323a43a53ba2ea150cd82dfbc3ee4c264cd64ee4f5bd18311ee7aca17c9c7404320514594798349d8a50762de40c2bfe4422213be1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\3f

Filesize
10.1MB

MD5
f9ddb34a7ba203d65ae4748e086afb19

SHA1
d8498183ab19bdf31bc5683bf6f16659b9e22e17

SHA256
c0fd9e75026980066981f3722c5e63d917fd17dc99b06b9a6053686e0f876015

SHA512
20971a3b0db677ab9d78573a573f8d53ae9b71f584e3a06cbc0f986d009a98740d9d863329ea569c631f2f4272f472f2c8b328dc29d7c1f5339c04d7cf5a1452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
256f7d13b112acc9c468807ecc1fffe4

SHA1
682de489668fc5fd49d12517ad6e57c9f7ef0dfd

SHA256
c9ea88aaf144000a46a8f81453d629d7790d9e8ca62e1cf5ab23228c817eeb2e

SHA512
81644e8cbdb0e3ed12050957e233d56be59cc31b983f5b45f289f20613bfad905b73f67db77da4ed61729e48ebb209dd241344066b6088e161bab8c29848b145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2c43d86a76fead8debebb56b4958b9ce

SHA1
3253bd882bbd756a52368f3ca9cfeaf92e1d0fb0

SHA256
62904d5f97a41626e5fe53cff5bcd53b29aca90e1b73aba918106998ac5a6ada

SHA512
17f552be452eabd0bde58decbaada0eab914286bbd33f054c7cc24b4501457e9eaddf7bfdefc34c1d2bf427831e1f0273ab6cb4239b9cdddc46ecc0f9228aeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d002569b45603481303da0ff36ce290

SHA1
17b14226fc0950227293eacfe127e297c86f8415

SHA256
ed1e3c2eecc9cfe96b792d37a77f570b6c4c08f4485293f9f1b05a0c95f23322

SHA512
d9086d039f01b9d6a07ae3f98c24541c0fc9d862f949fdf51cfe442d328bf7e9c437318101ab00e222808c5c4aea7b1b3a3370cc4e0d0595fae849bd38a6b9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5e91c49c766d6f6c28193aa7e645c7c

SHA1
94925910085aec2552c0b007040967b1c940c1d1

SHA256
c05bd6f15081e2487cbd71a83109ab1ac3ac9f91474038eb09d6c22f83008ae3

SHA512
e08cd227ec8ec23494c3f253746f1177d00a507778ba98f0f6506f5e8445e4ea87bedfac929ed58e63c4d592193bdaea16ddde10794c2cd1860930196ac1f608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
462401b774f6a013e3900f92aa3393f5

SHA1
8e531b322d5dfbb127ffe508cafef3278ea5a138

SHA256
025b605044f19de2e3cb58ea2b7f32fa6a96383387b52f5123d17d8248712aba

SHA512
533bc4cc4b3dfd4aedfd5b7138f0bcaaa0e9413a62fec5aa791f920959de413eb7776c8e7fa2513ad99169a57d38a31da71f277a4418e6ffbe7daa7bef1a4fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55b68e8acda5743da5831535ef83b2ba

SHA1
33e2a2989d90f8ec85ab7f09eb9ddff10c6c699b

SHA256
3a78f7181e7de70b2763293e54528230837a792a0ecbd83c05d205a721c1863f

SHA512
adc461ee85b61620dcf5ac22f0077f5e937f0b7dacfe2cf62324197b981dd824bbe4ee1e69d88c7dcf5d00ae193701be6c7d0615bb49e364d53c4afd695054a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
121d4bb1d424845271a43bf68009da58

SHA1
160e0fe50fe8d3b517af845d6953757e0a78a5ee

SHA256
9bfbea38245f5428bbc95cfc2cc57f4303109213dc1ed16a8a047e2b223cbc55

SHA512
196e52594c2ba8d156b2d6b913d895fca2f9a8bf27fac798b12ca0ec57cfe84d39ee961096382c2e363ac2b6a3154d9a7dce2ea4431d14228e8c118177fd68c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd0ccb16ed388dc3b0cd80c253e4b561

SHA1
72135fabc8ec7dad4a0f2e5648298bc6deabfdc0

SHA256
d6676ec140e44fe0d5ffa6820b679ea077f5707ac1ebfa6184cc1618a0582a6a

SHA512
a80982cabe24e1bfb2e9ee665a8dfef1801c986f60f38074f123e7b8344fff53a93304236ab7857086bfe72eabdfa01dcb938c9eec878e387cb60c65e62f0fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
903ece25f9584dfaf28e85059c483a1a

SHA1
f5648b508c1c0d08a3e97039b5e1e18ab086504f

SHA256
1d805935ebef94ed02a9f6402941d3be582a5e274904683609feec5763d03e9b

SHA512
b60cbea7e57a184e8e30210ffddb102c7a5a30ea9f6120350fcbdc37c03e2894759d001755f5ada6d221679cca3eaea72c941d0f9179b9f8bd513133409366a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
478d2d24e9d975a1f8b26bbbcf59af25

SHA1
1c752d0f30995900991e4ec3434d1ddd8c475245

SHA256
a3ec952aaf8fe6481687c732ea062a869ad061d3a5ae4005252f8ca8e378ee49

SHA512
d35defece393f048f1d15f9b7e711499787a26c8b1165229020d96fe376948058b6b7634e61491d9beaaeb47e81002f7c1a35d8effe9529f3b205a54aef3e8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33a62c05b1f69e43c62d848e4d3e39f9

SHA1
0cd2295ff057a7f787ea26ca84e494bf38a5e770

SHA256
05a87e57ff9344ee6fcb0016b1b252f6c1d701420d83484208a3fa3eb0c3a7aa

SHA512
c208ca6741070a8a809f1f84c0ac5ee6ef20e35d7bdd2fd62e70a8d9250557c0b518099da92a7732d57c8951ff3a8cba4ddd2d806e9dffeda938f834edcea395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b411cd1fe170e30376b58d838a4b2237

SHA1
e717f842a46a66a3022a8f5dfccb8564638a336a

SHA256
7b344feb8b1727dda5f6fbc84c6c87cd6f42a189e700e0ef21fff533711c52a6

SHA512
c5deb8b634123aac3d7816182de0de480a98ee5a88e0a06d2e6fe8a36e6bf4cc3c3679b4ee0e04723f34356f4f35cfd7f22eb3a957ada33934cda96da66d07f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e2db034aad70031b17b9cdcc10812ffd

SHA1
950a8057ec0a3ac6d4130566634fe0c15b1c7e20

SHA256
70c13ecb69ea546865d7aefef7d14b47d626e20444c9328ad92fd4de6e0f53c7

SHA512
7e841cf083bcd284ce83aa6b5f935e964d00ee9587bb3e115dd2426cfa789979caf5605fbb999f38dfdfe30d3e49f4efb1696adb60e775536abe73dcd2948d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
01cf81d1ee8cabcd46a9189b1e469257

SHA1
ea5e373ec1aae6b551e84634dd494a98355b62ad

SHA256
396fb6568b2968e16de01d99138979de78cee1888646c4368e7b23f490c66f7e

SHA512
70ed4c4b8d644c3ceb0213db7756863c3c8c425102f1c90f5ca85372b0c3f93059e579ab5c67b0ec46c0f4aa732ee6b7f78dc5fee81398ff11ebdb20f495446f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
650619020ef5c116f7bc618a545b4c51

SHA1
276b430826747ca4e0254fbd6b453bd1eefd712e

SHA256
d9e8a7d31bb871e81b8142e8c5a746e1e9a36623635f806679d48c5091bc778a

SHA512
93b540b47bf6eec25d4ea2fe13559e08901e0f742c878e3c4412a199d8c128b9e88320d5cba9a218b3b7795234108384a0ec5b7015b2971edeac2273f2934453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
21fe8ac0b8e1041b7323dba506d55300

SHA1
e7bc317f7fd0165b68c1278fed509589bc64ae2c

SHA256
f405e1d78a3741c902a6851bf993a222c51e8ae00de97d6290855b01409b4806

SHA512
e65b30762db9a5274fbc9a4604c3426d2da8cc7774acc1501e4da5bac863d17d2159a66989fdfb6f5d1c969c5bb9e5494b049ad320e9d0d0dff0f0fda3cec006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6ec.TMP

Filesize
372B

MD5
698146c5390b708fc32911de103f90f8

SHA1
abff83fbcd906bd4ab0cbc046bb9edf0776e2ebf

SHA256
03443c6034c2afcca38943b19c0863bc33d50e2caaf204fd343b78b6e45c732f

SHA512
1d2071c1df1b2e9ef0886d8c4f1fb4c2326b53b0bfa9f7b2eca6f3a061c235a9e3c6e905c89a0a809f28e3b2e8a0e0e46e1c26d182da399f1db5935317b18dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f00da00a5285a76d9a5c5ef8c1722da6

SHA1
e7a77608ea58df1fd5e0f4abb063a50ed499fae9

SHA256
a353e7008cbd8a5814be2f13af4385f5e5cd1e946cd88140e90499be13cb5ff6

SHA512
c7b6ff8b5caff206c90ed79c37e45178ca525b1434b9422ae1c9fab7c3333717d084afc682b5e2eea5fcb21c077c8929fbd8f5f2063e0c44e2991171745fb188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b075159505a781d00ffb53b9f809c6f8

SHA1
90c5243174ec76cb207a2727cc3497fc03bda420

SHA256
ccd39526bca29a04b0126f713b5d20db9814a0860d7294d89bb0bac0bb16939e

SHA512
10b8af3e7ab03806f30f68a483e130042474becc1d55a7f397e15a8bd9ef87db8ff3dd615ed7830e38dc3a0f45d66960e7cf77d2596acd57396d5a08d78cb579

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
9c4ee38dc80114548750d039e54e35b9

SHA1
b5e69e6e26be6301a6113e006132a9e93b63663b

SHA256
cd26d65992b4e5a5c1048a6add5f771acf2f06948aba9a26595bfc258bff453f

SHA512
60b6a13b9a59afcbaad90b4c12e923d58b90621eaa3925ead6883a821e49fd30e57b93d137b353099df37757bd9854123b4979ba7b895f9e3415ef4a1c9cb61f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
f47df0759e21d9ab596c5a0566d406d8

SHA1
c5c1bcc85290f566e70e2c311443b07f03ed38bc

SHA256
c10d32b5f55427e89ee32f7e8f8b8971ac36246b35d753c87b8a1be130be024f

SHA512
db3f60e13b6958fc87b04b080d8f5e9cb58ba3c6bb69150c7b28f87d77d339ee40096eb00f7007aa72d52233f8faa31b4210a4d53c38376c634389dca67661bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
27b020ed1f0bde8c175b07854198741f

SHA1
3bdf4c0c09459a80aefe4f2b30e5bcb5237c914e

SHA256
6c1a2955b0fe2491856f0046659c75f4be09054cf991979176da7e3b04388be8

SHA512
f785642c262a281a21bce324c263b80853a1a4e793b50508035a366cab10a563b39c8fe3ff2fc9173b325444a2741a019fce0c1eb6736cff367f7b13f54731f8

Download Submit