hxxp://example[.]com/@echo[.]%0^|%0›$^_^[.]c^md&$_›nul

Analysis

max time kernel
587s
max time network
597s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
28/06/2024, 20:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://example.com/@echo.%0^|%0›$^_^.c^md&$_›nul

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1560405787-796225086-678739705-1000\{22028DE5-037C-4A0C-9827-704E035AD95E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
2540	msedge.exe
2540	msedge.exe
1500	msedge.exe
1500	msedge.exe
656	identity_helper.exe
656	identity_helper.exe
4988	msedge.exe
4988	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2460	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 3640	2540	msedge.exe	80
PID 2540 wrote to memory of 3640	2540	msedge.exe	80
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3580	2540	msedge.exe	81
PID 2540 wrote to memory of 3616	2540	msedge.exe	82
PID 2540 wrote to memory of 3616	2540	msedge.exe	82
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83
PID 2540 wrote to memory of 2764	2540	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://example.com/@echo.%0^|%0›$^_^.c^md&$_›nul
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95b783cb8,0x7ff95b783cc8,0x7ff95b783cd8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7276 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12281804166172695834,11153208964505219246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" Quick access
1⤵
PID:4584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f717f56b5d8e2e057c440a5a81043662

SHA1
0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

SHA256
4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

SHA512
61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
196eaa9f7a574c29bd419f9d8c2d9349

SHA1
19982d15d1e2688903b0a3e53a8517ab537b68ed

SHA256
df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

SHA512
e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3712604dcec18de2edcb0216c76fe2b2

SHA1
46056e59632fe325468fb3e550e9f0a4e53c2ee4

SHA256
ffb0e3c8b87d40f40142abd2339900ddec007000ea902c4c47b2c1c770c864ea

SHA512
4fe627c8ebc7ec39ebf4f0b28e2164e78d751a0ed680f88bdbed9d02f8e4323534323f9fc8a643c28c216a86a8e04e9ddcb39cfcdb0a59773c1a36fd06aa3b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b4fef59e5317f82c7cda0335ef758be6

SHA1
bb5dd2b5c1590d4731fa86f212b9741befa9a99d

SHA256
65abb7a604ef639eed10d46b7d6bd8a27f6ca454e9769eb7716f9659ec1d58b2

SHA512
c9fdf7d1ff5b5aa90de2699941826ec6ea879e0d56897fe9ce6f8559ef2e6b0f92b13dece25d4f8564a1b00916a10896a1237854f612b8cd294ec71795268ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fba8f3811ac44fcd1adefcfbb8a7a2c2

SHA1
311ea4a0f0949b79d8092a688517fcb71c4c9330

SHA256
3faf35307932064a7e78084199aa45c7e45ffdeee66458f1cfb0b481c20efcbf

SHA512
e0a4cb47ad0b2b12e77f3ed7505babcf0b225267a21fa1687742ea1a9833f239bb58c2bf0e162974bd5d8cb6ac6fef79066325ddc228f4b1955739a1957e8b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8c3a1ac0812892fc09881d9c4e08bd07

SHA1
9af927d3fdd943c63162de78cb09590c18ed4049

SHA256
c641e6df51660cb2c72ed5d49a5fcec9f11f3cee083d5d222c98639673a81c7a

SHA512
e5543b4e352d6a6dfde5e2302c742dc4ce12f163549f81c169d264be43984e306edc0325ad43c27e4676e692b2279a73a1482d23388d20fd4b1e434d1fbc8226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b061e984fc75dbd8d788e40a1a4dd9b

SHA1
8787e23932aeb51a75e7c8bd23941f4ee2ec6fa6

SHA256
2def06299b18f33c15664d43ecd6249c6dd9ab53720ab74ec72831236eb05c32

SHA512
f146f5d7368a35b7ee8424407029638791ed78bcaead5f558dd2bc8150bd642a4f9d4b606edf806d1aff168429fb7bce70134485c3ba6f878ff01e327847e248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8badafae63b91324e5b44314f9116205

SHA1
0bcedba1ce272dee933061632a219b4d51048fdd

SHA256
06a9008721e292934c9d29499e04aa9c3c137e03187867db2c3d724373ed1f25

SHA512
50e1d4f208a49e0208a88cc0233cf56b2a1ab25ccb548a3a859203de6634234c2b00f8d132a23b7b5a2dfd9ee37521dad57f5c6957183ee6197b1a247d4b61a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
97fc5690805c89c74bfe51b35707c371

SHA1
8f57255f286c6af9635b9995d8818d0ce7a41ba1

SHA256
2739ae553ac9e2db861aa702b95c55e6c80d61441d76d73aada6eaeff98aa8cb

SHA512
ea1b3ed9ede37c9ad99d2eea1a9c769d22422bb3a6e5b2ae7f3a4b0f2067ddf00de03ac87874b4107e40e673c06cb0e1e7b7db3cb2cf7756cf99a4de7fc783df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f473c37ce545f1c0882b01e68a05cc0

SHA1
097f267a44cd47b3669eba18e4bcdd58249d2086

SHA256
8def5d09a9c76f221c2c1c4467d8de7a36adb1b079d4064511a208206a7a82a4

SHA512
b99fa42304fb038c7c51fe1d6945d5cc1c9e9cf1015816e34984a3d1adec43b87b504d3665c783f0a395350b38bacc8782d40dd8143f468f4637fa0d4c494a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec670d0c926eebc610542ea6d92277ca

SHA1
1608f89d06555854cab3d17a9920648f0c71ec47

SHA256
ba31e131e3fad26f382577aa0c7fd915471d4b9f76740a9ea65623f667af8d91

SHA512
bb1e45ebdb8c2a2e5c1e3cda892ce187ae7a047ec826de096b6e61d921ec303aa6a029e2a57958361ca424e98b0d9ea13d1e2b6d0856bedca9d5c7a1d9f4c8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
97cb14e1f7078fa7a523c4421943e557

SHA1
6c9baf92819410bc42ac9e4150abbf1204d9e5bc

SHA256
8d35e9bcaa5cb7654381b8bc3963ad38f77aaec68a8407344e66f5f76911fdb0

SHA512
c07567568360b0cbbd7d4f67e35a7ca810df54ed6ec589b952c84f9178c342ed5a2b903598da7915bc44fd1a4fa71630760359c28a4d20881209a8d4d763f2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c03176684405391bb68d5db7c87a5c2a

SHA1
9ba3e2e0af11df586a43fe1ed4734a10343199f6

SHA256
08cf3f67c1ef6127c0fb5242af64263063e78da99ba71b265b228d56ee2be090

SHA512
2f886ad35039e5dc19f94695b6a7b0a7a5de7afe56e4cd256e310c64017af14b6c564a49e483a95ef24d2c474c0a7a673f0651b507ed6176c2db227a2697ca78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bbb1de7219bae31408ab9caa8752bc2

SHA1
fcf22018666eb0698b70857e54cdf7d90b270f20

SHA256
02378cb2f0355690050335ada1a1f23086a10ae0ba6feaf50fec8405ab2bbe86

SHA512
c0a9ce13fd52dc327ad6b625136acfb9c884bf245cbd679ffde2b34fd69e6f3dce00498b42acd3b40c7ca21ab5161a6ff5c220a6a37a42f82f9d0cb3a261d6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
957e97a19c37a8a8e0cce31c25dac536

SHA1
dac0d5e70e27383df6184d953ce67f4fc4843b9c

SHA256
26b6f29d9a586334b1c8bcc7f6cfee1a39564a5498b274cb6d438bcc9526756c

SHA512
2428defef52641405aa9047e02e322dfd6957923e0265d7cb66587915136df4deaa558c7bbdb4f3fdf77138b40463e6a0dd9af57633c0d2241b4ef432b9a817e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dbe7eb2b318769304ecea8623d7e392d

SHA1
7d76b8add1e65c6c31f2955f85143cebcfbb9859

SHA256
df66d5c992a4ac5a4640d7acb369baa0dd0d07bb93fcdd41bbbca2ad5718e140

SHA512
f67ae63b85897b3b743eda20b83646a9f8a76418d637c8c1763717992699e53502432e859017112bda0c18747fb11c4a8eaa4cf8ec32c2461cc9ac01e13e489f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59068e.TMP

Filesize
1KB

MD5
085c6eaf43bcefc71e981d98e240f150

SHA1
10e9fb6ceb161d64fa98aa4262a770f393f16f8f

SHA256
d712f375fa80d5983deb60da0e092d5aa225ee8774df073e6f36847a9aa9effe

SHA512
afdfbf57b26e449dd154c7ed226a857c8d097116e5aee85cb0a350bd0783a05d04eb58d460b0389b8281be36ddf3bebc5f33e69d92cd321f4b35a7daef46854a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0626f32d5bf750cf3fdc4e221ace0ae1

SHA1
a509e49e17b06ff1df8fe6eb7a4a128dbd7e2f24

SHA256
7bdc552a83232b77baa932c25e748de2d6e9a79fd3f920258a820baa9580ba91

SHA512
9ddc4efe2acc788634754b77711fa59ed14a9cc4664516bb3fe9e608795fbbb4fee7fd8293db638397d31ff7e7d74de30ccf6cd9352711cb2e112d5e583f4b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90be74f4e52b27b61e1bcfc2e044e347

SHA1
57d8e73c919efd5b0a2983dc947aa07cb80e812c

SHA256
a0a784d0faee4bbfb035f24f789f43d50c451ede4d98c3c4b3bb91096fefa7f1

SHA512
d91225649fe886ddaad4d3a6208e7e10e5c52318b2c30cbb4a70fbee25f10f53e4cd0b9c23674623495cbf97bbf7b28e2603b98c383a42d0a73f8e0d7e24d4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a51516e0759076c213817fc025168aad

SHA1
4be40ed65a113064cdb242743dddeac09b3b1e8c

SHA256
40efa554fe68f843b81433c5e4174402b04cf74a5be5bb8efb6fea10998c56f6

SHA512
2fd4462d71b53afa77efc938a3309c1002aa786b898e627ca840f7b52c636aa134fbe3b619be0e8c624dc3fe1d603e6727ef00d3677657a25c4c14e0184a8af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
210a3e8ecfc0ca20d0e86254405f646b

SHA1
ccd59661e64042ee1762762f291aa973f80c2160

SHA256
f8185aa50011d40f2ebef439f97e298393d96eea2b41503b54502ee728cb094b

SHA512
cf5b438674eac39c4461971967e56a36115b417efcf5146cf5092c60e51a0d860eb6bba705ff9d843442e3d32678ea79728e862cb353876fcaea52c16b42ddbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit