hxxp://https%3A%2F%2Fwww[.]pornwex[.]tv%2Fvideos%2F184067%2Fmckinley-richardson-onlyfans-sextape-leaked-video-gotanynudes-com%2F&usg=AOvVaw1nJQCDP95W_K6zrJpO0My5&opi=89978449 | Triage

Resubmissions

03/07/2024, 06:25

240703-g624ha1dnb 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 06:25

Sharing

Report Analysis Logs

General

Target

http://https%3A%2F%2Fwww.pornwex.tv%2Fvideos%2F184067%2Fmckinley-richardson-onlyfans-sextape-leaked-video-gotanynudes-com%2F&usg=AOvVaw1nJQCDP95W_K6zrJpO0My5&opi=89978449

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{90954313-DC0D-4ED9-863F-A7ECE67675B4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4664	msedge.exe
4664	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5572	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 736	4664	msedge.exe	83
PID 4664 wrote to memory of 736	4664	msedge.exe	83
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4372	4664	msedge.exe	84
PID 4664 wrote to memory of 4340	4664	msedge.exe	85
PID 4664 wrote to memory of 4340	4664	msedge.exe	85
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86
PID 4664 wrote to memory of 2416	4664	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://https%3A%2F%2Fwww.pornwex.tv%2Fvideos%2F184067%2Fmckinley-richardson-onlyfans-sextape-leaked-video-gotanynudes-com%2F&usg=AOvVaw1nJQCDP95W_K6zrJpO0My5&opi=89978449
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8780378980122669596,13803656557398061790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
719KB

MD5
795a99ef8358fd8c51cedc94f47c014c

SHA1
6a16fb3fe57d74a2e872e5eafe0e26098ccc3b3a

SHA256
466a3231e0b8d496a041e18839a5781cbd65515b173025de963b940aefbd9149

SHA512
d8440bf9970951b5770886aff48b6987f2b1812e960ea4e5dba1c18bdfb981fd8f4dcfc4854623c198b46bb53f983e6c9abafecafb1cb82895d5b4daa6c8cdf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1024KB

MD5
b174e8fb395a5ffc74b59bbbfc406c17

SHA1
9d3bd2fbf7cc3bad6a8f03590930bdfe4cfc2ff8

SHA256
ed0179d407928587ea2159706c2197f2a2309077150d3af3a75dc83e6aabeabe

SHA512
57ba1a44cddd5a117ff86fa84ccfe1ede3d4dca63e248fa2a4a6c349d41f7e2ec470b78b3cac02d176e970f4b90f985966bfb232e955644198a74d1e19730da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
62KB

MD5
2d30cd655bbc91e267f4ab8d153c0d17

SHA1
47bc7798995dc55a3c88794de3a7af618323a2b7

SHA256
4f6d84a4253f38a6b4d4df134810d4127c689d76592b46e01bbda5e399ad0634

SHA512
808e9193c8e68ada48fd6c84e8a170701b1df622d6ccf3b4ee0ac9360a066627e44d97a8231135f244e4c7d1461ad403df7d2a3238b9db0dd1dcfb820cd80738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
da29e1eda06d918bedb035d713c9ea16

SHA1
aa080a50fc0a4cd99169eb62b9c55cc029166fa2

SHA256
0495066cd682e343f40b553e8c0d15bfe9d9baa9b10dd9d007076f044a414968

SHA512
043425e85c83c252eeed427c43857d19cb43505d7835ab66b5f02f098a4b78019e5e9b43d3f681944128a238e9c67e62c0b21b70c2102ee4705eb2c8e300069e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
19KB

MD5
9db75af2ae54430b2c88c452b4d66505

SHA1
805a267ffe69bc89075066761742682e32461a47

SHA256
921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33

SHA512
bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b372d683f5d3024684d4b670d012ca91

SHA1
c397b3bf49ade0091cffadac745b0e8ae6f3e356

SHA256
427b69b91dab5863ea1dffe462535b408e6f4d070a623554c9040c6b854be842

SHA512
a95b44afe81c7d376725666cc3819edb964a934cace7efef73e39d071d8e0868a79a875d16d3b9bd36cf669b27e4edf1c2c231151d2f856982493dec311dbd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1957481e998b1ef0d8d190e662f70ecf

SHA1
00eac5c281c0257f4d7672b4aeb2850340585124

SHA256
7802120f888579bd21477624af81d9cb5571ed883ad8dff9ae4c6b89ebedd025

SHA512
6d403bd8239feb1242bef7c87ed9286af1a52aed10b0ac0ab9f928ae656cd8e0ca73edab67cf59f26610eeee65e9f779fc00a9f5a09d7e1ff1e74289085bd586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a9cd486cd7a415bbc67ac1a24cbb7f18

SHA1
635c20202ce1fcc57e227b83d58ccd719bda582d

SHA256
4ae5fe1a06a6b7bab0a070c009b9a463f760aa2ead1e9f23646c5ac9ff062639

SHA512
ce1c42ae76fc98cafe7dd7d2ac01c25497e7fd9d97161352bd7c5193a965404ab4fc64498c2c929c27f5e6d757547650a3a2e74bd37b1c509147916dc8441f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
feef1a8c6b214c141fc746023d53aea1

SHA1
82669fb70fe0f1322674ee6025433d57e14476a4

SHA256
061a831e4d92ea146804b2e4c9586225bb0b2da9f23fcff2675d990c940d1c9a

SHA512
e2d8398760147af1c835ad3bca3f1e82196270f0d99ee400b077c44c884edcf91b82474731eb410a64a5e1292574bec5c2e88a65ccd715a24b47ee5a250d3c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d041977804f17125b34bf003771ccbb0

SHA1
a4994c3d53a9e2c92a705ceda41750b99209465c

SHA256
d6c31690c47750df84d1c928e0ede6f64c9d771b6daff89850e0b72053389c51

SHA512
04df9fdc14745b138253e300f33929315d8024e39e257e28ea0e16fa54e70ccf2ae7947abdcf2a384761af1b551863ac5b0a66999ee576eee15971050ecd99c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3ee29413580da3a344809bf71236c57e

SHA1
663b7dcbe6dd7af3961f98f6b520cfbe14a1315c

SHA256
179e5c216bfc700e4f517bfc70aa14a83e0ab4843c8c9a02d4a06ac5de82168e

SHA512
7ec3c54caf09b431e1743338c66b0ec557cb4aeec7d4c4236032a4327a5b79696d87fb49d001e7d693d9fbfab91e59247f40bc8d19733f96191dbc4028e25208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65c9c4882b3c7961099fc4ff4c137a54

SHA1
e5a8a8681d3734e79acc36a70622ed13dac618cc

SHA256
2cda4ab3c1ccfb2563d778959eb2717a5cfe970ee77dc3285443686880021e83

SHA512
29e4a034b04ed2a6254b99297125cde24594b4650d824ca3516319e7c7e7c31db3e815d85df014176500acd9b5b907a90a2912da2b74942dc1ef583839b38ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
47749186b547dd5b932d0fea28e44fc8

SHA1
fd6331cc7b42c6c28dd4336c3d584cdd0bf91454

SHA256
43b8de1e48202c1b1aae93e30c2c01c3608142fd60cf98502b73cc49d4354c2e

SHA512
4785d5f226bcf4f8a446db91bba22b656ae6b7f3218035e5941a5404dbb55550fc3ef8919402708f90ef1272cd0aa8a7ee572535e14575370747761f385f16ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a75597d3c69615fe0ffc203528c3eafe

SHA1
dcd5e3d6f9c1d7027641c69a105c9c10eef4ee90

SHA256
66167cddb9515a5e495afd2e47239a68f0e11c58a892edc1edef70855ae1c966

SHA512
cab977271deaa6b58ae89e08adc065d2685593f17f71408bc2e9b4c38326edd219be9057fe55c49c39e666394d41976bb58e42267c809d9d1833fb9b0ee6fa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7208ca2cb70d4dd7728a337f285d67b

SHA1
7cd982b7fe20768ae900f73451b3d25fc0ebfb7c

SHA256
e63b7b6d1d91f3c83450524eebc0657002bfa2934c971df351036d9f7afe691c

SHA512
2df456cd561bdfae93766b0610bf849b83a5ef10500d90917bc11a0fff8330b7082be3dc580b2a921083e7583d9f0ce8c8e1de02eadd50656882dbeb2a014f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fa2f05623d77940489720ea4eab9e156

SHA1
99265d1766a7870e40338b2f815e7274c764777b

SHA256
585c5da811b08916bf796ac1ce3a4b71b15c3d8b1c18992b4cf83b750e0e384c

SHA512
3d995e34921268be7efdce494868d692f7847337596bb03270a76511d67b1a06388520d5a90973c04f11d50585d36f6be99bbef2a305e385c06cbf64e303ef5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
66f79bf94e4498febf9a1e02422f2f79

SHA1
4348ba26629b1c4651370d16152f6bcf72393003

SHA256
bb5b9a75d7a5ee63f01ddc0fc1c6714c84b3255dbd43f4f0263eb7bc2047871d

SHA512
84dcab1e0a9a4ea414051ab560454ff56e0089551c6874836d737f951313db35902018bec389c992b3fd50cd3ddc6a37b7b65c4693581f31b0a3cb3289300f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7698989e92defc26c05b6606af020518

SHA1
71b139604da43a9b21f075644f1c61352b98e6b5

SHA256
9cf66cb3196bb69b9b8c18e5d791cecdee86941fd8ac4dfe935ed628ccaea1df

SHA512
9522adb44c5374e4ead3c39e5e947f01b72eadc6dd09ca1aee1aaf93b4e10deb7017f71b2410962222c7354c5f57ba80b037b19f913c656960e352c5ff73b09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7c4524723ab55da04086034d78819a8

SHA1
316b7acb0f1d61b8714718d5b63b8af4708781e2

SHA256
68c92c272298b403f37ec6a4d7ad29d3ffb42ea421517953f9168f7b872472ab

SHA512
5ce1ededa570cd13c5e3850a82cfc24dd58597fbcbdd4e530b89bdac77f80d10b4e6c4f754af12b9671aebe4e5ced2bcff60120460eeca64b893d47292ece879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d72ff59d22e14b60d1b1dd6266cf5615

SHA1
c0985ad7ce340d768fcab502a896bb856ff22c7d

SHA256
16bda7bde7aec55ede533d0f92beec0d596aed7febde2f8b211d1ccf6be0d275

SHA512
0e07e344c2040efc61b483cc9887235965920039275591c80878b89e04fd248d9eca3c1b76066ed9a424efca95e7139d10126f2a9e012f35ed469a0cbdff0de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b89d.TMP

Filesize
874B

MD5
296ad2e176e622db1a4050c6136dd3c7

SHA1
da2ab8635598dafeda4eef82ef9f0aa466ce9eaa

SHA256
2e8d704bd10e47d737ffa1b9af39131f16b15288ffee6673ff827cd695bf0bbf

SHA512
d108c9544d5a7f03569f7600f620dd15fa19eff99989ef614d4e3718bff0304b7529068c4b606f3141c80019c89fdd12cb4c7bf0fec77d319994e4c17b260b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f00d81d6-36b0-43d4-8298-173c559d0fe5.tmp

Filesize
6KB

MD5
2b2ee9469f26bfee6b46658621f74558

SHA1
47d596124c9a5ba8c1bd2fc2afc2d4d167f7415f

SHA256
c34f690d10301886584de492b61b499614e43e2f3e441fbff5b460236efea54a

SHA512
dd901ee21125a80cbb21c690b4608edb90eb3a5e2d68ed2913e76b08ed72521210faa49b1516df756e439bf1187cdea25cc47f3720f86afa445322d97eaac7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9f42480afa75011acf1fe90c491d7b3b

SHA1
295cc5402f451a05aa40f8eb28e937b19526db82

SHA256
fce98728e7c72642044302b5f6d89b57b633b32f3ce7a24616a76b0b409bff99

SHA512
28cbf86c97099e2cdf85faed68d48f681d6a1acfa49509e8140e28e24fe33e140bb311c496d034eb3b2c485d2d7cb689c747be13a8e84177793dba6f25d55651

Download Submit