hxxp://Google[.]com

Analysis

max time kernel
1199s
max time network
1196s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{EE46CEAC-C25A-4869-B75D-B02CCF4C70EF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
4196	msedge.exe
4196	msedge.exe
4352	identity_helper.exe
4352	identity_helper.exe
628	msedge.exe
628	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1136	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1136	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4680	4196	msedge.exe	81
PID 4196 wrote to memory of 4680	4196	msedge.exe	81
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 4624	4196	msedge.exe	82
PID 4196 wrote to memory of 1972	4196	msedge.exe	83
PID 4196 wrote to memory of 1972	4196	msedge.exe	83
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84
PID 4196 wrote to memory of 2900	4196	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a47946f8,0x7ff8a4794708,0x7ff8a4794718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6530317642463462021,18380331545675931026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
41KB

MD5
ff76bac65a1292f7447722b8ad2c77bf

SHA1
1b6b083fba7e0596853b974044cc8598a471207e

SHA256
42655456a18cb0278afca6316c8fa963d6a888e47dae7e246d682e75a46fc457

SHA512
05525f57a55cce7e0a2f492be2ffeda86880c03248ea99ba2ad48553a1dd70b531d53b959a011c82442ca1a1612eabaccf871442c5868317e6bbdbad3451d716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.2MB

MD5
e9260f3d081cf9a5d5c7551fbdc3d234

SHA1
0cc5b721c02dab3301207880871fc97e004c3b88

SHA256
81b05795af8af16e41a86d022730747b7b59a8e96951ec3053f34f91d66cae4e

SHA512
d4445200865a3636e814fcddd9ea21dfdbed943deb68a12279d715879693921e94ca8dd8570853bbed657f47cc8d034f931f500b3591a2001185d9be45bd109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
2448f641fbbbdd88f0606efa966b052e

SHA1
25825aef444654fdc036bb425f79fd1c6fc6916e

SHA256
03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02

SHA512
d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
18KB

MD5
8fb73290f8de2aa44b658ed61da0c484

SHA1
4f5a9bd55474984aaef2d6778591fd34da606d38

SHA256
e8b34e9481bfd8fef04225ab7e33b8a71995d2702cb1d8dd207c060578b2550f

SHA512
18443ddacdec8933fc86c52d656bceec7aa4c505b3ce3ad9b92fcfc83381cc3555e236bb8908ff2a0418f5a7ba00f8632a302be53b8f9d0f961fa0d4d53c82cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
18KB

MD5
bd0ccf5d3c9ec36419143cfdc355955a

SHA1
b2cdb5cc178e898c767597114741b02222512a47

SHA256
9261aebbd7b7e148c3dfe9f886ab2b129236e3892b9a98c4b9a2f0be3b1e1bff

SHA512
cd0945d5e341692fd585c202fa5c0659c4c420060a45199b3d4afe8d87473245bfc0706f5940bd1c596789d92a6f460e0445446df0f391732a280e7a0a2450f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
106KB

MD5
0eebaec35806faaa31319db90cd8c058

SHA1
4588b226383eebc00f107f452d92f767fc087352

SHA256
f9b8a92dab151ccd538aa4792cda492164525061257a05129745d3d6110dc818

SHA512
9755afea7bb286d0d0cc0cff9a491767204f8fbe1314d46e2d220e5088f8efca1a9fd1cd8be75bc0a5701b8870d12bf0067cebc0a3df0886274afe5c4053da63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
41f5dd6bc2b2f5d4caae06ae75116036

SHA1
80cd8d019fd957eb645f3946cdffb1a757115ca0

SHA256
9bbc354ed07c477a4a8abdcfd64687da5d77002e6f38f6694108a15ce86f5a35

SHA512
2a66f0d9bb806c881cd72f3a4ce45260779612faddbb637239ab8415c87deeea22479b9488e829e0517d59544791e97918d01fffacf1f0d6e80f1acb37bdcd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
19KB

MD5
08cd6dca517db570e524f6892bd59c9b

SHA1
18f9fa190b5789b1d76e787b09557bc845d9ce2f

SHA256
8af86347965e76e7bb9b9dfb5ccda23eda1dee282de58e8b8c20173fc702b4a8

SHA512
61d9d198a5abbe2f0d8435050801a814bafce7cb8d7f77cd2c625c3121ffc46a6897e3c04fb7f90117b9227dca40195073cf40a114e4dcc4403d0c6a9d365683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
17KB

MD5
3ebebdf6a5568a0d4b3fd77ab6d9dc8f

SHA1
3acaecab7e98576d4e7af4ff27bd6f55e88162b8

SHA256
d3b4a5ff0ba41633cb4f41c3a6d56cf40ddfa2e0e48ec6f774a3e715eb2f9cad

SHA512
36fdb34d4bdbea1acd203b4b21203e49d9503aa680a91bccec79bdc671f7fe4a95ba8a1e8a3237d37c7ed3e2671ebf1c3e3a234a3eb23f16ace014f58eebe5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
20KB

MD5
a32bf0f94b1f2fe4a9fbd700563fb1c0

SHA1
bb206b64b583f93ccb0decd0b8a696904673bb42

SHA256
0ab94ffa0561f2ddbc0106d914bbc503b5296535c55ddee325c3168a3404e618

SHA512
a319e1f832f86bdb5c6521230da797b9ed6443c9f9172382413ccbdbbbafeb93b16e148c773cd8f4c53d5bae41350241e352a6f442f8f80c389d78eb946af9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
16KB

MD5
4142de1cf8a638a5d4a7a45f92d799e0

SHA1
52cdbbfde416c0aeab1945afb3edd0c915e68154

SHA256
d85828f2ade3b7c412a0ad530a648f34ba42da8c0d5b92bc81557be3fa0e3d5b

SHA512
babce98e625dcdd2f1dcb3f51cce5389e4b86b2e855cb7fd9c42144c0055ddb500680dbe860aeccae8e79cb5f2cd45b18a857ae42f0c0e8f6d963a12c64f2823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
16KB

MD5
81dcc1a6bf85c4a659a490285f3f137d

SHA1
d87709236070b5c92b604e05d2cbcfb0769912f2

SHA256
fc5991f7dc4880deeb756f7091a21fdb4bb5cea3836969aaa3e2d835661bc4e8

SHA512
03011f11aa9f916d7274b6259ff0a370234c10752643309c6332e210dbe08167564d9bcb5c12c05dc6980ee88ca060499202d2692d5b58093c64ffd86708e3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
19KB

MD5
606e3813712d23afdceb403ccea4cd59

SHA1
61fe83a032a1bdcb7a427a277acc9f6b4cb2b9e9

SHA256
f6326e5354e711f0730e5608e0222c3f8231416d53e55534fc497af3c26d2c2d

SHA512
d1a5b028263976743ebcec60ddd0380db3844464f772458da37abaf5096e9643fc0ea1f3ea048eaf025362f66e7c76c05123aa879859eceecf8982d542ddf601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
20KB

MD5
91e9965f54ded7af916cbb97df3ecf37

SHA1
99e5d21c508ddbd328aee1cd076fc374ae1732c6

SHA256
9460b8302e5c6e718304e8ac0d3b0a3b1400bdbe0ee59c541d8c85b4b7dae6df

SHA512
d826cd6004feefde57887c5dc7cf3028c02cf041b1a228773fa7272196994796b6bb3ff5ab28f4f6f026c177b8748738a55c6b23be72522e0833ea9489acc887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
18KB

MD5
449b628eb8364fe66039e7127218bcc5

SHA1
86cf1ffba4b7a76722f5b86cd8e5fa53bc964e0a

SHA256
dac66faf6e28e61e14624bca5ca19c9120c2593ab128bf64fcb061b514f0dda2

SHA512
afa3f0f3f40038c4913a3116f769c7ee0d3921a571ef9ffe734f190173017991b94d149e5e0af82ff797cd0288114262a64f82233fdb759d9b7d4d400f8e5bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
16KB

MD5
2fee921c836c59fb7c533f87f5ab9562

SHA1
db2ee05d2ecef04342f4faab28e161ec638ea6dd

SHA256
8efd6b0d5ca12806e9013597748460957b4c602f8f180e1da2f0f5d8f6578082

SHA512
5a30ec26e740601ffa8d89cc8d55989b5fed8de2a511798c5bae05f9a9d35683d5d423ef9114dc083f616ef8549cd133a800afce360fb77002cfcda138639d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
16KB

MD5
042a0a2b3bde3341f367615fcdc650b1

SHA1
8542f72c228fd0f177a8370a321ab7db290c7277

SHA256
2a753e7239516be7d3e719992503096d14acf90362b1bf81ea646319a55bfe0a

SHA512
513b5f558d38984815964138f05efc10c861a409e1b2c08fec572f45542460eaa1bae602258412128470523e6fb1999eede1fe346e2fd2cdb36c8e117f3e9080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
23KB

MD5
1e7625236f2e9cafcfe0e89b1e29ec06

SHA1
9dc9056b7b4645537b300157e7c1499be614be6d

SHA256
1247080c5850aaf5531fdad547743fb9c071725d115c0952266b40c91e4b77fc

SHA512
7887f8a798a161abb2833fa7e93c1d88809ecb9f57855a5f81c871ebd7a3ed98770cb3a5829158597e5824daf19b0956af60ff4055eba7101af2dc1b062794d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
17KB

MD5
8e3ac99225dae80d91c6c93b205ec355

SHA1
5fcbd0928db440e439ca7dfd57845428d6d871d3

SHA256
570b9dc24c345dfa6f958c0694f2e3055b0cdd702013b0ae8970d34feffbfe73

SHA512
df9164bfcc0ce882ea3b7771d83568c6505cc98142288bf263056ee3815fd29564be942cecc1ffd235c1f3639149b90cc15e28cdefd2ad4cfee0a0cd4ebbc62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
17KB

MD5
00fd5114b7dc711a44aef2c52979cc05

SHA1
0f2948214cd483734f150bc407c3a43c8ceaf83f

SHA256
d77e3b80472837f93883af21e1c6fbbcddcdc6893bd4e94722419ff582f63130

SHA512
f06b0069ce21ee3c527d5b37b38378d1079fae69bc338e73b5c83ecf90c8fd05130caa92d69500572017b00e1aaca98b31d51018083d8ad6c6ea33cac972cb55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
22KB

MD5
cf1f1637c1ec4fc8e5ccee85846707b9

SHA1
3a6f315e8dee46ceb57df10b639b04bf4a54b64d

SHA256
0525d472ae12c8c40331673f2a9cb5103033aaa3740111dce96544b295b6c7aa

SHA512
e461c600c514d427efe6166a7ed0398fef62e07c1d5c27de6a22fa63553d48f9e21d9825d7eb9f14d5a1bbddcb707aded756031e9525cc98128c13fafcdc6999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
27KB

MD5
9a5fba882ec24816dc32f3a0de2ec9a2

SHA1
d564c2069f8983c2a3cc464f5bca503f6142e4bf

SHA256
d991cf924e184efc585d58fe53fe9e25771a79f3d913ca57da61930aec9de9ea

SHA512
01c01ae5d0b5781596f78d0ad996b5a70d770f5d2e9f53b5af53875550ede40723d5bf7fba5f791eaf9acbf7a48a58907e176d7c390f932aff45ea1d6db44541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
b1a580b102d2beb3a160c171464fac71

SHA1
6c5cc1fdec9aaa85c14c813b1dc46878eefde0be

SHA256
b05766046d62a1b9fe438e5432014a0096f080b6e0f2deab58e3e1b4f3bded0d

SHA512
75ee95c958b90d2979565bc35383d33fffc9f1ba0445534b83040aaae22eec56d822c35dc7abbe7b309f034c82ce2964503b3685e2b4c4ebbe38c6b43a2948f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
aaa2e8ee5957ead1f91675eece58a4a8

SHA1
c29820441440bfd6d0d3cb0d8a1807940121fd42

SHA256
7d849651ac9b0b861f431b9667b636d74d2f627e59818df3da0d3162de44af1e

SHA512
6a20c4fa0892fe4dd7de4388e1a3d6d1f88d2a884ef8e59a3bb18ba1686951b4e03303bbf9737433e6c37f3d2fe07e9b3716612ffd887f01c318c179e428b853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
244f3612debc752020b4b28293e524a0

SHA1
ef7911f8a77fa0f12f8435f2bc32b119eceaf6eb

SHA256
7d71327d88ab05125972bfe2bb686f9470e71e6df9d37c0cd94fd789b42e33a7

SHA512
3c9896ae85d298780ed0e4970ce53c21dba03cbc82ff529aa3e473874fb7eec64b63a6767bbc0c050ce075887e70aafc4d085ed1e64691b199c5e66f838d6218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0

Filesize
2KB

MD5
4d640d9c7a7382c0853763216d206ffe

SHA1
43b6b4abe9e3ed5e0b6ec8dbf065ccdb63c3c18b

SHA256
b25f6be8dec471554c4e96a753ffc6d179cccbc7d3f7524dac6ef4f5e18416ff

SHA512
c8aa89858edaf07671459b608aebc4a546f0030ddd29b61143fc24e90826dc762be1fee8d44dce04c201c316adf2ffa6bc85d1455667bf40e74a5a23c46f231a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
c9634b63d3ef8ab6bca21f701bf9e42f

SHA1
f3f7fd3a1e5ab5dcf4c2c11488ba3cefd8e70fba

SHA256
3c53174acd6c2767891350c8da6e9143777f29b8a0340170b3e90a6589cbf9c5

SHA512
fe58abd5c8939222fa6b9fe096f1f7808260751222eaf22ca49baec1fb430520d4c1d2497e2f7814881de6593176aa65830905233a70e2b38614d19bdb82d2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
918749c77d485e13d04db4d19fd06cf7

SHA1
ad06ef587b1295e08837d2ae8d93a96c860d8246

SHA256
7c50a3170f8e5f8a887812a99f2c37da2b4eb1c1bfad688883ace0591d93c8f1

SHA512
24fdddfbe10e7befb0c5074ba971927e324ac8fd1c5f608530f20f9208eb82460eee9ed19be9ef80a30026b5ec94ec5c7ff7ac8e50b3e75b65be48ec1a6ae314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2811c9c8add6ad972f69fbdd9cd5c0d8

SHA1
9e16472a157a86b2065ed5043dda64565f53bbd9

SHA256
e80f55ce1622972eefaeadef8383ab24f545ecea662a2f57183545f916cd053c

SHA512
b5ac5cdf6feae0ecaa6cb828329d0203434302a593d86e05c10d704690adf2329d519a29f8b7826c9a43361b02f524af8944a36d241bfaad905603b5fe07b3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83eff663536182f0fccb760ce19bf4b1

SHA1
aeb3c04758d8f2081b0d36ec0a01315f6dbbbbba

SHA256
8f837f05a697aed0e8a3fdf360c65cce645e036666ef626831a3be20d4cf9679

SHA512
25b6c0e8f41c85a0415393aa7bc9c915f40f7221d5bc3f91f2a4d1553136e3260e59bdc49c67a5985b78c1592e93befc733969c6fa9b26539776de8d69222ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7fe9f42352e654f2e9320384a2a751c0

SHA1
f598cb20cfe28133f57116bcedea3c6f6526fb62

SHA256
be6c7c2a06e61d83ef9debe8a4cc90816af24441a0869f5a0df5881359cb79cc

SHA512
89a855d37c72ed1532e58b311b558192fffdcafefbb5b77f355c688db36a30c5ca1e12dca663e453e405282b41edfa1816851895923f1b54fc36868c4b7a558d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
164634110b159046de9392d685a06282

SHA1
c3042c943426d5e4a3a8149546d36706a8512bb0

SHA256
565947d262c9d62d5f5c6973367bf18c8b7cb8e9d03bc22ee3020306471ffcbb

SHA512
4e0111d3c78afa756521d061da70d5fac61e478e9cba373388c7b03f4c527e79b54d739a57f6df20ea6789e72a96586021ae41f9fb5480c5de461800e75c3a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8008b00c4f3e338dfdaa07cb5a698b50

SHA1
58b6316cbe8922a51f4b54bfd15dd8921070dc3b

SHA256
41bd9cb0bccff7f34bded31bf7a88cc4f522de1310b3dcf8a7e525641a9e403c

SHA512
3f7c451675fcfef33237ec0acfa0a6e81421cbad7d4be9791acc8c8d19e0e0ad8da9b9f568c570a0f44e2776f3c03798423429080a23f9b5505e83ee43e3c47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fcf75fd3a6ddb7b760ab51ca0a4c8d5a

SHA1
f61395d25819f446e5e1d22671d4e60556e97546

SHA256
159b855f91ee3b434963492204e2298bad4bbcdcc50e5471c35721e4705c151a

SHA512
2bd64e5a01bba94eb3335fc3c0b697864295cbab5e66ad2f85aed5ccc0e29c53af17a0073241e5f50492fa0d7e380d713ea7a0cad55c2f0ea01f510b8128025c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d60716824cba9fa8fa6cd634ae3c878

SHA1
3615e4477509d644e1f4a73ca1d59154b7a7d13c

SHA256
0ae53d69fe6d7868c1408ca02c29feb12a077747ecc1fad70cdd6d7018829ecc

SHA512
953fd1d2b167787a6aa287327ef97aa92901435571fd4b80ff2d9a1b267c8d4f84eb8fcb05cb5223f0dd6236599441adba9d20675315a749e0028c5e83720c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fec7969df7fb2e6e30085e94ad0cef95

SHA1
a8f3856fd5544088c847709d66ac54b93370d84d

SHA256
6417ac68143d3b9284161b95f9726fae889879b300c5f2003345c4bd1d80f69b

SHA512
f5e9527c60565c2160f4cd7a32647db00259457c59424683ef6faadef1f109a3a122ae167e40e8cbf7246cee6740aad8eb130993a9d3a0cba5789bb69a7a8bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecfe87774c8cbdc6858f8082a39ec752

SHA1
c1fac5c4b55c4ba96841d4424f4c61d6e0852876

SHA256
c56c9ad538f193f81c59b688db8609ac6e9b411e57de8dde720ec39644736cbd

SHA512
48ce0b46f38430df31fc61ecca9e9f2b69001a236ac773db45f5c91c31407652c01a9e48461db416024ac665409226c842eaf9db359a45f32afa0c679f4d2ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8244f9dd5739fa09dfc21645a40f41bf

SHA1
74b30b03347db688eb834d4f297ee037ffac0102

SHA256
f6c73a231bfefe345b5a1b6428a0e3148427db837a447b81035688d984e2c59c

SHA512
abd64d816cd213adfa6e0dd5c1ee057dc4ecee9506800754de4f90d7aa5079d0c022efde4ed0de6b5d0121c667544141b6270034683ba20e4eb9287df31d6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a86b9fe1c8124a6b319d6b1d57f901e3

SHA1
91c7ccefa0f11f007069b9e9d702455542f9cb72

SHA256
0d77a7d80d2c95a9480aab623b4c0b95be6d964857c1eb7ef1fae8483a8f1d59

SHA512
2143cd6d26f52a7c86ac17303920bd4269e0c2a941838c598854804eb25ce758be89c63d9812782a72fda25e30b4454e5e58b8015fcd3b302f87c6f5078313c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
84e27c9b473fc9dfe8e086aef091831a

SHA1
948d6ba36ea46cce30e2f57c78fad51ada0b628b

SHA256
bdb5db8d097f5761cb86d86cd8dadcfb37da882f856b6a5190889404bbc9f7d5

SHA512
669c8e4d8d58bf301e56ab377e54fa790844399c06fdf3230d4d5829f83fe97e1ee241adc97660b0eda303aa0a60b5ebaa4d99a815109bf003c9dfa5a4e3faab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57224971c254f55c0c639d64788a2a62

SHA1
a4ab5686bee815d500c66cf10057ff21ebe8d44d

SHA256
0767e9c8395ba20b0eec43adf58d247ed70addacc3c39b819ed54f93b1f3284c

SHA512
73963c0a829fdcaf36847094c8a46371a6da7ae6579d836465a70653f0e39e2a1ae01c7586759ab5c8c51feba5147b4e9924692efee486e469271b6ce1c5557a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23e4898969b9ad392b86bc523fa52467

SHA1
ac877bf8201fa477749b8da6329b3cc99ceffcee

SHA256
799663871622b7ce556ebb6bd6099cf0bb6fb9bd88c779607dba2a390332811e

SHA512
f2f601e20e7a1f9fc210bffa7535e94e9b140affe11d9f113867eeaa67035adbb164acbdf983c489fe5869c01195291de5b754511a8d2289069801c29a058535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b21bdebc62cef5605f85d49fb4ee3050

SHA1
a6d71fff8872606d3f0e13aab057037ae485c01a

SHA256
8b81cc026713e2458a62b9a78f955ca86f5fa8d916b30e6b6d23f6404beb37ed

SHA512
1cb9fc4a2ec88b67cf2f3de5c2d666ce9ef7b2cc6ac7eb137ef73a7de39c5e008debcf397b92c370db9b13e98bccd25faa8fdfd50e0b8e93a085343262895041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbf128d5e99a0ce99ac2f21248c1afd0

SHA1
74bf6b0eea36964e90a83cb48ebae4cacc878ced

SHA256
da00e429abc982fff32e0a5c72dea36442a63e736ccefc34379b4c54a802f18d

SHA512
cf2d7ee12323bd60abce5d5a447c093d21df9b3a2cb3433327598e7adbba110b08a463fbea16a5284cd5498aeaf37ba9307fa4bcd72ce0170a3f1fd1edc8ea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5994e97e913893486887a8bfaa9d38f3

SHA1
10bdbe79666b2806b7a088b16e2e7dd652b19d2b

SHA256
49ef8934479a7604a8d3341f05b6deb2f6634b40f8dddbb9b59a346ed05ded60

SHA512
147b73207b54e64d71991b7bc8ad715adfda34ba41a20283f423999e8f0f04f8bddfd20f609bd12a342426c191dc65edecee03b7a6f84956f48b876e0bbf7bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42c5e61cae9f1bfbb3565d0f3bd41d70

SHA1
9d05b5920b62bd09cba7da06ffe8a8f60721eae8

SHA256
e289d0c12ca72614dbfde80e2a849b7ccc0acb7ff8f8348ef74bce5ad1466084

SHA512
bd43c39c5d4aade3a9218ee74a790d3506aa71f504561e212043b05a2692b55c54d8be23b51276e6ffb5335270b026445fd1bdfe7253a9a967fd34a74a4104c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2be222fec4631b7245ab0a9bf0dd83af

SHA1
cd0b0e762f94e330d540d8404a866072d64c0697

SHA256
696c37a56e6e764a7666b3f3a92b03ed4f252fead52e03aa1e28ce6555e40d1a

SHA512
96c98eab4c094b653471ae7ed5b091507ee9008104c8398a8063d1c0eb23dedcc162595600ae4e1ba5abd12d70ce798f67fcf073a233d23981f6c0da22ff8491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e855802d14e737b58f9804a1f4595f76

SHA1
139850317e53800dd75db0ec1fcb872fd07f7153

SHA256
7b1b3cdee01cde0758ae81a0ba522008f11db6b675b022ba86d5602238dc724c

SHA512
3be1090a073ad9ba47c59cd826c1968f43784536472e5a25f54a804b5a0f958e4d3d60018e6c7ce91abfe804b19849ac8d1fe055a5e3e034f66ae8430dadb8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57978d.TMP

Filesize
539B

MD5
e46bd95ceb9bbfaf8fbb9886dbece5d7

SHA1
62c65677d4e1bb224e0062a3e833583c03ad31f4

SHA256
ff2c552f47c62014cdc6e8b320c769a3232292b9ab1083503ee8c86851f190f9

SHA512
7c8ddc981af6cce4bf8242b60f630abf1cd2d7d3bd19f83a9d9297a41192edb56d0f157ce5058189cf11b3f89a230fdae6f85c6b25733601746a74b6e5d350a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
23ea27b7a050279a0f4191b8a32fa5b7

SHA1
a95615271a529d14e45322f8206f4216dfd3eb9b

SHA256
3998cb1d1bf64ca89294ec54ab565d1e717b5531a30f81ef0615de0e6133c36e

SHA512
9cc780f5e4bcefa9e9f5f251adf3921598989a2c0e76c9fcce370815106323576e221709151280cbe9fe9f099b94a488bba914dff7fdd9a3d1ede0e02a3293d0

Download Submit