hxxp://is[.]gd/hXkd9r

Resubmissions

17/07/2024, 08:17

240717-j61xjsvhjh 1

17/07/2024, 06:25

17/07/2024, 05:35

14/07/2024, 14:36

14/07/2024, 14:35

14/07/2024, 14:32

14/07/2024, 14:27

Analysis

max time kernel
967s
max time network
968s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://is.gd/hXkd9r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{763A01DB-C591-44D0-B167-6A08FB136972}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
3500	msedge.exe
3500	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
3608	msedge.exe
3608	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1216	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 3984	3500	msedge.exe	85
PID 3500 wrote to memory of 3984	3500	msedge.exe	85
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 1932	3500	msedge.exe	86
PID 3500 wrote to memory of 2700	3500	msedge.exe	87
PID 3500 wrote to memory of 2700	3500	msedge.exe	87
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88
PID 3500 wrote to memory of 2180	3500	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://is.gd/hXkd9r
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8f9d46f8,0x7ffc8f9d4708,0x7ffc8f9d4718
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10238350079470652075,5543690313690074038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
9d3881d3c9400536a0b3d78c867ab8be

SHA1
8544210a4e0bb56e91b98a7615e0144432fa4a06

SHA256
147e0558bde7300e6fadc9284009077a4cd6794ef77d909e502510b23e69f7bc

SHA512
2c5a1665e3c3c459b9917944009b1c9027912e7876618cf584eaf9e72040494cc547aa232c925032e7d9a461e95590d1c2cce9f8b1560fcfb714bd69f731b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
c71e53854f68266b9b7f2151cfcc5c32

SHA1
356fa2aa7d9a8c7585d846fadde297d33166ecd6

SHA256
ba4913f000f60e3762611198396ef0bf07204cb4381a74d83328e6369eaf39b5

SHA512
d261f7efb5490d0e9e11517d1e96d8d090bb0a64584565afe335ab9becb54f399e5eea088156c999004b771f4cabaa107256822bc1c4085194a35744d7915270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f3dad221247863007550f6b4a80b2cb

SHA1
c00a6932250c692eda4506762a9427d22d1bff76

SHA256
bfc90c8df7080640deef812b44668d4d17f6bbe990d05263bbdfd3bb76f10730

SHA512
2fc56b0975b2a23eccd13e46f7623845f7280d23d75172fa2c35a6c8f386cb68cba87b33dea256c26a10a10a4651a16af0df7cadcc582c72c5b78c5f362e0e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2420f455bf8a1f6874dd4cb5ba4aff91

SHA1
670b968107f0bde0ec8b2d65378020e5b36ba638

SHA256
e98140af4ecc1a26da7d95c49195aef0090c156686ff31a03bca3933edf4816e

SHA512
1d1bc49c574412590c9ee42b3fcacba357267d4fd4b53912a7e8d725c4e308678c7f5b075b43b6020a6fafb6afb999de8a4ed52315b637a4a512c56397194f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a6be5975fe60c5e345a3812710f065d1

SHA1
f12d435ef5dc11aa680b01f2ad8820238fe81dd4

SHA256
494eb520bd7d64bb0b221d5227690554fe98f5d1e955d00b5b3f4988d70e5955

SHA512
fffd37d4ff38e963205bb52de2e649c1f0ea295cd1631495b8e0f83544575bbd88cebf4490fc84c597bf91bdb78ce9db4eebd01b518dac5706063b2946890033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d41f8d689e57fa1124761656692dbde5

SHA1
db8443c2ea3320d928f6827c8e5d650b641c3674

SHA256
c7022d53ab444ea5862b4dbcda1df00a55957388d7fcae14e84e80eca680202a

SHA512
ba4bdc6ada77e7f6987a5d6a91e8875fa08ecc1e1ee572016b75cd6f956cb6b078ece3bf5fece17881622eab5d909ff7da89e275bcff9edefd5903c48dd04121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40cbc60f4a0d4949e37ce584c366203d

SHA1
1ed73e3659a97a16c223991786d65927fdaf1a48

SHA256
1a13b5f8126a348238f151b693488b197d169aa4a4387aeb7ebb45a70bbcffe1

SHA512
3033ecca9cc066cd9ddff48b41eb49ba2759b04dad26a46599e4415b0ae44f8142bb20ea6f9e11bd8782dd518cc53ac208749274c368a89c680d8346bc5832b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5c1ca4879e26da573b90090437681544

SHA1
bd5fee8b021ae79bc47496d7b8666f8a4f0798dc

SHA256
31f44794c08e3f6caf868386a954976540b15dddd675a8223719c3ac8bff73a0

SHA512
ff217791421978150d40ec7e1afa59b1f687931267f0aa6449df68c32a51f9afac4fe2bf8cc22ef5105879c06b157e46f5a2d3f976ef64a74a4ede1c21215f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fc2433fc0652f5d49a07fe6128f4fbc9

SHA1
9f750f35af87fdb87800a3fb19190f18c627b81e

SHA256
aa29c90fb5a76ee663a56811baae861fe58e51cc8f553f0c99b4802f0a7fb0a6

SHA512
fa71dc50e02b7259f00db08f50e190eccadeb49f6f643978db3aa8359bae4b1e15b44956fc4b61908698440a5cdd7a7e24caf4f3460b79cd79425dd756f4b8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b37f66da2d7638e4c0fe5fba3ded2f5

SHA1
68308cca391fdeb08af0cc75cbed674838b87989

SHA256
bb25ba1a143b0273b269e75c970219a780cf04bcd5fb0d8b5e79f7f49c35ce52

SHA512
73a18eace6599b1298e6a934186ea0197db5db6f80e40400829284a51b17cebb61273e961adb855c2d2ac470a06c8a9d1b5755fb6fbf996ffcbf6d4a769851e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b370adae0d7e0f59528a49e01f1692ac

SHA1
bc9b0c31e9ef28537437116205ee0b078869f861

SHA256
4edeab4cff572ef390409f8036157e37957faf880486b093ad372d27bcb59bc7

SHA512
287de02fc4e4d07ae90130dea3b9711f3b7ace086a8f80a79af2e9570393586abdaa8356228af2bd826bbe731f3b6d7969bdf3690f6bc704c8340f933b5ed232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3bb0a029bc565ef7cbcd457fce618ed9

SHA1
a52656112f7c98e37048e50aa9f7bbcca7ca26ce

SHA256
18481afe2109581631764eea66956e52a4b47d9cf3d79f99747bdc189662a7bd

SHA512
dc30cafc0c0d3077f85bded22f4550a4a4ac905dbe6b4cfa4e1f089f8374c20f56f0e654f3b634d87dc502a9ee97a9c4088eff121d68236fba9ccb87f7c05f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc43b0aaa1983c4fc337c29bb9bfcef7

SHA1
9fe679f1e354c31408b32c8785766a4b2757474c

SHA256
778b0751c1c14ca6228d05a7912fba9af3f0248c8c57cb4998f653d95b91f4db

SHA512
d46432d89ea7a5a4296f30bfecbab6088bf844b71035695cdb295bde3aed812d3f2db0c4a780880f628fb9c88e4ba83a14ce82167355c79717f9543be0e634db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
481161e8f05ff8f4695de04c10dad170

SHA1
0fd1405d1cf3101208480b536c5cfa6a5c9f79a5

SHA256
57dc9047c97ab908ffe790898dcd22c181a83e94970245a83ee0aa34442af7c9

SHA512
4b18c9188f30e6934075a3207d2b80ff70d320578b05762a37476bff71b105ec7ecc2c046e1d60d1faa08fa451b2c96ac1bd91922e13454fd10ec5f49c5ca184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13742199be5b790952b38e70ea3e0060

SHA1
24a9a3277313137ec4c0f93ea3f6a41ba1ac8cbb

SHA256
1da9cc228a6e5d079c15ee78ea59ec31386b0ade34fc246509992415235957d5

SHA512
6e22a645eeade8b8e94da45f34280d334a19cf3943dc15da393d195e0eb702a8d8f915f894ac0402a1519b0e971bcc20a00c9342847b19915dc5d6312905913e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cbb65f5ced970818c1e659a0e566e787

SHA1
f656fd5262ce812343410af8b96d9b3b0d1fb58d

SHA256
97b0af805c76f91733eada7276a1fc08ffae436426d3b0773ab138eedc89f370

SHA512
a3b2d376cc69c506b45ad4f5997a96494e2c22117d78f64213e4bd6b86aa387a4b939ceccb844f876b1a2b86562ea836cc9b88ac0d235dde3d0a80a5a3ebae98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7e8621287493cd2d13d6c743de85ffd5

SHA1
1f4043fb31ef3a979b5f8aa991ae4868b31dba67

SHA256
81b3eda8ef7206ac5132bce7f7c5f5e9bd9f6be8c4ea3f1ced733bf8ded28b8d

SHA512
ea60d2e0342f4ee03c1085750076e847de335c3c5e74fa34b16f6c0594d26d982f8c8b06613f7c565f3c19c8b298466398e5aa6b71715ac7d6aeb5bf82bdebee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6feac068d2435a7a24ddaa7d75ad4e4b

SHA1
fffd03aae1d45b8d51e619de7ed95652c2ff64aa

SHA256
42a43054ec8c02961fad1611fa4990d416fc4d1e5c2f2a9b9ab1901c1b582ebe

SHA512
4d016e2822b2d8251f730ffdab4c1f81dea1952e16f37dd249285603c1cdaee1b030752d8280e23677a1bf81cf6d24205767e4eda8ecdae1720c887a8dffe00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
123741aa068eeb547f44d9d5f3f3ba85

SHA1
faa8da2283d842b5375e4beb76afe8b35718bf52

SHA256
ecd6e59cc49ff3fe73a54ab0d32b33273a362ad2cc862f85ca804dd680a5364a

SHA512
3391a333c8c56551744ed04275dc49128b6bd7bf72030b362e34b06fa1d6b8b8934a77ad3a72fa7b381762e338b5a852e5a294a4d7e7355e4da73f4a34fe704c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a7e5345b660d275bd23255fb2881e90

SHA1
82aca367c7165782a13b2bf2b4da249d21d359f7

SHA256
81e49f43de5f89e71f686f52052b28d9127fc30e431ae9138a7a0818cc5cd374

SHA512
970c8558be4d07a3e5af0c04e87877e06c4ddd17b55fbd11f87e9575865109355daf0637fcbf35b5650c055bded69bfc71f98b15e4bee5e8f20757f941294dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a5a4f5fb1b8854700337858766054e9

SHA1
312d198dcee61c8c43bae146c1b89dc4c1061a3f

SHA256
27cbae98e1b2978880cd891467d0acbb06857b0afb63f7c1f0fda0b368eb3a4e

SHA512
b1597d09570c786b16c8d2327525693d0e9854181fe1d623738dba53d96812eac340db5d7bc846bdaffd704d554b99d4b51faf120f0414c24732cd190afa2f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ae033338d6496b527a19e68c7d150e6

SHA1
4dec208932d0bae19876e40921170959235286c2

SHA256
eb800bd9f10d256d1f2cde6c29ed6e7b40ba871ba31ef3e7166237350f2658c5

SHA512
07fc35c25aa8c8451b90ce44744176baf9acd443917f088f1ca96eed0b993df06b55362bd70b6658102cb93a1aaf636487ae629ba744cd560dac081485e2917a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
fad2a312943960ec314be92b4c51357f

SHA1
55ee0140eec36a857a654c686f09c67cc79d8160

SHA256
d29f403aac7f3c830883a8c3f98b33c61b7a1e27176f6dfd16b0613f4f197352

SHA512
1b66e846ff99df7a5d9592fac434a6896a51642aa7466af19c1733377506c47c1d97711827f7e161cdf15af1aecc7a5e4f4ec41baccccb191d7593484586136c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4267e5a955032a583b1c4dd8d63c224e

SHA1
ae1adf8a6319f336fe370a791d38fa895cba0d19

SHA256
ff3805029594ec9c8cb0bcaa28402d1a8bd660e1494927e75f2a78720f1733b3

SHA512
7081488a454ea8ffae3c5995d93b243ded61597c01a9bd35499af581a31f416f7ba6ea9d7269e9c8e04831d9b4faf77c3c19914e3a3a2a9c50d35acd0ecd6c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a61c8.TMP

Filesize
48B

MD5
64a28bfcc9e57398af030192482a0389

SHA1
f6075ca909a693ae0fa9ad3a9967653f5b6635c5

SHA256
1b6639adc1108ee0b270b0af6e49a574a05647f923be58e0462e38ee0b8106f0

SHA512
b35899599cf7c337eef5c12bd579b5a77ebab954013e6b7952c6a39bec1ca17a7b20d4b5277c214b021f984b50aa9e827740a37a3cbce4bb2b4d348a79733397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12978ce2d59460fa0858b9b372e0f040

SHA1
bafe03594fdd4435df8335c1a48cd5ff6dd0823f

SHA256
15f2c738aca381ba2965d80d3637c3438f70be4fb974dc6502e2da0de5fbf08a

SHA512
a22e4106889337cab0e69cb15c86d9b678bf2eda23ac5cddddec0fb9b3670e9343cef49c4086f8b6a41864c4e0cb520f5a4f7993194e85e12b880413beeb6150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
331cf7382dd6075de054f89ed0721cde

SHA1
7d7de5164b175eafbcb567a6db4e3178c5b7b642

SHA256
af2bee557c3d59a7bd90dc492f0d64ca3657ca92e9b905bea5b7b6d8ee53d0f9

SHA512
3af20b9e171af9cb21d41b5541331e8a138a0c5644270179f001233f5a9d834115cce1382159bddd7a613844a25e13528cb3c99def4ac928976ae7782eb4b3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06aa38b7dcb33521944cdd76f13c8e1f

SHA1
91d532a88c5b92181baf228bed3c5c0e35320f84

SHA256
b425c52cd9361687453df1c4069f57b41df1cca74318ec2880121c43559d5a8e

SHA512
90542c7016f5c34735fffde2e142ac8d674f28a268559707e09511d12e206fd457f3bed07763d47beebac082297e945da48dbe4e199e0555f0e593a1f3a6e008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84f488ff7ea94f05fca858f15d1444bf

SHA1
008dad4cd8e3f37ee3d7f2b4c66158cf668d8215

SHA256
5fed6f6e4acce760082f7fb6f70310559c04001702d5b637653763aba054e92b

SHA512
d8e6c2cb0dc38b20aab833d6d6af38f2a8b9fd16c59942b4a57ab2bc178808b6e92e870bedf39f842a99e1153bc118cb691c7cbe81bbb1c37a331cf0d2c07f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2630725f39664acb04a83c7159c7fa37

SHA1
f984a5e2d48a757bae17aa205713fd903296013d

SHA256
8edfc66eb68c6776c8c5663aab564ae20eb599c9e6060a21c96a26b97246976c

SHA512
b818d17f8c99ce6e9fc1c47b9ee88db558351e15e60fd37b1f9180f573c70f725e96340cc0a2343e2c7f07588146a6643f8fd3ee05f3dd1e00501e959c89b81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a5172dd75787943f76ed24dbd5dd68d

SHA1
fd9957128c6e8d2e70faced653401e972cc42543

SHA256
33809e38192fd29fa2aab9bdbcac8a02150cff619115ff5acaa2baf7f689f716

SHA512
dcebd1e44c5cd54133d6f9ecb312e2588aec30621fe288186ba9138ebb109017e8216ee115fa0a718526bddb83dac76d180648d7327d4fd03105f6ddbb53214a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
967f6a8e4439ecd251e1771d2c8ede88

SHA1
47a181a65903eb3722052ffd07b52f9fb3757bf7

SHA256
575d334e03bfe28b96f233bfed7daec215a811a7e8c1129c36edaf7979780c39

SHA512
930be4efb31bba44a4967dc716b2af79d36355633d1a5e0f3bbb2bc21b28f5b21f5911f1d787b119cd22a0cca1fee05545f7e0e985ec8047d64f40c3eb53927d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b40d3baca9c95724fd06d3f5a0c6b89

SHA1
e2c7eefd6d920a864c069debb5a15d3a572a733b

SHA256
8005919da4a5e0b60873011eb1076f0f41f4fca770225eda73892da09562f38c

SHA512
20b41478b4c8c8a3eabd12b87c01e8fc0ee35264bd02bafc370b2ed014db6d4394b0a3325688911542ed235dbcd07e615a570a7ad66438b87468c20ed9fae118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592820.TMP

Filesize
1KB

MD5
a98aad93bc89eb6cd342ff1e0cc66106

SHA1
b70d83a0c23ccf5fd2b4fca5562ccad5fe7f9ad0

SHA256
a6776c64f37f71862ca75ca21dd2a4272d856596ecf5ec86930062d1318a15f3

SHA512
160c1817d35390040cafb45fe4eefb51e531d94d1378b84b6f4db753df911ef410cc26fbc176aea3ee012c680f28bdfc27b19d9fce96cb7d8e5fdd7154b352ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d889f79c-ea5d-4c27-9c26-ec5af11fc44e.tmp

Filesize
1KB

MD5
cc0b3c6ab82b0a99fc47a516e8d1ad40

SHA1
d4ecb22a8dd489805a94a27e443de9d4d54f7d26

SHA256
d99d69251c251f58f83b238f19d62570955ae0fff7bc74f50d4f1e0b845354e4

SHA512
5f6baa4926a81c110fddcfc4bfc4927da8a5ec5ba8ce208806dad07976b9dd0e0be1c9c175218124c9c292ecfeefb7bab548417c4bb207ccc669ffccc339de9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b906cbe352fba9a40a4389a38e8a03a

SHA1
a0fe512d526b63a063828c915cc96267305d9b13

SHA256
36fe2d5a23db4c23230e366b82283f8ba55dfe59282b3a22786c8f9354ec8fdf

SHA512
7a6d276c19e473ecb38eb43533d0f9aad0c68a89c88cd50a09ece29815b81140008f228974013ae744953408535da8b4ed75efd264cc8cf9aa3b25811cff4d94

Download Submit