hxxps://discord[.]com/

Analysis

max time kernel
1680s
max time network
1778s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
26	discord.com
91	discord.com
1	discord.com
6	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{9DAFDC1D-3956-4819-A4CF-C14379168D1F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
4524	msedge.exe
4524	msedge.exe
4736	msedge.exe
4736	msedge.exe
964	msedge.exe
964	msedge.exe
1856	identity_helper.exe
1856	identity_helper.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	3900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3900	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3728	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 252	4524	msedge.exe	78
PID 4524 wrote to memory of 252	4524	msedge.exe	78
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 4084	4524	msedge.exe	79
PID 4524 wrote to memory of 3324	4524	msedge.exe	80
PID 4524 wrote to memory of 3324	4524	msedge.exe	80
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81
PID 4524 wrote to memory of 3704	4524	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b9b23cb8,0x7ff8b9b23cc8,0x7ff8b9b23cd8
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16784010931252678221,4591247302931433495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3900

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cf5f6eb51fb0e01f231f65685112c40b

SHA1
c0f7e3d02210386a24cc5fddc21a656ece9d555d

SHA256
59c1f4d071d58c24d98d2a08a9b9b624c1e43547a1340296ec5c28fc39f61ebd

SHA512
a5114f34caf0d0ffc98caa9eadbad4b81c0ef7eef418ede08f71c65c78cbd6259596b8b03c29aa372b36f2dbaca35a0572af71f3772e540e6d6814ce6a223805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3dfc8a4e4d90f0c37a9cf47dfe34307c

SHA1
d498a76ecd998030087d9eb05c55b29c337c6e6b

SHA256
29aecf21040f8e914ef04557403ade33acd739951aa6eb275456d84dd2c713a9

SHA512
93f6e3b2857655cf6280b54f65f2d72aa252f688f6c4daa13db235fa3150b1dd298ce0e24f46423c66eea9a30ebe0a9cba6fa387bea6b3b70be6d1af978a41e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0aea4b21cf192a36778925ea952134bc

SHA1
65fd51e3f84eebed5092906f14ad16e8ca3d50ce

SHA256
4175625c25720e40f0854591c01d46300bf2d55a886f95e4b56cbef93925ee7e

SHA512
bc8f000aa75d5dcc5d54ec75aa86767e0235f5acdafd01763ae93826b6fb55db9a351dacc2f7c432fbf2a5e8b3456ccb6ec2736fcb897ba2989039daa10343d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b966c0842c4ca5c1887b22489db4a6a3

SHA1
3d1b477264603e94a5d8e04916330512dd8a8384

SHA256
0430c046dd1ecb52affd3d905b5a6532f979e0a3e0a46ba255ed4d92ead2f0e1

SHA512
3febf97ca37f7a9382a1a9eb4b9126f9cbc693762cd579752e4f005679a6615f68b7b02839529dc8b141d29310e27570ddceba6c61a9b3d53a7bc17c88b90f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
40f083fb6838475acfcac3cf8a162cf7

SHA1
41fc924ad693d7e2c99c6a148fed2d93adb783d5

SHA256
52f894c86989c30a5c15bfd9cafd9166760bb28101f171f2e53f46bf51ac0726

SHA512
6b87e19c1d56e6c98478413b81a426953202f6343d9aae8646b65443fdd3f02c45996b79b2bd1bb0fc4bb62814012e07002e97d3c2b8f35f4eef1599beac6074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7f974a49baffe6f204b11fd0de338da9

SHA1
8c1c1ab2ef31df24090a869c0d8204b871be6fcd

SHA256
cc9158cf0a6857bdfd044ff7f82a2fc751fc658fc0f7cd63b53fa36d44d6a856

SHA512
56d6347fe6ea9484f9b0b0fc8731de75e74cc4bd7205151b56ea40d91f334d58998ca2e00b92e29ebc35788ae5c9d9aa964fd12451044d89ef35560d49f1a161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9b41dcf0a0d80788fca7cbaa862cd0d9

SHA1
1439a62e923b93652e3ff372ef5fb9c3342d5e63

SHA256
0e51b07766cfafa32c43faf2d3aa228042efcd5e11970cf70b0f5a8a82e6e804

SHA512
f3394052e552b685f32b78c933e80ddb88c162f55575363be9758766c0c301dc610e23e8fd4c8dc24eab354b89d503bf721497b4406dc6d95b16c4af7087c781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9cdfdbce941c92e005520de9e227d5eb

SHA1
3c69911fcadddecb1b920ffe2f57a310ae12b034

SHA256
de5ce527d83f92db1a0779ac605f31341771edb737ed7548aa3e8df6ec6764d3

SHA512
aca612fb782680abb04c97f08b265b68c522b4798c69cd69d7acdf21ae4e952d2c567f2c697587fb17d0c45ed77874785cb0fef51e9064ee30521b2b2a5ce692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8f3a19f37cf51b1bd9b5002544beee75

SHA1
240434e04cdd030b6c79fae4e68150e689f22066

SHA256
5c746b86e23a048073f6619d20031bd582ed0d57a6a32047889df3eef274248c

SHA512
8b0af78a783edb2b864290d8b033653ba5de837c511e5687ba7c068302fa9283349f4323d77b6538aeb98ba4f25cd5802a1363e857af3ee715054cf46ba5b30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6fe0a6a49246241704e838a7896e16b7

SHA1
3318b6d13249281337c0d6ea5767eba1d79b0797

SHA256
f2b8756b8a447e8617778f8ecc8ab2acc2af1d325fd5c1473c829a6c962f5216

SHA512
a2acd7be62efd854b17779b6db2f6fd9213f82317241e48dfafe0e5b54916dd206caeafd16ba877f2fd22589d779aa0714bad3e58f4567e842db9f680691b063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74debdeeb16a44ec23aea2c0289ee6b3

SHA1
ec7ac7a695a0b4111848d3424c057650df5b507b

SHA256
ec1997d2e3212afb51fab1e05c984fffb3a49ef03397d320c2625933bb63ea64

SHA512
b90e1322b955485723d6428ae857b5a548c1f26f471979dcf3e15d8d8c3007390af8aff9bc455dfb5e6d151778252f55e1068d6208228302f4385dc2cf924600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4598ffe59dd75ef823a09a2538662a0

SHA1
5ce2cc30261459714fee123fbd4f47ca640788c4

SHA256
73d4f79777a00ee132453c587d7f14901f4589f40c349614aa97642e2ad1c4fe

SHA512
f7ab1bd44f307cfd6a211e6e3c2c3ccdfc3f2eb46c2a229604523acbc87ee825e2395f007b5611e0d8057058f8a9267761e43329fc98743da33bc380a0ed2e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4db141e9c5bf971eba253c846a206962

SHA1
5fb01e718b8b09ccaba4ff5b9400065da597a081

SHA256
675bab0126ec77fb6f6eadaf605c4eb038aca494e513cdc161c8d42701b6e98d

SHA512
e37e665ae6a782db9dd87be54cea34f7e5b847d73877b5a65d13b97be20326e96e4fb7adc2cb9779d8b3b3a0896e977ef91d32fc81c9193b95405c3c5ee5b477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47c41ad6abbbf33c534d97ec08536eb6

SHA1
026384bce936143e2a3773eeef02bdc16aa44696

SHA256
bcd98b8a9ce520260e2a310577034bb1e8e49051beefa9652f48daa0b46ec479

SHA512
c5ae16c48fcf5597cca9733e8cacc1cbabc7401ecf737c31f0975b3132a6b4eb0b43aefba6d59aa1a53ccaf8703fbae74a9d766790bba002ea9f0c9925e3f619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8da727e076563db738b8ec6623f041e9

SHA1
a1e984f17bc1bdc302a0b76545f7a73cc244368e

SHA256
1383aec8c8f54f37d84b0f6391f30b241d45f26cec74bc3485dadd48cb13cf13

SHA512
d606f4f9ff8583c4c3c7a1ec710a6cee710767629eb33b4c39d0e187bf05666091d68cf0f0e838eecfe7152bac4e9aacabd05727f9bb546904e2c8ff0d4bf40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b0c03ef73acea0e8ad52254d8961f3d

SHA1
88e3f96cc7be166169a407defa28bf0cca046a6d

SHA256
14d5167314f0af3365393053e703c3a3b19a0919dc610f2432792e5d96266e4e

SHA512
c2d640afdae9cf1bb0205bb823ebff212be20587d22e58b25a88babdcba1932c4c541e47b3bc5d51ff4c45aa5d0a86f9ba19ebb9eb1b53f9582e2a93b90cd08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0db5afac2bbd7fac5084d1cc0b9538c5

SHA1
059ac09fb625a64636ac50db16c16ef3f90339c9

SHA256
a91ce1b8cc5a7fab653c57129e3c604e6ed7bfb2ea35381174cc5eb85c494daa

SHA512
54197b375022ed509400941d6c8687d83b5d436167cd7e46338ba1896bd4e6fb8804e64250143a6f9960a79530baa4ecf0364485b870ce72418d1725b45f59e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
320dd32cc765b8f008bb2c0911aaff54

SHA1
1b191ae95cdb7737dad1d5967275d3f2f20a86b8

SHA256
ff2c4a24e89e403be8a751d4473996f128eb8cc321836f911962036108b23c5a

SHA512
0dda7306c7cb6027af50a2df0b5298a73e4ec84dd3716c6a53416c6f718321a76e3684522b1b2abb435c3fb3344df727a81b0d3d34cc3718a030707c1d0730b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf86c7afb7f579a9b8f2f2f6234cee9b

SHA1
d62d3d0cbe0c3dbfa4b1aca0d63d704f7033aea1

SHA256
18a4a773be4acaae8e564f36cd327c1168b0c164b598780654f3cd2fbe9ae7d2

SHA512
e0fe028a4b9a7ea51d8bfc188765a3a4f6ca903ef99eed6eb9543a5c960a7acd4d4bf45497918a2915a16b153926ee8b353f35cfba0727b28e23a2889211af81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f47323a22c891af5096002b096f62ed8

SHA1
24f4a176b0416198a6f94f1198d88a9e2a7b96a8

SHA256
5034b4c1e8d2cfd18f6501cea0a3003fd57a2e5800702eae37157a9bf6957f2b

SHA512
2006c391fd09d171b6cbe0d4fa6407b871a47fcf2e7fbcad25b8371eeb87ffa29a812e72e57ca6c73ade4a471cd2bfd5b7559ea2101ac641d03ae7496c48da4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6541a98a63da666902c89e808e97c14

SHA1
11592a99aafa20d6025bfa08a9f843a165b4d574

SHA256
7c0ab24b7ea5c0c7f7f9e3d2d8d72afb143072a67bacaacf58cbe041a6d55a07

SHA512
8546ab62340a3898d414952464ecd51079dd47e35d2e2595aade04b92145b65345eac98541ef5c28add13f075c84e395af6d3243bac3639f8556db6193737fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0ecbfd7c97c7e968a146e2bd8217c8d

SHA1
36309e1ee90c8ccdcaecdfab4372e003b6816f51

SHA256
83b797528b4eba0c09bfecdf75b8e03203095a6e57b414abccd33cecaf4cc33e

SHA512
0f2e381baa4fba3fe885954a2a3bb89ec340e7fd602ac9823aebd2c91f54272985bedb1b6f10e2ea74c3a9d5ad363bef6f3340871a42cf1ee2e9e0fddc42fa71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db9bee22008ea2d5ff5b735ad1fe0b0a

SHA1
32bb6b5a157db17f82361632b5cf6afec802bf83

SHA256
da473138e556f636c52cadda352add41ace16933f94294ef26c092e386a79827

SHA512
bdee3311cddea7a5a12722f4148c8f697cc7c7361b6b11a39f2afce0283c2075b93c575da8d66250c9987deb45db48f80123f817913de204ea7682f65baa39ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a1d714d3a81368094f99bd6ac239d7a

SHA1
b067053234fd4b919cddee03365c161a72eb79ca

SHA256
8d340d917117202c6de2a62eaaed94b3734d54322dde07bb341a9a749c61a7f6

SHA512
10c90d2c0d2058967b30b5d432c45f5673c9db8d65e1aeef7b2f405494851162a4f9ba1074e69290e39d4ac8cb010384a18dab12d8ced5fd0b30e99194dc0a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
677b43ea1767222627c652a03485db64

SHA1
8422d57a4c5f3d99a4d968e0dd19fe550dd00e0f

SHA256
3aa7e298842025313775cc343d616ee1aeca8fb5399d339baea3472b1992827a

SHA512
b0791db360731f35284dd0113c4b5fa5cc4a0ca02e44e19d6391a2a3ca199b09113df73c6e9e28b178fca5c2be44ca7fa3c4452a8799c0666316b47574c3a8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9d46c3eb00e7e4edd2b1a7c184b3eec

SHA1
8f5022c0d35d2038f7c214746b9e3de8fba04c8e

SHA256
08f30032103fe8e8f7b5a9b230d4e49ce46cb896e339a56c00f4d707b0a84be7

SHA512
091418b43b87bc27ea2420ea5226a7b3376738d7f2971770301c2b630b61d3c77ac444ecfa95f762f5aa7ffa79566b988f987c4a897b267baf40e343f67e4494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27af6ab20469423b693ce83c8393432e

SHA1
51dcee287879c2a1b4c31c1d483a1d9c4d2a53e3

SHA256
59cc759973158152c5007928b43704471b1650016b9db59978d54499acd32f26

SHA512
7eb2b4e0c88333cd69f61a7557601c70b28436ca461456e13a6cfd77e6261029f088a84a53391e93444f7a373542053a140c1448c5609dde055da38598ab52a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f52d796adffc79add609234071c92242

SHA1
8e2ba88ad6895b84c70430c530fc5e5018ffbb4f

SHA256
03bc87240231dcab49dcfe5fcf07b0dfd60785651209e71e57046f4d4a96b105

SHA512
f5412c788d2b8e2fd624ca762de606bdba73fa3daf187759e9db9850de20f34862d9a27380e2db692960b44eb4ec33b53d3513926b3929a24c91c6b90da867d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfa55c55e5f5bca1267218f39d678c25

SHA1
ff751c4088633efc12f728bf4b7d37280ba1084c

SHA256
11fb9312abb82f7e64f2d661427ce06adcc990705df602eaf6fe4f68cd61eb0f

SHA512
f0fe762b55f766625f834b12448c6f2d31f9fcf519753ace8fcbdcb7d6ea466c17379735adc35744988000c8d50b05a332c02e3aa868522fe24edc8874e2ba31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9046a7c6389c864c1214c8f40b29686

SHA1
906a9c7f044b0b2c72ca06ed1793e847affbc669

SHA256
ad237a124a3d40d43bb2b5c40b47e6b8cc9e6fc5c0390ed30d2cf6fb946e8699

SHA512
5a68acce1a439fbdd1d43e62b816cfb7d64e563c696231538db291e6f348547f56b957f0b63c622b3c23230ef1c4800502072a8d45927040626096a24ab38bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1585768841ccfb086d00e594e487dd4a

SHA1
879f8e90814cac5e1bde0a7ee047f8ba0991f3e7

SHA256
fdd95a62a15eb861c1492d125e92cee658e3096655a6f4e1b77acd769fe76f73

SHA512
153a3b9b356933ccc3f7aecd142aaa69bd2ce479221d811ba6e9353a9ea6e50d5022f45fbbc39b45d4de70eef9e95bfe8ce14c27bafbbe2929d628c060ed1d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1f7f0181580d9f957b3c688e9d69080

SHA1
74bb1683fd6bbd93f791a8d3830d32ce7fe26d00

SHA256
d0c08d14af071050ea926ea991d38b83206fbce057af9fa28c9e1c77797a453c

SHA512
53ffcf900d522b637c1aea5c90ef211a49c5761dbcce80beaee7e5d202c8bb0e5c5e173db55f1e6d58b7429cd0f1931c2b6531b5996e521578a8c32e429e9c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9978ff502db2e8261c6310ad90f20ded

SHA1
d5e3d87c53cadae7bb304bb768503bbb561ba5d6

SHA256
54f90935e3b61ca373380cbdc4ea382d0f51777efae320e3eda8ef1f82a766b2

SHA512
46d5dccb231899b2dd49198a4146cf45e444dd5e881b52c05beee81f210609dae40db77e78e1f460a71f40f0f794bd9880d7d2cb43e3debc4843b1a2f6677fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc865b274bfe8dd38d4ad89b164216a3

SHA1
61bfedd97d1d3cd40b4d3d5dc470e55c2fb1f6c7

SHA256
a9203b85db01de3b3e17c0b4da44ef6847e265a5ffc88e1f114b0b7a411e969b

SHA512
45665ea3517430903d189bd0a82c5cbf64948bc7cb122de867cac76eb000ecc633ed062f7ddbb4befc743f674c838fe1e325b5b12c207e3fb9191092033c214f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1ae821d6111a42c456af9a5cf7e27df

SHA1
c60711d43aed89ae810257986e5be0ae5aa850b2

SHA256
a4281c8a3d6976270d4bd5fd13abc157adcc1e2da362572294572e338020083f

SHA512
1639657d24bf9df476218a73149f70f53b822a31792bee6f6104d2403fd004903a7dcd80b04caf4904c252f0246461501b01a5d96effb004208143bb9e70926a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee2d5ee7be86e8d52d89c089b830c8e7

SHA1
2f6d1300702d58e0bcf121403a62385704e087d3

SHA256
909062b8f6f3e065a9e578f10d47ba9b18dbcc3ed82c9aec0990fded4af3da96

SHA512
efcf16ec9f1573669132f0ad5a94a931b5d9f51e7fb39ac78edcb8d93b566b4a77b904d48bc99c05a5c992cbe35908576dac7a878d9103637f949b7938ee8f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd33.TMP

Filesize
1KB

MD5
e3dc15c0499cc2d1b9d9283320d50c7f

SHA1
084c39d6604e2ea15c6f08d2bb6915fbaae0c7c2

SHA256
23bc9ee0ba4e896ebcce0a77f3d0cd54a8a980823cbf185ee88bee38e8ca40ed

SHA512
85104c515f274ba9b48641ed5228a5fe2d3f4fb2cd78c4f0e6d882ae05998974d6f9b382bd52b6a66fe64993662c932ed743d16ad6a1e134b9f53019f825bfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87727487327c748766732dc41faa16df

SHA1
90056cd7e2e96cf3ea8f49c13dd5d74bc0716dd1

SHA256
675bff7ebc788deff67998c2587d79031c27001c8a760407a74e93b16f3d8aec

SHA512
a693d0557a6ec0bcd13aff7482ea03d5ff58a02d2c536308307118fac8c0025d7f056ee2501dfb9e06f71f05b203091c5ee6307e0be6fa783309a433b88c4bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dbaa4d53-c980-4ad2-af8f-33673aac8626.tmp

Filesize
11KB

MD5
8d054292e277d8eb6202c5022ef5ee63

SHA1
7f0df4c6957ecbb929498bc5d87b7419e746a127

SHA256
2077dacdcfb6dda25c2d3fb5ed7f05b3c92fb73857eabe3f64c79ba3ee4e23ae

SHA512
d34dcf4df88ad2f91febb6a3b41cc5be4251bd3172ef19fb6fc2e0731c61382a64c206f477862cec7c351d80863221fab752fbc56b3e7c3efda81edbc498f8b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
c3e08121cabb9380e3d50cadde97d53a

SHA1
0e666954e83e97e3883e52092fe2be88a520e8f8

SHA256
76e1d3ab7320c4b863adb091b5b77205d81e13eafb539a18ebe3d8ea46b29433

SHA512
9a6ef7710781d2f3a1f873129b21990548c1b275720080d87fe4051b464b0aef4ad8625656c388a65163563c6fb2086c29c01ba5f518c5b9679e7227fcc7941f

Download Submit