hxxps://faintmc[.]com[.]braqc/

Resubmissions

05-09-2024 15:36

240905-s2adgavara 5

05-09-2024 15:33

240905-szpqdavang 3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://faintmc.com.braqc/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2156	msedge.exe
2156	msedge.exe
2028	msedge.exe
2028	msedge.exe
4492	identity_helper.exe
4492	identity_helper.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1920	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1920	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1048	2028	msedge.exe	83
PID 2028 wrote to memory of 1048	2028	msedge.exe	83
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2760	2028	msedge.exe	84
PID 2028 wrote to memory of 2156	2028	msedge.exe	85
PID 2028 wrote to memory of 2156	2028	msedge.exe	85
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86
PID 2028 wrote to memory of 2904	2028	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://faintmc.com.braqc/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b2b846f8,0x7ff9b2b84708,0x7ff9b2b84718
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9492231208517307185,4868929426599601287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
6da5998f8e90d28378c84a2f8b1acf9c

SHA1
1eb55404a9d4089239d61f07b64d83d16d578bca

SHA256
10714240fab1bf95a09c0a6461bd3621783b763b6847bfa8255622d7d13a4fd8

SHA512
8a96b06b85ef59794870598ce40cd67fd1d608ddb08ea71fbe47e499dc449461ba0a0125188f16efe33a4e22cb8fac403685ab18748a119379aaaf2327976310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
0ab2177608491a219ca4e4b04a7feef8

SHA1
5ea7923ca73be09729fe4c863bbc01354a183672

SHA256
729db37b0f795f1dcab1ee93c5b61dc0996020261599707e123e2d84ef7f7dc8

SHA512
0658725af0fad36becd9de3ec82eb8c572d69532256d739cc5c0ec3cd4e2acd8928ba242d60414dd3c70b2ce619e2817e6e977769a1dcf0cc44c645a93f1687b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
82KB

MD5
1161ff56efaaefc93f2a9229db8a4b6b

SHA1
bca207c1cfc2d7e26dc31561770755b8e016558b

SHA256
f23deb10dd97e10dd87c713894d472afcc61438031652f8abcb2a80317bbea84

SHA512
b85c099ca79d763ca732fe430c10ff1dc60fcdc9c751821715c7b755b39af7d8d657e0c162142ae7cb4302f9016f40cb320fb17acaa8dce333b534732bb9d358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
843079f5aa4fe867017d5051d50b094e

SHA1
4688bc652c62c7f66f6a6eded5004fd259f80b5d

SHA256
25ef54a79ac83514fcb899bef37f827f14c33c79a99322a32e51c1956b2e780e

SHA512
479cd679fb9d34cad3b490555fded0fa1f0b94b0939edf5419fc58dadfe09086fede4164fa59f460a942190cd5db8a1b553d01e341ed99ebc44781855b5ba377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
16KB

MD5
03174103e265abe098fde1973046f395

SHA1
7de27c2372211b963606701d5b1c2dcc7d7e19ea

SHA256
6018b924db6bae90e6a0408cd96b5d83ae6576867e40c3374ee5abc5a2898afc

SHA512
0cd7b0cf010d5b16f12e792366b0bf3d73953901ddaa56f564958c034e577ec322b1d0aa04b9f46e79b17443d3fa60d33bc4d82c3af1ad4a00b8755b984824db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
31KB

MD5
934fd483755b33b04bc1f7904a90259b

SHA1
e8e68f41afbfda9a636349c79da8f84035acd34d

SHA256
5e1e911a05a3a2b60d9f85163364869313a4a9979567c5f6b9fb173ec4107682

SHA512
bb29db44ac1b155b6b56f980492c59860dea90379750a8e2bc1b7429bf2a84d72ab163b7e0838c7844bcb8e5adff6fc355961813b58053de563777a590d45dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
100KB

MD5
62b3e051c76d28b23e7b7cb9f98e52f9

SHA1
34e0b0d8b266de611ffa93d1a2175f56e2b78f10

SHA256
5e22456ac6d885aa3384b79f20081885e70d3e7db9df98f65180b992114fa906

SHA512
7f3bc250cbbf1fc679c4b693d3168206edbd6547690d7637dfb4940e6ecff7b3843c21e3fff8ae467873ea6bacb0e6300eb0dbef17313c339df6397efe2d152c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
be20cc7796554d7447bafd38df7110e2

SHA1
33ce7736388a1116e188f33bbc643f6a1f52a092

SHA256
5e6019d76d6a5930dacf36cc2925e5d91e536c275bfe068ee49b2def259f552c

SHA512
78569155a0c5b392decfdc9d573b79c032a9ee2bcd5a1469ba5b8fe55f15ae5f6289533c5d9404b0d8ba1dceb4a4bb99fd0cc1a18c4a8f49e859484e17cce312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
29KB

MD5
f09721a2b8b3e47f906a4c91efd81d58

SHA1
23d095d99d83ec38af52862070e0fb38b0195e97

SHA256
c26c6ece208c7920353ad0faa8e1d48cec2d2142ff8d6105d66f3b9e7fe40790

SHA512
ae8686f28cf21d4fea6827608a4880dbd7cd59880f98c2a172dd7f99461615be4feb3e3f05a340d862a2cacb7746c5cb68d3402d510da2d5ecfc0e0c1ed84516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
27KB

MD5
1851b9f1a18939545d8aa54fe01eae78

SHA1
73e256d2a7c1a466f22db34f5730d8a27fd190d5

SHA256
42a883e2de6b88491a738f7922995d3685a0b2bb57caaf01b5e57c90e6270263

SHA512
0b734fee647dffa7844920e90fe9c482524daf0cbdbdbed979a4fc1ae7e2545c9dee1c0731d20e0f46bb500566c873929965d860a1170dccc4b39e35574cf85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ba7b431ceaa53e30d4945067d02e472f

SHA1
0b6b3603e41f76a43bce29825b3dd5eaf9ef8722

SHA256
27625c33178a14a270a0e74b8481c7bff28f5b644bd017f109c0dc955b50b660

SHA512
f55e3fc91647633c887244598bcfad291aef6aa62c4e7dfb93f474a4c6b47598aa2296e19bbd244484da32a8d409edf7475bf4c5e2801e3be8fcb44dd60cb094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9005b3c621898740f56d1c66aca3700f

SHA1
43451d03b37542205480f165c180754b678caa90

SHA256
357212eeecb0309468d44d231ef8869da62f2ebc7dc2890a603b474e4a464bee

SHA512
a755cae640ade597047e1e1a140f3fb5a3c9d7cd0f8f5754ef1c6bc1f6dd89221bda70f067be5ccdbe371341c147ae538bc120a7b739c5843964436f8e82fb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7bdf2ef36a6abb48caec5b6b5fcfed81

SHA1
db935294728a708001c748f617494f464ab133e3

SHA256
a9beeff37d317d3d67ecdb10819f4ac7c11cf301cf8c73fda287d3abaedb0cec

SHA512
19e7215ff84cf019098f4d33133e2f27e0bbcfa2ea927d7670cee462e1046c53ac03ec4bcaba459a183c0dd321f98c29d699f325f687284b7680585115795435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5eda3853fee7e0c0365b2fa262d1c29f

SHA1
c0054bba5cda2610ad3d973bc33faa4d0fe875c2

SHA256
eba9614de402b9d3068b05baa81358b527039ba3b3c6d3b292c759b0f09a4f8d

SHA512
288ebb98184ada0195a6ef65739c98a765939ed92b5f7e13a3951343970f93e15a0d696688b62145ec261559d5c6ae455742d23fbf8bc54f4e8024f7f852f2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9ac769b784db02e933dc81dc4f38b65

SHA1
9f854e8faf6807606b04951780e451da1719c665

SHA256
b2dbbea47262331ad78bfe195f6eb23c988b48072ce0296b6869cf5fb4b9d251

SHA512
6b01ab54a6bd412e0dec2f3fae4665c8cb9d821a385db96673164c7ae88ad5ddfb80d72a0629ca8a30913d7b77c871b2ec09122ca49a73220946b2cac1788bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
155fde4c623ced3a7ca804fcd22b0bb0

SHA1
f66a9818ce3844129afe2a530428531566d9f27b

SHA256
2e36ea2a24fe6d9035a65453cb6c36caa6fa143d4ff635ee02ec17acc162075b

SHA512
a2b07cf8919c1206db6200370ff11bf9b8060d01259f44867112ad126ea94ab3f4fd424415c76d5a4baf90c1444f4ffb229b5c55f4f4b6890af917170fb34341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b835ba31b45d892db10593b45d821b90

SHA1
9396a7d68c3221f571f924ee32cf865bf438bceb

SHA256
f1b889728bedc3500eb0a9477960fe68d95475dbbf0b08c09bf4cdd2a33a0932

SHA512
e57b005db57700e623e700bdb225c1721a50bdc93057fa4addef5eb6282bed5111becfccd8623cb9454ec6e7bef99e5f6d4cba071e0cbc4263b3979449c9465b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c67b62c03648d100ef0676c3f63fc79d

SHA1
537d5184a0fb754a2915bff3ebe9b8b35bd2e623

SHA256
a693a41bfb97394d8dda05dd637c2d9c81f24455f70f100dd4465d643d8ae628

SHA512
dc081c5bce0c0b9f1b0424f104afb50f47fd4fd8cff2f5e805173e777e909249609060aa9205e190d2b0fb3d03eaa358b1ca45bb95f9feb2541022b2f6166ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bfdcce3a7f023209e2c81a3658989dd4

SHA1
64aaaf84d17e65bead4e820034cb14a4e9d15908

SHA256
7a1e4cbbb47799ee7c23b443d229da19b5a2714effd81f9b587140be123cf9a4

SHA512
759125544564cd09e5b751d3957cb6371a3a04b3049efaa720181615a9f12e9f843922bd8d40337aca1d7c34bfcfbb1abfc0481aee8f607a1af24a45ad41ad42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
9ba663b24c745f4a61576111bddb459c

SHA1
dd68b767278b5efb23d343134f5d2858796902fe

SHA256
5ed8011eff8732c5e0781a7c726ce26ee8e4ba8771fb5cd323a7f96013a77b58

SHA512
7d02d34bc11adb0226fc5ac28c59d9505e42f595cada704732e88b492a26a85047dc107c38d038448839926b375883eb907fccb2d793be0b40cad5060f4a9aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
d12e22a49216f884687a861f299cd9c4

SHA1
aa09adc0e79a8ab9e3b4431f07d92d4a0d9bf986

SHA256
433c73ec8a05d6bb74b3f9e8a1d5e5b252721a321617852ecc09383e4936e4b2

SHA512
dc319f9b6877b79c584637d3dc557167f5d3d3851dbc68b2eafa91b4d50c783f9836d9940387043de7d30fa7f746dfff19d5fb988ae31f2b5057cdd79fcc8cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
da57007e7e2ae72c033e53864f3e13ec

SHA1
d9baa3ce3f0eef88952be073e84f0670f43efe7d

SHA256
bffc0db8e18c5821fafb822f41410fc576661c7e2b2004e82ab185a883b69703

SHA512
6fd9357bddba7e6ac03f566744d737b7ab27d1b18c7a9fef461ca1734e7dcec8afc1813837565af25e376be5589709502d27c174c12cc862f4b9f0274d6483a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6c6c005bac5a9618dbeca1e460588e9d

SHA1
14f589759095152d48db5b80f1a387143f87e4b8

SHA256
3421c989d31081225eaa4fcfdb35d5a900ea546cee270a57efef0567a2d30952

SHA512
43d673f108284543ed711ae888a49f3f786a3988815a13ef1c5934fa9785f7d38033769b83f37ea6c246503570b096a53062aee4491e8a2aecdcbc02eae04c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
b3863a039122715c1821d5eb8bea3248

SHA1
ebddb1398b1bafba8e92d70c10f4679f35a8a263

SHA256
d1bbffd5c12ded595bec7fe2bd177ad5e40eafe67539be2da1dc9d063a8a3764

SHA512
7ce0e4c04429465ed1287329f150e0a032267e5cba9967337d7612ef4dfe9d790a612177d60cecf2edc64475dffbae86ccfdf4b375f255db0c74cd95220254df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5845be.TMP

Filesize
48B

MD5
1010a2a8d7f1943a9229ad922fc4434b

SHA1
dfbca0bcd3a4ac80c884e20c45aacbceeae435f5

SHA256
ae9dc22371b269ec142cd247a10143ba7f46d75c29b81c4a1b2728c4b90b5430

SHA512
24adbe2239e8a53e173e63c0b12157e1230dca2b67a1940d4eb03d508ee6fe23baedccfa2fd791dfcbbf4e11c42ef77687337ac71bb9ec2aeac20b8cf48cefc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
894613c381241f8c2069848f827f8bee

SHA1
27cf4879c2d1c7d06c67707ca0e87ee3c4f9c721

SHA256
99e3a3d1da0b5e49d4467343a3db216d554f4863e7de6d4cb59ac215ebce6e26

SHA512
0d2e2cfa005663f236bc7a10d5d92b0b821077b9277f8da30ed888670de0894f9b9a38df3df8c27de79a3241ea62640fcd54e94896063db748b2c76a55d3d990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eab37cb19ee64f76ffa255415f1f9c81

SHA1
98232a23a408faa346c91f93136336dee693038d

SHA256
8b805ede03c24c4c89592fa13cac769203e51e53d0a23b9cf96005268916ddc3

SHA512
2c4f4397f8af1d9f5e184a83e596f04777c265b85d339906bcfb0044d7a119bcee8a2a575f578d75fdebffdf36bbcb56b8e0aada33978f8e9b19478475d892e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26946e77bcc8d828de61521f9a11894d

SHA1
ab730393de3b4e745f9a96bffa676d952da330f0

SHA256
8f8196364643fde4d3119e55a10fd312e197525e950d5f265dcefe82e808df72

SHA512
0fb132a050a40f74046f83671f48d8aed699f2c15b049c7c40736120b50d2b3f40d28980a5a3132605b53180dac16177b783aae738219be99a2c4ee9424674b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71c942b1cb7f5e5a3bec20553218f058

SHA1
cf9905a3af434142e912858644bccd09cc205512

SHA256
69bb70883fdd47eb9dd57f7ea44db4d37bab71b54a0fc537aa7c8b92a3e60af4

SHA512
a847480fe1e3b13d2e932c94660e0f946d27c017f9c2fcebb89436a1537f87de99350704d2b46a6802a67347e80fa16affe75f4f74ea7bbb87136045826edd62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fcadc9077e6d79c030e75d64d88b2dc

SHA1
a26f6d6c82e874f6024f1461a01d454020cf755c

SHA256
3075b4eee5ce5141c13936a0271751605d143096b6659241bb4c05fc56909760

SHA512
e305d19fc9d8011178362f277839f5f52e2aa8718c141eaa07978a01049ef14b15832e3bba5c0cb345f61c696e39e88cc69e184acf0da3063276212a1dafccfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d6d1dc53b0e074b9a7e82dccd3135d5

SHA1
75afc2f94ea2261fe0d5a0700b0a11b1d82986ed

SHA256
8c6dfad93bde5592521dc6035829be16f87e4f4aca27c77978145d67ad81621a

SHA512
4a266a4aff0ddf052dfde46aaa15086a950fdd6864bc206d63b8758889f1879fac1978ef86a456b3cec2b1a6b86e62500f67e3579917c910ad97cb42c726ae35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c79d856dfbf7d79b6693840181ff4e90

SHA1
f2e17f5707cec81582ad98c72c56d459ef746c26

SHA256
c63cedccdb9da1fd9419dacb7ef07a81a007e54bd537b9d5151463881ed3ef0f

SHA512
aea788d469dc8747ea66f69f17fe9233fb4ed75261385c5a33dffed0b3f19d64bdaca379f7beee8270aaac95bdfaf2a3bc58125365d4f3e7ca158b439389bd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
656ae6ca157335478695a817d35fe6b1

SHA1
738b4c5a669e4d495f12755a257b3e99d34d5d15

SHA256
fc0826a55f6abc2395a5c864a3ae4791432e31609b8c45e27967128a7fbc045e

SHA512
3ae81751af3ce6b013fa3ddbf93773d05a0f24252c4850d48256c6afbab35dc1c64328c76d642e8fee18606ddf73be5dff918e8b2961ee3a7d0f2e3671ddd6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585280.TMP

Filesize
537B

MD5
7157c0072fe73b8981bc28dff64cf3f2

SHA1
5e48685208dfe544209d1299b89fd81e9a51d2e0

SHA256
502c759a8b3371e3835bce60f123f19d261dcab9ecb6fd21e331f2799a7a15f9

SHA512
7edf67a5f706ca50fa3db2a4ab72e873ce6f8eb856dfe0ff57c15b640bc41122dbd29300c10f8c8a88db1d90b1031593cc5a478b6a23275a3ff3971b490a8c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98fec5a50831555dc636fa0c54d4a41b

SHA1
67768c7c3cda0af8341dfcccf45a72b1cf861e86

SHA256
12629a54ded12147173e5a2d02ec47d81128ac57506dafdd2579175e06d1b214

SHA512
80f9423523454230f805557d2deafc0f8dfbf8e271fb8a33088896f587f5ba3c0ba8cf40e38ed51293efd9fbd651f87277239bc7623a9d31e263c2c0144f8743

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit