hxxp://givemeavirus[.]com

Analysis

max time kernel
253s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://givemeavirus.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4128	msedge.exe
4128	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
3616	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	868	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	868	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 3008	4128	msedge.exe	82
PID 4128 wrote to memory of 3008	4128	msedge.exe	82
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 1524	4128	msedge.exe	83
PID 4128 wrote to memory of 4544	4128	msedge.exe	84
PID 4128 wrote to memory of 4544	4128	msedge.exe	84
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85
PID 4128 wrote to memory of 2916	4128	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://givemeavirus.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda94d46f8,0x7ffda94d4708,0x7ffda94d4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9985752673490804074,2038485514721126602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\144d0546-a737-4d4b-ba19-1db017096e95.tmp

Filesize
5KB

MD5
dd06311907d7134b44aa7f185be451f2

SHA1
2b5808a5531e6dd46774e4a692371d45e59fd5fe

SHA256
8ab1f6a43f21c00c504beb0ce0e069af87e25e4b5dc4aab51e2ce04553a0c018

SHA512
44c81d77051e910dc410e0f807405e4fc2d93176f3acb5f5be707680c9346bdd87fe5425ad13d5dbdd9e12dca0d2932228861ed0b403976578f5bb593966737c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\158a011a-bbe8-4e13-8145-230918a295a1.tmp

Filesize
1KB

MD5
c8d034b37636f36dd72db2079679b752

SHA1
e4c37ac9920b3879ae19a0ad8a5d2a6708760a9e

SHA256
f4eff195a42f2888a99df5da91236c5e0399fc3caa5071f6d4a8eaa27fb19169

SHA512
9ce398cd384f4f04b4db7bf289798fabe5cb311919af13e86abcc0d157e43b06c948254841d983721b478139de3c47ade9bdae6c30eec724f647dc0f0bf5f6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
241KB

MD5
4faab83b9e69e06d13cb00782ed049fc

SHA1
c7cfcb2c79648ae9bd30e1b2158b6bd57b552ee4

SHA256
6d430b17dbdf6c4e5f47ad6e3d9e03c6d0ae8a9bcd9ca03c0102a1452ff3b8d2

SHA512
0e60eb55eb4cb7a1283e96547930800875542d0c3a454de830d7ea890070aff782a6ea4f44503f3b960d42edd8673653f8c4dfc92738c0ddfa0ad1f4d12aca93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
569KB

MD5
9897c7f7e416b75483d18007252dcde9

SHA1
f9592a41ad1de5cc364586d887b7f61162170500

SHA256
2a113525058ef66dfdbc04bd8f5345707156531fae17a2630f801508ca5358e6

SHA512
a9f314eba5af9925a12350b5a9dc2903ac5115e022db294554ffd7a38248905b0d3ddb87ea09b7e72dd62f8b4e8d225d1874771d8f5ccadcadbf90140c35ba91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
108KB

MD5
cb39071fb7727142bfc66b48894a4ed9

SHA1
cf22be459d700e1c6d5640a9439221a05551ecfd

SHA256
292e321d0acd11351e273479495778b0366f2c9eaaf00168612bd86aff962ccb

SHA512
4245606d3c4070fd3a79786a23399f905bef89026facc71a563aaf8955b75ab8ccf2fae0e0d8e8664a9f2d4fe9344609582fd5723c2c5fa4ab40190c259ab412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
109KB

MD5
70671998f6a762db5261ca7cb588738e

SHA1
008449ea2093e98ecd89847d9244e720a1a21c5e

SHA256
b20e9463a99ad96dd83a417f1b7298503e69d0cafa1bff3bb8db85ba890b72d9

SHA512
c0197896f656ef0bd894da970ed079b2c92112f48530a6d1a15365757931e20be4f26a1fcbf870f7750171c4187c7943aa95bc08599b2adf28dc77b1962041eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
16KB

MD5
154b287312a34a8be70a5ac95e256483

SHA1
c28052ca6487eab218b4a4d0670116370e940b60

SHA256
43bc8294b0c6040b386b50f4f6d34754bf203a8c57f9b61b3cca7665ecc1b458

SHA512
8d41e8e889428fa712ebb91f1a000c5032b218a3c96f547eda589b5c65d7d8697e6850f86f35f3973aeb3cb9be6e24258a0643ad0aa39a62b650283b34a6df5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
144KB

MD5
2f4c022206ddedf15f6d75580dc02720

SHA1
85e6600390116258c8746a874e2df2b56af7c36e

SHA256
28dde74f995f32cdebac0ca2e81df24549c21bf01d7f425bab9f9ae365b7c891

SHA512
38b8deee0d5b2094fb83a6c11e11afd00e22dc1658837d5d6bb4a1adccf45faeaedc3b4f2bc3a3577fadb55e64b78450f86de13cfacd67177420c50b94d61841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
56KB

MD5
8ef2b65ffc7aa82e15e2e94f58109594

SHA1
3e5f7a25deddf4daa34a08b75ffcaeabd188b453

SHA256
a90d7b7969e19e0a07c908ac198d23e73493fc92de517b8a29f3da97e91845f5

SHA512
e13590f43fa9e7c712f26d7220219522852e360360323ca514e1589e4381874a09153ebd2720b1ff8f3e3fadfa3b5fe45af7fb263f570d4b59cb130789cbb529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
009f797cb4dea532069ffa1ce3c0bdc7

SHA1
080ef4d8e4bef1202d1c91147d5a42d1ac7b654d

SHA256
954f285bb7afab0e632b42a11d53d000a2de071a54a4280f8237fafa92f2073a

SHA512
dc444463f13779f35fa9579d23b78ad69a5082127907c52f7dd2f4049ef9b416492116682765765b87207dd8d0c3cac35a4c8d421ab5262b2b948cd7f9c5d4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b0b7b526545b1a1e9bb29f6419706415

SHA1
3a2800fb84dbca32d8d61489d63cfc3c5e671e87

SHA256
507bfd2fa0009343148a16601eacf7c478b491dd5159b3bc616a423d257ab213

SHA512
4b9b714da76290a20e67c16c47541523e3353eb178d20783f734987351465423aeeaef9065809395bc48d91e4665dff9c9d364e147f0a7ae0b280ca12d9d8fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a3cdc489d4414e8c7f2221f59b0f9ed9

SHA1
c185a0310c858142f0bb5cd2de46ba573516d759

SHA256
9d69cedd9cd97b008395dd9d844fd9ae5d567f806da84fc7669a5dbb8a8c264a

SHA512
99619ea96c7e2d16e66fe242f9e27dd38b2f24081d9c16078b4328d5277ee84a0902d2e68237cd12b560c0aed77fe670163d95b30401b1d061c57508986ecc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a567780db0a53273d5674f4dc1230424

SHA1
8f636356e2dba8e54f3642f69494be2f87c5d3de

SHA256
e9d095b81bef9f86f409ca5ff95a95258d993855f2cfa21dd09da8d0284bee74

SHA512
1d28f92cc978cc0b4a08fafc6a5244d68df32ff83bec34bf267dc8404737e291d8317b7292911541d87bd4e4a3a707db46809688f8fd9cda59eb92435f3c2551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3f687c6d638fb55c6b7b63ae3053821f

SHA1
422ab02a8981c13cec76d11e7e363a3028e6e0ab

SHA256
6e49e3f3afe14c9b68f03bd11c7378d7282bad4872c76f02c107c0b6185fc647

SHA512
58705c62f9680027d331087ac4572f0e4708763875821037bce8b44d4d556bc6170dc6cbabd38a64df95a77458cd21a1cf5cd2de239c7e484b7307cc1f156a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9080b4acd1b18d7aa6a49290be50ec2e

SHA1
d8f58ece070efaed49190a87be8101cb0c042730

SHA256
dd3f3f41cfd4a2d0ef6addd3f8047866d3238d760bf57d19fd9e7c04838ff3da

SHA512
dc8db6b19508f2e71465705184e18be576de447df77691eb919af23735cb1ef23204f8d01c717bd3e7f6217ca34de3b925a82abd5073f6c1d90d8ae7a1bb96fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7282ac9999bce97a4c9ab341c00e49b7

SHA1
274ec2e83c7e780d246f93dd6a1c27abef84531d

SHA256
721617ab4204328f36563e734d3f9ea0772eb11f0e292ab56f3b19f67d0fe569

SHA512
8a4bfc5c1cc708f4a7044d5469baa82440d7bb70d73730b8cacca1396660696af6a61c1b2c5f6b09303be461b509e5ca16569368324be8114354ebe452490f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
35fc33a93293a08c72945eb315381263

SHA1
ef7e5864a9235dac7c2b632a601dff4421b06f17

SHA256
53fc83d98ac100f42c9e5c5623c50e7cc964dc88dcc14d4c798c99ae466cbb2a

SHA512
47d4818b7e73d51ef6f13020a0c202a0e9a1cfca78796d8649b5bc4a1b98ced3538d0c65684b722c7231b420f46d2b178a2d5b8eca7d14f72074a8c41ade8057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8505f425238c74d413583d6764726227

SHA1
b8379a290a5bc476f87a2f4711715c8368119367

SHA256
c0af2f0d4cdd3ed8f77d97e01e537b01a35937d7b0205e2c12289f1645f1e0fb

SHA512
377011852ecfdf8ee6cf7eabf83e3f43c120c0f95e9eb0edbb3c442f7b49c033987b03e826ab9d98fe9a39d40d7ec7f09974175a89149136e9656ba3fdf6e4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5c015f804fa1e725ba20a453f6376b8

SHA1
22384fd1e37f2c47cdc68cc1bf518d6cd00184f1

SHA256
bc98946fd860243de7545720614b800a6493a62c34d38d676de97d9d84ab02ac

SHA512
d059e894f6cc2256d7d56210a088b3a2238b7ae47534fdd807be95fae032b991c68347aa08c8e6436dde74cd8146cc8f67f6ad98be8c29f6a2608fc70a247c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1507b54f898a127836280b424cb915b4

SHA1
9aff671c7519cc6a1ca7b74af5ecdc57e8efb17c

SHA256
53130c3ab04c848f9446bdec35a152af3baca94d6301b6cc0077b538098e7f53

SHA512
c2f3f2a4636fc7ac6719bffa373162365eaac4501f37e4985659b427d54dfd32474a5bd05117ba58210f7f20858439c603eb0d35cf96e84cdc9afbd6885b0fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e6b76cf2daf180f367b697d165954c9

SHA1
02e7f949c31051a08064493b1eb35af86cf7b9ac

SHA256
e7c344220806ba150959b776195daa2a016d98c64992666c32425f32073663a0

SHA512
0547a286dbfc7b16c6be7938f96563d79c72c34f827d44403c46dbbb2cbf75090dbaf681c25328e4bfac2e46ca60d36ae84dcb01ad385f0e215d966ffe21e34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b14834347547be93fc5603e12af6b2cc

SHA1
e26cf224f5d63fdda56917a0251410114f7d69ce

SHA256
7954e81a8f9c2362c223385d1dfcb15c3fac363ecbf12f62d5e53d66ebf22ea1

SHA512
1488a63d07aa7846734199b297a47744f331bd24ab054b337444d5d06f8f90252e9ee3410ee22fcf9c013ef4030a8aaeb6bea4ab8bee6ae49ab47c06e0d31eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e62ffe9babb2692abee1514e927eba4a

SHA1
98ab10fdd3490889a0a3c3ceabd2c16c98747cea

SHA256
9713b9f7a718f0c016a8b06ca41e6784dd7367795cd9ab629568db7dc70a9df8

SHA512
65757781442a0bb91ba55339d192f2ee36ecb21b9fa6b6c25ea5361c5cfa64e091d90f5aeb60617aaf489a03500c82558fd4df140fc396e63b34f3b616589c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e1a2968328ae06e7dd06c6a51922b614

SHA1
8dc07ac712be3483ff056a1f5f57a7ca3ccecc51

SHA256
44d6f5bea454b70c4b6dbe20f9d44468697deebbe78e407ef78aca546494d883

SHA512
d35ccb210ffd677dbba397d8b62c398fa0d0b90e229a2ecc6e7937c4270733d44d4f84f16653562c8f4434e71dc672374968b55044292891452a5e8ef799e455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1fd27efd20cff5942a0a9ab8288dabb7

SHA1
394d9e1e5b530fea24922047f766bfc90c4ff15b

SHA256
e2e1f430edc98d1b3bb04fd551424207b27b8289006f32cebc3f2ee7b36661e2

SHA512
11f7c39de241a7b7317a104582341781ceb622fa5be14eb79c749b2f35a59be94056fc8ccd8ba543667e0e07846b2f8929ea627234045e24aefd37442fd134f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
da58c83247684cbf1d27889aa99f9b25

SHA1
b8a4225ecbd07de95ab7204182175ddccd804ae1

SHA256
57a1dd8954191e3232c1b501ca3aacfeb612700a48595077d3e41ce525061241

SHA512
cacaf449f67b68e319824dfc6e64f56ab9db06841dc811422d0f3ee2fb20a8373938f074d6ceb2feb3dd14680dd795d5c4251b7e36a6ef034f62f8a601e66ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9ca2d03e388f49e352065e416627004d

SHA1
d3b17aec474f9994cddea3de587643391d1af1bc

SHA256
cd00bef3ba69c90803c62feb3c5f47d0e28caab34ea21fe8340b2973e0b31383

SHA512
700ec45e85656663393065d846d892b27d00dbb7cb2874c1fd35e0fde70e0d1a3c2ab08d75ca9a2b8f0d3374c333c8044d9e9e113f777d0705df75b7d367d1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a11303588f1132c023f7724de1be02e

SHA1
dcce9ee53d4199912297b59ab366ef33166d2cb8

SHA256
5dccdd30ca76a3117e9a82fcc87b4bb468fa3727a83fc75e5e209bcdfce67c7b

SHA512
51777a3acca90be66c22129f5f11200c259d166fbc909f98b4fb50939d9141f36436e23ed9d8d05a3ce1842c9294ada99bec6af4fa2b2c75138aeca3ae528a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7b5c42af69545bb8139cf82b1a0dea67

SHA1
865460a05f304050ec306abe15b313c9530b8dc5

SHA256
2bf3de4aa126bb532b7f8dc4afb3110fc1b4280470143bc641415926726b53d4

SHA512
15c8d1494e89b98f3f94fed783fc9842b312cce71c23323fe54a4eb3d5a5ddc5ae105c47d26e79b9c90eedb883da52b304cbfbcafc7ad33e86f912921321d233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
269a54210e973dd8d4e58f155fa7e2d7

SHA1
d2e182cb2eb0401784c98853a53bc072f94ca885

SHA256
9b366c780f98a6617e2481cf9c5724b70de747e3bb7c55a42f53fd6a3998b42e

SHA512
051ac78c88ec39a780eb47758c544938968b913ce80437c9fbf4fe616e3e67b83fecc53e27f567bbfca13d7467a3a46fba72e5554817d6d341927eea36341320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e0a016af30658f170f3bbf5e9e8e635

SHA1
000abfcd7365c3fe829e67dd01382731df0b7374

SHA256
7d2fe6824503f21016f984194ba485e84e6709400088dbbaf5de1b96095ea64b

SHA512
cdc376e08c19732ab5e81a53d87295f732140df5d335fcea33454e8ffb888499384acdaaff4a9a7a6827d10da4824d691ef2945c3c84f26bd53892323e97aeb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
352869aa686dc1a59293428d32b1f421

SHA1
64b0a8e480c5b30e649a3db8b384b9898698512b

SHA256
2ecbaeed99be24412fda4de4e3f6842a1da354b8cce6623bd6cbf3e88020f641

SHA512
0192d31ba4ce962c38c86a8b7f55e324928298405e24b12cabd9e5e36c3f7079ba31ec30d086b9ac286f9829306517104f5509a9ec30556f2b88c377b2ffdfef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4e7e689301d42ce2a7f8b215f5d4494

SHA1
5cf73f4c1c39a60ac2264d61c15681be373959e2

SHA256
c13365964933c51eb103f5db119b6221c8d4518ec7e75cf87278fec30f5cc3e6

SHA512
6c1db33d6958db7e30fee30fd141ef08ba93b3a427a3b6fc2dd283f33ec194820c090b98bcdcb8b97328071c63560fe977bfd82498dd4de38379b955ccf642c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
18158984021b81e59a3c0d3a2e0a528e

SHA1
b5e370fea0ecf89990f4da6c5ee5dbae4d99b4a8

SHA256
b02c708ce4c8fc3092f08fca63deb2aa8202d184e44802341da6829417a1ac79

SHA512
57a555d8c69b4285446320dad0443b8794d3198e21a2f0ecf1f9b13d00f0b998de0cbdb71b164678e82b2abe4e59cfcfe8b5e7856d0254037847e9c9c274d376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f6b5268211b193c35f7c79f4c9cc2784

SHA1
31de56b4423fd9c59f69b9b839a054e98e8cd2c2

SHA256
d5618c7474fba5a17de4a41f7618f159c26a9ab79592035f930413844512d379

SHA512
b58fa7c50236f918e9a81b23d1f9448e16b3001372375ddc7ba928c400b0408f4cd8d027757691d1c351a06efe9967ae5c06a0c5195aafec566b5f4167464bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
13bd366d84ce005dec8f596e08fce658

SHA1
24443f8a40e87563da6f4745a33102b8ad58a975

SHA256
1c079276f18a3758d5b01f36f5e3e1a69c200eec06c5beaa34e686392710751c

SHA512
ad5261b9c442ccb0940a65f0637a2e681eab0836d6de6557b0dcb7296c589bea7ba51d70fb8e73b7198557bb2761ea43df081d2f1a41003a3af614ee0f0665fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580134.TMP

Filesize
204B

MD5
0b628243990b607d4804244cac7114c6

SHA1
c600c8ad093d0c4d31e8c6b54df142911664c481

SHA256
138fa188527e174aed7a90fee332dac83c9685fd9b04b6ee6383d34b038147a4

SHA512
e9921109dacbfe4374ca49a30020d796e2de17e15735cbee26750169fa6d5eef7ac496fb7d7a1626d68544c6c0984db25538800525d969664d55f29d4747460b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c3b81842cb6f97c47fffa2e385668c9

SHA1
7246ce1d16ad6a5ae74fc1e73cef34620f46a0c3

SHA256
b9014d5c3fa88fd9f126c77541b7183f0149443a5a820e021ac50432f0bfc146

SHA512
d721e400729ac80591d9d3c5b1f820fc4b571daf915f54bb9fa3e27416c9ecb345aa912df05db2b5168d10b97606c55d5829b037ab17ee4f30847fa9a4ae5e31

Download Submit