hxxps://soundcloud[.]com/search?q=an%20enigmatic%20encounter

Resubmissions

03/10/2024, 01:19

241003-bpxjssxblj 3

03/10/2024, 01:01

03/10/2024, 00:42

03/10/2024, 00:24

03/10/2024, 00:06

02/10/2024, 23:25

Analysis

max time kernel
348s
max time network
352s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/10/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://soundcloud.com/search?q=an%20enigmatic%20encounter

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{10A7DC69-41C5-4E88-84B9-4EBE3EAAE32C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
3652	msedge.exe
3652	msedge.exe
1084	msedge.exe
1084	msedge.exe
400	msedge.exe
400	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2016	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe
3652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 4296	3652	msedge.exe	79
PID 3652 wrote to memory of 4296	3652	msedge.exe	79
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 2928	3652	msedge.exe	80
PID 3652 wrote to memory of 4808	3652	msedge.exe	81
PID 3652 wrote to memory of 4808	3652	msedge.exe	81
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82
PID 3652 wrote to memory of 3296	3652	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://soundcloud.com/search?q=an%20enigmatic%20encounter
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde88a3cb8,0x7ffde88a3cc8,0x7ffde88a3cd8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12395402228127170584,17535929264979431187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2730fabb-abb9-4c83-8ab1-485d84755260.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
34KB

MD5
e980321f77bff4598e3b0aa32b63d652

SHA1
7865d48e20c5c77f6df87db347344ddc0677b64f

SHA256
9a6edade9cdfcafa5b5065b262f7ad1bdd8d2820965194498a7b4f3ecf10a0e9

SHA512
f475f7a150310684f2ae9eb80c0d74074713b6dfef8e6288d44798a8e6d3aad0c32d3e8d7dab040197d3b624ca81326d06546b34c4c5840f3c5b77ce6f4d7af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
105KB

MD5
9d5b9686356f8259ba0d2760cf04d575

SHA1
2a816b5738270f0bf843e75ee7abaa4b021a6018

SHA256
5669b368f1691ba9783b29f341f594dd781cb0725dd2bb49eaad79e2e1639d53

SHA512
deed3eb39775639e4ec90ac3b852a026433944b7c4c834ebdd4799711bcc32a202a6f3f08ae989b430a8951bb2439cc70f7ab3bdcd6f3ba7f9ed9ed0acc56287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
76KB

MD5
335c0c96b5222ee7bebb41b99528f397

SHA1
d669aa4dc076786a9d0c281c2120b0e367299523

SHA256
1e6fd8838e200d1948ac6833c142531dd44ea53a1445b5471e7b46313e9bfd94

SHA512
8875be014e0716ceeb977f2f83fa127e5cbb3704ce02c27a9337e6b19dee36ad33a6dd3aca0ad47c2d358577c9d8db52e4a896383d091e3174481ceba54986a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
52KB

MD5
fa3dbaa52590dcda3a5e3fa684dc516c

SHA1
b4cad03a0d849369620ef3b81b4a75a30814c60e

SHA256
afaf125e587acca183e9ae8fc0efba02bc8371b56251875e4c466842b81d9bd8

SHA512
31f3a7a32ad7515fa953638ab915ce958da642bbb2684aabe0214ef4e3ec5cb701febab6452f98ef71cdf8fac81d82aadc95a39663e7dfb3d584d386ac767d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
53KB

MD5
bdf5e8621a363a8032a8186a1e07f825

SHA1
6f616200d8851334a84ba63b7fcf6fa2b1f80545

SHA256
7caedfb3b8bec3f4ebaa34dcdd3503f40b93e92c3000c7acc9be67138e26b954

SHA512
70e6ee2c6b5feca7e132bc4ac7ce7514df6f274b0d8d635dd52f6bbc5f66924289dc073566a9f547150cfaa7ac74d5e58febc80cc2d3d137a460b9a06a585a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
53KB

MD5
fe5b868cb10159f8a263da5633736fc4

SHA1
486103f8ab987f7f2591f24a6b761ece19ed768b

SHA256
5a947f87d28769b4282d22bc4429c5c60ce093fa8aa657b3e41c2d333c91a38a

SHA512
863f4f1fb2280348a9910c0f9db19581d2ff8cbc243fe000610e3aea1b872cf510f784825e133fa8932b2e98a636096dac27050ec1304f3a38c93bbef1fa0ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
53KB

MD5
7721dd577ffbd3039bc2d0c6d980c188

SHA1
f6ece741eb371599f8bbb0c9df9d68b76cd2222b

SHA256
d1b8e08bb6112299b15350ec6f1f3104ff373a8f1e6f9a89cc988537da448ae8

SHA512
41d40d85f499730db47397ac393980e107e18ce51956c1318f8fcdc471f19c729e9aa9f329acc020cb6c82f3a79120e7f1526a43d15a952f68c65a067f128a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
49KB

MD5
08f2f62bddfa9faa197b3261ee79627f

SHA1
5ce173e6fbef17e83415856302e7db94e9903955

SHA256
00be74fa74c8a4174523f1270a352ade7c87a962bdaac535b3b0473141fc6fb4

SHA512
ac90ebeea5942383faa5b2880c59038cb68541d52025ad14305b1d0a0e67e641279f4dd00515a19161c74fa85371eacf059481b994399e71cd51243ec5896f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
49KB

MD5
a9c1b691bf7d83afb6be5548a457700d

SHA1
46c2d18b789390bcf18ff94e76dca5488b1957f4

SHA256
bb694c006c58ed7db77fc059685a9b6ba30ede7f08e36945ca5edb40da367019

SHA512
b3af23c355ea06bd85ffb0f8ac0ad5ce05d60f9fdae7ee15687bcdb32e4f439abfb27ce57e4dab0157fabf08cb4a01292237bac191fb28daad0065d4acc8e497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
49KB

MD5
8db530f0abd2d20e5dcf07bc3885c989

SHA1
70457f51301ed4b5e9c4d8181e8b9c59e5c54ee7

SHA256
e486ddccac2cb3ea7a1e99d44f32d0f58c36518c52f95e201ff6d8558111f36e

SHA512
cba1966aece0a60fd55da430084b6596a52c4713561a1cd898e3a39397da55fce1fa808a2679ca3b2576dfb47da40437f0543eda1aba86c9853419a84bd7263f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
1024KB

MD5
447dbac8c79aded51a71ed70daf69968

SHA1
99f8bd266f33511a686610423765f58223f6374b

SHA256
9a3ee3424c1d1cbe06fc35e63b23c0465c3b145fcedb7cddf4e063f8b59c7502

SHA512
67d521bc874b941ac3b511126271025a16de8964fb46ef1b015589915dd7573309312208f6ee73955ed8cfd30a842e20bbcfa4424457833a8a91a62ee1395f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
1024KB

MD5
cfe4efcca46c63751fcf380bd81b244d

SHA1
3fed6788ec4a5c67e1e1cf06fc44ca9cc4149e3f

SHA256
c2801bf90743b2cbb783cdbdeccfcb6d00b4ae225914a926aacc7a4e72eb4b1b

SHA512
ca07e2b99e207da9767de5d94dfbdf7916dafa36d9bf1a4781056c93b4c0d3dc5e8f758248950015a31d4d4faf195b49edef7d6e6a5147d8db288444f9d7113c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
1024KB

MD5
ba913b58a4a790da502f86287b9bacfa

SHA1
d3f8acf4effa3eb3d68cb7ca54a1d151715956bc

SHA256
d7dfa7a9906823777bda23d0834a9f5fe0c58fe9e365e1a230e288f3aa876d52

SHA512
5dbb0d035187a713e98bff7d4b94210b578ff9315789ed9d443af637952379f68bb6d3a7cb4b04f4fdc85235ff17af51ff5c0c1ccb8bcb693ca35df2dcd1a260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
1024KB

MD5
947a6f42fa86f5d0c1f6e12833eacec0

SHA1
838487da1c60dc6397099505d5c8732551e27777

SHA256
f9cab968933d30c9953299a9956e248b1511dab1137b865d5bb4a0ae4a02cee8

SHA512
ac1060d8bded42f64b6871ebf39b5b5d4fc2651e43baae10a0cc74f100b98b440bc0b8bf31a489130752cdd022e06a221606ae81386795300b47d2026ed86620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
1024KB

MD5
d25fdbb48190ad3e588f7e0cdf7235ff

SHA1
a2f75002ff4b846a33db85ee0e213842b2cce4a6

SHA256
89ff548fac6d252ca60284ee80521b2cb5f5fc7da02f2a62bd783a5e34abe280

SHA512
528f2b2a59ea46b39a750e6121432cafb2392ae5499fd562512e58bb4acb557684efbf8a04d715934122fd09e10048355ac612bc0cabfdcd6c1234d328927dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
1024KB

MD5
8d156f9ae796ecff952f1ee41161db07

SHA1
b83ecfc354fad7f84863600fd0188223650b0616

SHA256
cdf5276ff2108ab2dd8f791644725ff51478a7313adc6104d33f9f1bbc095e67

SHA512
b77f2dac1a5c4ba0f39f7d33be47abf8f32f3b243cd7c05d3730e64f10a5ac2effecaff6e61832d51ff42fb29c37e3a05bf1ce4b93582596fbb87fdc97c2eb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
1024KB

MD5
92872ed40eaf27cdd357e38c251b9952

SHA1
afe8b139acc94f9eb6a71cf825e130e5f095cb76

SHA256
fd49e2c6ec1d90d1e0a82f895e83f53d884f1d7b7ca7cb0b443642948f709393

SHA512
9e593086cd0ac39092c7af3bb78bb086c7b97e926bb1bf184e9b4539512d058344b074ee094156bba3320030b7649c764d2ffbd472b127398417039facde7fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
1024KB

MD5
fd57fc4b70002a496f7abb856c8aaf5c

SHA1
366bc2d0f519718d6459ba20691d77980486864a

SHA256
52f083fa5f4513a60a7b49fd28969ef04d873749b6edbc8a6f686dd403ccfbab

SHA512
91e395376832a4388f8dfebc8dba1c894330d27eccd0176732d4e2d0b486159216eae894f9b378c30c092fd32f7341600e676c3cf379e131267a502580afc049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
1024KB

MD5
b12daaa00de1d68b898cc573a657d7e5

SHA1
15b18f7b68bdd857f3ac75eaa115bf79204bc70f

SHA256
e20933df595ef6fea2a1dce1faba956758fae93a62659939b747287ba19e5a34

SHA512
9d1910f5500e626d762eb64e56673bbab59ad67146d4783c1bf23decd08db92df7082061ed40b1878db3f8040196bb84431b52f057c81d4c4296172450985724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
1024KB

MD5
9b935ab172d09872c67f8b7cf2a87400

SHA1
ddddf308f49358882ad10b43f49c12849a3c09e9

SHA256
09bde127404a67864e6c84e6e571e95e40e249ea03b373d6758a99167c18a37f

SHA512
4da05dbb3e7fe2d0caa0d434e2b83968ea14475df12de4cd2efde8fc1b8f207b6c025a7aaffee0eb505c49b489c62cea205804ca6465ed6099b5aaf46664ac7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
1024KB

MD5
c6120c7c09685364919d4e5a88b22dc6

SHA1
5b3fa1a124d7e0cdf6551364715b4957587e62ec

SHA256
8f25eb666cdc947b237343f5b5ab33e98eeb13edfd785fb845145b61347627d9

SHA512
5120ec61e6aac5e94b0917998abd203eaa7a53049252dc5f002cbdad0de49ac3ec6945e96b96ba909eb15528f5105947966e8cdb43d2742fc7a87c4a37afee87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
1024KB

MD5
734707a616689942ee2a49b3bbe2bc60

SHA1
572a89e325fd0272eff085f4c878ba0b39ab44a1

SHA256
450366311a4cbb0379e3ce09ec18703914c53de48e109662bab46484d5c0930b

SHA512
82a391e0a774c57ffa525f7de9e870237079476532fe2008d744739652f5f1fcbeb8aa0a306a4b03e08baa0cf30181c354f590f4a5220ff3d527f93985037e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
57KB

MD5
0c3aef72d2a6888d2b4dd8cb0f95744d

SHA1
717f55926a4fd925ae3374afee94e06eee1c0936

SHA256
5c68de809774153ccef98007c86e3be9b20f3cb9481664de9d0855a351679ca6

SHA512
fe93890b6f930c1e101c85f6f39ec7fe8fb10d6640bc1381373503d6f9210cb4aef042a81a6af9fc58f9ee42f3d18422c9d11b15d11449f8d794b3323fd347c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
928KB

MD5
289e5d3dc0d8505a79936d3e29dc3031

SHA1
e6f6c9d73b8c2ba0db086bf32d0afc66400b9e85

SHA256
5edcc5b864112992659a616d88841bda2165832e597dad3dbb3df8727ebcbf44

SHA512
205d1b7d8b574bdb2777d7250c1d621953780ad9c830ddbb65f2ff0a8b9be315e5ff131b61a0acc850a591a7e94ffae5981a8ce7fef758ede2d6432b49357073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
1024KB

MD5
a52c3d9c4432018790e69e83b58f96f2

SHA1
71d807d1b2548b122d20ab89b930d7927a2181f8

SHA256
ca38855fa1cc19b083d21dd973d10b05efc35137f0c5826e71a2e47a9d6d90de

SHA512
d13eb08bba2cbccb2fd9422867a150d0124d99fbd8526ef57918c1798c73c21c3c65f7fd946f10d658eaa77f210a57122be2ff18a73a814ad02d8739e38b5900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

Filesize
879KB

MD5
4f713544a3b64095e0b1278b6e472b01

SHA1
fe72638b318a4653c9348816d256941c4e4338e3

SHA256
350554f67f893bb3788b042c93d39db628e8f150b3dbe4ebd7aa1a87612a2e5d

SHA512
3d44af144f9050442ef75a4bcbe81daac59b0e9cf75985e17751e5f7fb9740e2eeb4cb5e5c4585773e0b49dbb6c81c5fa9cd49cf211957b9a4861ba6ed3d6520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1b8e8ebeea32d62b0aee3a5ead83b6c7

SHA1
81f8312a2223bc466b313ce7c24b2e342b0694e8

SHA256
a400a3a343b942231c48e88f0bef02f3abb403c3b256c6bba58dde51f3689781

SHA512
96521c2912c3d39fbb84695d80d7981ae99f4941db8a4669202e296cdb25ed77356ea41f8f627fc9aa8bab31a162ea4954a782fe1769f9e2f634cb7ecd0c7952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f6b802ad6c518d377412f24a10af8d78

SHA1
9df9c3fdc4a8d7e65ad525786ac4be7fc55ea047

SHA256
0e753559e322b7f98796c6fd621799a40c66d40bdc3a545b7e1d7cc349de33e5

SHA512
84efb10517bec4b25830ce111842bfba572724a7c7ff8a7075bb5a2f31f35b91b096147772f4ed8db7b85f55b26b5351037b80625a696f1dcddb21e13224fb3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
f30ad3b72418db01abfc05f08a02c54b

SHA1
81d1ef85c39d74d02b475e4322dbe1c4785ce3ba

SHA256
06abdb9778a2f401245e67090bedbf5d84f911905045840666c8d0c34f548091

SHA512
e58f4093d2991942cda48c559894975df421a357af0b9cdf14aea4b1e8c9526eca755650b812ca6cac4bcb45595f4409ae73fb510f535a91190eba80a80d7a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
dbce3e80d898c5c80228169e0ac6852d

SHA1
c73e33552cb852ca86bca91f4d76a5f4120d3386

SHA256
e110cf4f9389941ef5f3eb320b8bf56b7cc0cd511a68fe7468b044b578546c76

SHA512
3679588b943715ca52116074a47103fe4dac4937aae6391dc8792652586a1993d020c9b9e318efc7d8ba74eb69bc74af4db7a72829674d5c54a1aa6b9c122bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b5fe9db3e648eee7b48005b3ca7a4187

SHA1
fe003d3985b88bd833f2e1381ab77803a4be0038

SHA256
c7a3b730ce6f39deb58eee892e86ee3f54372b1b85b506186e8c0571b548801c

SHA512
caee5132f75ac2356c92317418d76e149cb5375ee8b000141ac25f6337e7d30179a29b1ad01a39cd8792c4632bbdbe43bee9de95ae6f1db2696373e01c6e3307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c99f5231aafdbea3ac96004eaa344f6

SHA1
0594d959d13c503177151e832b7ba8d627e11831

SHA256
9c6c2fc1def88a24aabeb4250209cf643e7eb22b0ea0a87d968205db24ae96a8

SHA512
9ea45f385d17438a8dfa4452ca6bd61c990db12a0c23d5779211266d0cb5ed2bb32614cfe1b550ded3c693e7d6b5555093e9a0a7df59b60eaeae6ca778b9545e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8759c12f9587411af14b40f0be02fc6

SHA1
51742fb6465f5f1742a1528464d3ceffdaaea372

SHA256
90037ca0b035d3dfc0e1acc95fd187227dd74efda8541691850b2ccd1a714904

SHA512
9b3a4bf90bd021016d35e549d92a409bd0c263a8a596eebfc24a773ae869976a4b2b5c9732eda7442974c950d5dd18c5c6d93d1973eafce26dba114b516f3967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
106e2dc1332ec0b82bdf6fccb1c73663

SHA1
f627c79f76285c8543dc0a757df8add933084afc

SHA256
10142bb213f2d9a3bb1abd9ea97b41f1afd701c00f0c76c7e30586626a30e4d6

SHA512
5a328054bac5700c22a6be63c1718a2f198fc49e7246788f16c3cdf630515dc640bad6543e41c59784f6d4f48d219b3dfe8ff95644d2e96db270e0b00e32bdf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc6b932cb7774b3d1bf97528b10f6a6e

SHA1
8e386e9fd477d5a867af9590bf41000e5469dfd9

SHA256
f41b6b15bf34c2b627bd184e940a4381f1d7616379cd4708a2b2567f3274a372

SHA512
5909ff3d287c1c1c0d12d843080f567d6f611599c25c8307d7d34456cb2ac7f3a105db4cf0840f60c7a07f11feb832003b44b27cd78c88c6ec391af6edafbaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b18d2c880630d2d1f1cb4bcb5036230a

SHA1
1b14568a5c85cc96d415343b349c1315f55dc2ae

SHA256
9222e2b66853d0f638eb387d79bff5f60d0587fdfaa7a4030b09a976b005b5d5

SHA512
44b136bfb46b1a54d95935748dddf893101be2e83d30e97c1ab55498eddeab8f6b04d05218a50a876dc7d08779c5a2c5052fbc52f7955aac23593a8f9d4b9d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76a2bb2051ae967bba971d60c333ab17

SHA1
24fc44bc682fa4e5446990fb6f409fdce874ed18

SHA256
d883d812b50acef613a5c59eae258a8927ca131a0433c594f295af5168d5ad44

SHA512
edbf60948161073b9fc332962329821735694c893c6a958b4d193d1a05ddc6146b83e39a6fb3497704bbab4ad5b3ba5cf9c1e6aa14adb68db526c5d38bb1d03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\c36a7caa-6fe8-4c43-8951-4deaa4ff9417\index-dir\the-real-index

Filesize
96B

MD5
49f9e1d849ca9e467a9ae976e2dba469

SHA1
8bfc6c20ee6ee3dddc40949823e7064e36c97bce

SHA256
1fcc2470971c0cf283c62d403e245de8a85ac9b60d9e4a0891559dab1c20bca2

SHA512
632b080b7bd3a24bfe35f5f67f2c36e86b4dba3f57a16749c9a8749de45929c14f587829c44d16cee542782b0c609d2ad667e0daecd06decfbd6dc42d4958e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\c36a7caa-6fe8-4c43-8951-4deaa4ff9417\index-dir\the-real-index~RFe57dfe0.TMP

Filesize
48B

MD5
8c841dd99a599d0daaa110cd18e7e4d9

SHA1
11b53af7f0807f69936fd39fac7d6e815f08db99

SHA256
171b539d35601e1936265faae67bd31b7361b53f62377d41433a5361e1b133eb

SHA512
e95171eb5298e7532c9d66e07882206e4b97c26ab95cbab78a8d85c1031c3d811182d4d3f94158fb01bb225e3ab077e597121085765310f6abd256e97ff12fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\index.txt

Filesize
87B

MD5
c882491aaba6b31f1be4f57668e4543b

SHA1
4c9c6cc292a88e9a7d754fde41deb220d8313790

SHA256
8d3b0d256b6aafe56889053c888d459f17de54682fd952fe9a441f7e57c8fac6

SHA512
95eca209340b7bec1f757f94f7520c65756b30606767103bdb494dda873fc2633de622168ab3316b8e74ec7216f3654630e94197c5b303b3f9f1f25a4883f464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\index.txt

Filesize
82B

MD5
69fa8ffbace0de23d4bb786f2e091112

SHA1
391cbe52167b3950cc182d8f6e1f4616f449075b

SHA256
3e6cbaff5860ef450b4ad6ade3d37bd281efa93effc81c8f4f017f4bea2d4b9c

SHA512
284a075ca9a3d1e05c86222207d33bef13f3f3d6ab55d2ea582ee43b634fdde97266c45068d3eec708e7b780308dba6819b79a7ada6118e0beb5c180a1a967f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7830f2dcc48be901fe19956146591257

SHA1
3c36380435093750e51c76bcf2bf5f6e9550d771

SHA256
333188a9d80cc8e98197ec8cd6692bbeeaf912cb3e26c7429b82dc204cdf1a02

SHA512
1701248d54d51dad62adc7496c5bd5cd1a8845dd595244fd100dd959b1df4e0d51537f3a7a095e9fc6bed3dfabf0b64f515f8db393d9b592958c84aa9d26efe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57de5a.TMP

Filesize
48B

MD5
5416a712b8b5b725b1208bbf552638c1

SHA1
b6925b314e94ec8cda53e1fabae3772d33f78510

SHA256
cd06f66f8ce35f824c7038a9efc07050853918629e82bab8013d9dc28782c50c

SHA512
31f804ba9fc5090980cf50f00e8dfe3d4bde6d63b57df967708fe451a6632cb9183491f10976685c191be998cd25ad9c22c1dbc28e9aff186d62c53f49fb0a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
da9b2733ae84b1044775f31a8583a7b9

SHA1
1cb58d1c1a43d8372c7938b0a74bdf8aa9be481d

SHA256
07d180e66e63b8c9415dca6215d9bb56cf568d1b74fc21a2639e5840ace0096a

SHA512
1bf77a6d8341519a61e6de6b4d57a39e588a1d7552bf739c1cc6207d8a459fedc2d438b1f3add88ee5da9f59a3ea5a7c450d5db66ce7bf9168674a1cccfbfd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
164c28d5e388d9b0fa9327214bbeb5f4

SHA1
26f7a246c094b6b8b721b9f2aead417bc1a223bd

SHA256
1a1732403bfb326b5ee7d4c26e7d3ffafb39b43cb21ad0b73270d60064b0a355

SHA512
2b9af424801ca4684e63e717f917df305f77398f442ab614b56de8bbd56af7be3824f7cf43404d62fa0e3a5d841a3fc5f30d8eafe234b736148d577c055d5470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dfb688a240507b90a2083894f89f4262

SHA1
18a68e99f592eefc8440e939397114bd95762153

SHA256
ff735bf2df426aa1b0ca4feb18b2a62c8fa863c6a30633653e2eee85e17f191d

SHA512
a511e8d2cc5ee0e347b862130ad418cac5278d174b214dac08ea2dec124ae23ea5b5592065014e2d40b7a1c5e64501e3436349e5aee1baf3d240589104bd6321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7578a6ec7a3f94933a6923cfb927dd63

SHA1
7078ed33921ec1f2571334b56a1b79f05c1863a3

SHA256
8cf097a535489d81932286ee5e28e4773b561595c3b7df75abe14e7e765d349a

SHA512
fb69f6a6ef255667e95dc1f387ea5b7ca78080a4ab9c2bde23900d60cc26231c323cfc1f019e006048d3ef58842528fe5f071a4d124393eca9bf1485d7080ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c390ad384e1338649cb97fcde6a3ec5

SHA1
d7f371fdcd7389a31f8164d3a4c4f2523662621b

SHA256
9993d7a6e1079d9786f71773910d8151490fe366388a3398af5fe0a32862178a

SHA512
504163082f97d4e810a9bdd278bd2f3439c0ccf9c99310be202b60500e43942948ad955e9032cc57c03518b610c362cc53cbf06ba38cecc5b6fbfb47ea47a727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5581f65672ede28ffff26a6799e2ebd7

SHA1
e616a9710d3c75e4c93c1c5df4d3281e5021868d

SHA256
14618f150179c0ee1c9a85e24eade5ab8548335927767bbe6b933574eaf412c0

SHA512
ea5062af04d0b04561429c498773a436cfcbc0267d040be607fce94b927c737862844d6d3686dd2c84b50653b550c496d290eb62a7ee0d8c589f784faf3f343c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
76d9f1f81b86afa48e5e4a19f6b2a992

SHA1
c0c8710536575ccbb78e3c0630aea139db0dc814

SHA256
9ac2f780eede54eef907dcb1f6d567cd1669ad5f68d5d46f46f35c9da7445f57

SHA512
a09162bb46eff9279dc63eb854d6d8ba838c88ebc0eef4d98d31dc2f72168ea27ddb39531fe5f4c73fbe0f2d86baf4312c8fe9a3a541085fd0b284cb444b5fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
51d9a4ca9cc564ea1a2c6b44106bb9b1

SHA1
ed3fb126a57d84ee7c45faf82cc9e9285736a125

SHA256
6284c4ba17fe2f8630b834f646390ecad049d7d780e560d0e47325dbeaf8b46e

SHA512
a0ab7a845255a2337b705a8f58335753f939ec9e2dc7f900ad492b6ff9603f8588e8f5e7377166fc8175c78059552ab07530959af72e60731d40093e1f463e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3a3bd40bb496e2f7d5fca88af6be277d

SHA1
7cf5d56d1b6de25453dc57e90b698b07c8c1d00e

SHA256
9739859dcae1a47e19c381c99b725de0f65682568115088cb8f690cdc2eef101

SHA512
3748462aa396176b338363ad3d91bf99456db6e5324ae02a802d19cc555756dbefc7c4684ad47ad14d34b6bb9c3280152359df2fdbaddc750d88e1f4890a5fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d3171989e674da4e71a2544bab2b11a9

SHA1
4bde9f1a5e1fa0ac15306889985b322715fe844e

SHA256
fc9dd8b33b8d89648ea2dc7b6a6339e77c7f836d95a3bd6e939fbe0e3f4aca00

SHA512
8f1965f840b3d9fcc5a7ffd6b1caecd40c147f77e612a5d22983315f7d03bcccbaee14b865df03aaf540dc3f604927545bfc45fe28beba5bdc46069a5770294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
01338e09ee5547bd1fd2ae7446efdfb5

SHA1
0a676a624156db255deecae54857aef37ac6add7

SHA256
8e9ec279358979b009ea04d14b792a6bf6f31d23cac5efc64398d5d8ea7d7a10

SHA512
1dcbc24041d1f10eed6fdaa6390563bfb19481d54772eb55efaaca8d19bdc314d7ecb56bcdf3e3bf5b4fcb187e63bd194164fe7b7440670ffb828ae160ffdee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5940a25476d378b62c0119fd2788bd41

SHA1
5b5f7b603a0b50a1573db6e8fb8bee953530445a

SHA256
84a73cb3519db22805aaa9b9bc942f29a68a707c93ac26486c36e77ae7f009ed

SHA512
04af66af7de5d06f7fd9ea4bcade248adcd02b6db232e69d3f392ebe3e3bc100959b6fb71f6c9a87cf16baf95234d38d57ba0c08be9754c3b008f36277713119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3af44058dc2caa48cf7a2aed879d62f

SHA1
71f4767599164f9d886d55b9573289cd4998a362

SHA256
114794783fb9e3742ef75c7d906eec0858b8bacddf320bea4143e0eb0573f96c

SHA512
8e3de0ace49dede92a7cc609350a514cfbec2a5d0deb1a551f1c35675a61aad58e8a02f0acfe40fd87df89d1b1450f30df1866cab6b9e38feceee8b92b14e8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bef90a2f9752e86ee9644ae919733d57

SHA1
85253e6095cbf5f01bfc312c226e92b58d948249

SHA256
003d522263cce9499acd24ea7566e74193f7bc819d3166a5690838c653306ec4

SHA512
32d87548fba9146f615169f4a056267ad7535ad17032e22008dfcce247b8297e9a691bc1722ebe54e68aa188173e2aba9a90880b942b0c5a95a195f657a9787d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89cfb84810826261ab37481232ef9afb

SHA1
d494fdaded9c9667135e0d9077a66c0c4367f8ea

SHA256
908d9f22fe350a2b6690c0bc0f75de92c5418c4e4cf8d68335ef5970b538a2d4

SHA512
7b7f447e020bff6814d2989c0ac479603bc847d6933e0aa5a7dee6e6f63588adec40cfcf2b14d75dc34a6306e4b384f227b9bca243831e14f05aa8893f574405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e465.TMP

Filesize
2KB

MD5
a630a6f7c2715a67aff4038bb04c0507

SHA1
11339a27e6e8d660c47861bc55a35668a1ae1b42

SHA256
c944881a4e7241325a7b13d4be719257c8fa14b73bf96ae4a06a0dafaf9137c1

SHA512
7490a1ca2453f6a3fcfcff33051f9d95d596be4dc7fde433b21461036d5b9213d988fca74c3820a93da70d15e64d91ce60f6632999a62b3bec8fad6079ef642c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c14f2ac93a8fe64863176bb79635855

SHA1
59d59c12efb4f35977a5938e2756060fb87a19ce

SHA256
450fb295736c98b4e0cb61b1014c62b048a3b467b4e6fe26a290a75b92a2ab26

SHA512
bb9e64d1e3c38dbefb24a621742db19b37568766483fc8c8db01a2f8a8a4e109342b48e96ca1670eacbc152c17c44ee96714fb59aca61d33a928f2372eabba29

Download Submit