hxxps://rkns[.]link/cagnq

Analysis

max time kernel
741s
max time network
748s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-10-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rkns.link/cagnq

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{39917D5A-8228-47DF-B7D1-E9DF6B435980}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
4720	msedge.exe
4720	msedge.exe
3720	identity_helper.exe
3720	identity_helper.exe
364	msedge.exe
364	msedge.exe
2144	msedge.exe
2144	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2652	4720	msedge.exe	79
PID 4720 wrote to memory of 2652	4720	msedge.exe	79
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 1492	4720	msedge.exe	80
PID 4720 wrote to memory of 3820	4720	msedge.exe	81
PID 4720 wrote to memory of 3820	4720	msedge.exe	81
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82
PID 4720 wrote to memory of 4336	4720	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rkns.link/cagnq
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff918193cb8,0x7ff918193cc8,0x7ff918193cd8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1268 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5480068755403005099,2726138952228961496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f8f17de-caba-42c7-896c-b49b4ec94302.tmp

Filesize
871B

MD5
6f3edf17617d09b5945405f90cdb58c3

SHA1
e597ef56c27b4f4b679da5aa939464e30886d528

SHA256
9d63bbba7598c73e04049768332e8872bcfe2962dea587f243f4ced43ebe17b2

SHA512
8c880d943d1af33436ed04f42b535db408cddd39c67bd0a36726e2fd688360e197500c373cbb7ddcd192fdf3596a1191123a876cac6c72f8476ec578e0540b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
50KB

MD5
28523d84e6604f86d3fb6f9b661090e8

SHA1
b9b93c9fe9b832d0d715afd7d6a6e3837e1edf89

SHA256
3b18666dc7a0fd15f8201c5f601dcc67f5f232246a751873bddb25f5c59442ac

SHA512
c3b1b39cc0aa91fe7e9be67ac100449f6f225de906b7784eaef4b2968ef4214bd6f2359d148f5ae1e2cc5a4fb30d3926e89350da0e6fb852bc6bc4f57b30d591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
92KB

MD5
c43972cb9ec5103594cfc4506723ae76

SHA1
7be3c7d109f63743c345a14408bd6ef8ee742856

SHA256
48687836f2853e994fe95b52e2c610e09d1bd3fcff1d8b0db0b5382def0766ef

SHA512
6c1d6752c8c27b72071cda4ee2825a935d5e5f84ba9dcc8aec741254ea28db2b1182721d44dbcd01ea723726f6c4d5d217166d8f7e694aec3a2e53bce81f885d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
1024KB

MD5
2044404ed553be477b1fdc96e38eff2e

SHA1
026bfb46937943ad991b262e99b5926273a4b274

SHA256
62a335ceb0911c0bfecf0eb88f1e6af2c4e16db2fdc0e309f3f291fb682b4f7b

SHA512
52f40afbaf7331c313fac4540562cceeca597ada38e8a53bc370fac137f563728e269bb4670910f3e5e49061ed6e3a95e49943a166c36c0667cd9361e569f9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
51KB

MD5
a2c8cf686ecf91b8ef8dff67c2b763a4

SHA1
22411cad44a6dd18da1dbb5335773daf3229c63c

SHA256
f4ff10e5082649fba02607422176e28442d3c50392c81a84298ca8c38f3ef4f5

SHA512
4c3d4343026122c1333d614d3d8631f81efa48d6d0614a6d2b09ea640f0ace6e4db031ecccbeb4f9623ac7cc41e1573935e0b80b1c56eea065d0bd28a7555261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
983KB

MD5
deba52c72012a60682ece77545899194

SHA1
b8a51e587dde861fa0c5ce7b65c15484014f8fe9

SHA256
f3645b7fed2cfd10482f76d38d8f84ff6f58e866f4c52d133a6166219dec40a2

SHA512
9cc4ccb795118d7ce17dc8310fd1234c08a8053e226c1f4075a2555f72b851e95acd3631dee3228449414380635e35a7ae4c191fbe2f7b7439ce0e716570eff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
211KB

MD5
94baaff048d34c1b12aaded8998e1086

SHA1
87a82105f77d04599ee686e01d8e19d131f9ef48

SHA256
23d76d0d74db6ad8b6c30b6813e47700529a223e3c6c5f46045ad139d58afafd

SHA512
1226bc68eacbd2a2797bd3f3e2ad72f3aa95296a75c94a116932d2649a88848229ad0fec3b66124a991f5cb260fb7b142c3af1f3d5c026927f1489361a140bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
1024KB

MD5
2d246c4427d93138c9624683ee13dcb3

SHA1
121acfc06c85c1cef246c46439c2fbd206131a13

SHA256
c679545103d7b066aacfe4d9d8d43f8b4e6c2b4d56f2fcbe7a6b2057a7498d22

SHA512
a5b2e6d9010c1941102f81b77639b03559cbde7a669f3a1879ac5d400402757623aea01888f671cd48730adc2dbc386d9704417dd896aa5ed93fc4b7521f5a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
1024KB

MD5
49eaf2b930a9aec81f1dda241b656c79

SHA1
442c33c3623f8a15a0f5c44d86cdeee8ceef6d54

SHA256
230c04aa9d26d94e4f5586abccb65e0adc65bfd0bce01220430a7c28dbfafcb3

SHA512
70a91afd7bb398da0064023c5e43f6eb59c23145f89314ccfc8c799ef1b4764ccd2d3d04bb6c94826730835bb39acea4da91fcb5b742a65658298ba6e05902f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff

Filesize
26KB

MD5
6061a47eb7ce88e1ac07013a6733dea4

SHA1
438787efa3b695d095f514fe0080eeb6bdfa0c8d

SHA256
217a1e4395a883a428c83eb60c9910e67badfe02789fe3e23a79bdd5886a5083

SHA512
caaa98ee164c7856a579e5b6c88642191feedc19293e638235211094b742b3337511ed5d328f85b9d3f083688e2a8b0c4a0a225ebee9ca5dcaa443747d6be471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000171

Filesize
1024KB

MD5
7a82bd9addd7f82698e43d4503be2d48

SHA1
b63d2ba6d484bd6421c2e70aab506f761846e451

SHA256
ec87cbeb856f09884972390ecd6595ccda7728186c5c842d5128b7ee23f6a779

SHA512
71d734fe5cd632005b83c6d2071c6d69d68e267cd635bb10c5c3d86ccd253b9a9b0f412f3701395b47b6daf4f702d310a101035ba67dad3c4df5981f580b6908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cb80cc6c662a936b6b611eaff4358350

SHA1
185b790424d3ef63048c0c3d65fc27b200ab870f

SHA256
ac8edb8dd37f0ab46653fdce3f1e1e81458d365da539b4b7ee8d1cd1dd9bc47c

SHA512
f0ead13d5a5240aa71ad743351b6bf940b063ab71e3a7c0249b456cfaea1698639c17068034f2d36b2f7fb9ee621b90d96c0f748b5ec2be6278663921ad83c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
246400661598f5a5e139bfe94e0ba8e7

SHA1
eb378c3a208f04005e47d1476291d08740d45cf4

SHA256
2f134f764a9ce7d1b42b2e219fe0b86d80e3876123057bc2b15f25c3afd3e3a9

SHA512
2bf44c154c7459e53738a65660eedb4bfa92d122fd7b413b5eaa865556c583d208c66001d0dbf69281cb3100db62ef5db3b97b2a9892026886b099d1cd9537cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9e06a08a7171e202fafec7f02c79341c

SHA1
89f1bef24e5ed407d9b11b707288675f04a5e36d

SHA256
c80def6892d89816a66237033c2d8bf8bc92fd10d648ae2d591c42dfa2ea7721

SHA512
b061f036386ed093611fb4ac57fad28ae8334adaa55a419617b9f3b94c39d3ba53c3f44d29700a462be3a3c9f79604ebb50aa003dbff6759a97133ac75f8b334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
45b08d54f378d235c8470055bde34d5d

SHA1
0545adbf69b1ec4fe21a45ff73bf4f13dd9c78cd

SHA256
3c9250b6b0a4ed482803ecefc1849430c071c54fc74affb604780724900cd09f

SHA512
7bc3d50feec890daa377b6ac072d72b77e22750469c85b1947e8a9ad3abc3e3df8636162aa222c5811bf9e3d14c9d66f47aed04abb301395b31605285ccb6980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
43c81f0a5daf6ec3095bf37132760cb6

SHA1
b87e4bc6b6cea58dcf95ffa288715f4e0e5190b2

SHA256
5d3455563311a17624474cc6ef1ace669548f6eca240a6d4ee8b50c4009bf3d4

SHA512
557acd2622f7f8cd5e7f06972a6d7d8b04096772bd87e337c4d23b76885b92fa7cfb808f14066d6ede5eda0a86c757a5512757813138ec7db05e0e1a0b2664aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
6be1cd2cdfe5352d5d6307cafb709058

SHA1
697217abf57efdd7c85b343f7589f304a55324e8

SHA256
579d643c8659bc24cb6d43b5d43218df63c25ecdb74c45bdb6060b6eebb6d845

SHA512
db3e980f633f85ad19f4329c5d2f19168a4bc9468ed5aafcf258924b45943ba62f517ff7a4edecdb727cc76d574822ca9b65c69009862047beccbb662031e9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
173c93c7243c26faf0bc594b5e789614

SHA1
72e7ee0a9922bd115e4fd41f31a6d058801347ef

SHA256
a6d7aeabf2f4b5fae425a8a99fff252cbe634da4bc2ba92367ebcc5088110629

SHA512
71a1cc9eeadfa8593159f764d7a213a03e6d1a099e0894c67e444d29308a324a1b4f75309a71d2db3cdd948ac92e7e8637ceab61d40f10130ef2329779af283d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
37a36bf6971041916af5d045901dd3ce

SHA1
bb7748e9dc1fa52e2f6fee6862dd1f1d0206de3b

SHA256
9055705fccd21a2114d36e702419622c23479a24124d7bdec7dcdd25f66a76b1

SHA512
04a325efd2ebfaea4272feb2773e643ee143b6d2e1b0cd653e083549f4c86b4d1d01b3dd6acce01d49f32503e58c9cfa29ce7b113d25986e9a1271574e12018a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
571d3eb3c42af775b4a8b195ca3fe397

SHA1
ed25f2032c455d3f22322693f7769f04163b0170

SHA256
b1dcdbda2852310bbd214477dfbbec8b2764223c66c46ab8455b897008d2d8d9

SHA512
81906ff9e2cb46f762f212683c65e279f6ddf076d7be68ff30fbeffe5d48ea1257f30b8bcba16d7896a0036d8d904da315c65f66721bfd6175f123a1c4c54a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d98046c032404c54458b168edbcc09f5

SHA1
9ef36489076acab7a3bd1743374a615f7f2b13b9

SHA256
6d1e51901dfb8879e29d7c827c33d3ac35db155e4768f15d8d9cb4600c941056

SHA512
c5ae1c988105318e88320bee11a68417fbf18c29b0ab7c21f46c4911b6752643689639779eebd2618043ab3367d4edd2893d05a49235ce50d30198333ee97bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ed43ec9b5a800986f33283a14b51f7d

SHA1
ca0efd540749d39b8518b883d7da5f008f4aa8e7

SHA256
316e1590f0a3445ba9a169f2fc7de7d12b0f154ea8c95346e84f8b3ee8ce0939

SHA512
fbc379487d51e0d0a7d950d3aac28f4f11bffb22f5948d9cc3f6aa13f133849aead4d8da95605fca8fd2f0c86e5c7a292cb7f5328823d76ba9c55bba101cc765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
515ed4e37cf5bceae64402fdd1ae5eca

SHA1
e57d884f150d6c7c5487a7d7276af57ef7919257

SHA256
131c0ca584dba06993fbb37b937028c49a0b4cb41994a0812dab4c5e81d9bc2d

SHA512
f8815514de38c3830bef8e893d6ccf00424e39edea2dca6ef728fadc8805c6abf180c25a35a40c984ecda246f8a2d301ae309681f921170641ae967e07be4aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0eeb9800605334fadc16e684d282254f

SHA1
443b6f2511c9988b473ab05a3beac7db7e9b08b3

SHA256
500b94622c43d3ae8374e869d9b143ba7388db83373490cfda9eeb6528b2c6ec

SHA512
6b24b28fee7791d15aef7a7dc17a797c576f6ad6b147fe3be8e732a9053cc37b27ae29210da01fb5cd0005ea404f39b58389c60f5be1d1f8d82be27b0efcd8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3340dd2798c04252d58118b805d03855

SHA1
af5f0af95a4308c51be786fe103f1a316d27ddf9

SHA256
b183631a3b121990e5b5ba8e470295eeefc5a82fe41bfc00316b0cf4306d7d76

SHA512
52a348017541abd8e2f47aa7c435186c76866c2904ab0d23ec34c11297bfb10579ad0294d407be02bd5ee84927445956722fee5f92af11163689c7d36ac94fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
24ad41349d0799b277b72ea7c3638d75

SHA1
4768d7f4afba16cd67f6a78f4f5559581344fe70

SHA256
edc9466ae8960ef587953d28ae5beace03fd6015813b9e55164b241287a0ac4d

SHA512
b6000448fc42e1b5f867d96c7a9ac5fdffa6e53749189f10424687e1acd424d0a3fc747ab33d2a53eaa93e6dc6c0290127f4b39ca4c48bf75735d4a0765596f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d674561b324a0238e86d6c648ba74c9b

SHA1
bf4d1969110e45c2474093c014d767f592b8c7c7

SHA256
adbdc59a4d8ce029591f9e893a1628a73601992d6db8d0b6da1fcfe62417d011

SHA512
d75dbf7c61e8e1eebbec7f0140014cb73198c6e1e49f90ccf6f0c4f6c367eb4f57b99f8c2213d4532c9e0c470ce630d4cef1f3dbd537d7d1beba6324e5bd047a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
830c0a072913f17e62cfd272ed98e3ce

SHA1
90902a828ff11476210d37a52be212556019328d

SHA256
6e61eea368ebd3b702e322f53a41a116dba7d70fb0b7e9562d7121b6472f9a0c

SHA512
f169bab68bf8555a2bf9f0a73e9899b283768ef09d328022e7c5f0c0a81b461d704659cf3034077c7c2b9e19fd7c3103229fb900187098eb02893a0f6b74358f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
653a8e59662f846e24065be052de8d8a

SHA1
9b89d0764e51307db3ebcfddae2e8b167258ce47

SHA256
b6aaaf8226f2f350db89619fb002e9e8c2396ffabde3326eeb5c2238a3307889

SHA512
575b0f1ac16e5988d7df64c2348e0cef0122d72c52c351254ef40b9075a2788ee84106f330a6c077f58771f195cc4322755aef9c4c5626110e74730b739fc6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8d9f5753377a637e5719d7eeaabfb79a

SHA1
403e8c6c8cea10e2ab1ffbdb51968865b815fff4

SHA256
3ebae1bef56a59f441ed0fcf798b8530d0aecaed8ae74bc460646bf9306fc8ac

SHA512
caec34e2cb1505647422713d3b1e532682b671a00505940229bd1a3774523aff9e431cf13f4f6e49dacdfbd1caca8162137b60f302af413277214b60453ba9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6a4e191f3cbf744cf777a0d6287b0d7a

SHA1
1ea3b0969a2357c1237b87e943e5b5d588ed1ee9

SHA256
ea24ad2a5697e2589c9f4d539599444fc2b5e46bc79ccef30cb1b331ecb6f14f

SHA512
8b587e72876fb35fe0b41bcece67751872d47d4e43e1241c854ecf70bb4bcfbc8c22a454a630ab5c27ddafa88e24a9c2d8c3ab96cbfc8999939660227fc34015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e5e9c27d293deb89fb79a4fd5e8b5527

SHA1
8b127f89c9ad1991f8f093ce7fdc4ef321a11a72

SHA256
f1dba5889b64a66f6c36a41c82b44efa759483653b493b5617420fe432862d7b

SHA512
e447f7f2460285f9e25dd4f8cb6d581be480138810f5cff797a7b26195be6cbaef51454653d9bc70996af0a59487a3f2d62e8198d571d54947d2b13417a28369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
851054f79ad5391d1db4c68675fea8ae

SHA1
e4d97348220d982a802eecdedb97d402c8032d74

SHA256
c5cb8b54416fa765a12d7b6ffa329d71b04e67e1a1dae0dc6d52a8829d0a22ae

SHA512
7a512b74ccd6880b4b6c0522587aa15c89caf2a78d3c61f7c65f1f7470fadcfef920aab3e46c9b36589244b75e0e4432bb8b79c6ef241c46284e553c8ce995ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
15020a41aae0bade9a1748b3eebec10c

SHA1
673b0e895570f28f2e6fafe2acf46e8e7f1a3631

SHA256
1025af35b2df74d92577363863b81afbc94f0687c5ee1b59158b6fa91e9f55a2

SHA512
93076b14625444e6ebf39639db1ee4f47be942e6564ca78b5c601cb192c13737195a7c2f5c2f9f869e99833c230ec98ae25467a8a0f77fddcccaa626becd469e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7eb3cbe0246ec8a721ac20c588246f1

SHA1
78b605069edf23013e4a53a641e0af9416a05efa

SHA256
f299d5f2ec2b9e55df867a7becba3f71bc22b5e7117e5956d771a44184fc6e99

SHA512
62096db539f1bb75a42e4ba2f6e063df9798e0af8c89d700b5169e2d744d6277bc9da0a0a3c34d10571b69f9a9a8b2c4413c52bfff81332d8806781c0ea6c6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c277738465bcc9571d7850f72e7e1b6d

SHA1
ecc5c38ae0306c250d8b353182241e077ec96b21

SHA256
13ffbcff4e2314a6daf3a85e1e4aa92bcd50c76743d20a2d6fd8d6714d77cdd2

SHA512
06229dfd3da8d3b031d56f7e399a6ef5870e09757b9bab8e53438d9cad82763c52e630d3c92e84ccd041b794fb8699b84bc3aec436475cba28a58f221dd90b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a5bfee5f7f5ae4f287d97661fb592828

SHA1
c14009eef81b79c3ca080a55e3c9462fad78d8c9

SHA256
85699f8c29599d9d50c2fe7dde7354e938d9920abce44a45c925f06c818c7e9d

SHA512
c54a304ad7a43b5f8c80deb0e0652cf6c06c063c1209f93d2988cd9fc66a0eea8c7e979ba97d8b2f28c645c71b7ae57c327c39d2728f2fa380a9d5a305f30b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1650f0cedf27b779e6bca0d682fb9dc0

SHA1
8510629ab0cd05c2aee9f094028bdd0b2c5135fa

SHA256
c5e777a2a0b5d1fa439c8aa7c71cf21fabfc22d98bfb436a4b7adad8450e72e3

SHA512
447cd7fe567021074e922a8d4d4bbb90d3c7a47e2f8855ed038d59531a9590422dfd0a16dc358d2a71831954a44ca7ecfa3e107a3145e31f2b7338e43b9eb6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a64de13c96ff7e863e0516d9655c696c

SHA1
def9f8c76cfdc564c238a5be0a3fe3812b68f446

SHA256
c4a0fa7c04ba67a80b7b3df333e0ea38f963983419979836c27b0036a95b4a03

SHA512
b201f9a9789c7ba5b1a58465ac049eb1cf34e906bd2ad981a9aeb43ac09423cbf1829630a43d64ea235eb5d043d9d4d652c82c4be48cd59ca569bb30985f9f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22ce51830daaced9b22a571cbbab73fe

SHA1
bd750ae21c0b0b10b553b6c2a638542d9c2b8f42

SHA256
0e7b4134e06ec287ca87a539daab3a271e3146f605b4fae42bfcea83f0997ed6

SHA512
a87ad1f4c39e66aa51315ea0d642c882fb4119814a4bc2e48adb44e6a8b425e3d44c581f49293dd5863754ccb491f2c80b019ae63b52e52af742456218d25961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4a2f40e90e75b8dff19b36cac8e6a754

SHA1
1add6a23992b1e0f779df2e4d27e7398c35bf22e

SHA256
f3d0c9b8b298518d3c77c63bfa7580efd273608a21d422bdd427d1ea8fd5c2eb

SHA512
5542925d910857c34d7234584a1a8ff51cbe4aa2eec972344ff11b737150e0c3a6350c7fb0d65ea84873822a8410f34ba7a6d9d0fcefcf8aa81f99cd9a8ec3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa764cdf4b611b9a9684828f99c85cad

SHA1
82f4c3edbd6f2bdc472311746d83c64a41000adb

SHA256
e3214998db7f89551aa553f788ca0d86f8abc7954ff5e6d152fa94e37d4ac96f

SHA512
8151629ee8ef94b3b059ff660fb7b10628aebf36fe496316776116f18d56b94938076e89f2f63a00ee68be77e1678a02474ab22b869f4b5bff2fb35370da8ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac23e67bb14f254f202560f0081697de

SHA1
34cedb377b041d8df3b8d6768e796a885ea7d0b7

SHA256
ed79635c230c2b2af32aaa007fcfdc027b40ae1be684a9c7204ebf48928c55b6

SHA512
23d7f4a19b6797db8c0c4bc68cec3a77c9e1489267865cfe80ca0117016289d9f9a5e1c08e0cf25a9f5a39b8b368fc515915907b2af9ccfd0e7a0ff4ff1a65e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d4eb8639a036f08a97b4067f3f89cb79

SHA1
1d2a94f4fa6d5d8c01beeaff3c39c5f5a68c7d1d

SHA256
7ccd9a58306afd8d59f454a8b4cfe266fc9b6775f2e9e84c9776192db2aca055

SHA512
b43abfc4f7d4b02ee4091c0d781002c4ee3cbc3a6477bdb2748da0b49426f99eb8b60b78bf2bbf610a2f40ad8033ab39a750618cdb01f09387f99d6da92aabd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
371B

MD5
4fab265b54698cd92b6b06e850cd6413

SHA1
fdb8d8152f5178818ca8debaf045a5a095a4f1cf

SHA256
1de62aa10966f7066f59671c6e7b35c4e61bc7bc0ae145733bca29f21c72a212

SHA512
789639ec9cfb4333805b6194fde0c159df27d1f36cb5dc595b16c8a2faf8cb6927b1062900c9d07a694c4e02ff41474033bc7b9fdf912170ab4db17b76d8d7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5693ae1e587aeaac835cd19ae735865f

SHA1
5bea0afab5c92f9fff1737e5121bef789b1f9599

SHA256
a43017c4d13b192e9ba111b0edc735878cd8a84880a3b9a13f4a1a7b00880bd5

SHA512
528b5194d8968d9601b9a30bb888709eb950856a9e8a566b540a3eb3d96235a8bd36e95f08a593bcf32ed9ce0e95b2f4214361ffc44b6a609e11e638e54f5adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4e76238a0382ef3490474aa011bed34

SHA1
2c9fcdb06c0d33730874b8a32e0f95f16873c790

SHA256
333aad4fd7b60885b7faeea27a8ee732753ca7727329882f1e2029567c06e65f

SHA512
dbfea4ed7dc9e413411ae0f72e9b76ec7385b38787479ba252bce44eb3531efaf5496aa2efb718ec6337f764711e9a4825eed827648bed8c3f413ad112baa130

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
611dcbbfa5c6ca885636c00b0b4790c4

SHA1
8bd0011a3effd6ce23dd6a5907f1a9b8b0455db7

SHA256
663e5d3540b1154c0d98b98b519c34c0631794bd14508595f5593bf51014c862

SHA512
c11a3044abcb9995ed0ae0b125323cd63a09f1fbb5110a1bab7ed770047fee230c5eeef1f9c8821a0bed9804197a19e57730191c7116ef5ff3e4018a3bdfb5da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
d0499871389873f2bad416aa3a16e737

SHA1
ecebc01837117da16389df0b1c0232d33f9ce416

SHA256
73fc43db42c9b91ab19d7cb51cbbee4951dad783d354dceea9a69bb7cf72d22f

SHA512
c871900840a67ad092911604d4436323b8cbcdf22e4926ac0ff3eb43fb548daf66c9dd146334ccb1d1d80246becd6abfc80a1f47eb0e442def780720e763a77b

Download Submit