hxxps://ytmp4[.]is

Resubmissions

09/10/2024, 14:04

241009-rdbqys1ane 3

09/10/2024, 14:01

241009-rbnmqs1akc 3

Analysis

max time kernel
206s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ytmp4.is

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
3660	msedge.exe
3660	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2440	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4600	3660	msedge.exe	84
PID 3660 wrote to memory of 4600	3660	msedge.exe	84
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 3320	3660	msedge.exe	85
PID 3660 wrote to memory of 2700	3660	msedge.exe	86
PID 3660 wrote to memory of 2700	3660	msedge.exe	86
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87
PID 3660 wrote to memory of 4464	3660	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ytmp4.is
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0e946f8,0x7ffff0e94708,0x7ffff0e94718
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,567566285806562809,13719661399321735179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33a58531-edd8-4da2-9e1c-db02b0603b48.tmp

Filesize
6KB

MD5
6d2eeb595a7d460cec2779c6d75b9133

SHA1
1fcdea6671a1816f0a1e0cfd60370ac59917d6e3

SHA256
e5fefaf620f2d01b36aaa98243525e6e171328db23567a76e297d1b582e35284

SHA512
aacbb81cfd1c84f18426f13ef40f639364ce994b814534754f9b5a2a146f27ba99d7abeab19048b431f34a4574618acbf095f0a9f0fbd062922351d7c09e3ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
1891317c1eed0e80ac7905f8d795e46e

SHA1
0567c8fd0133553ee5d795fa4fdea9279df2cc18

SHA256
f209b3ae7b4b18ff2ab86911f3e885456a553b689362a4895bccb47175b352dc

SHA512
14fe6bd8388fc743cd6739410cacda034581f99d00e3720d85880380ec504906bb01f83bf1857e46d7dd4ddee6b40c0e5a0c4a34110c3f0ff2f02d985a571863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
47KB

MD5
56a44607861eed852e6334bab70443c3

SHA1
1fae354a2e2bfb95bb5f8b71901ed3bd5ebc7339

SHA256
4c28f57be6ecf8568c9d2c1509ecc2cc194a2961e2d2638a70842f0315e5a0fb

SHA512
b190d47b8cfd9c482f445afaa9e9e2e112a3ba83110a897da024de476ebf41e14801d29daaceed26f1be12a398d50f7ee9ef558f0f2e706daf894cf93a9c0f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
609KB

MD5
e4cc548581df143d29801842040f7242

SHA1
501f193d9a86ccda8496233457b27a2768bb2787

SHA256
6b3e02e459556cf5643a1cf3b8c0738813421435b6af7637b50cf99ea9048ed5

SHA512
35a89da62b97d413dfe9fd1309804d0d8d3396d762dfddd7a9c6bed47cd6463ae953f1dbb192784005e20c506cb1ef77dd670187fa691bc298592751857438f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
89cbcf66426a7fbbd1b609e78e2c5692

SHA1
0c1b87c3d8a68c3fdc3b0bd48b2fa9ae050647e7

SHA256
fa123a2e53b815ee85e5d5300f8d03224aa6df98ae17f6a3e9495e9b0c276301

SHA512
fbbee97c1c18cb62f41dc999cd6140e4d8b2e6018075668b9f4d25ad95c331ea212aac4abc2ee66d03989b55b2b0b6ec864ff606b8b046ae63c3a3057a6b1973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
72f7172a1a7ae03b9c68c41f73866eab

SHA1
741b72ab79366b250512ec7b0959ccc12dbf0d49

SHA256
a141870d293d4e47043e6cc748897915f3cd42a6edf0ddc2ff9275756b145e90

SHA512
5b1e8d27b5c310adc2bdb658a9391d6aa1286774fad1f09bf2c42e8be071727198c23c16a417369222275aa89cb38af34b8c7bafc19ba52ef46473b73018dd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c82b3a5e4f725da7394b406cf56278b4

SHA1
6c083a7022cdd57c1cb572808c007a97819be1eb

SHA256
0649432e0dfa4cdc42d138ca9a546d6c229018ae7453cd42b7748c14fcdfd69a

SHA512
6f383fe97e88313b3855f0172d87dfaa9ee0f88a9fee4e7b0a67a3d7698fed0c78c9a54699a4fd0616880ab96e808adc3ce551e2eba1a13c261c229a1c24be73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
13a6320389819542bf7ec8d24c425e70

SHA1
33b5d2090f191ce54b9f8d88cfc1c02f600e20fd

SHA256
84ec6ae9fa4d1f5147dc1051e9476f7fecdb191a7ba7005d09820099b6c6f024

SHA512
82aff9d6f61f1e4de9d55662dd0ec4a64f58abe638c575d45ac039540edc84a5088599d70b0253bc802d5f872c9b6f7812bfb1cb34d1b83115d7911c612d1ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
860B

MD5
5b4697c221946afd02d0fdb47b7604f1

SHA1
451acc9fdc5b587c0a8b5e60e4754b71e35b845a

SHA256
861f9111730b4a01e1816c2cc54c654c38dbaac263200c72804ff627e32330b4

SHA512
ff7ba7a039868fa15532ef26aec9be3721d4550ac4e3948952a52228404074124132909f5a9a6314dd88a5287c350fffc97c13b6a096d835c8b3b08b35e44e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
58c9e21f8074db50b0353fddccd1eabe

SHA1
69e1da683f17d1bf100a4ed69b18f728c16ec514

SHA256
42282639af7b5e92fadb92a034b15f1435e38a14f4354a2370bffa6281dd953c

SHA512
470d6c32e38bf3f629fb130074793b41081fb7027b0b4b6ec5ccbeaf0a6a4ec74b63bf7670c0b6a4af0c9e561ae85336f8ba94e0775c8270f8a0be828a84784f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c7fe6d6682294ce12694e2dc5d06638

SHA1
265dd68c12f0ebcfe63d6205fdb63261b2d2ad9e

SHA256
33be10fdd2b6a4ca3e72d9897d5a043b9ca202dbbbf335b757898c8e196b295e

SHA512
00dac36040e3a84f5370c92603d75f8fd1c8e0561d8ae05118892eca2a927ef458d71a5c6948b84f16d89de9e9d09bd6f2ba9e9361d66959d7de7769009a5a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2bffa9391cf8be2abf3d15f4d2e10816

SHA1
6541882d56fb4ad4c85d4f06b200db82530056a2

SHA256
1242785c04c32b95e87ef825f3c1b6bf60e2b7a8fd8885ee4472655aba8723e5

SHA512
a77926f166af38d7f255c07795568d6a7cf5e89b3c477830c7614b7dc8bfd982c63db7252b975f6545294c301fe30c43191c716cab932b767160425ff14acdef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef411450f6f51ea7abb617ae55b41176

SHA1
5346d85f6f4fdffd7e56b30d42e887d070d7a451

SHA256
826af6f9c189c6bf28b7fd21848417aa6c54c0cc9578201fe2b9b53e52456ef8

SHA512
6248aecbcd7493ed0f732928f504e193cd3bba0944aff8fb3e039a534af1b2aa5aa8fd7f5ff313a63485bc04c7a3cf2473195f4b08065075afffdf864900272b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1e6b023c815f4b779c0c6c8dc5d3de8

SHA1
8d2470466f5bab9841cf46a2790b2dd65f88a3b5

SHA256
e2104d4d3d79f12d05010b6d63fe933195eec234c078bf4af45b48c39845cf64

SHA512
756dc4d19c486cba22f08d05bf301240efb68e0f09e340c6868521287c7f7b2aeb028466ce072022aa35b4e772ff83dea6aac3e4c8befae89e555abf9b022c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ad7394b0157c94f0bee4fc4b0e9c341

SHA1
9d8e06a628924a197c4da2e503281f5b33d00f1e

SHA256
cb93fb7aac94d19706b518c42c7fda8e081038538a9dac2d2379f18392d8a618

SHA512
d8a6e5300e644324dfb1f0dd802a1428e75a043862c0f7d8e92446d6909ecd52de07298b99d8e2e84e694a2f82128793498083fd736524e5f678cb52a4e994d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d477eae-8a23-4766-b17a-c1022afa9807\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8c971228-7f82-48a0-936e-93a00f8a73d7\index-dir\the-real-index

Filesize
624B

MD5
c038678d6531daa82c1936554230ae6d

SHA1
afc7245971fef7d3373abd5a14ee8caa496be6f2

SHA256
9a3ff773f51a0688c2b8c623fc42e73b660cdaadaabf74bb6610fbc6b71ab7a0

SHA512
6d8a5efe2000d3aaafc72fade708b51ee62df990659270ff958eccbfed1df1445b72801ba20e4b5408aa523c029fea41065f6e310027e19014de68d6f886fe8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8c971228-7f82-48a0-936e-93a00f8a73d7\index-dir\the-real-index~RFe59c55a.TMP

Filesize
48B

MD5
50d442504f235cfc75e4df174e5f68a2

SHA1
607369c11b77972e3dd9f04fcbd1c866fc5ff39b

SHA256
87ee378b9d6c9ef68b9acf1bdce380c94a0bce62f1c0c40ea81789511f3b3cef

SHA512
087b71ad9ca4e91ac324bb9af7eae6b6e2729d435cffb3c575e4c7aa2158b3db1944d5ded0fb7371b170b284e46411a38f68932309dadb50420d9b58caa4ed66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cbfccc6a-d1be-4db4-9976-5de65f725459\index-dir\the-real-index

Filesize
2KB

MD5
5b0fa7766ac0440b005fdc52c81a9bd7

SHA1
cf9f49761e01016c880073d53fe2cd35a52568aa

SHA256
e2885f9009bf95382a6803694a7305c98679852d1b4dd2101605f4cf44c31ef3

SHA512
ba2d792addaa9d48243721e94efca24abbe9f29198a9903f43fcfcbaed9ab170c557bab42d67752071e9f777b5e6bbb40dce88c07aecfbf8cac879c5f67fc416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cbfccc6a-d1be-4db4-9976-5de65f725459\index-dir\the-real-index

Filesize
2KB

MD5
5f6aab6ba62ae9247d9d3fbbcf35c8cd

SHA1
9d52ec46a5b75ce35f96189f2c0bd64c2bd4fda2

SHA256
77ef46463629ec629b355794874f0199caa7d80efdd319434700edf5f7092143

SHA512
d723ff4e58fac8e8332a1e2f788a457f9f30d0290c58ea7295b16bd634483933fd027f4ff81cedc0e378549e92e3ef57c065706fd3da4dca13872d134b1acbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cbfccc6a-d1be-4db4-9976-5de65f725459\index-dir\the-real-index~RFe596b62.TMP

Filesize
48B

MD5
4b93415a35fe934aef1a9fdae7619fb8

SHA1
74083b69b03fbeda54a7cacdea2240f8d044455a

SHA256
e17f35c55374a50af234ec4ccdf2a3076ae68eea972ab5a5fee6d14c33d28940

SHA512
16628c0b293b759d966de1228954a80fa71cad62188a7ef9fad62c8a8b64673fe16be6fb82ac183607aca3b44e41f67d3f6e61fed399350b8b65898153f8ffdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
5edf2ca3d0c853096b13e9c43c0eb399

SHA1
9156432d91b4519a6f2f4b853e4be75a658c89bd

SHA256
c4b84023b8e32e2ecae0a31f5bc0d68ea6f85f109e0e5566a3064e1a7cfd6d6c

SHA512
9e6962385841a1b970c80f32141975edfb49d8dc51f89d105acdd9679471cd0835e78578d3797f0a432056247783a6993d302acb4c6fd3b92be35f3e9c0e41f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3657d6b94d036eff20ecafbc809a8dcd

SHA1
d80a4aac7159ec294e15a4651630b35657e7f688

SHA256
49b14027ed664a0e3c57e5d0fe025370e6582fdc2121be96a83d7d103533ea96

SHA512
3f08f75ca3ba2da18ae38729bb12b3a55762bb8ea328eef5b5a2d95ad4c235cb57992e4dc953ea928b897eddd242252c733a6e6d72bc2a8ffb6fba9651556880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
81aa907107b138d507a61ca2485190af

SHA1
92f1cfe16bd550205d162fb69375b0c994fd2d3c

SHA256
d2b6a9aa7863fb1d7f8b0bba3139b09bc69ac7a75acfe373cb1da300e17686c1

SHA512
4ba3d854f3ae69dffa26580bb846294fdb6ed60c728e840750e9612785729591c2f6e2d601c578481b34960692883dababcd5cc0cdce3c66be8e53fd917fd1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
e99aa6dff2e3c895210a7ad785972ec3

SHA1
3529b7103088ee2c424f4ce73b00491668b13907

SHA256
b8b1e979dd487546d94374993c504610769c4ef4b2dd140c13aa6b94b740ef12

SHA512
77965f639d69d138784d3af36a8cf8f56a0b9059e74e133d2d987f94f76554e3be13798a7953861cbaa5a0eabd0b11efc6ec9c4ee3fc356b982c410df699cc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ec0640a3a7d46505a630204bf7346851

SHA1
07d04710a8cff74988a1b44d2a5b577938c93724

SHA256
51922f030f5d8ce59a18a0d0f2f662bec7dd6fb4b4ffda090ae958375e0bd1f8

SHA512
453be0ab3ea727a9a6d9cfcc79fbdf8be05d18121b8eca2b2e0c523cda4014636890cfabbd67f9c10a01f285f44652be7d5cb73b340ba1aceea35c9fe8cc7428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
1616c0205ad09a8aac64dd6a34b1c400

SHA1
7911b8047f5cc37b307eb710c3b31329e2350e04

SHA256
034ff4db209fec50bb658a690de4e2bd3952cd8fefcfb2bb21752689eb31c36b

SHA512
43e454ea1acc21c3c7d56f519820501abd9516af15c041747e9abe7159e17bacc943b7e5b88691bf4caeba7033aad4e7741348776f8d6d0e32a56b8bcdf42e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5954dc636128e45e08011b7be7105601

SHA1
8e4ca73bd1010696919f62958f293e6e3b7127d2

SHA256
898b90e07585fc3e96ace2b7f09fbf8d4f96f7f96e8fc4621bfa2761927ccd14

SHA512
1a0ff2fb991f1a9fdc0c91788fccc59c3055f7f1c4b90c496423bc09fd161dc590899a80607054b6a8e31ce28edeb63995dd83fd9e663e2e3d4f5af1393a0312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1051442aa61345cab551fe60912201e9

SHA1
df1067c4b245bbd1eb402dd44597ce8631a54b6a

SHA256
c5f95dcef5ba6e0e5f0fe55a4f9e0077f9db5bee42203f6863ffee25b99a3d15

SHA512
67d2dcb483f956b5c573b2d3914e249f70aeff8f14648d76bf78707d767934c418b12b21fd3ddad127788ee9616f68b4aa94c53f532a392a1af9908f17450360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59bdd8.TMP

Filesize
48B

MD5
b1cc1c6538159dc7d36d65d45a1a0547

SHA1
e8b52abbd646eae31641bd24b1f3edf3da13b144

SHA256
e9c8b0f5eaec4b236f41a700abe1c624f672c427c780b76efc3fc720df619732

SHA512
00332a58bba1e66b228a0faf3a054a2c3e6edf10e501cd8d54f559600a289a20046a350dbbc1b64cf0c9ba2de4282608f7d3c59bae664efeb79e80ad30ccdc2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
134a036d8742375248bca65c5277534c

SHA1
bf750ea8c4fea5386f40cb24d25c3dc673362972

SHA256
e6016ab59e0a7174776582c59f1916eb7faea28991474b87c475ec35848abff9

SHA512
1b6ad5bf6ff09b2554a8d98df8bd95c2d4f1b99acdcb1f0adf9d432d0e408725651603c530fa4d3d52bfe2925301410e4f0ceccaf09c5054d8b1bda7776433c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
82cf38e8cf1c551799a872a021530ee2

SHA1
47c067e5b731cbfe29725b42a176b607a2a2cda6

SHA256
fdbecb51e4a67eb48737129fdac9c52663edc8190b5fd287fb824796bf251344

SHA512
e480ced348f68e4f4b6ed77b89766a2f9610f0d78850e697b8c886484995cc25fbbaeb27ae79bcec7ed591c31f4f92395a91f35bc14e3a19c59af75f1fa6e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
89fd499646bac628ec0503a578f06982

SHA1
45c7592292f8666fb98483500e1cb3385202de40

SHA256
b234dcba418c66d0ebc6018ddd268055089650e5373af78a6513980bfa3d94ee

SHA512
b89fd50d90eded52eafd010501b543de80606f29e7b89c9ca488bb4f345c7ad71aa1cc58e8d75a10e4e8e14c69cd1a36953fe2ef72cf2b257a2a62c0ad12a00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5978a1.TMP

Filesize
203B

MD5
6d37170a4260545bec31a85a23dd3e35

SHA1
253e75ed186d20e7c968fe9f42aabc800417a8c4

SHA256
f415708a370b18650503baad69a3f9476a241cecfb1504aac264d81eb6327c79

SHA512
07922f9dc486cbbb057a950e88ff8bc123a3352d35a9d3796fcb8ffbf644a246da2a7f345fc05b2bba805fc13662c613d9d80e5d57fb8f0ca9531e2f3ca8e9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
844e4716112e2d07ecf3f1bb370a70eb

SHA1
8fd8677fe2de679313af5e6c5897bcaf319c58b2

SHA256
3680d6b3f3ca3119b5149f9a771a8c2543bf48b60170cf7931d970c51e273c22

SHA512
72600f0ac8724d27524bc73c7c40d239078d526727f0319d1249dcdb2d55542c3feed31cdffeaa8c8ee2f0457f11e7e9bb2003db1c1c466f0417da4653b12662

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit