32f972c79a5359ddf68925602c6fa011d78d160acfd64db3bdff78bc7621115a

Analysis

max time kernel
1165s
max time network
1193s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images.jpg
Size

4KB
MD5

40fea4a96b2a822b5f8bc86211cb3e3c
SHA1

7125204194af63750e8a5454e2257f86a0aac1f2
SHA256

32f972c79a5359ddf68925602c6fa011d78d160acfd64db3bdff78bc7621115a
SHA512

b51730e35739e3054d10d01dfcfa5419bf34800f301e4f30974016412e1cb1cb4a83d23ae4a5e4ab3e5ae669be69e9155b17a93dd98e716678d7bb988f3202a0
SSDEEP

96:8ihnnX50Vhx1o6jC9DS5tvz11yqw+bx0roTE5g8uY:Rnn6x1bbjz11ysbfQ5puY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
4504	msedge.exe
4504	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3312	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 5116	4504	msedge.exe	90
PID 4504 wrote to memory of 5116	4504	msedge.exe	90
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 1592	4504	msedge.exe	91
PID 4504 wrote to memory of 2740	4504	msedge.exe	92
PID 4504 wrote to memory of 2740	4504	msedge.exe	92
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93
PID 4504 wrote to memory of 2412	4504	msedge.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\images.jpg
1⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcc67a46f8,0x7ffcc67a4708,0x7ffcc67a4718
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14262587040219537578,14892513347997057932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
b5a390e47fadf517154dadade3166e9e

SHA1
0f6f631d2e2a6e91d82e8e02adba683d29aed446

SHA256
70bb1155da50141a5f47b30f00eb91b9b58f992209024fc768f830ba20cac5ce

SHA512
b2d588eda28f3ce3b761976eab060f95adf3398da27c77a54ddada0e05c611a1d2f9e1ba57bfc59805528ae8bf73ed50210573a5059094c67b835f23f9f47269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
7be80bc9abf6e8e36af042c4876f4063

SHA1
f7d4ac39f32089ed98b8d4248de31185932ff514

SHA256
d8f58d72f3af0f3377911f15cf723135ec48e4116ce48e4f12b2159c6c8d494c

SHA512
5df60c3ee469f21105114426216b26fec5e0f4ec469b44589e42886428e5a32d6e19660389094f6e8e40084f627fa5b6f31fe9ca8213f136ac0857c638b85807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
84KB

MD5
9b08718d4890e339e78dd0158e57d579

SHA1
ef3144986af0b9f45e900c0a34a40ec723e4810f

SHA256
c8f0b09e0d09e42864293c6f0b1b5bb2ad0b03900726c6a50a9174090744f770

SHA512
638c897271f4946869c0b373ea42fef3c7ded86b17b6ea79971b87ee2c692d7c697234ff65bfbb460bcd3ea1b123d5c05a2f00249bbff6d1b020304b05aac86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
103KB

MD5
9cf323dbdab14ff5f38f9e22a6aec75d

SHA1
bd2ba38df475d06f9c4b3ec5617c7ff6d35aa46e

SHA256
58d2579c0208c6d2b9ca1b6b2a41430034f0e1ab7d312c30cabf4854dbff6fbd

SHA512
52b7f1a717617dc21f59588ff557cefd5da810d0899a037d381641cf3feee8bb62f22f587631d4115018de786d6f6c62d1d86bb9035bb2763b2d91b8c3b7ca0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
20KB

MD5
29be3f4c1685374185295c0577a0fbc4

SHA1
c720338b90479756d89c4c0bd6e1b2c126e741e2

SHA256
84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80

SHA512
6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
16KB

MD5
6c0949d2cafb4b0136e62e83f69aab34

SHA1
e15091c89e7c0e364993d8da0db159f5c143830f

SHA256
201ff0cba3dda97312a40f4c175129cc078beb4a51bf56684713f93cea14485a

SHA512
2d47fdcc9c091b1de9b040d51b4eb0e9ee01b904eafae3d6f284cbe437b955a5a69e5f1705d02efff2ed77c29e876a8a25115bbef26a12fedc3e64a20083ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
e4b6b66b1d80d3e23b4968649fc8453f

SHA1
2a905bab99f7856b8783269925c70b2ae0821dd7

SHA256
682cfec6743a4f31438aab79628b3aa722e78611e73ff88f154379f6f000b363

SHA512
f96bbb9199417e032dd288edda5ad0239012df9c2e85da326a3d301ac9f48f5dd51d43e364aadf47573324de2696611bbf458a0cf78fd24e874dc112d1e2b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7d5f7ca591defe611ba847c39720d94

SHA1
30a9fa0f3e603717431623acf4e74907ff304272

SHA256
33921b24cfde7837466dce8f7a05f46e25a9315106e955cc4e319a5472a7b239

SHA512
f08c9832ca1d0752467facfc9e4e2d26e177a71db6f5ff6577cf71c7867a3f81d89efc9081bf57999361cb1da7321ae3729525d14374f1c0ea04d2c5149a9a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4953f0d16a0c9f20c9cf08d0296bdb1d

SHA1
f32da36367e025b92a5bad525cabd255206a3881

SHA256
63857b6a87f425f6f97497ddbc50f2b9ec924b00bc6922ac7c0bdfbf740392b5

SHA512
932b1e026f4adc220c5afe8642c37a96416e1a4c4714f7090cbb7ad2b5dd0c9a405a7bd40196cce609c2c1bb1c421bb678b2787fc303617a635a263a557879b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f823373f1daffd6899116b25b41b9b62

SHA1
886966c3fe526b7b28098b5a55d6764d86ded928

SHA256
7a745d67ca49e24cd2c1824644fe988103a28610b56cb441d1b9a5f9714d9df4

SHA512
92ecb53be48e4442d0b1839959967710ed2ed2a34098b92c96979ba014deb2c11c5393a2adfa0ef4ac40e368b99db5851469e1fc224fa3e5d4ed55ec1b8524b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
afe7610daae624f89cb7cf157f5b1203

SHA1
46b67374189f6b6c4ef73913090d9e9c1a9ee3d7

SHA256
77ed05094ddfbd65613e05ee6757914f3387012a4f00afe428e87bf6402fa11b

SHA512
385a5c94d1ea796ba56f7d99d73f5b43547cf6bfa6b3646642d165de9dd562c2da7419df0a0c8660b1b342fa741096c480dc3b2fa0b49733820824bf50f01275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5acc123603f3615c2b10990998647a4c

SHA1
0e006837896b08bce951c467734fe6c1c2f7270e

SHA256
e297e76b3fb562b9ec95ac0898d13219cf2879452beb9fee346b875568b8d784

SHA512
3fba9a205c068930780936aff4668939334195eb6b6a21d1815b8714e395ebb07d3eb8e1527a2a119bab2fbdbf062579ce2c47777db4d949eef2637156bd3b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d505d7fa072403a2b1de10e1db1790f6

SHA1
11aefecc7b963eb7a65835cb8d7473acae93f4ab

SHA256
40c38da48ac1c8d16fab1127a49ed4216a7f4245a2bc9d583f33800afee13f54

SHA512
fcf058429e340dcd5bd91fabda9f6031af3a09772632c671eb59e33b9263b028f38f18df16c17a6d27565e90363640f30a8f3f31c305b5712afc356d75d2562a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0e19f6a6b780fdad27052942bfd2caa7

SHA1
56be1fbc97775d14b528400df411efcbfd3549ac

SHA256
f6cb46bb379efc338af24a3661a13954ea6505e84c5095eb9ef7a74ffb74225e

SHA512
623f16f13bc537039109652f42a50cf87d31c24a8dd33534e9658d62c129bd23ca7d57516f97e3585641b77874a938a9bf594b059816ad6e4a22c54f06799cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9178ed6abf999ef68a25b37a2daf5a19

SHA1
220d5558a1a88fef3ed114fdd907e27bde241f73

SHA256
edcb694bfe4afda6b3cdcb0d4a1c29905696e345261c862c5193897e7ba8bbc7

SHA512
c51ab8dd85efceaaf224b5256ee50a92bb14eab6badabdf2b2aca7b63e82f114daacde6aae7a2b65931f6fb05ea5e57810109a87755fedfbc9ba2df992168005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bb2920e728fad80dde1537acbfafae3

SHA1
c35479d9dc550fe2f5c8aa3dc9a12cac6e515937

SHA256
2ecb687af1f32ec5385c543b93c8d2a6f0ae97c4a011dd267fd13ad7cd09a744

SHA512
650d7f0ae6dd9d22005e0831fc60c3457885e5bf31faff24d5c5e74c07c17e186e60615913b173988521c58403a3b71f13c99bf925cbb0d7da8d5247986384d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cc31c4fe4b82fa483eced5ca5f05b6a

SHA1
1fc17e0c0d2dd7f7f96dd59783a822a00ce8d43e

SHA256
11712651ce9c9a3bd7d0dcd841515bcb4948cdac5737149d8c6b2dc9f0036757

SHA512
60a28e30b6385a3dd6c7c1ac31c4a521cad1012322ea955edbe9e77d27ba93fa5db487cd3de10a868a038134baf3cfe977cb4ea7d107106c5097aed4930aa655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d6c7092d46c7a803a59a4dd366462d07

SHA1
2d212b5374aa882f40be59caf479f2a8cc2ef181

SHA256
5ab98a0edfc11a4c9742a626763d201a1b55c09f11184f5456ee0e7810b96a5c

SHA512
7ddb42fb050603b4aa551df5ad40e456e9c54679d9739cd7a808a51575a0f252f865e8a09cc1f185135dafea08d3156e54d0abd4f9b4359d72a7128be944287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41d64bc6ce738f19722ab5b85f0cdd5b

SHA1
02702d6383cefcc6341ad654c7014c472664ffb8

SHA256
ca914f644b94ed3a7fbc0cd79f2086589fedbf1fc6ec7f06a459797de0a1b68a

SHA512
9028fe78b325f99e393a52767f47b589b481548c4bbe707265165c7e4cbcb91fe590cd84baba24704a9b22aff73b8a2a1a84ff37be6c27b51b32dce3675dbc0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5556acc2d2d86a59ffd31291294d9af

SHA1
9b103aa139072f0b678cd50f43717bace79b5c6a

SHA256
7ef5113c4190884b661890e392d082aaf9eca1a7b3eb829a713ce8ac3078e009

SHA512
e37b03db4576de20367336729f261dff6fb70aa2926c7172434e013021c2ac9ecdb8f81df816741674aac206e98e5f7cbbee25e209dbd8d19f786bf65398a2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7615ffe9472dafd8fb0601efbe68866

SHA1
f2ce6c5cb87692fe042f9c7f4ed81592715f1215

SHA256
5ab692f2d21d4641e6695401387f4869dfea17a80fcdf3d18921da635eb0e660

SHA512
fabe08f085752a7bb7b550cb9ec1b078b730064b1788244d85a9779bc7695c8b3904fc38769ae7b8e204eff9e510aa7e89ee137315b41cc8208f743f6a399acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9240b48f9214a5b328046fac18164cdb

SHA1
17fc62781373c0224e395addb02ceda3bd6afdc0

SHA256
806e68a18bd9f8f4ab6b628bd3c204ef47815fa6fd8f421a638dbfdfda48c784

SHA512
868fc9956e8c81d03f9a0766256906e6d784fa4ce8f00f660978acace2d8ad794947c3ff9f73a2bbfcf80b46125a4e1cc8ea9b1b908d257c6f3886fb4eab4abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
f18e4c4b395bdfb52ed1477c46734df6

SHA1
29c734b2431ed17ad1eb188955a4626741a7c109

SHA256
2d05248177afb81440f289d52570217092558871ba140c4ab8ede36e15c3ceef

SHA512
4dc4d6012f874d6cd2a1e4cab7036b06367869af0b723a65a4cd24a5080a71c6f2a96912cbcf1b96f4dff2d9f5651bd694ff27efa2b11e21a7d7332cb38597da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
834ed1aeb63758e66c8c0415710bbc30

SHA1
e63052231a18d7783b11d068065400a7dd546334

SHA256
847c11acc5220eddbe316ad1c3639806308c561e8bbefd520e3061abac46ae52

SHA512
f83198587b4897064dcee74db2d3c4246d6cea69fe714964c16d3957b86952bbfe74032e120a59f326e746757a5a1bb92037dd6fca99688bc92c2889bdef22b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
b77de3e238d1be4cb6bf551709d71b32

SHA1
b3ea8c8b6f3c8cc20ecc2096258a6482d9d7704e

SHA256
d862b104ec3c7684f5e26d6cd31128c177a66bcd0d84d769f080e03408242ec3

SHA512
afef9cf541b1ef552b078b6ca7e74f4f3a4d7fe53b904a9a990cf1e14f7dd341fc97947e0290bfa516e045200696f4733dfb23cfe24f40a19029cec3fde41150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
989819420f45db12e1ac8485bbf78025

SHA1
3d864c30a424a7f5e3da4061952db30bc8dfaca6

SHA256
6c1dda839cb8bf070703c0ddf360289505454f89dc61ff17fcf906fcb3519db9

SHA512
d9a4de064c4f0e10b27dadd4b8c60b07cb5d350de4dadc4d8c890800fd04f1aabcb0715763ac16693b64c11fa8a750d5d1b527d7b1584e1489b4a67bdd81ac9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
eda6ed455d38a222f963b8a3b20f2ae7

SHA1
748209b87d193a395609cfdcc2cff4659991bbd4

SHA256
48e5ea5b005a9cef8092be3172b5558119bae00259fa8e583bc04346f5fdb47d

SHA512
3209ae0b74c8a02674d817de469b48473fa74980943cedb7fef3ac6faed40457c5bba7e175d39e0c9e9539501586a36ac6b1fa28d123613caf8f15b955ddf583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
0c7ee75e1467457db70cf4480a7f8c51

SHA1
825c3ab3b32c763eab32ee7ee5f3a13504896ffe

SHA256
905e4607009706c061ca4726b38204d1a0751ea497492f62b2377f4f95fe4c40

SHA512
e59e19a7209ae332fd84fcbdefef81037b64e86b0c7bf4d316f516e031a0e7aa236fc2fa3454439a8bd4e11dd08cc37c804b93373f24c7737c24bac9a3b28d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2756b75f886614fee01fbd1047596213

SHA1
b6677ae0e364ae557f41c05639b874fac55db4b2

SHA256
17ed336b7892312a940fe5eb57cb0885d6f488a86c12d91cc7a638cead8bea86

SHA512
7b2ae05228daff26990382b6cb9fa18d5e6d1710da3c6e86d4494d1d00fddeaf2d946e979d5277bd093b6b514121673647444c628b4a6532d063f14866368f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c293d5af1b27808e148b02a2b74460b4

SHA1
937d43e86036298def0da9ceb7ddaf04d9dca413

SHA256
10859aed44eb6370a12df6b42ca340f48f88e2532de09c1d16347837713f29ab

SHA512
4601723d84f3e70d3862658edaf3665ad8d62e3021810b621bfd535d9746c937e1a86d3892e67731e9547fad0449b4e61cc798dc5910e6375bf827bc6785c028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
4219f91f742321db89eba42fef567a50

SHA1
0df07a8cbf7625ce4d070a85fbbb8d4e753ab679

SHA256
513bbf8392a7072094c6b0f09a8a7a4681b6f75ef10ed3f83efe13503234c60e

SHA512
01dc86a77ad8d647f6c5768338d82107813743b53b872b77793ccce9e1f9552b1b15c8e22f161d904a2a68602b4b5c9ddcbf83500ebd2bf4a8259b5d9d0eb7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
2bcffce361400a8a87a3df428a3c07ff

SHA1
f7a398834d8d0131f25def7fd31612ef4877de83

SHA256
df39c7be94b7dfc072d9b2a593b93e1920e63f7904116b6d808859945fe1ee91

SHA512
95a9af74f23ad03d52f53faf18af1ed0e7e55f0c37f3a84fd988085cda918f081037ada3a601e2a41698eeaa0b3c73446d10561d586152f750a8e72afcd96ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0d36ef3f71003b488932384a3a4e37c

SHA1
8dbf6f1c0f31bd8d43ebdbe171abdc76fa54f960

SHA256
810d598574e164a3d6a1baac0ff93a70f5bbe39720bf6451a8165388da2642c6

SHA512
6cca7c1a4556aeeac7483573b8654af6290c6c9a6c111590cbf151317c3cff76e14eb71979cca779e2f2101bb6af139a72b5d2d6de92680b7178f2aab3d77f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d251f3dec5e045028c7cfbb66ecf7a3e

SHA1
c698991262a99c408ab5a590746f8e0882a3c616

SHA256
13ecb41fd6e83d9d562a0e6cc572fb8a8b5b4334ff94dc24a81129068c43e26d

SHA512
cc26736e999c3a32f6a99108fe0ff94a15afd41665d82d703e1518f7d4ad91f128405a429ef4efda1b402c520455354913cb1d52e39abfdd43f120c8a0c7eeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e668e950d9c61bf09adbdd9a3a5338a1

SHA1
7d0ba1c905cf82acc42b6093e3bb927c359c6e43

SHA256
eef006edc9a68e8df3051fe838b627748b9d7cdb5243527c80ff31c1d2aecc85

SHA512
85a129c43b4f61ec63e4c8180409bccf000d3a0b67b9d7a4facbcc8a8d4f9f0ec94de7646b5ba29387e5899b4a95dbf295c98de42fdc56e703c0c1f3e8f009c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e210f5d009de4d647b6ea19ff09bc609

SHA1
9909c59f27d1760dc7878e8f6351ea99d65578c6

SHA256
1f50d5858b90b88467c97b8caacead9e5045e87cc516dc4ad94872ef6d187eaf

SHA512
c09678a54b84dbaa2900955b94b3469f3ef77b80515ba53d461c5fdd065345144cb9289611e740efea85502ff6778d35aaff294255721379847b6908ad70d7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da5550b6b5423a155fd1d0fbd69dfcd1

SHA1
236d3b6fe936bf5302129623df05ddcbe98da284

SHA256
2cbea1479e35b392009a1d2a7e716a0deb9a39ab85960392eccf1ddee71ad27c

SHA512
3cf88b12715bffb3e47f62cb1076ddd0ef675e19cb6ece7b42b2e90f490d08bf0b171aabe95a9837bf20b707779055ae679f21e45d3a00cd9d6b02c8d25afd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584fc1.TMP

Filesize
537B

MD5
dedd673c8930dbce15ee2f5c51b86f62

SHA1
46618b00591b7e94f063d0a38da1d42fe5992f3f

SHA256
f9d609da7c018f53bae2ad54d9cab34bf10c1382e1062d3c4bbc9a9c6b0d345a

SHA512
548168457fcb990d20bffe56d0b6825a55650f93073aa376e014173be89e628c3d1b4454301f5df9268a1c3dfcfe1396e1b413fbe1a4dedd66a4f5db21a6ce2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
920820931ed758aab1b374f4ed5515f6

SHA1
9eb3fb8dee4779ab3aa11fad4d2a180f96b1e1bc

SHA256
b0c9235a9504d7c47005b427d91bea7db1f5403bf801d8f28da04a90aa928fdc

SHA512
9f0c346659f8eb407bc1f0c5efc89540d1d26538e4d63215b0d7304d7b2bf579c77a669e8804f217acf0f7802cb9cc953633e00f519e891ede4a097e3a322073

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit