2db427a4f864a7e4b7ba8c6c81d57a2b999308b9acb6081d4e2bb60811af00ea

Analysis

max time kernel
2670s
max time network
2677s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-21 5.48.26 PM.png
Size

228KB
MD5

6ce719d60176ae0e1e6ae38d3ddcc7af
SHA1

295d4b257d4f8c01492d6bcca4c46e474ff0dc77
SHA256

2db427a4f864a7e4b7ba8c6c81d57a2b999308b9acb6081d4e2bb60811af00ea
SHA512

5149b0585b9836e178b88c69ed7995ce5e35aacd2be6abfa4357e0d0634d196bb9e869af57310b14a5b855d752d307dede63402a11482450327b26121407ee1d
SSDEEP

3072:5K9i853bfqV/2Ri3UJb+VTG1lh5IB5+5cbdl5phtMdmtg8xnDZ4U1aHa04gN1nk3:5kbfqIR5Jq6lhaBrdl7fMstHl4raVXI4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
4040	msedge.exe
4040	msedge.exe
448	identity_helper.exe
448	identity_helper.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3132	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 3184	4040	msedge.exe	92
PID 4040 wrote to memory of 3184	4040	msedge.exe	92
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 2080	4040	msedge.exe	93
PID 4040 wrote to memory of 512	4040	msedge.exe	94
PID 4040 wrote to memory of 512	4040	msedge.exe	94
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95
PID 4040 wrote to memory of 4132	4040	msedge.exe	95

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-21 5.48.26 PM.png"
1⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9117f46f8,0x7ff9117f4708,0x7ff9117f4718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6160015995182171650,1349283404563185582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
25KB

MD5
0a1636b8469608a933179a3c3121c6ae

SHA1
aa79cd89455cc46b4a813c75be9fa694c40eefd5

SHA256
7882675b16d958b9d751e896c090311a22ce86a99f2fdcf15afc06a116459d4e

SHA512
079f5bcf75528749e141ddb0fbcf54476c325beaf7435fad25eb813d6f2a4c3eca95ad46bf6d1538d4819205104104547ed6bdd4168a2139e3e01479ec3f6b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4dd498c6b94c35a52e5ad136a16804b

SHA1
199573c3cd3ef70da647ee2ec6ffdf54a4ae13f0

SHA256
499ff4caea64cd82d7adde8d9316f74cd4ce5ddfc7a0b294d8336004d3123ad2

SHA512
cd6dc97339120fdacb5e797049baa3a6f23d5f68d66402a45d8d59bbd22e05935b2bd0dfab521f69411bbda7b96383214f033052df310e07483c3172fa415db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
84321327eeeb857222705ef5635d564f

SHA1
e52028f19d9b013420cc8a5bcfc4122da560f069

SHA256
931a83f0bd2653eaa48e6407278255fdded5429443974f6f76e3d8c78471ce0f

SHA512
78773e58f773cc32e4cba256beafef033ff92e1bcf4c96ab90c393298777b62a198767a4027ae39ad3aa5a58c4dfccc3ee4401eabdf877020606c933475318f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a467730ab2710ec9719f0fbb3597a46

SHA1
3e64442e520f8ded01a9d00522266e03a8b898d4

SHA256
e93d18cbefdfe761ed656d41a2b3b4d2ac683ad3829d9f1ba8fa90bd3587faca

SHA512
fa52cbfa239209f047d71ca956be8323c3cdb650638ab8738ae3d64d947ac4d0ac40c836db862a85e3b37a816f52453f248f17e59c6128b90169e496beb3db6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
99d5db467ab9391f65271200ccd98997

SHA1
2fe60ccedb740fe27321fc891e901c2dce3e5604

SHA256
f902fe3ee4f16d2983cc93aec3e4146495afd19c5e985f3b85ea163613bda6ce

SHA512
e0d638a248bef00101704308a46ff9c0727b851615045f64a04e16d2e528805addbbb1d3f05a7fdef471ba1aa0d4c59f9bfe3699d7b29ce7c1ec46348e98c5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5de158ad0bcbba517ed2bed8af769101

SHA1
bfcbd455b8956a6071b2701b696eff77e2ec9166

SHA256
c9daaa829f685a3c726e1bfcf98f3ac6f4321dc736f16d41121956ba35d14137

SHA512
78a2a9887a41d25dfe3e3a85384e7f91b482332a53eb134e2c6d8510dec3c0e1d42011c122147ff8158b63d4937a9bcfaa5fcd5afa8afe5b4118b6ab84a078a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7b9936cf4f8a0f9e58e6e399aaacf7fa

SHA1
eba6ac6550cab5f117a2629a3484e16ceb8a25fb

SHA256
68d2914747d9ff14a625d65bfeed84b6da7722446a7c7ad178c2fa8c74d7f459

SHA512
0a029bfd8763ffcaf10e06ae8daea5d4cb8dab2b6e5b5ca0b0908bc9f31866858335f0addce47fe064ca6bbc32f513bafa50c8a6848c5d9afd376cce36b25c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c5f1a0dfdf0ec88a06d73fe5e5bdbd89

SHA1
a2a54fc8114315c680e393b629ea014ca7cfb050

SHA256
2a4fcfd98aa094316bc7577a2059aef5d0af76df442a04045d158461eb9a8126

SHA512
407ca0eced593ce55a51689af1d42356f10272efcb9d9ac4cc00b876967d85eafcc3aaabab36eafc69a2e6f83c8c5906a0277b354f36b25f2a418c6273b4765a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52a739e553ed3fdd846957f17c2ca993

SHA1
e8a0c291ba4afb2d85d17417ad9957d66feb868f

SHA256
f4532e7ddffa1f810a923e41e02045ff5eca4f317b8a787a44a2c54725f1e6e7

SHA512
4d9acc32e563e5fd2b143469edfa2697df55c4db03a91a644722f6373729c493c3f3da57b8d1c6eab84d38fc3ad6c2027875455dba56bde201a25977039f7248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37cad8ad544aa773a870b7e74fb2e30d

SHA1
b67b532d4047dec7df803fc4d24065643f251063

SHA256
7ae9142aae81115612b86c268acffb878c8a62e5b2f7c365b9cd43b458d4a35e

SHA512
c29e92c214275e0dc75cb10ca8f6092aa3d937498a2b4aef89e2d41dbd9076abb2ed0a3ebecfbac86ad690412eff05977f80f21d7ee0101f19027bdc272c372e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d927ef8d567192569aabd0b569367a87

SHA1
630974f0edaa577bc8d250a9a8bd506784a3b84b

SHA256
5aaf1d0e70bff78b16eab3b8729fc6a583d25a362ae9e847acf9e13876bb6c01

SHA512
ea9a9c8cd8f19ec801725ff7d5c10e54a8b85ce2c5fc8e16c8f836cdf2936aa566775370270c3250fbfdd4f261152087004c4b1f918bf729c2ed9514e5a8d20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
338d1979447822b19f3355bc9ca21ab3

SHA1
941209d77b036350b3e7b79298d882df4133da71

SHA256
a59cce51d9786f54571660ea5ad58585d1ca2ba548d0c49926d364f480eb00c1

SHA512
e83b22d8c7618b14e480299d63e56a6c24d38bfd05dabff20d02a8f267f4fd9efe037021e2e52dea6f36b43ab413dd3b818de774049635eddd0da9b9a485f1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d7c3666951e44ed32bed88cc4bb6b5ff

SHA1
70dffb208420884fbbea445e58893945a6259caa

SHA256
32f0f29be1bfd3c40de36c11a721f484bcbf26f8f21c04a36103ac765b1df245

SHA512
b0ef37415eec0921372c3bb5ce6ead1af0753099a257674cc5dc5a1cb8dbaa32f50e3cc56203342e82a68e6960bcb3cf8c7fe7ca5a38a793100ce18df12ed192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
59325a299e8e4514f725f22a3052f97e

SHA1
ebf078c2f00d4917540890da4f3af0fb1d8b7fee

SHA256
de9480ce8f385164f90d23f967c33ea08a8b48ec975bb1e21ebc34af0ddde293

SHA512
7fa5c9b4a4f9ec045b56aed422f3cefb1dc78e27837fc1cf757cbcbfe03b6aa7ed0bdf3efe38a6af409bef710da6b02dae4196725bf4411e16e044103a20d742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
769ecd71d763c1fda8100c50f9746256

SHA1
43c9bd78045602adfdcf32fc435d88cc3727ba1c

SHA256
3563907881115692b3cdfe7db8ee1f9d2c2e4fe051a5135a19d0c4abaefefdeb

SHA512
5433e7e2a6fdbaf2c796411d37994d0d704ef74535f39e1a74dcc35ed977f4dc65bb8e26c6c2092d67134615f4ef8134e42410d1c01122a8fc2f6dfe12f4c30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8928007710be1d245ed57121dfaa25c6

SHA1
756f7fbfe450986d06cdc1a3434ca7e3be50fa7a

SHA256
5381d1e22bb46acd5b2e98748f24090cc620b6760c1bee1545434304940b00d0

SHA512
81a7c2648629833f96c0d1400b5e54bb375175c78e5f2e4b0230b569eb8f8970c699b50ae881a215431e9196ef061fbcc1cc69ae6def1f393c4d5145a33e869c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
50a3ec08ae30f43a45a99c9d514ff97a

SHA1
8c60c459e2d3bdc9781d6c2fb5a87e3c457fdfeb

SHA256
309341b34a78105cd14746182472885b0d2b6e0a4785c6d959f009e19bb1fa8a

SHA512
49f82f366e955f2f7632eccaa30a8ec0cb9cdac960ccc2bdb375b6bfa161e4f2870c34c221684ba5135bea8a0d3ce4febd602ef7b699ad1afc0aff5e98b1c9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
6b2e0bfbd0ab7689c28571eee7925a16

SHA1
3ae8d7a759be92495eb5a617d49bd2526a459476

SHA256
bce70f7412a27f3c9d9c6b2c274451df6806164ace604cf1dfa0341986c67fe2

SHA512
55c8e4cc9de6e3dccced0885c9924e90471ff6ebc3637ce16095ac78e80d5407d91cd47c62ddade0ada26ae586ab3209e2cd2c3bedc53b5a82a856e86a23ec8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
aeae87359bc91309a7e475abe06288fd

SHA1
9d11d7930d9415f952caeba1d0c3e5232a2babff

SHA256
7f1529a81c843c7f6cc6a127fa08a68e57a5d6aa4f9dc755fc957d5e3b40350d

SHA512
a313a7246d6d021b1efa501f0ef145cb1884d8b2bc6b6e5d691085a7e9c46b802057b2d04d32fe7d10f80b0cd145e38b8db7cb639f95e3c5600f15058571bf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7eb8e1750e1af0ef94f524479a076a41

SHA1
71974fad3704e041022a40877399a5a8528f766e

SHA256
aa13aa01443498551f7392a01dabe53980d6565ecd3ecb304825416c16e4ff28

SHA512
1f59a062831d7349df3f7e2e7997073013a9ecfa4fb86ba45a0844c5f881b46dfeb640721d9476d0eacf4a81c970b78da3ae7baf76760629f88fd983910b7a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a89f.TMP

Filesize
48B

MD5
30a57ea81e91c2949410fa84be5e19a5

SHA1
7cfadafff22cada18d6f4e33090ef855b8db172c

SHA256
5bb0be246a47f4c413f93fd589c7b102daba44273d5dea89df3d211c0fde3a8d

SHA512
6baa570ed85ce65fa1e8ecee80bcb74c0b7c273e44ec94471763a51055bf58c91a57bc3f8f5bf44f12d668b768e1247317743d3b3f1d8973f27b397be2286b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8499a4f2729cd39eb31280b70bae2f31

SHA1
30428c78412efb296ef4956428ad56669dcc8aef

SHA256
e7ae604b277edf0bcd55034262cf79506a59bd9c6316f9a1b9cbae136f0f9436

SHA512
2f963eff40ea93f0e20474f4bae2dc3a3c59c7e2a7f618a264bc1847fe1314865993faad7e7a047cb3b2d21eea5dd32388b832d537161eb255a0ce8568ea0bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e1fc0e55cdac6144022bfbc4c22a8c8

SHA1
df495547116495b21df13fc54292613cb8f8fd92

SHA256
2ecb23c030531015c07f93b238a39160eb54aba27c35e17794c1d16f46510151

SHA512
1ad7ce142dca653af122c71262cf435c9d2bf7fd1c2f8dd03d1367058a81141d9454689856953d3d068680b3c43c249357662af99523393d5f5b708b3f8d1406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
203c183113c8a8235a11bf3cb8bb4037

SHA1
f3d7c9fbbeae3aae7eda47528a421668842afffd

SHA256
c08b9419ab4f1be63f70a807362c75daa4259c0a271f38a46b82bce08a28c0ac

SHA512
a80cbc7361d776ef26dd59927d8bd891e5f586a0e9a9c750b1a37021e5aab81dd429abac2c564e1c2d533bf31600930d3e824845717943fc1850a6db877edf03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d5030202f3919b187d3dc4bc6851edb

SHA1
acaebd4158d9a9dc28bdec4b72d54ea31c15b24f

SHA256
0cb75f54e341909c4d5a45c3d2aae0d2c1ae31485204e6a6a16f5c60f85223be

SHA512
6261f7a8770d2099d6191938f9fbd98e8a27ed52cba378efbdf6c8bbe8e5abe42474fb79dcd6039d9ea51b5709e7453bacba7e94dd1f5185ee6ca835fafd056b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
784368cb7befd502f2d75bae33e8934f

SHA1
cf0cd11f3fd88dffa7f94540a5616c94c71d411a

SHA256
747214a5acf849890cc8ffc54931ed823ea688fc6312eba34f7a19fbd0752466

SHA512
8f89f1065089534d3447890bd32d0a80fbccdbfb66d492c67ee4cba0431fa64c180b355f7c3f69ce9c4a55552a45ca33f8c4a61a065f81590cdb39f769265001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8828e269e2e8d57ea22dbe17f889c661

SHA1
61e0ab2824f0a49aba28262dd912e948d7f7c371

SHA256
b6e9e1153d1651e764b41bb9819eb9d79f398883da5ca8b806f5e4d39bcd3bc9

SHA512
a5b2cf80204972934a3abd873b80abc44aea44f840f165dcfabaa3330c7f9ada2d7f333e2d91fbe8e4654695cc579454e70d1473812aae47dc01fd96bc8e0bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dcf447389f6023e1135723f35a87feea

SHA1
cfb2a176045d59be65704843473ae4249b4b8d0c

SHA256
6ce03b45ce18452cb30f258ff1fa0027ab556555d40284c0caba5f258510e683

SHA512
8f74f97b7b392c209824d6e7d2ecbe55e1f16eda12f3df10e9ec36b65f905697a06e59aafc6a58122f4a2573c94d79e3e895c763a98892ec19205df7b7713eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
0c459089a1586409a199a6ad9f1a16a1

SHA1
fa7533c0b1883c6f6a6cef085bae6b94e327e9cf

SHA256
d8f93fe88dc6cb52ba62801a834695becd755af2da1b9772343d4ef937722bee

SHA512
cd6a49a58e52d7163786f9fb78bb5e6d1fb2d8cf909c835e0dd37ba27b919d36d8bacc34a1002231172a10530c8b81ca4dd62e74f4b8905d655873ffaeba9979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1df1274344c310c5806dffb518856c65

SHA1
e30371e7c9690b123495074d389a328647bdef11

SHA256
7445b10920b4b6478b15f330214d2ccf773b0254547940e38f29b77dca35a5bf

SHA512
9d21e77713a376e968f88f79adedc703255e952f89ac864826726e6a48a7ee89dba15b4fb3bac3fcb5050110adeff2a8419722359276e45b97f5ac577fa6c055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4f37a9ec637386e7221a5d51e5b61b7

SHA1
f9469356b8db394c0b143a9c437511b348708d77

SHA256
181f15a86539e5ff9dff5817dce239737aa8731ec630e64192d1bc53b784a3b9

SHA512
8751d2f588e570351c4d2d4edb2c11f9d838ec1a615fa51d9f9f78418c7987743af768e44993feea9399c51f10813f4e7dcdbe5ab7feb7fd1c9db8d216c16a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9808a3c26671689b49c1915bb14f560c

SHA1
bc70e08465fd3250f2f18bf42e1c4dbc9bd04b27

SHA256
226ef7d03ec8cb7c1869feb16a59cd99c67ab6522129f1382641a39abc439c3b

SHA512
adc78193aceeca2763e110b8391d043cc86fbe8b3bc914d6cbf5636f509c702fca6c0d18c75b2a51b35bed147c37c5015dc3e203438d33b8590a210b4da32d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efc60572312ef00d4ecd265b18c6b435

SHA1
e6a58f1510e4607f68119670010d1c3cb194ed80

SHA256
c41242da32af9684262069ada20075d5a15dce33c937159167f6e9504edcb3e3

SHA512
75d0a610e95dc4628b3295dd5a13116af0a656e455b77e0740d39541b3103e66986a668b4541eae7ee814026d2043ed475e223ba8051ee61b1971a41f4d24dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588875.TMP

Filesize
872B

MD5
a3a5c4ba4a506c1583cf43f3c8cef059

SHA1
655c54b04e7801dd5d4f055274a5c658830995bb

SHA256
734fcec25c9ec2e23ef3054104c2e026ea17a4ec0439656fd6a97b9b17ae4bd8

SHA512
ab0b4d1a35045552abc29775db64f51c77b755a32ef0b819475fa03d83fa148f658cb6e141539cddb43fea64c2c128049e47914c223666378494e316b84aac34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a11e653618c7030065cdb679f53ff38c

SHA1
2c0846d81a4aa6d1c4165b266c255f4f0d38de54

SHA256
277044fa6c0499f6e72e2d7d124cf5539a689753a3ad2fb53d3d1ef415d5ad68

SHA512
dda85266f8fa72792c1db4c9ab051c46dfa2d40fc5e73e0710d38e31f03244d1d28fffea354113e3e65db1a48c1f167bdc571a4abd31bbcda52d54b90532c997

Download Submit