hxxp://steamcommunnnity[.]com/glft/activation=Tvc5Fh3mw1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunnnity.com/glft/activation=Tvc5Fh3mw1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2176	msedge.exe
2176	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4368 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4368 AUDIODG.EXE

description	pid	process
Token: 33	4368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4368	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2176 wrote to memory of 3616	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 3616	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 4996	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 2424	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 2424	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe
PID 2176 wrote to memory of 656	2176	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunnnity.com/glft/activation=Tvc5Fh3mw1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd452846f8,0x7ffd45284708,0x7ffd45284718
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
2⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6468 /prefetch:8
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6644 /prefetch:8
2⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13666683308829559592,15832759338206763872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x340
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
8e36f78b602d58c5d70877e363c8894d

SHA1
f91b40db80bd86cc986778a43c84eb7fe918e550

SHA256
b278b19ed0e7da48b771a60e5c709c7758d0c8afda62300fa44c5812be834729

SHA512
bbb429d48507a1d895725f962cd3e3ab8aa57b1e5eea196d41920962781ee1e15e7a9099ff7fc63cb5b3244111c2023b90ec8c854effc785e623013fe655ab92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
232KB

MD5
ab72e0884e57117394902e0e13d3bb0f

SHA1
d36069bc9de7f5fde877a70f9c4a93be727f3a69

SHA256
397b8a5b219caa05f0e8c8046e351bf59e705eb093b35a3ead0f03cdf68010ac

SHA512
9b2c5c866559db14b5eaf029ebbae41f2c092d1f70ab956c3fb718597e03d0a7aad7d852cf5e98654f0285a473919c2de1c9b046432543ce13dfa43f4b1beeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
48KB

MD5
3be7cc22c6f75de4e8bea141915cebfd

SHA1
513a27f638b3144e5d36c2b55e86fe53e45a0458

SHA256
e94fb7031830f4be08f1e198fb5b5fa58f558d0be5b03a5d3032a3cb1d275b7b

SHA512
a283f390829e877dbe1bbb1bcc6ef848f0570849acdb34fc9e400e1eea06056d573ee8536dd249b538def499784d537e1c5dc3d6cd593f07549412790e740ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
611KB

MD5
5cc6ed2a9d045309e8929683fa5e36bb

SHA1
57bb1c24e377bafa3178bb38d52e2f220087fb04

SHA256
bfb6e0723c83963b2145e8026786fce4b2d55cc30feaa48d90d0aa0987ff7827

SHA512
47350b48459e91bc9aaec55b21b8179e7ff7c5111df2b0abb6d4841eb72d65d3432e673e832ba3ab3d9294f7015ce71ecfecfeff4c9286e7efeb2bd42141d5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
33KB

MD5
8d31d351c23eaa09467f87e863ab2b08

SHA1
eaab39279cc5c3ccc2ac0e0046a663b6063de36f

SHA256
f89749dfeef757d006d0b471e50c839b28deab03ca0a30e7b4b9199994b4ef91

SHA512
6eeab096201fd0faee39440e0c9cc9b42b128a23b4535abb6adbf55568e23fc820ee00160292b146f775f3e58e8c78356b63645045ccf15653ad6e681f957e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
32KB

MD5
a9d7bc3c2a2aa5a12176dd26dd0ed3f6

SHA1
616fa152f831c81aea3de38f4d606ffb0964dace

SHA256
3b23d55111830a3df4794e941c813c7235367946eccc9a392b3ed2375442d83b

SHA512
156297610b892a1e86be458933a70e94cfd780eea9aa5aee02ecb83216efa037e5e8f3887030f25f45ec6f3e98a47e590edfdacce13f3a622298fd8cdd1d829d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
73b5baa2bee61630a8a1cb1e0586164d

SHA1
0666c6e039120dd4bb5e6b8a9fec964399256cc6

SHA256
4bd668d7a58641cd4c0455992d0119133338e0fdc31c369e730d1d9f6f6cd9c1

SHA512
28e1d655c1fcaf8869e594bb5b32d0fb5c71867ec215a53d63933457d89410b32c06f22e8933f2c7dea4b95d77acfd0680ad06d63da0fcfc6fa77bf8f4006d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5913c83bd9ee4097894f8186c1ce0a1a

SHA1
21c00670b12dbf902a6ddfb8b9b57ef9e5fb8176

SHA256
bf23247ec789d3dd0d5694dfab767b73f73b6a8f610a6b2272471cfe6485b048

SHA512
18ba23188eea15fe7b0747d5348004a40e0fe10df26bab091b5fd9e6560ecd55240af2ab816bbf25b450da2661bb0c463bab8592491d20a81305eba9895f4887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
77b515940f83cf567f1f8c397d63fa5c

SHA1
7974c38ce999fbbaa51430cbfeca0a36eccaa1ce

SHA256
dee368bf5993070b0ecbf092db5718ec044b821b7fa6daaba90cf9c5628db715

SHA512
174186b5c7d5e1e491aa942ad4df56fa93f092cbb2d969bf53f6996299fdcdd36bdc37d45e93338bd222b11683a759f4b49a2329b6bc383b8938eb2bee61b4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
693B

MD5
82d4a7fb49bf93cbbe0e35f135b70a1c

SHA1
31d2067ced460158372e2cb77da023139c378bc5

SHA256
4bf247ad6ae8a6afe8ee1b811894f1919af9b810581a6492cd3208625921e1db

SHA512
78f04095f2984d9fb02b79385ef7f2a74d06f2b29a0192767a24f69eee223d2e6c11ff35a7d4781e5e46795abbd68251484daea9c21b19bd5ed8863b9df0f0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f8bbd1734eea0633399b64922d0dc5f

SHA1
553dced204f01092ef169269a7ee56b38b97605e

SHA256
dacaf4fa17257e26aa6d41069d5097b08793ef5c8899a19be31a8682b6d6d8ce

SHA512
83090034a0cdf1987484aff2d974a54b294ab62ef91900dd5862b2f5d0e4e0931758b5aae5247ba0e337a814b35a92be451c5add3b1f485a500e98ad4b9fa1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0062ae0d41215d03fda6390bea743d64

SHA1
0a9d17878a5f2dfd57aff8ba26b4b1a92bf772f0

SHA256
5af16f724f3591cdb4590607ceadefdf9d7c32487d27bbb3b4fe19bcafdb4ea1

SHA512
e00c1318dd7a21619937956709ae464599cf3289438858186f479743b18202a7a1ab4fc8411dcb9151de839c8cbd669c892e07d8c7f769784ab4bb33ab194f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27b12ed7571987339a3c3e0f10301705

SHA1
b56427de85d6c7f9286c52b22abdf0a95a3b2cce

SHA256
f06fd66bd315268b9ece053b1a24906a4a455d0a07af9a451ad0334eacb7e196

SHA512
0640383971f0a2ec9b0a16e4c4773d85ceb882e6ada602c79a28659181368446ad63840e12fad30be4a3ebd2a711472bab147d21cb9b353e37d07d6f23641700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35b63677dc9c0c0b49c039a5f8697bfc

SHA1
e19bc4487a28ecc69dd2de059733373761678c59

SHA256
1beba9559715b487d256779514a61b03395fead4b84779e5eb812e7ba900557d

SHA512
3c2cce6dd37a88cc203ae99313cab6c6f87988dc69fda7ae04b2c4a7123c134793a3607e3db666caf58ffa523c04d42a60b87e5f0538343fa8072740ba9c45ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7b48d8c726aaba177c848e99dcc0299

SHA1
9360f29ce4042545322081fca23ff1a4be43b713

SHA256
3d74c627a6e5fd031084e1f1971af518c28e8b0b813411ad616c9aa162fc32f2

SHA512
adb84c1000896a0be11118060967f8a0837bb83005e4251952426f41cc449449842320fca01856a99dfde211e57f86b4a9a574172e13bcd36d9d2e71009db9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4f28029028e50ac472986007a076004

SHA1
fd2c8a5999521b6307487a1dbacb4550a062c1a7

SHA256
2f6a135136793bc20ca1dccb626c3c86a0adb97376cb9fc1de99d97ba37e13a4

SHA512
286f145f48b7037f2debefc7f3f1dc680cdf2e4414f320baec447e5fac213d696c7c8d1ae156bcec2b02fc615f61e956019cdd025e7645efa85f907a1388ad67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25f65ab6-bc5e-42cf-9f5a-77d78d114f68\index-dir\the-real-index

Filesize
624B

MD5
f9d27eb6a76e9d88cd81dbe21a2df42a

SHA1
11c58a3ab8ecb41e13c08c31654a9c4abe21e3a3

SHA256
6bf84be9927f6eaaa8d9e486f50ca9410e54e9c4f588681014bae52e8525030c

SHA512
ac15f2b2c8ad2900305ca37fb92af8efec708c0f722ce6fa0de38044a8f85880592bfef1c278c4110c01f105ba4412f0d286e319f23ca7237562fe2712214279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25f65ab6-bc5e-42cf-9f5a-77d78d114f68\index-dir\the-real-index~RFe59bee1.TMP

Filesize
48B

MD5
9dc2d84c40d509d313e95f058d323fa8

SHA1
cb94249ad5688623f5898dc6fab1e8703ed270a8

SHA256
097c17706bda25c3ee00c294f35bf85e58289fad36f9bb8e041f35c267712e43

SHA512
4c6bb0f58bb35c469d0a068b1ea0402fde06f0422e5643a765d95f506833ecd19d5fe57a620a5f4eb9161cc68ff6e395c8d621e8747f9b9119d046da20112f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7dec9f6c-a3d3-4de6-8202-57770da5514f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e164f3f3-1685-4978-9384-74b5cbae049b\index-dir\the-real-index

Filesize
2KB

MD5
cd86c346ffd897a5e007356ac8dea543

SHA1
f4b4119932fbe6d961bbd084f2a2c785dffa2550

SHA256
86a40f0c313fc5e909b7ebf8515a472d6c2577af4499c14fbf923d9e0a63756a

SHA512
a8f69b1fb6ac2d318f09e9814daf3be8f7b402706bfcbe17d80ae208fee3e5d63e7f718876d6bb6f2216da3f431aaf31771dd0ede34690ceb3f67310ee464a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e164f3f3-1685-4978-9384-74b5cbae049b\index-dir\the-real-index~RFe596557.TMP

Filesize
48B

MD5
80e509cba6abb53339edee29a8d07622

SHA1
db95dff4ef4d8dcf2a464201cf8b0dab6b712b17

SHA256
6877e2f9d94c20199157da45e41b9735160cca8b5f4c1267fd83e3f7d9814db5

SHA512
0ed76934c7286be42e78a9cd6065e031f995bee1c36fd9aa28bd22a90d719a5150f8b99b469c05cddb793e0dc267f78c0584fca92f792e19f2cebdf638944f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
edc398485ab430a9e759e245e92b180a

SHA1
1e1f5b2a26854fad92dcbb6a6f9804d5b0e9d62a

SHA256
307a7294ff8b56607ce51513b4be912c241873fcf279a28a3ce87a0213cdacf5

SHA512
9830b9b98d8208a36d9c89121b403ac5160c94f874d2bfa95ab5f5464d65afa92bd78f7fd1af60b24ec9ea58d56e19faa085be1f3bbafeebc534ac498717d8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
18ac7b63298c60a393f82be2d71786db

SHA1
a5e6a4cffb56266a5b78e74cfbc88e3e6494a4c6

SHA256
ee6546ee789950dc8a8a226da44f314b3be56f0034f230d473c68674952134f2

SHA512
3f490a608b37f21ab7897d0f39ec60f1c93401077bdedb3492d7ed05b0d68b0712e09a6314f9c1e0460e741495ac94f9cc3ad118c2e305f405351fc0d60fa935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
bc32a66a47198d442c8b0df900f37b3d

SHA1
91723c6c874a37b91dff2eac8b9239cb8a0c384e

SHA256
f9f04882875aeb62a27515d8f3d2907a20eb8c6e20c5024cae0bbd99a5150a5e

SHA512
1e0e4b2092b107a0a4ddba558508e15926ed34dd8c44820f7c2e50814ff72531d0bdb5bdfa6f74978ad1762534c25cc1116c720934ed75504fab3154a6523832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
32c490f2f0a19239444e922d72913ab5

SHA1
560c3ba2f84addd8da3fb15d68438680df19a70a

SHA256
157826135a9e372865ab9b2f6497389c0a947f96d0c16809dc5bfb3d44ab403c

SHA512
ec3dc60f681c9fb29490a388f4f3ef1d065c738e031072769d3f17269fe07db1cf9871d97c61deecd13c3f98f98800571f4e5fa7c23a29bc948aa90bc75aeb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
46dff5b674372f4928ace20405edbbfe

SHA1
06c5beec8ae00e7790ff26a47b61295cf2f31ccf

SHA256
76798805acb86fa5c13d9268ab02b9b9b75f4f5c4fadaf2b8381318d9f951c64

SHA512
065da99c99484562ac5b928e7dc6356812e8370dc582de49b8ac27a4843828a6e8ad0dfd893cbfd752dbd88ff214ced8b40457b7cfb4e0e532158b9012940110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
1e390c446986f630dfd63562eb5092b5

SHA1
c8d98aab0e5600bf476f30b0bc0ae0e89520a922

SHA256
7a89be76c28e3d3b3e865eab32ffaa49e13a27217d74aa9a62f1be7f6888755c

SHA512
e773854f8a1cfb60b1e4d1df5acd58fe4c0e7b6add73a7d0d22e6d504b0791dc1a10dc97e49904b0ea49368f938a975f7a1d932b50c7aadc8374477f688c8900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
0e0920f16d87249d2c9d0aaa04d97920

SHA1
14a7c6277c1fedaa8b368b5a6d4d89bd688babda

SHA256
1a7f3fa86f660457de50057322302aac97b70a1e47791f22e0de646d54928d7a

SHA512
a72b7310abbef3288b1bb73e55bd1a620d2cf1c9f4648f8fcd4421041d1c920ea8dd382c460590516cc9ff73b318ea31e88898566b5a9ce33c7748f4323ef31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ee4dc8abcbdcf546bbf6b0a6e94ee40d

SHA1
37e0501be2e34af3d3e96293f930d7952801e322

SHA256
309706baca42aa632fc00a88c5012cb2d22457e0d2525330a21940501151f333

SHA512
eed65738918bdbcfeaf00e6e2a652ab3c0bcc98fdee3f4806c0442dcd1fbece908beef07fd0678281cadfacb5798811fd034817800785f1772f9dc3d95c2efe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b7bd.TMP

Filesize
48B

MD5
03c878b9adba5598e9cd1ebd6797a688

SHA1
f07f4c4483759a6453b641c3ad48e65f652b2cca

SHA256
f30b4e594911e88a6b7fb6f96b11c3afe68e6c50e3702249a7711632dd6e8a98

SHA512
9c86d22c421f34e2f013a643cc5d4d2b816c2310b1b60752dc836acabe7e6e003ca65a0e9b79993c1221f0c1cdc708da3efea58f2d649accfe30fb1676dda578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c73d7885026733170ec64026556afc1

SHA1
1c07517be39a8704ff23bacd1b37a62057a69ec4

SHA256
f5edab391a89949fc815e7332ad3ff595f25f3e26207cecd91bf0133f191817e

SHA512
32fb07114b9cee0aff5a278a9b2a67a9860b8097d9c797682a6a8b175d2668f4d68f96a0c8e13d1a9289937eba466159ef9739c2e6298a75864d45dbb4aaa66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
f18001b3cee28862eea35be2367a7d73

SHA1
c6aec5b8d19deb7c10a3570f8cbb8180fb958e08

SHA256
0c5d335268ad577e1ca245f0d042f7f554aa393ef09774493fbd2db7f9645a49

SHA512
7464cd20842beaa80c68c6e6548829bc7dd3610fb660dbf92a24181472207c9533d48e84a223c77ac5f644c1906513c006f1ba8b1643d3bd577d01fcb53f5411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
355d755ca0464ee94d51967c1dd514d6

SHA1
1ed2f19e0f17a75d82a2d65e3c7aa34cda98f235

SHA256
0754be34a22b9a61abb1ce49f0e3960dee666ddd0ae3a1abb951ffd4fb328283

SHA512
f1332c454457cc36871f732282e06db3b98bff2ef09ae7e53a7af10804c02c955922c18d69813d1a2efd18b72e26be0977a1a9098b66a7ef3e5fd7249b0c9c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58406f.TMP

Filesize
708B

MD5
bbdd883d2f7c830bf5250c1312c8fee2

SHA1
36f5ca7ddf100abdf2a66352842d9f0347d6a064

SHA256
3bb9bfa45926335e59f2f28d6276db1f1c0977818ab9cf0285a3eebe217f8f5a

SHA512
ae9fa7fba38ff61423846720b468cbca7d8653783aa58be6e2dd947ea72f5dd33fedae81fd65ea71d25474f127a11b76d0bfba0accc7787d76624d2cdca450f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4bdc5b501405ff4eb8586b6c238abd2

SHA1
181f01c45605ca935f1f7de37e2ca510a05a5d42

SHA256
ae56de1760afaa9ca7bab640645e042592500039eaf39c3cb051a35d4f1c5c3a

SHA512
30684ddeb5bc3bd967f27740126dc875f5d0958c185caecde407564a6de421ac6467881f6cf2018da5832e39afc1807dfb1015d0643949e88faae187ece24050

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2176_CZUERBBMYWHGWVEQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit