hxxp://w | Triage

Analysis

max time kernel
290s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://w

Score

7^/10

discovery persistence phishing privilege_escalation

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
4672	msedge.exe
4672	msedge.exe
2872	msedge.exe
2872	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
6040	msedge.exe
6040	msedge.exe
6040	msedge.exe
6040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exe

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description	pid	Process
Token: 33	2488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2488	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

osk.exe

pid	Process
4168	osk.exe
4168	osk.exe
4168	osk.exe
4168	osk.exe
4168	osk.exe
4168	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 2872 wrote to memory of 2124	2872	msedge.exe	86
PID 2872 wrote to memory of 2124	2872	msedge.exe	86
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 3024	2872	msedge.exe	87
PID 2872 wrote to memory of 4672	2872	msedge.exe	88
PID 2872 wrote to memory of 4672	2872	msedge.exe	88
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89
PID 2872 wrote to memory of 3948	2872	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9846e46f8,0x7ff9846e4708,0x7ff9846e4718
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5168380052356654326,3078514919327926083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x330 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
27KB

MD5
cacfb74b6db8ec937cadbd7a4e239694

SHA1
059f1501f9536c549448169c293d0fa1e3d00031

SHA256
3c21c8fd28579bd102c6d48522db328a689c5c8c6048453bb736a1f0d27567cc

SHA512
4765d09795339da2afcd22f305b9c595921b6071f8766bfc0285ab6e8e1589a0c262bd86f20caed7258bc2fedfe6e81a1f649dfe25bbaa75569340c8c7ba0c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
2670548c16cb29fa135d9678c5b99a2a

SHA1
a7d1add636a4c0e7202fe989e0717bb7ed8fbda5

SHA256
5a51f240eb11e47d42d9774ea95cc03f61f76d5a3ccbc3dc1bd8419c14fd6f6e

SHA512
6417a448b849ee648ea5faff8e5fc22c51326e2b050b771fc85b26fb33533a7575faf525623e031c2d3aec9d3c2f9168bdd42b8eef3e987d56b89096e7e2490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
86KB

MD5
45a69ffb7514922e928645da1b66df98

SHA1
1cf90a5d152be5f5a11f6650dc1b5e1621b89397

SHA256
76d081edec18d84d58b3d52bf98deb152e62161e4be795c4eb9eb31f0f952a9b

SHA512
fd04600a96aa74a98fa747d2b44aeb00dd52e6988abe8152cba6793f234813228332e00893bae9c22dacefd605c7686354546fde90d06e3ec8fd1fb880476412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
105KB

MD5
fcf7cd3989d24ce60a583ce0e30b78f2

SHA1
a713f6d943ff0a6b7dbc55f06ef0b4fce04c77df

SHA256
a0b7590c6ffb38aeeec2f847e72830225976b99097f3ea6cee2a979b97d22300

SHA512
3a7d4dd69c48eb397f91eb17331aa10358b494c8bced4c660bc2c26c7eecede2900060819ca924645ccba61a06aac1f44eb86a8e89780ad0034daddfa1e6d05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
20KB

MD5
29be3f4c1685374185295c0577a0fbc4

SHA1
c720338b90479756d89c4c0bd6e1b2c126e741e2

SHA256
84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80

SHA512
6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7164282df4df179f3dc0922751571ac9

SHA1
add2b5a5a338e1b208395e34b596c91fc0178b9e

SHA256
a97376526fb2ae6020b3edad776d7400eb49d905bd3768a4853bfcd51a5c496a

SHA512
5172b5b8f7d46906fa704dac7a0a8b8f08783c6eadec11824b558800e10a68cf26b3f82f39f1a38bf8f9c451fc41e056234e4180fe0bb22eb87b3ab27ec128a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a7d9076cec0545b026258834e0ebeb03

SHA1
ef28b2e3aceae9bb35c5620d9b3f4d9b69c658cd

SHA256
a5ef192b9edeb13906082c6b1b743d4993a41a6f07bbffc15c4ec183871b7f39

SHA512
720ca9291987ef5cd055d090d1882da62f2ba070a8ae7123ddf5cba4e1400c4f223485d36ce1f6c8292b316def908a17219be988a0ae20c8965e93a3cd7c9695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f5c61df1bf7b22192fd656bdda1e245e

SHA1
d730f3bf2db5a6b8c5f87bb7e260152c29a77354

SHA256
056287011e3a4212fdf362ea79a009b8c0233b007c98b419f946212511c871cf

SHA512
07f384a9124e00398cb29798cfdb8f61ec91e8864716c3d6110bc6a7556ff90488d1cbea9ce7a65e66b858f3313864354816c94af12543eb9966cf5e4d3bd051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d7b923c5bc9ca75d125e74e10e1343a5

SHA1
452c51360b58c686ecbeca426c802059707cd999

SHA256
03131d8ced275035a125d0fdd9069a3dd5f0a998b4ec16e083a40fa96a80deb0

SHA512
5b45852bbe606ebf176b46120dfd9d517963a0dae881c7508211998cd440242fe68e7e1a922c13c352a3768f689a1b93b46f8d3ee3e0c82063031d6c1b40309d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
308ceb65619879c3e7a30e029d7ae137

SHA1
741df393fd1b5f5918b0ded1c3800515481b3e13

SHA256
4a88fe933bd2cda78fd98cb8dfc5915aaeda8750a91ab35e086073697b6d4f30

SHA512
009c986078abedaf2a6ba2520ca409e5705a8e5f38e9ba9dece34c5911c35889a8cd5778b87ab1e796901fdf0f50c2d165624e627c6785b71a96c6ac7420a955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
63d4aaa86e916d3b479e408ecefe2f14

SHA1
1a2cc759eef77f61885ea4655fd51eb21bce82e6

SHA256
01c150c8a2b026a156d0d91f45058aa1e4bc6ec604142f1c697455cde004b982

SHA512
ab51958e65dcc8d3ca15509c332acae4a16dc933a9493ca296354fd1b2f7e10ea2f84648383f40fc5ffc300fc3e83a9b1f357bc2668f99128c7ad19c32b2912b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7a5730eabfbec21d7f43bc5f63bab79a

SHA1
5b6c01e99b4d79079fe221addd836030d434a61c

SHA256
905ac9a58197ae0340e484f57f22f050ecb555ea84350e941d4b3c1c9d772b1a

SHA512
87e4881fad55e77b0fe628cdf8d28024ee6a0e442a1a2c6ecd69f8a77a25dba0eccfa93c4d04006857f677beacc92ccf8ea58e4e62eb8d3591d65331d6982cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fc6e61e2beb1108ed966d2d9ed7ea105

SHA1
cd73b74350ee02b35598460bfa431183ae55e122

SHA256
09b87dabe4ed016fe658fc715618fdf8dff2f2f362b4f2ec1112761b764c7b1b

SHA512
250ee6ed7ac4f6b75997f3f21a21cd6d319fce1319287c35610fc798565a1437fb9737b51027733ee694344e1960e3f8e07ad2b46dfa9e90da332ba4c6c1a71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
129a3a3e96a8de4eca3271c861977a51

SHA1
5d916ec207aa8c56936a322fa86580186b88ead0

SHA256
dcff949b1c8ec6399be36166b1c642b78fbfa4d0a18ee4418c2cc0bab6eacc38

SHA512
e64da67e4f09b3eb14702ecc82f3cca7dd8d5f888d1adc01f817c70cff54dfe6cf1322fd3b223e755c861be3c8c179a46d732e416a0c98505e48b472323855cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5aecf00c9554ea3debfa39beabf5adf1

SHA1
ba3a282e038495151527266d69eb317abf1f4a7d

SHA256
20a3bb585ef192b3db5c8166e48ce4b4cb54633697c7a1ff5ade7f704da35baf

SHA512
cb8a7fc156dc3402fd83e1c4015f983f75c1cbfb66084169682c7fe767b58ded3a1f956f15ca9f82a31ff75c06f32a60ed09b8c1c1f917caa14ebb669b1db33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e70c592cb3e602490b9859c8a8a92cd8

SHA1
093cd769963fa4d990c1fc55178ee36fb9882bee

SHA256
66a0758f9fcb4b9c5f1734219e4796e5a5dd5e18ec9966929defe4a61fd9d31f

SHA512
3678a69a0a1624ae8faebf56800f792cd8e730a16034a08c99a3ea4e1c7d72339859855b1bf7d6292e4dc351d8ff1f140091c710fdefa3f8ce7f750585f21345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
005328f6fec0942b6a76c13c78e55e9b

SHA1
2360611876ca7321b6563f8029736e8c20211ce2

SHA256
e3708f634b354dac3f56b52ac3242b9a1aa0cf8e8da75db259db6c8692b7fcef

SHA512
65f35d42a18b76e9f490c43093d06ec8f2b3a1294ddcc75cffaafebd43b72474b1732c3a6c209366974ca194e8c436d644814e6c37c4d258895611994eacc97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ec1ca183694a272310e0d6181a5514c

SHA1
c6376d85c20483568d1d7bf8641d24b84bb99f02

SHA256
77369028f0818cb1e24fda32068912a71b2723f667f521fe388db49d0fddbd6f

SHA512
a6dc664855938a6c813d08fa12a63013da9be500b13fff8f09b4e5367f6109c5da7efdd70b29a5154bf62e76d97ab79dfe5db1ef5f9de10e611cb017b422cd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e0c08f83b2a94cf3a7615e6d00a3a1c1

SHA1
245168597d26189840db93768d56e25bdbda2784

SHA256
b5427a03b9ccf812f92e165afa9d1cd37464167b7db7cdc554a80da401d0ded0

SHA512
114a6a97e7c8409f622deee8a63458886ba9f27a04a56981d81de88eb7295492a4652bf55b32f012889b2cf44d2b304d3fe67d18f140adcb36fc42de5b64f0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
66715ce4b4b7003fe013c18bbfd3779a

SHA1
933ee02116ae6e35f49d1ef42b145901b336fe95

SHA256
44f93333ce253be693d54f8b3cbd751d172b00fecdb329383e6ecdad43e67ba0

SHA512
e08d7169680e8a480447791abcdb05cbecb149ddc3b1fe9fdd8349e78d33684f1327d5e4df4e66ef9dba5f72e46e89a90398159ec3c8d745b60a2cf09564132f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
9b3adb840bda935365121465a4d529ed

SHA1
d2b04f299a7f65bdc35ef28293205b4eac6d000c

SHA256
edafd89728b40ae82f4cde8885355190c64c1e7135fd7b50f921f6ab75bd683b

SHA512
0210ee3b1f6d755297c8c127d2cf8fa2e664aa69e2a1f00380f993fdb90d5a7621da372c544871ec519cd337021696dce410713a9f7463417d2dfc7047cbaa73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1aaed7e78f8500150ac84d40a35ca9d1

SHA1
22f7b84513eee66bd651a3d090715a26414623d7

SHA256
18ca3e7d3909e7512f8186c2a24ddefb8c6b24c1a2fba79262c48ae4af388cb4

SHA512
25caf1faacb272992fde10652f48a02f68238e77f50e542907c448c36d81228e223f09f60edd714b3d5d6bcd4ecd927f89a3c67f6161438d8ba5ac9804eb1933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5890e1.TMP

Filesize
48B

MD5
411fd610d91de10522234729458e1270

SHA1
3d1c668e8c3b9cf221a118fe301db9bcb331cc1d

SHA256
9e5ff6f28d3abf1ca037257ce118ecd80f59d64f66fd6c827904d66310753298

SHA512
88b155bbe7daf80b3a4f78da251710c0ff606a8ba38a1cd451407f1d92f784e48467101783d38e4c3c753bd94e5dc4a9b486e74b7f8696284707991838a880bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11634c3b72140ea0121cb85a96a865d1

SHA1
883827510ed4db8c1c324646ddc12aa32720f0eb

SHA256
61f5b8ec965fd04224ecb7ba0a829c1f94062f22824ac80259d721a1c33fc8dd

SHA512
286018d190e9594720ba78f881d529873e60a4bb40ce64910929a9ea9953b247d5fc640ab99c0ba3472d0edfb8065c7d70a0c89e51c5b6ff7f2454d5802d1106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d445eb83941cf7d38760c912ca55fa34

SHA1
5f43d623ed0e1c30e764ce141cd48e2b429eeee6

SHA256
63387239ec476371fc91811323d09330003ab2c3b7237261e5d3e6f52ca3cdbd

SHA512
8b2237a4c68d9b1a3eef81e0666dac1538bcd30588da631d0ec2783ed9026e6475da85aaa2adf40efa431b9c53acd8b6960219f29504e497e87701a5a13f901f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9e84ef3c7c53e5aa1018bef9324bc60

SHA1
d2a13daeca1557031500d1d7c007e382970258ca

SHA256
0bc877971d24bb1bf29d1e2858d3de6f2dca329b7f612f5db6623f37be170a80

SHA512
d9cba765b49be3e8190ca345afbf2d1c0b4487f2144aa8911539db8d55fe7b1acff5a1209ddfd526583db36b69a1ee8d86ee0e768d488a6fd87c6c86407ca54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd8fa861f2d9c550c2c2f5a56733b3eb

SHA1
fd13398234a7e4ec4a251af0a388acea2a6a4e25

SHA256
3f10469ba0b21c095f74c28e4c22002f389eb97134a4a6460c260c879b5e72be

SHA512
e3ea61b5cae848aef3541ba5b1d247c3b9588d8f26526f512a2ddb293353d849dd31ec2f1bd03b66f14045c5f4f296aabe9bf792e5e24a81ff43d04f75d6e2e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67f00b6b0e1cd4907bcab6a253eec267

SHA1
7610b98f8be63666d0a4320f1f5032ff768a4f74

SHA256
e5b2a623b2330cce4d1bcd6826b0fb52d24b94744a9db06cfbccdf90e51f9b9c

SHA512
e9e478d93b0e972bbfcb7a2f2dd96bcd9c0c111e4dba436b6792731e633ef7e9003f473c9977eac3b6ad916107c07820d228d56fd9b258683299e18ef9d0445d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eeaaf511119aec51e84318550008a660

SHA1
87316f5d7bf1ccfde6b8b8cdf1faec21b1ebd5d8

SHA256
2cbab86ac3c634a29acc81f3a8d9a636af27dd4b4d6dd823a10fb610d14d3172

SHA512
640687d449d60a9cfd836f80083724e0358e66cd936449e6b8d898d9331b258e824edd20819afa773a52453e0832f15916f5c88c4e7a1ed473feb5c467b432e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
788adb1511c828cb02911a349055ea4a

SHA1
1c471ca335f4cfed901a7f003e7e187a5cf069b1

SHA256
6687713f8bc8f8483a8f8f020fa6548cfc4db860231e64e9301c532f9c14228f

SHA512
875a09b47e8cc789cc1a802a2026ab35c791a692d0618560c113df3ad5b52c0537413ded0f6e847a5e23c31d9e6a5e95188acc10ac1cb7ea2dfbb5391ae9ba4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584273.TMP

Filesize
370B

MD5
9372d63f5d3b6896ac0576284a26bf6c

SHA1
bc3e6f209ddf49fdc964dd39c4e013e9747504c2

SHA256
34fed652165c06b2bd52bfa523ffc90c6e6c7f615822c4f933344120722ed186

SHA512
a8c5155d8e8e7f60606a6c52bf201833f4760ed5b2e9e154cb0634226da97163b0384f60307136ca1c3c45aac69b400771bd7a383c3a3f40379a7241c1681f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2ddf8276188840424122ed859959831

SHA1
6947ec328b46aaaca6aede04714930d5623d1e57

SHA256
35c04eb7923e354b23a0b9092c6550be272efadf3e942044908f4344793dcf5d

SHA512
84877fd4340326b3fb92469a5d4a05f3bc837adf8977ead90e1af94523239ba1a7ea32501245e2d591dd5ce4a22b86d30ca562389e3ef98d032f337242966318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14657c16856a549f5a3bc4be47df74d4

SHA1
295c16b537b0c77f2a7d8b8ff3c41507ba3baa88

SHA256
077641daac1ffb7b91cbc877171233d02b84b49d11b7cbe411d817c2b52d3c2a

SHA512
adb7fb84c30d1342502be1e9f86b55ee1ada4a76599d84e45e9881314c829dce1a1f47176c87e4a4fb303b31886fae8945db0291dc219833cea224fcb02ace08

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2872_DLUGKSKCLSWVTFZG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit