hxxp://discord[.]com

Resubmissions

19-12-2024 16:08

241219-tlpnwsvnew 7

17-12-2024 17:08

17-12-2024 16:44

17-12-2024 16:44

17-12-2024 16:43

17-12-2024 16:23

Analysis

max time kernel
1810s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	discord.com
14	discord.com

Probable phishing domain 1 TTPs 2 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	139	https://chatgpt.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f3864115b92f668	3
HTTP URL	162	https://auth.openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f3864491d2fcdb5	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-493223053-2004649691-1575712786-1000\{A761B986-B190-4D67-A89D-C572D0864A56}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
5112	msedge.exe
5112	msedge.exe
4904	msedge.exe
4904	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe
5636	msedge.exe
4832	msedge.exe
4832	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2808	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4832	msedge.exe
444	msedge.exe
4832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2432	5112	msedge.exe	85
PID 5112 wrote to memory of 2432	5112	msedge.exe	85
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 2420	5112	msedge.exe	86
PID 5112 wrote to memory of 4420	5112	msedge.exe	87
PID 5112 wrote to memory of 4420	5112	msedge.exe	87
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88
PID 5112 wrote to memory of 2316	5112	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb77bc46f8,0x7ffb77bc4708,0x7ffb77bc4718
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3912 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9265883192952065150,5858542184438623964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x434 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a176fee-7c7b-4f27-b0a5-484b0bd14c52.tmp

Filesize
5KB

MD5
a42062d4f4cb2198048c0d55336ee5fb

SHA1
bb8d8c0ceacae3e296d6f776ad9f9ea4f444088d

SHA256
8f74e3d268b876c3ae3412fd6966b4581e9459431c216126fa3cffc4961cac13

SHA512
9fb997c2d991a59ee67510c5d025247c00907a20eec6d6d794e0aabe3bb828d6a7e5238279522219018337baa4569ef674942e25ac5d39ff5ca55886be2f9ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
323d51ba89d2cfa8223e0d46b1cb4458

SHA1
ec445bbc6f8f6b045319c0bae12ee02e85f2dcc3

SHA256
d025a5554d2eeb1f1161b1dd9f336f8c1fee0b1ab865f1c607acf27793c6710a

SHA512
b28764f55f1063258a418c0f999bc77fdb9b358630c32c6e9fe739ff2d5980bcd121bf690650861982505d82c278cdcdaa80588185c44176995c7dfe84d74e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
9ea09b966c97ab4b9d895cca3585da48

SHA1
4f55d520148e727b64cffe719461f7efb2515168

SHA256
6f4ddc8417cb40f87f7c6a574de4a7403713de59d3bfe5225651c13989bb2b7f

SHA512
8a82af710da7d71639ff97cd603f3802ad40c5e8d1fffd5bcaaed98931bbbcf593117a378b160f3456840a930417acf36a3bab902aeee8bc5d6910f49c3a9024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d430325e2f92af28215cfb8b8780629e

SHA1
2c9434d2b9d4443a9d9ed6ad81b77db90595c3e3

SHA256
fc7b1534a96d82155c35f96be024c7f956bd142fa51565093ac3141b30be1676

SHA512
a0796cd71fea29a29cd375c0d4285dcacb63f28e52d71734c775f971a2de4a140097d0520157301d4348643bc33786828303cdff45e154362f28c1f7d68b3bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c10f25a12f7dabf98aac03be0e6044a6

SHA1
bbee04f6f5fcbaa8ee861b7167aaebe5225d45bb

SHA256
d25cea391d50dc305af6134b26b6237949858949846b37f84ede591d4384bc96

SHA512
0283bb311985621ecf1a646eebe66b476f987f5cb2c6f9a40cfd863028aca347f9a12b09a7dba85c400244b030d37f5471e141a5f0aa4d656d32fd6887953654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aef692acb15a5f6491672f56b215c6f9

SHA1
eccb715d04718f19f8889f08b82cd090a9d74753

SHA256
4abaf0f86475e1d6fa646d7945f179501e11327df84773aacd67b19876cfcc86

SHA512
e34ffab9396f169c645bcae8265158f9914f2fa3115ee079f87df4be65cd4a1ec00da4bc01f20e0dd36df0ce4a4450d3789c71337a251c2d749eb6deff75676c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1b1df53a0dea020753016f4db1747847

SHA1
54a10b025393560beac6f913de4e0b60ce2dee9c

SHA256
54e32cd0eb089b7179159ac0ce15e08fad001d55fd621515679b611a4331c827

SHA512
a8b451b36015548bdadb7649e1ab19d9d1152cfdeb30e7cfa0e81b66b45d4b3808eb098b163c7533340ba63180bdd70d65d7dc9a40bc680ea03141f5ffa921ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b4af19b41f2de38e8abcfc04db371cc0

SHA1
4eaf199cead4de308bcf828b8679cd77d62287ef

SHA256
ca3d0f2ff80db6ded1e580c36f05cb921671416ae20f8b36bb3cb1d62c423ffb

SHA512
458a15c2cb797643dc8422fe61d765542eb8dd558a8ea08d349fd86d249adc079ba30f083843ee2e1faa7c39476cea929f5d907cc3e6ca4970374165b0f7cf60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f661a8c667cf42ee855b159dde7db73

SHA1
d4aab4a637fd96c2b055c019e66755eb8c8b2b63

SHA256
91fdc7ecb5f5823b319c68cb6053afd7c9a999a6541dfb25a7344ebbdc5a65f5

SHA512
841b852d73e74f78ffe34f06ebdd16a40c0effbec93b4f22d84985689ebb4cfe5f151d00cb7f6ac8d687a6c8f0f22a44c7200e41d125c0f012c1c31289de2566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
898d459c7126918d255ea8afe0745e8b

SHA1
6ce7d5da8a8343c019ded918ddb155cb49f85658

SHA256
343134be7d4a520a4c2e9c5ae4773eed0e4744e043e3f7c85114daed51981623

SHA512
bf8597b3dcba183a7a3d313f692eebc7fb0688eeda2b97f84f09ce9f6fe8fe5047a4107a53fb84a335472d7bbf72b467d6ba6d18160f821b7f15353f5e5eaa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
558d135632cb95bec15464c07936a82e

SHA1
b85869a92f30d775d0965f03a46c7f5871476904

SHA256
8fa1a3c886814ecf86814ec5907042432fdc84b2661d76119db316c653e3ca54

SHA512
c265d4c976a9a455eca0f68266554424e675286af51a471ef0352e7a4bf1426bef37b1e470e710c74854a2d9ac6fdf9a700b3c8ac41251f9f4ed7884676295c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0dce98c42a1836cf4eb3abccd18e3b5

SHA1
c8f02499ac411ff121e142beb23fead21bc0d90a

SHA256
3aaa7ed64b242588059fadde09d40aaaf5a3fa43cc8fd385a0d64df43d23cf86

SHA512
81ff2da15af39b349c239f6f3e8845b315885d2ed3dfa9468dbd0f42054e31a975a7ca601d5d8600800e5e04369c6728efbda3d0e0eb8f7b8ddadee4820ce76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16908e9cc95a2ad82415fd912be88baa

SHA1
e01de841fdb5b067ba4b63f766b50f7305063bd5

SHA256
d01ad325a5deffdff3c831e490a67780f4df07bd5adef16d9d6ae6a7c78a84bd

SHA512
75ef9e175434aa78c5752b0874ca5c05df62db6c576a80ac6331aee9df7836ed1574044033125a0e642ea6e4d482b82e68ff781d802bbf902c9766d9a0713fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9806dd3c5436fba336bc3c90d4f060ff

SHA1
84ca5e0d69d7136da164aa6522b02c7be0857455

SHA256
dc377e548699b84e80edc11a18f965741222131868ad44f522dbf7f521c8b95f

SHA512
029938b606049fe06158a519b705bb5178d9327127d736ed21f1c05eda8e6085d57fbbcc468c42c116c4c59916b5f884b6307cea6f91a908ca63cbba4689828b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
edf63411d957efbbd4fef794778cfca6

SHA1
6e5bee803e4e862f18021649ba49d0708bb23b82

SHA256
c9dd99e09ad358b61dcb8d5e3a591bdcdd5830780f40ed3418610691f2e5447c

SHA512
b5c0668943a177085cedaca84d35dab77b283434581d08e54e4b503ddf469da7b69c15b289545f69c471206ea350ba684950ca59d820697ae20b3ae8f6f0436d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
46edc494992d884d23161edbbb69a331

SHA1
f53f44c261b717895c60e9019a26956eadcc44b2

SHA256
c501dc857787c9f33373a15ebf15a8b9daae64b1af07e5e7a96c42b3ac2c8fc9

SHA512
bd59b3348dffbbbf93aa33865bc49867307f13e891ed5ba6a02d82341952f4f2ebf51d7e6882eef77846c2d443b1a46a0e12b9ac1278cf8a26286c4ad6e8b8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
90b0ba1faf6ccf2b3399653d5e610665

SHA1
017e58e6623b3155a7eb243fb90121f4583bbb0a

SHA256
4bb96fe2bf4eb0a9e341e829be4d4c0621b2dcf9bf2363eb0a528f0bc624bcfa

SHA512
6450850edeee819638264e17bfdb0187f127e3c79f400eec7e162b1111d2aa772a0f9e5296d03eeee2702d68653b3afecc22c6df489d23a71196e6c8fd0a7de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
149cea9c58da4bb175e2664f43877a11

SHA1
e60020c454f3db01a04722974fbfa2b73449a2c4

SHA256
66b8205b8458d8f08ccf7f29cc2f754e34924b475af22138e16974aac398dbe7

SHA512
4ad18e1a50cb97a408e2934eb15e2c9bdd3aa5775f8d976a7d816ddcf0e3aef7f00f2e7eb964d3bfc84b89dc0fd3303991c31e0f7e7385ada389902e45beb056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7eacd54c69444178bc95036b373797ee

SHA1
a9f5f637cf2ecf7f93a2ce0ad4013fd98755d120

SHA256
6a6084def4b168bc4b6c756eaf57443b38eb3cb8e344f37af9e682dd458ee441

SHA512
69909ed8bf6e0bc8f9270099017a9cee092c51e963236d1d6771b251c59b837f60c716c759dc8f20d61d12376f43298b6376a1365ed09a4fecde1ad3b5d6d3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9afcc0f9dbb5a56c8baeefd65cebb520

SHA1
47a566702367b098c267198ed5bfeb1cec07b93e

SHA256
bd3ffb1d061ee91f6f557a69905c945ac020c416065e6c8bbb648182763bc8ea

SHA512
0dc8ae2271bab5dbc59dcccd3203c986b0da34777a1b61a7713886f2b097611f1272ecf79d963efcda33855ec32abb3333d241798ce94f3cc4d01038e37f22f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e31e5c9b82a634cbf9b45b15cb8b89c9

SHA1
c3af6046f11907efae1924e129892c4979f8bdbf

SHA256
d4e38d7c14326fea8ddd57e8e0dc77c2a0eb056d3969a3517cac4ed598f770b4

SHA512
5d53c15e7ac716bab87c7527c5d74b2f27983deafabaea594a6bc4411a0b87c2690a4e207a559abdb2e05a27aefae094f1e04bd091871b55da3a1e4ed255b048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6792fb8f525d98f9e9da09d47d59d843

SHA1
073065f7a86ac46519906301074e7d90722bce90

SHA256
910407dc691fb62a8fcdc9fd53e83d6629dc3f2c59853642d7960352d93c5a69

SHA512
c7ae98a990c98ad075019d9c72d6e55258b9f0221a843ac32a22e7da5bbfcbd6329ecaea9a7122536382fad0c7151ef3ec66c2046e5bbae38e75f4907534322a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
df4ec504b6de6bdbeb2aeac844efd185

SHA1
84d5d7771d0e55b17aa76304573f1eae6fdafec7

SHA256
14a72bf80ff8840c308b82d90e303f28e5a30cbe70c439d841757170349796f9

SHA512
9e0e2aab7084dd0385758c0791b31ffc1d9e7bca1719d26be391f3e77853d78980f3d5002583d872b172790f4f0a22e26e1cb0c3681336f493d6655384ba9610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
502e200711d55fe49e47b864f29afb4a

SHA1
3242f902c3b1f8fb16039a972b28ad3cc87b4b12

SHA256
d61cba72f497b6e2ffd6a05bac33dab457a242c26ed8b6557c7cbe11f8915c86

SHA512
3467d5b4e7bf66c924de3f5cd50cd531fd32d163a31b00f33e04b11390d67fa853ab9dbb1884e0377e9a4969caee5928391c05a859a65b1aba3cbef053e9bcdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2e9025bfb80379857dc23db3c6dacaf0

SHA1
4021429c1a74a139210b30468a5cd1eea1d009ed

SHA256
a2a7f68ee37ff066388a7ecf500a02ca0f6c6fb82b39dcec84044b94d504a703

SHA512
209cf11d202b53b8ca6d149136cf63a8bcfe1ef790406fd1d6ca92be7556c95f690018a13c76f6bff8e6b6173a309a09bb5e480ef97920891d9b1780fbb35fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587059.TMP

Filesize
1KB

MD5
6f389997badacc216e55c4cfb9a93035

SHA1
cb4e98ff3b0bd3776fe1255bdc9902f0982d61e4

SHA256
7b6a1871b1009546af9fb7af1eb8836535c9e2ef26d7f35a235f4a6859a2b7a7

SHA512
5ea2f6dc4c306d478645002f4da6e078f0df5b93302cb11b98415c8837b8e59a3d23940fe4156dc348536256fdbf92cba6ed3f105e67ec80ed30ddcaf861c6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8017709aacccbc4d72c7e517826d5466

SHA1
c01a0d436fad37b419956173aa5986dcea0f2ebe

SHA256
5bd61811703a2f43ca66968cf8a7916c32ca7b6dc765be8657a49faae3a1159e

SHA512
8419b32f1615f041c9a02a8eeab23d8087a87e09cf7132006a991c5400e83db492cab2405eb0601faea7fe8bd7c7dc7a5e57d091c322e5a77358f6fbbcd4445c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af9ce0ca4a8ee48cbb191486ab1f8e87

SHA1
d2ce4bc81004fd003e9eed23981c502168ab631e

SHA256
2f9ff93487dbebe7324d4a1844b5ee6c7c401fa35b3abf1ee2ab506241a8db7a

SHA512
de59bc09b649fa4415def5b31c27cd137ff918e1491b68d15a009c1e67d9ff1b61a5d91f2f4ef5e87c7ff2f5f00e5e934b089f3c6c89f700a726daa394e4ea40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82102f69e564d4bf22a052db6cb947b6

SHA1
36d70f0bdf93dd5d0a67992b763c4bd571794288

SHA256
a1545d4ee05df2cdbe78ead88a763f1e1b1748844c2f88bf11c0878fe7d5c49b

SHA512
3f748a920f6a0a677b1984e01310191b281ccd7420daf0620ebfa04713f1898e3095f9fd61e90bc6894139dd5d22582900c68f3c16c25f32364011c10a833503

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit