hxxp://xbox[.]com/en-us/play

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/12/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xbox.com/en-us/play

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{10E60F31-B887-4655-8998-895E6C8D291E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
3292	msedge.exe
3292	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
4440	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1668	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1668	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 4592	3292	msedge.exe	83
PID 3292 wrote to memory of 4592	3292	msedge.exe	83
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 2180	3292	msedge.exe	84
PID 3292 wrote to memory of 4040	3292	msedge.exe	85
PID 3292 wrote to memory of 4040	3292	msedge.exe	85
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86
PID 3292 wrote to memory of 1444	3292	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://xbox.com/en-us/play
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabb3246f8,0x7ffabb324708,0x7ffabb324718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,12599502469374391352,10749054913740370385,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7068 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
24KB

MD5
4d8ff5db976099a8836bc793e51d3168

SHA1
49e86270a3d0f67f93986846eeb77275ed819db5

SHA256
31e7ff0968b6b8f94720fba01c3f8e6f47693ee928371881e7d81952e3c9dc1d

SHA512
21433d680e95c735ee799e821da5bc912e25cead936d8ac0916c4bb64e2330fba5b9ffae2d57ed7a9410a0b1513d7b0b8aa524cdf13e926fd5ca00e8c2dd729d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
16KB

MD5
1b284148691fe5dfe231ed017ecde409

SHA1
620607ee73915052a98d0069603fa5a491bcc14a

SHA256
f464a0bae4ce3f34656506531f8737a82d824a038e2e6eef1c3d9300ba2f7652

SHA512
3918c0da1b3201427e7a6b01e24d3c7e4da6ba1ea829e0047dabed34c6b673dd5a55f7c1c22b63d681dce63eaa518f63492c31f2198e76b4d4293db6ed2a67a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
46KB

MD5
13b7eea476a75eabb7c9caf683199797

SHA1
2efa409468d33cda046af8a41eb8e4dd92915181

SHA256
a1037073b1a6c53f94017eff2c6709e94c84016e2c6eb869462ea5ad27c7bc7c

SHA512
32789a997b785e36cf74e55c3c247c19d0a13dd17ab85927ff1c09bf72bb7168441b9116d4d2096124030e48021b3fcf02bba0870945186fccae77112c679c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
5378f67e316e5abeaf3383ca55bb51ee

SHA1
10c7096e5030f8e912a1f2d4dc78c4ec1a854c8f

SHA256
6003b510e802c6e597d399ae3aaa716e09e413983d69489f82174c3d33d2a77e

SHA512
ec76e9c3282d060752eb6d01530ecd1d4e1403a05c1c56005ebc8a4f3f078879353b28d622715a7a48261e8c3ba6236e226075bf4ba73e019fd0a456c0e84445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
31KB

MD5
8fbdaacf601646bd269bb409cdc14781

SHA1
7872de2877a18f702c9af899963f1c7ba02f9433

SHA256
de6455213e01671691dab9f7d347e7a987f65100340874e5c09cb4fab8f81e84

SHA512
b4aa855b2ce10eabf97bb8e5c9400841a23fd7301d4632375bd99697c6943487a1fc00da6a5d0381102aa8882308fe396cf494cf68600ea5baea8f26db5e412f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
77KB

MD5
7eedf7765bd8547280531a200a200463

SHA1
320097b3a01053bccafd436cbd949563f31084ae

SHA256
a35c64fc40e148f627b353c5ba29841e5ffde4701ae5cc8303bfdb0fe2fea250

SHA512
259e1be5f2ebd24ae17c409ee0b1bbbfe8c5e2f20f350d789d6b459f15a6f23c9a185fe4c2afec339d68ba9b547fb8b7cc80f53cbe53546ed6c422b3c4ec7e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
31KB

MD5
da9785d27b0defccac6ec196fbeea6cf

SHA1
b41a05eb30fbd6bdb3399267e43153b28c982296

SHA256
8dc704d724affc051c8f93cdebc7926f25088bd57c7911d5a28fa887ffb62537

SHA512
dc8917cabda24966d0901d22d01621ade702c55f7d9716502a49ec43db41f7afcb62e3801e9bb96b32e339a4d688ad1d683ebd16f8ec400347ed6e91a7694a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
27KB

MD5
a7f85073fe4e78b4862b80c6faf45906

SHA1
3f8d7a385d36eee301ce5c2d3ef4c798fa5f9ab3

SHA256
7c475b5e98b886c2047a922ea80b88f23fd5850470e1000fd7108fa5a0c8fc41

SHA512
44f225a748b213d7a9452c65ff396746689dbb5297219f32af3b4247e2f23ffa4c84393b77e11b562b386bcb1e40a5b478a82c869b43e48db5813f8544564ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
52KB

MD5
46e61d80681921d751ab7817b654a7a9

SHA1
b60071dacd885b50331274b7d2704b65c5d17538

SHA256
e1e8d897788b77931bfc4b98bb78377758a5a37a044e60015d8ae48707cd5c71

SHA512
ed08b8e5228f5b593a1a9e46b26b048c82abd1ebc58d55df91b70d92d14acba35d0f676e894d5cc025ee23376c7bd9b534a9b8edff311251f54c879f97c481c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
102KB

MD5
9c8e03ff5e5e23428d6836d054fe53d5

SHA1
c7022d3e7bf3239a7e17ff7d256fe22671429474

SHA256
65e4c37ad21da5c824f916a7aba8569bb6fd6ab6b21e160ebf4bca33e944a1b9

SHA512
dd5425066f3a47d6cacb4f189f21cec93f3e234a38e37a5fe404026cd4d571e8a0966854ffb31dd651d3956eb044bfde227f74fa2da3c574e8a37d7e6f87231f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bbd464a4babf62b8769a180a8fd0dcce

SHA1
9f0db86a3ef2236b90ded0fcb681a3b692cff5f3

SHA256
625b0f44c9567194377ca646a8763da0546a4d42b7f3269f6b79271a50721a0c

SHA512
a33f8e3f2c128887277a7e43998425b0a451bf57b78b4a2944d49fe8996387a440a79f1bd803a0e591613beccb245cfeb6d6fc5c1c2698b0f28a0e02a3b44ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7b15bb6d5a0333f905cafb5ab2c9aa56

SHA1
c53bdc9db4ac19f0db4b87e2097f29f4b2a0f884

SHA256
6a6b66011035aed607df74c37c0cadafc317ff4c4ae7af29cc5eb02d0f2a4c5f

SHA512
46e027e699de2e27f143334c4d8216145b339784ae6e8119ff72245c0a667f4e26bfcb8c575e2782648bb0c1f575a1b3111bb1baf8d85fa2f6321390b63ce125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ed84482394067a58fba21056619192b

SHA1
a25976813be9760e000c20e32284bc88bc4be963

SHA256
cd71876de92a2d8c5df6614d9216b0039d122e9d515c537244366837c0ba47c2

SHA512
6dffc1d20e3aa3bd1463ff7846cb2ec1f394000b571366b303804543c97fa266049424ab87734d537546f9661e77c86a1ffc2350f05585e2fb7ebde7c1f66cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c19cf3e8cac0ddb0f14bed8e01549768

SHA1
d16b0ba74d5c4e995bca51c2ea2b7bea26b7f45a

SHA256
73f072157139b11a8520c9c0bf3a302e98dbd730934e998679d578c88fa8ca53

SHA512
1c01606bb2a216dcccaf6646a30e18d74eb95c2d21e1055e3be289c3dbd7ac0cdef14a3f641fdee43cf965a60a18863efebda75d9e983cfd14eb3f56ec65e2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
130dd2992d9422c36407d73d35850eca

SHA1
7c4ca473abe67c8e78f9915d520446592b33aada

SHA256
fc1fe8e5d71065e4dbb0fbd23d8c829b01cb470e0cc3bbed5a96dd993b17e43a

SHA512
941e5c381d6730b8284f7075fdadbcc05dac1df6cf093af11eb1c285b2109d4bb83f3d0cbf24905ac001289a079eec4f624db48d3ebbb0036078403995f89443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df1e392ab19d4e0c1118c751e940e7ae

SHA1
fd948cf3ca95b30506582ff785f820dccf630ef0

SHA256
305fc06e1a10ed5e12c7685129f71c8de65a1cec53feca170aa0f5fddd5b1408

SHA512
9c6a0caec9a198d28888d886cb26f99cdc53f9611bb8ff15693f8adf6c2a491306faeeae3bacf0f7d75387556c66fe7a6e97986046725f4bc77b78e2c61cf348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
751ab4b9fc272ab402b2cb18eb94f68a

SHA1
30c8c9cfbeaec278d535d15ccba0a45b1d076d3a

SHA256
9162b05fe8bcb8cb91ca426c6138e55ede23b061f302f17e60af9117190aea7d

SHA512
e9877ce990a2fa4d3c6ccf62de52e6999634a5f5c7c46f28ce09a9cb76d330bb7ed624e64456a77738267aaddc399e13326fdf3b6a38acbb0e5900ee5ffeccd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af49b948c69034dfa4554888834c3ebd

SHA1
738fa97663cd200e118d132eb8f5b116b601915a

SHA256
1b5fbea0adfc64ba7d1315888b42cce0b66d780d91ebc7616df50f9bad200d94

SHA512
278728b2ea92b432de48d16809478166db6556eacc50b552816bb1ac15d77725fd29bd0272bcbb837fa1087e1d6cd7b590512148c6624d0d722ff3b768cf6baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e94356d19eb01e2057391a0af2333a3

SHA1
bad66db84eb7058618db3aee3b53c1c08adbc785

SHA256
0037437ad8671f435e367c1c6c0fc6a58b4579f0360ddb95dcdf653a62d41106

SHA512
c0056839ba30a0094c3c954a28523d407a5874195af4806eae76556dd5ec3bd032bbf861796fba8cb8c2d40b4e92d852239b0d0f5deb4f77033c3555d9b64dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f85f99773dcc11f58f98008341a30771

SHA1
61290a6f23e2dbe6a5524d64ef81152594c0a3dc

SHA256
b73e6bca8ba93969111dfa17e7a820274b2a75fd63273cd36f44a74e3f7a5764

SHA512
9761ed7d95877a321beb557705f0cd149492acafec2dbf61b54d493c49d13e359df6d1353448a07bde10a1de35e7e48092507e4c9aeb285eb4ec7074f187e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3e14de4ebc96877ab06fc32ac5e0686

SHA1
b28c7e00a3e73845531e2ee1aca1153f9898a0e4

SHA256
c31b51ed008562aaa9411a870e4517ee6190426aa9816992a68e94e85abaeef0

SHA512
621417f255b80a672590b393a4e885cbc64bfc2877b2d4a004d2faf7befda12133996a107fafcd5742d2d53efb6feba505d926ebc2942bd80c6566636161cb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e26d601619049ff0c5422110a1e07797

SHA1
ad073f76f336d3d356398d149c1785ed7af4e4a2

SHA256
8c4b67c979df5b3fee7525e8e65c946694d4809adb24448710cd801d110c7001

SHA512
8aed85308bc20c66f6dbf59794e20f7b9c2218495b5966438876abe7a8ba721432bae7826b6d4fc44770ea92982a80c9c83fa6ad490c8639d60062db50729e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5e8dbc909d4b953e11d34f894f688a62

SHA1
97913af83ac588a955842fd39f56600260e7bfd3

SHA256
b348c3c059522cc247d0c8b5396a9c463ddb58c118fd72f98bba320d2a1186c7

SHA512
c40b9adf3d4100d1ef6e8cc5ee346f4c7a86ab676131100fe2b112eba04950e093df74122a13a1eb06122efaacf01c861a900249fc4fd4544f2fb6182403b0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3506389ff27214f47e0f7c5e1aa942b6

SHA1
08caeae93667e7997ad8e8e9cf8a2c5ab719ad7a

SHA256
ac9ab22b0a153e30bd0f0c3108dd2028a5e77e48340a370ba6e3daf35a5eca17

SHA512
a47771126c24622b29a14bfb814416bcf062dade3ce18625c50ac0778b8a947035ba6a48cd9c4bf6c94b50fac508c184c21efb133b791b02850aa6ae297f145c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
947925316ae14e015dd74b47d251ea0f

SHA1
028611e8418e074362da8c9dee2ae8755b8f92a6

SHA256
5d13feb0c0ec6dc90d4da3a58059d23ffd0bf5828e37b7add059c1620b6aef4c

SHA512
6bf319e1e049183953f4dc7ba7916688c3f41dab425777eda7e6b0d24237e53d5cc3147f9490ec50174fdacde2b74b474fc8f4afe66c4a5dc0724f1dc3c3f68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581eed.TMP

Filesize
48B

MD5
61d5c8e7f49890d8350c7e26f36604b1

SHA1
0a575808311ffaf74a5adab235b8a0325a0b2bcf

SHA256
e9a1173986b8424d78a1371a5630c090bf15f38a6e0598c10be49b35bb00c5e6

SHA512
66cfad70e98a2c4d606ad53c5d480f93f4774ef4a2617891e7a59aa921300c052d48e19fefbb9d473232357a75c87be2d2f2ce9ff3b51d6aaae58106ff46c5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
79c46c815979ff97e10ac41f28170fbb

SHA1
3599b74e122846b07cfff70b2803c4552a3ab708

SHA256
9c5b426384ed2462e369a3425c5359e51b9a3d61da83eb4968c6661201fdaac7

SHA512
55f0e183c8869be5c4170ea879ae3fda0cf8abbc83764cb4a1a018a58522197058e77d0972db461e5fcc39873e91dc3f2d676c5b9ec8010ed6203d735aaa07ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afccb14e25e5aee4e440558073f34af8

SHA1
329f4b858ebec784665c64c7d667d3009665267c

SHA256
5ab6876ce66658b529d40f7eda55919409b44a44c959bc48a55466d69d765eae

SHA512
b967334eb901667cfb94a7d8b5d6e1fb0db35d78c98bd252eee84447003abc2682e1c1d1ec8a0110e6da7a7cc80b7421a68fd809c588f9d131b42a91714b0e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
600429e43dad82f39636a81228fdfd7b

SHA1
f935e117b748576c27a32b148429d9955f19d877

SHA256
5d1b6e37d816e4184d16cf34f30d449ddfd09e0ea7b54857e8b103f3e1c71b62

SHA512
835c2f981c21a8c90e0e4c2e554465e36db8f4c0a97ece62823fb4df230ff206740b8ab9560996f885ae56736f6be27ca86a447b770b1945b845e915e6653d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2ba7815fa1fdb7e4ee666af2791cf8d5

SHA1
bee934bf1360937e33f5a1ea94b0c0974f010db4

SHA256
f1ca9275bfd991be9c26c1a15bed6afcc412da2294e07c3833110459381dd64e

SHA512
49950ef18409030ff47466efe4cc2fe47634b8ef8513dee33a77a5435fe6c294769fbc623dc3843e6d6b4034cf958e2008464a370ea77da1402d2bb8fde8a150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
341728ecea6748cf13ce5484266559cb

SHA1
62e7c5e6454c932bc634e16b3bf2d8f62a0b830f

SHA256
d356445849473592367fdedebe5e2f4d8e92e6d2b60f776ace624e7782ad2309

SHA512
98bdafe15f46bc94b77e64da335d2ed66b64467943996d102623d3920ea97bf30027b023fb1ae740dfa2ad17273f45dd107eefd848b2c9ad22820a4de52cdbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b75d10b3a69ad91ce26883a6d78528fe

SHA1
f0ff2bc2425fa59121e1520872f08454c05eb668

SHA256
7b2477157e57f1e32e0e488dddaf1b73b2254c5b64f4661fa601eafbc330a379

SHA512
3c10789236a1bf8fd68c6f2917d898c3de962f7829a1af340835eb61101d3446bf3dfe07d7907047a34067788d254e37ee718d5df77fc8eb6468f7b4ac3d6d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cd39e17705e3a4f0aa43cd46d973e61c

SHA1
3f0f03e89e9772b484cfb43c7886c27526b248fd

SHA256
b454f89656bfac4a523cda3db32e480bca09f3e5ab4481b8f1d1140dd6e33dd1

SHA512
ee28ac6beb383f73ad72d19af5fb1f28f8f4b9f07cf3183061294ee353e5e9e948fa0a0a4973c9999a3ee5b06101385ab2e88c7619a505f580885f50aaedc85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42d38e43f0feba18652c30b92ce05e00

SHA1
0c1e9f64200c57b0d8889e808f6b4065b16b46cb

SHA256
07a482cb7bde194f20985189b1515a304efed7f3a37cb208346dd8a56286db2b

SHA512
7c63d2eea0d6dd88562e6776ad1375c4549996c691d686274244bb948dfaf215809feb8820132e82434c52da22b265d8eee8bf3a0f280c0a57f8974e9f70ddeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58179a.TMP

Filesize
1KB

MD5
65c1a6ce46bac5a4ca5ffbe77a032e2b

SHA1
6d08bb538e6ef59fb2111724ea525fb54e4511e5

SHA256
a13914656574c0116e892ced6d0e78cbb1732b5c3100ee0b159d7ce883d006f8

SHA512
c10f0e0b60cac76bb250c53a70518786b475027f459024a33d743f5b9a338db0e6436dd53f65dcd7ed898715e1ff00deeb8884a47c09a3967453d55b19b387b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e7681d9c-23a8-447e-9012-83389af46145.tmp

Filesize
10KB

MD5
fced42c8ef352292481505b1394ec0c5

SHA1
093d903e3513c0750ddda6d47c6d41256a5bc259

SHA256
118a2b6cd26a433c65684aa715fe1653bd1449faca2a97aea2523df9f846b3ac

SHA512
690007de321f0418b9e9732321c990d98b57daabc101a54fec93139432f381e720a153223e1b87239d71cfd5a2f8828f898935ff11f21f81f5a94bc01eeca7b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit