hxxps://discord[.]com/channels/1113754527380799559/1226292872609927299/1226548063817044078

Analysis

max time kernel
589s
max time network
600s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-12-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/1113754527380799559/1226292872609927299/1226548063817044078

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
95	discord.com
5	discord.com
6	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b8863e10-b89d-4eb3-a176-336909b79b13.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241221145033.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2366345620-3342093254-3461191856-1000\{59FDED6F-3187-40F9-BB32-EBC956E6C206}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3648	msedge.exe
3648	msedge.exe
5024	msedge.exe
5024	msedge.exe
3128	identity_helper.exe
3128	identity_helper.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4696	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4696	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 420	3648	msedge.exe	81
PID 3648 wrote to memory of 420	3648	msedge.exe	81
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4576	3648	msedge.exe	82
PID 3648 wrote to memory of 4488	3648	msedge.exe	83
PID 3648 wrote to memory of 4488	3648	msedge.exe	83
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84
PID 3648 wrote to memory of 3284	3648	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://discord.com/channels/1113754527380799559/1226292872609927299/1226548063817044078
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbfddf46f8,0x7ffbfddf4708,0x7ffbfddf4718
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:448
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6e74c5460,0x7ff6e74c5470,0x7ff6e74c5480
    3⤵
    PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7697462277844689335,3733623239513253914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d57a449c855203411a38d5ae80bc24c

SHA1
b361032efa556fc4557bbad595ce89c4b0c13dba

SHA256
bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21

SHA512
8d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77fe0ce7e1f9c9ec2f198ad2536bf753

SHA1
2a366472f227a24f3c0fba0af544676ea58438d7

SHA256
c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00

SHA512
e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4757678b-9861-4e0b-a2d7-0b4007008320.tmp

Filesize
1KB

MD5
d6eb49601ade760d95d72c8e105ce234

SHA1
f5531d8d436c558bd31e34a5537675f22117740d

SHA256
3c1d84b3bca61d9454ca6eb44e476c9f134db44bef06db4fc681e951569942ff

SHA512
62f30806e9e4fd2601d8f4d439d8885d46c61914c58dc998a0fcf7a1a28d6769e3e0abbb1f6626a2bae4a5a65a8867632353749b172ed0daac795e53898a327f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
137KB

MD5
7209f284854b7ea1e5642c91fd2e43d4

SHA1
4f3e2904428778c247fee4bbf39dfefb45234370

SHA256
1878e1d962faa07f1e785f5be4104bfab3feb6112a66d7bdcae1fe2524e8e4e4

SHA512
fd8f15a12102b842f28da5a2f8d2eacaa0600459c6d0df415ac7e43cea0fdb359cf95bb2193695cf6169eca5157914d584c694514f9498ade833a49da67ce3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
99KB

MD5
086cd4bfc33a9214939a2e914ae428b1

SHA1
8728bac835cdd5d7ad832c6fc259ebd5ac46da88

SHA256
d9bc0191f4511e05a63d02722ea4ce4c953742bd33698120d514d3d862f1308b

SHA512
a6d124d4fd8dcc7ac1a4c8be5475407626565fcc337e43ddf0971c240145fcb4399054b039dbf25fb92eb5b71aba1357e0b3a09ad34ade01e4ae370be80627f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
434KB

MD5
cb0a3e40afa84e931525ed441809e6de

SHA1
bf015a563436c50c534833b26bdb4139ca777a2b

SHA256
efb11c61029cc8ffed157197923544907e7866c01f7aab4917d5e68a6bd5e28e

SHA512
8db73a7f475c4c5dfddf7896cb562a70e23b30fd186b66910bf15cf7cccd4bbe7677138fe405a61e8ab5c024844033e81255d8ef233738953930af3dd5495040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0300a74f6d376b20_0

Filesize
12KB

MD5
0200d8bc95b5c9a0c7b0e18ff9b90e99

SHA1
64fbefa8c3a4f4f9bfadd969cd1ec35fa28447f6

SHA256
484e2192c9a445783b7a9cfefdda115dc26affe7ae6310a63bf3747a4fb381d1

SHA512
b0f2186433e4ac81f1df9f32275139258fb58b23c0d1d52208f80a928af86448195bad9b1323d4a28735dd0da66042dd8768c0e3f81ba4ed2af43d3f95cd23a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f22ae4686f5fa119_0

Filesize
311B

MD5
6e7549e97ad2f1cd59ab6d770b7b2589

SHA1
0b5fbb5e5ea7f64c3c946bf53862aa14ade5d974

SHA256
e1f77c2ca285ab2ce8c8d28c12a1cd44dc8a7ad07a807d94c59119ef6025e871

SHA512
59c2df7998faa04a900af4c6cd89b56aa449e492153f0f51f92b6d9addbc7843481f78152c498b0a151f7d0d3c0669ece3b8b163815b343895a307c447175238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f547a18e01497d43_0

Filesize
721KB

MD5
2cb71248742683c8a7bcaa30943c2991

SHA1
ef870c35fc6acb3276ba0c14dba39269aaecffc6

SHA256
e56ed14caae4e63c1ca000988d5112d27599ceda284d4c6dd988591fbba471d4

SHA512
26e31acc5d9e085470991c91e41fbef73b080ef037530136368a6a8562476751a12c9a684588ac12b9a2478b068e135f00d9a1eab48ef5ddd47a5edb7c4c4646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8937127f4c1ce6a6c941f0c79436caea

SHA1
6536b1dcdd3c574cf5db1b88212ab41e5b90bf53

SHA256
4bbb6af16c96b8ed48b94e39036889040a4a99e51382c8a373f9cf0fc2c613d1

SHA512
6ffa0e7c4ec8ceb8c22e54dc5ee9baccad5d8ceb3546fc9ca82ed7ff48b708aa4a2993d2d65ee67b88c55b5a27d81538f854a403120b4f30443cee48ee0aa0a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
753071c440c260b3ee86b1e32fb6f290

SHA1
856d0b82270302a15528e801db2ae707843e87f3

SHA256
7a8b0c647a0f9f104a83f5af790ea7c24868662036381c56771d8215c75261be

SHA512
380067cae9746c6f835247372d0abf0b8c73619e857d7ce1739e057a2d23df532225e3201d5eae7fb28d2e3ef4da631d14b0c69a38e5ec53e5bfae6a4042ed55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
cbea6d9c63c7cfa2cd0bf47e3b52d7da

SHA1
5787206a25b9b6d43cceb81837f245ca1834ebe3

SHA256
3d8aa708d6fd5726bc828e56dadcec4c88da3224cf7e4be9212f371e08b8c235

SHA512
b20eebee4194dbbb9bd9bf77e086704a1c6ed311485b77c29cd62286e45341a1cb35159c1ae31b11fb85a22979530dff77ddf82a97159d8e0857e394d4d421f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
45474a5f1481e3e01a9891e05bbd5237

SHA1
4594e38bb605e7afc0f6a933920d0038f23848c5

SHA256
1c3f17538fcdc1845ac83f194193b0fc4d5e847b3c6c212876774ca0bf1de218

SHA512
29c7d17be8b39443420f6ffd167bc1c6605949b0d7aeae38e10d9a097b3eb7a7a92e4365f45961a9521b4be481253ab482f33f3103473d098a1f9a23c1cfbc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
af182b90a74f12e114cf806e6c0bf7c8

SHA1
90ca729a36393d4060ec977f537d545f44f444b7

SHA256
661afb5b24f25630c6026ad04961477c5d50b5742af3c17a52cbb168994ed7a2

SHA512
6d25be3c99fd593e2408be9ca774db6fdb51186cbddec1da12f02f94ca318d1f654714cc3b353215d04dcc55ec450a9e4be839a6a5d63b33710d40cc67323be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
b1996305020a78b3112bb5e8f05218d2

SHA1
382cc756b55edb32b7609c9cdd17790c67939ea1

SHA256
e0578fc8f70e564d59eea4e6f4cda6abfa759931849da498982f6f3f901500e9

SHA512
b2d7e8556204d387907236f2c1e22831ca35b733623cfa7ced04f0cfd338cc2017d6531d24a7b619aa90dedc1ea20d13116e2f84baf00f18967c32dcadd0c4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
259859842a6bbab09a358920a5293e13

SHA1
1143c11cb49a5ed1d6129c8c0e3f6d424f2e6357

SHA256
a70ad483ede7483b06567f3445c644f176d45efa08d1a045cdac5f725f7a3473

SHA512
c3c7aaed276dfbee5708742fe1afc3b2f7d184302bf5248b7416bbe781562a733288a7eba7530029fb9bfbd47441890bc81a70a4d8ab9a19ab884014fe94aaa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4ffd2135ed7313565b8ced2d3f3a1000

SHA1
944627534b3185764a5a5f6b83901fdd47ce61f9

SHA256
a4eec6d3980072e1620695efd7f747574c8a3cc9f91e4a4626d111d6a8134513

SHA512
bca4a56c36d354603e0b3e51a4626e30d0f93a89750f1e54c9aac839e0ebf3fa2c0f1f61f9e8e7ccc7e5ffb4000f0502195cd38b4f93ea0cdcf19d5b98b5e0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
b6d8516be5ce7af48bee6d06864ba828

SHA1
b23bbc74d1f06ffe1fc761ce7ec919787927d10a

SHA256
3d78eab1fca0308a7ccb640f41d63d03ca12727e3899b9d435b19f22c0e9624e

SHA512
ec757c460843e98a2f65be8dc3a4cace14581d5e5d3c587118deb5399afc08d3fbab21238335ad4efc627344a66ce6d4fd3dda4ae8a7506501e0a5e2f6db06bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a017a5485e2ef74d31cbdae05589bc16

SHA1
868ec607649edbe7da06e8c50c14667e8edf8c6e

SHA256
ef4f215d2e5f964a47fd34e7864fc81e99ca8c853a0ade294b2743577a42892a

SHA512
03c97e31e36eae0b2c87ef718e16dfbfa8064fc4d401678e152f305b848db5b23a39126afcd6254e3902bc0ede834a64dda9483a328aec7b86c6eb93b45d89e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
fdc84b77d8899bcd200e249e162a6e99

SHA1
0637b67f36af9fed249dea9ac30ef13c06719c6a

SHA256
ac094dcff67a8e3cb3c9c87bb9d0d52e08e0b73d9e4a9698b5475b8126a89acc

SHA512
6c176bc6573cfbb5a13c4039a05bbf301d718496b992182f9a640f54063fc4a7edbae8e8a9f34fd5351cfda065a6b04d031eaf5e96b3e3109784643a8ccece6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
c88a3bc77002a075b95198522f195432

SHA1
dd6ff073c9b7fa86d1a461013165a7251443e777

SHA256
8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

SHA512
e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
691B

MD5
1e129d1fc7a2af957901f31b8a56c601

SHA1
d19c6e5038f7d981fb4156b7fc7df82dac503d34

SHA256
2234e71c224a90a6af69fff4d6090ba62bc55324e122a372e60df974cd232850

SHA512
ccdc27f83924fa69f612986e996c8bf0dbb1187876e7553d7545692927afcfb0b66d4eeabe5f5eada4b55f89d1a99fe12be343d219829309ad914cb9a7fa1deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
9e29189f233acaf9872890b7109e8506

SHA1
049c38b0a855c59e5c3f4f428dcd5b5eb3c9047c

SHA256
6924d1232b36c538eec12f42507a8c2a08949249a5275b7494ec997bafd0af50

SHA512
af2b0ce4ff23dc4cb39644790854707c85e204ac2498cfeefe401e5a78f716144116c098c94c42cabb4911b3ad42aa2f5e416c093b389bee43f65ac9d1c80897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
f921ec4070c94b5a04a61f65965990ac

SHA1
1ccb861e3257fbf8b89ed3c40816ce43a851d4d0

SHA256
38191480b9c32ebae9f66b323f31cf9efdb996894f3bb788d15970bdd61b3330

SHA512
e406427d1b4a6947ac3b634504f9027e91aa0047091dbca1b95191c016283cda3fb6dcee648b3c12065d7581dc553dac4583babbaec08750d414bb706c040b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5886fe.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
924e84ff032c58e9fdfcd2e45b2b0884

SHA1
c440211248e094fc7d49b83620bf18e7e6700e48

SHA256
eece81671e40bd905abec59cd8151b158d326dc8b3dc90b09d580d7779044265

SHA512
804ef7160756720bd0266b9388ea5056c79679e8d06f6b8b7565617d50fa8ec192383e72468d69595a0db772a96df67afc5896b6309e38d1d9a6e5e6edbc7176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38986b08cd62c51a02c5c6714950fd7a

SHA1
08e5875d44ee7269aca175353a2c72d60e35b9cc

SHA256
eeaa42e190f9d2d4f445605b811999d6caeb8e927f56c898cc5cc0d6f1448653

SHA512
6af83b1dce6224dd4141f2d495b68f9fbaa36970f63bd1de9b569ba160f7fa26f31f8984bde808c76456bb43fae7ef51be1c9d068168bd980f7277cbc4c4c166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e97305ae4975275e747eb9442a3742d3

SHA1
cbaf1261e77123f2ded43542b8bb8ba94e6ba4fa

SHA256
3e404f2a3fdf2c1261073332b91ac911204cb026b2e0600a6da8f5e03a722354

SHA512
5856a763255e46b24979abac5c374b4bbd01c0fe59c057853f63f33da8e002b4477b7fe02def5dad0ccccb5f7afdb2544da5d0c34f40b088373f54f7538cba25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f7ab851abc84574a65e33248514c4b2

SHA1
6e9d87257d6e7003e0b1c3e2f92edfaa2dca80fa

SHA256
c7b39a208066ec142a6a4957c75f89dd1e78faef3056fcbfa6d3aab1f5248fce

SHA512
92ec94e3766e406ad6e42f3dd83244762af23a501997a88c2affb30bfcb56c4555550ae1e8713f539a9fccb688c16ad3888f0ee298a5dd50d706c31f4f229aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31e025068f75411725f434506065fef2

SHA1
a397463705e5de62a561aee88257d9c6593c4af4

SHA256
4ed92c0a455d68f61e3973727801a20d129e03104192a2f85ecc1bf85cb70f0a

SHA512
1add603c89eafa1666c04f9e48866576f3ac62a4f4bccccce2c7cec156935ae800ecd4b3a67899de3bbaf4eb651d22ac0375e8fa43df885542ca5fd99d1f9588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f82b754d415220c77c710ecaee63c697

SHA1
4eb1e9370f7da04c99eccd2976d88a5444c0d36b

SHA256
50981f283909b8d9ffa6db70992761fd76b20d1e1216900f99e534596581188d

SHA512
87282abdd9b26690880203adcdaf6e55af31cc8d7f30fa69bbfde75386d23cd7b561389bbc45b9be1b139996ecc6b7c935fd1bcb4953cbb063ffbc0070946ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a952f054114b4fea8928f1877c511f77

SHA1
0f9c619768c5f6eaacd03dba8dd6552378740d00

SHA256
d95a412333e396a4ca21d10cfa08df0c890c5abfed087846210cca2daa63f63a

SHA512
52e3b3a13d5811425bef969a17754467efbe83e763c4b9a7b226bd15c1b6cdaa49eed25e739da3ea5a4438aaab85d737d77241adb92c5a66bded85917c70ac5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9b2345e425acf05ffaa1dee20d4fdbe7

SHA1
aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3

SHA256
1eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14

SHA512
647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
77006dacd174a80aa9b867f95d5df337

SHA1
7078db638c72ee5cf4ede7911e4421cc4ae103c7

SHA256
5e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9

SHA512
e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3f4191bf92d1ab8f03d9e4f71945d08e

SHA1
44b0290c95589e5c76bb8cbf8613213849f32366

SHA256
be54d22d3094f63f0ecb833869d3bd357f91840bb0acb5691ca98a3db875e9af

SHA512
3833fb3080e9f143379fa15440a5cfdd43d20f3f62e4261aae75005bff7fd08e577bb751d35610a17dd93a643fe047f660b362f3a30781a1e6a4a2e57deaf8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
28181bc5cb64795472a8693c81d4f1a8

SHA1
314a152949c500c60098bb9827a03f1b3ed4580a

SHA256
9c15cf08ffeebb2aa1e5c1acfe8edae83e02c4320db59050d795cc39ce2816c7

SHA512
c5924dd6dbb6d9dbbbc283445562a5a6bc7785b561e89550ec11c695292d5580f8d2c7b9dcb5ecd9dd0d2200fec2b6598e85950ceca06db6c36ca3406e8ff66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fa9c47297fd48106ed3865984b97e8cb

SHA1
6cbab158f7ddc0fee66c7113db6fe9e733194d53

SHA256
147eafbcd40a2dfc1243ee29e767066e6ffa59f354ad9695307c910b78ce0ca9

SHA512
0fb5792a64cbaee11440063aa452fe7be2f0f545143578d39807e41a38a6821fa92244b5c0537bad57f44bcad2194568092a36178d7fe6148629c4fbb2afa173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e5008d4d0288a18d80c53ee158c1108

SHA1
154bde1bf2baf015650424eb66ee1517bd85efdb

SHA256
1b1be7cdedcff1bc47063cf558ca487a080c4714708d657e55bd0878bbbb94c4

SHA512
fded7b8e55e214a47def48b66b83b82cf7f9520b0849d8f08bce1a5ac587dcd015c12aaa947889b9aada934ef24459d5eaa463301b11617536a39bdcb33b3dda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
504661de1d7ef37cb1d0690eeec38235

SHA1
25e4173b889268acc07a66e3940f19d06dacb1f6

SHA256
127f55d08070722bf7c2d8145ffb39c71ee6c62eb5f885a47985ad6c771b5b8e

SHA512
fba39ae2c1ca0ade2756b64cb790c43cae2665ba9edaf3df50337cc7f68b5d5889e1094c07a8600726860a93f77aea3e80a78113eb228e0359589b2127be982b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
964a00adaf10e8ebbc42e0b467d7feb7

SHA1
7124db21a9ddc7d877de07ac3d07861563d1122e

SHA256
9b98ba74deb0a88ea4b1c691c8aa1ff9eb4cac88658ac158334a57605ee560af

SHA512
c7c8ae71481b3c9a0086204af4a63342f8939930dcce8eb557a0fbb1a5b3ff8ba751b87824307ce49ec3e16509cc4e54202d601b359d026993b6b4660a99f260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f9c0a9c5fc98237c939ba901a119972

SHA1
7726ef8c1f2bdaf0d22e863587012fc5495fcd42

SHA256
8de3633d82d716a9b5b82b7bb40a8c25d250334050a2c4da29a8f12b133507c1

SHA512
8519029e6b8e78a59eb28d991051604e56ebb121a1cdf3d6df8a857b80914610348dc779c8d2896c2fc6c8e6722496d1cc9d5a18f48d1ac67bf75bca350d1328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b162cff9b74593689911570223a5a475

SHA1
3a295b9dc8331264f3c1e2886c81c16646607a9c

SHA256
6d0431a0f1c43001b936f9b6e76f48f843e3632cfb711f86bc3a1392689ce778

SHA512
cec432036692873eb8fdc1cc0403446d13da3d42396a3571c56cf0a551d865974ae3e2c49dd280413f2aedb9453ad4cc045e4fb6f6d961a3352fdf3f194901ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98dd7e7e1eee40e287921dc062124ce3

SHA1
c54fe2a0c702bc27d3b47d9205837ee9094e7cf0

SHA256
a83b7840b1ce53795e355be185ca3437d8921a77ae41bf100934eff1efeb779e

SHA512
202d3d5ce78e00646a28fda69bac4826313dee1f468a49dfe53de93457387f33e1a8ebbd0c284b667ff06b302ec7a7c3166361e3cf069ce0882a101d0e40a0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99e44a07e8b0eeb60282cee973808be3

SHA1
ed656bffce1bea6976c7ffac8737a218b55f9bcc

SHA256
59cb85df6f98b8d960a7a86e2ed6c998c0c6e59de25430f34e9f3d5c010b0bfb

SHA512
a0e9a79794afd2ce702803941f6fb44fbc817f8a6eb6bac9090a24865b852af23fc7a6ccf3211c194e60c87d9c45c212e236aa6bb0c8a974235489132e358cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed39cc7c7105d62b9606aba0f911b92b

SHA1
834e2c778dba32082bb5621d9326ccb00ba40d8e

SHA256
d4e83647e164dbfb85aea60e1b23476753707dbb2f4cffdc6b09386352d1cbab

SHA512
d98ee7ae53e65778e5984521a62fd4999dce3c6fb16647611596348184896cc213ebf5e409004242995bf47010bd8fda5d3a8927439976d135446b315844cb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fa1f0b767b437b39c3dd029400fa3c8

SHA1
160d9d6bcaeed5aa37c740ca3933de26220a4859

SHA256
82852527ad92df533056c90f97678d87554b77cee57ffd4106219ae4f83c0d07

SHA512
ed9200d06887746ec37266ffb37e8485a553e81a7e78319235aa4d54a566a80b709175a8145d8789b3f8f5ebed745d6de6629c5774f31fad6d5fd2830396ea0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
375f4c4c89e2fb9548c4df19d40168a8

SHA1
128b0976d06cae9879397c65f6971fe659d77a86

SHA256
bc573ded1e7d28e3287080a26a3da982d866b702f6f6279e8062d3e8e5d634fd

SHA512
021b6c4111637dde3c52f5a62b819b70608f7218f2583e2c6ec1b196c0269752b7f57340a09af94991c4aa15b892fde3d565f137247ddda9a96282276f485074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa8bef8bc2c754b50da142aea826966e

SHA1
53505f70b96ca7f43c308c1acd344b942b5ebcb8

SHA256
45d4b95929a3ecd2a6f62e66474ce6d4c277cea8f0f022dba86e4ceb3cbad305

SHA512
e466b1690559c4b73900ffdc1c763545640a0f6aaa7ab99d4cd140af928aaa35464ef412838a93105140945f832f61a51d07e7c87493e3d080c75e5385563891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
489ffc12b2e3257ae388aeaaf6ac9f2f

SHA1
90bde2e2711e801af5a51ca25dd831bb7e7c4a94

SHA256
98b10a4cb0f07f462f676ce5dda9b998ff655a2917ee2df80d6da6d38eda1e08

SHA512
bd58a1c7def4d9b19a594e939acf6b0b06b646257bb98e40f279b50bbff213f8e23fc3dde203a72230d515d30456cddfe2a60de7b4be5e2093065bfd5483e790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c753e50e0c90a958406031bb3d296b1

SHA1
53c438a0616abc4f8c343bf14da6f9d5b3f020ca

SHA256
f57c7284283299c75d5193d38bf3e448017bcbe37b57b704a575e5e4fd8e6574

SHA512
361a1d839ae666a4dfe7d96679c049268ad43b43fc779772d7e24865e0f97f9a213143dad2471c951d692f62f680a9f0ebbdac3126e9892564a9f192db803b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
877a678f0a346f210d336d6d2c3b1c06

SHA1
f55a204d948b7ec4b36894dbd7392df3441309cf

SHA256
47def260d8eaad2824286f3ccc3e1678e083286468d098906b1d344738d642b0

SHA512
a2ba46cd6c3c84d84b7564b689289f7b95d902255e497102e5d0b49df37a02315a6a62ee402d981d0de51fdc7d6a7f9a13c573073bfbd5bda0f64ae81a931115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb94c3062f40c40d3b885250e8585c57

SHA1
1ae10695eb2f2fb3483cfbc3597d524ca3a21d0a

SHA256
3e47a93dee385fbd31549c6a28ed6dcc6078c63db99c08628cba38906f41fd0f

SHA512
506b00c65910f1923259eb8543728595931b577b0509514cc351aba063af698c597c4a64ec626deeab0cb385592372520db0435e44d291b1db141a02f80392f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
356cf4db71cbe820d0189e0e3b085d3e

SHA1
99b59cac165f1ba7eebe7205f9fe9bfb372b8b2c

SHA256
7ca31aa87b75402c4869d8753fb843ff5baa9adafd1a4bdc8f77c98d550e72d0

SHA512
ebb20d033277952696a97a3ff941bb3310bde056c7336aae20666f545229d8b675a5189216a3b1ec0be43936de659e2053695ce0cef793f121e6024badb3d3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13b19a3b1398d8b4c6d3be34618fe407

SHA1
d3ec71adf8efa08266919c114cb64e9313a3784f

SHA256
6a1376e92d2747fc6a88426ea33779d355170c4f5f3717b08291baad1c33c9a6

SHA512
cd1e0d50d89dc4d2f49c6d7c2b1749eb20327054cca786adb17888952e8e70bc5574c611b4eec7b299c8ab62b09be7ade00ee020472d139cbb873a5ce6bccb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6eee563f93ef7c8c1f2ae238c11ce8aa

SHA1
e0abdff2ee06b5ae72c14d3963d9b1e5d5d9ac1e

SHA256
6b2637792f6911f6275d2ca6dbdfaa7c619425e772dc5a9f8138f3938e5d283f

SHA512
cd614dad2bd0034373f5066274cfbc46efea841f5f11cb20dca38e7d1f5ac15a30d3b1e8c9116563b3eeb1fc40b61f09ae249ca4e7e42816a2733bd5e65426a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585772.TMP

Filesize
370B

MD5
06f535e38adb7897e4794ea17f1372bb

SHA1
8e16c37e801a1c62180175aaed5513cabb3f3e8f

SHA256
726053b017c5ab0b3f23a9fc489c843328dd3252ed190b7bd8ed4c0cde087190

SHA512
844b0f0cd8d382265e33dc9be9c6a505b33d63c9e3252f036722e69a58d1c8bb84cd4ef8c1d23853c299fcb49f0886f625486b0e783bbf76953f602dd228784b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
04e998147bddba0978eab7fbeb5ab957

SHA1
6511dc623959e6dff561be92ef5b60b72eaf32ac

SHA256
c58c11692c5b22575dea2ec04274a3200f3b245972862281cae3a0967fd589ce

SHA512
fed7f0d771f3d1f73b3e8302de72d9ec55b1ab2355a9984a5293ab26556af79c4b8bd0a4949894fa09712b17fe70516ae0e78a224d25808bb0ee0388cad6d0d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
dcefa38e25fed02275d1a23adc97d864

SHA1
24cd121c197cd8594e3f6fe165d525903271b00c

SHA256
03eeebafe4c1400a337824d241a149f7b7f94e38ba32a3a2875986240dbbc417

SHA512
7a35b9f8e7892ad0c7a768e89affe43ae15f8b03eb7c6eba98b21ae7fd1fd7059258773cd4d04216277b36c63070b33f965f584b86e5afbd6c06d1f203d3723d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d8d4536f90abd80f8ddf6c4e6ff03fae

SHA1
5ded0b9c52c3fa79b3b758dd9ae1370d62c19b7a

SHA256
91674b29769387bbe7afecf392ecb35bd3a12e66fad449968208f68dfb41437b

SHA512
e7ebfa2fe857cf1f2fd3f83d7bf34ecdbe2f7a3f4280097f70b47f8b5d154e3a3655bfd929c3c1c46947ffbc0b0de71bb1a1c622b380aeeaf6c309181fa6d789

Download Submit