hxxps://tlauncher[.]org/en/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tlauncher.org/en/

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1498570331-2313266200-788959944-1000\{314CEC80-603B-4E59-8270-E7376FF74AE2}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294256.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
512	msedge.exe
512	msedge.exe
4472	identity_helper.exe
4472	identity_helper.exe
2808	msedge.exe
2808	msedge.exe
2956	msedge.exe
2956	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 1764	512	msedge.exe	81
PID 512 wrote to memory of 1764	512	msedge.exe	81
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 1632	512	msedge.exe	84
PID 512 wrote to memory of 2296	512	msedge.exe	83
PID 512 wrote to memory of 2296	512	msedge.exe	83
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85
PID 512 wrote to memory of 1596	512	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tlauncher.org/en/
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe064146f8,0x7ffe06414708,0x7ffe06414718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,9239242510544074776,11615632231673544147,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7500 /prefetch:8
  2⤵
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1053fae7-95ef-48ce-bc6f-a229d0de0b88.tmp

Filesize
6KB

MD5
fa060ad1ba34f00424e7bd2e31de96fd

SHA1
f34599d42dd85232faf4b768b67cfa9a2eb4e9ea

SHA256
dd020cb94594eb070367b0063ede2bbbcb9f0f588ee15ef3a7ae5ef656a9cdb8

SHA512
bfed0f70084005bdfe6deffad978b9e3108e4920d239d72a209468fd67fd4d5fe0191ccb7a218acafd1c21a8e0e9288b0a56b16ba9703135a0c32abd91941fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
d8588a7d7bb0b66fb439edf73ee37563

SHA1
a2398d543e3fbeb197e2128654bb5a1afd599585

SHA256
2210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35

SHA512
7c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
17KB

MD5
26c635ad8428a39b49229117a620c46e

SHA1
46e855b74f4530e906628395c4d7129fceafb0bd

SHA256
315e4922621d23046a4fd7346d458558fc169c205bb7165d60176fc23a823b13

SHA512
c6a9cf6881e4590945547c60bfc8f2a897d570b875ace8e7b2833fc121328367aadf13065f3b157f89f9a9d763a2abfaa728c89c40e7a6f9999746ba5f55369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
76KB

MD5
43d153e4cb7f8668892ec2a4a0a0373f

SHA1
4fb53316eadc4c17c00fd41730a265ec046f8578

SHA256
f8c786ddd5cf29807be531bf8621bff5094834fea9b55ecef24a5920b8263479

SHA512
152573bff675296369c36681d07e34f86d230774aecd6bea9fed40a52f048e46a01542856c0e55a32ebb2a1bbb048e17836f785639a5766a5b31aea60a6e787d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
88KB

MD5
0243d388e8b9f0f12f7d2b67e719cf73

SHA1
39bd292a8a602c774ce189103b51cbdbee85c14e

SHA256
f7a8bf314a7a54ef1a2ce6d2ed661c6ed9c41dcf756783254739cf72416c0c73

SHA512
c5dbfb863e46ecb046727f23444f1748b24085618e423d00a936ce6870a00a670c9fad389d5b95a1527713c987a73432b43973a30439c59b4f137388b544acde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
1.1MB

MD5
3ee2b9a78807da4c9c54438ad0025463

SHA1
ed5df56fb83a38dc4d5b9950df43d6c878f5aa13

SHA256
21b4c05ed477109a0a2ec7fe3fed0115c464ba3c22e41bd12129c3ece26c0f4c

SHA512
60f498b0c7ba0c0d25977e4f44400fb4994c40ed89db05cb200a80e88bffd5b82a5953af822013f27b8085a22e25b08976f616f5c876b6cb480afd666d28fa33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
65KB

MD5
8b78c2e7a2ba559f2827fe33d2a71fcb

SHA1
1f3808baaf2b0338437d7d43c4d44b7db2157234

SHA256
4e2fd2a28f64ed533cd1fe39b8825172a0c30b370b9fd5bb96e434ea419b3045

SHA512
f417b232b35d53d2f441d6636f8fcc4fe9dc4a0ff344ae7ce6f45c7a451a61277a19a94581ba88ed65d04d386132ed32c7805ae0d91a34ddf3c1f9be7e50031b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
66KB

MD5
bbe66786e8c9957c3e5311dad0047a15

SHA1
41ac837791e470d3227ae4a68782cae691bf3a98

SHA256
fe0f1d8b6263a16c3c6fb03fd592d88984f7f632761ec998048e4385388df4e0

SHA512
38700277be325aeab0d23090f08ca371522637a2d886da0181d6d12fe0d48b0ed26f6ae47e4137fc1ddb522587f99ac259298a3f73bd21675c23b39430c3fd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
17KB

MD5
28198516e5b385b19bbee4fb3dc290f9

SHA1
ec4e9ac07df66a540fb3b15d70c6135a279170b3

SHA256
3ced3f556e65561203347082cd3c41f2dda3ac93e2b449d553a1dbfb9b73a1e9

SHA512
b61fd3767488cc4232da87350f9a0a8da08445fb84430cbb4e222b4eb01538dccbc5695fce7cc2dbbc45c3b83abacf708520da9d11786d8a5b6eb724d677d7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
17KB

MD5
03a0aa43ae83b56ee544acdfb4aa1cc4

SHA1
d1d9564adf345103f9641de873c56b4772217754

SHA256
aa5a5a7aef18ee566c2ae611c7e7a23d61cceca332684e3f3d2bcbf7c4bfc886

SHA512
84d6c90cb983479bf15c77484758e234f12f5c4d59c4964a05c5241adcd5c6f7a0d641a7efcfb6c8bbcbd8c5e8f1d4dc0c62d28b1f70985680fc74018307a487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
16KB

MD5
3a92ec2488a578522056ab029eeb71a1

SHA1
7a438d516eb50dd912d6f8dfae11057368866696

SHA256
d56fec2159406ce1d4e284774fd1ee371018f131e28aa303ad1675edc76f20dc

SHA512
cd6e5acdcd6ef9664eba57c4d4d591c784316bca0e5f646d8459d632dc9bece95bb254aaefa80f27d828f3d2ee0cdd20c93a197d7c1532e36c1639513f1f5627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
17KB

MD5
2397b37ea6ab368a1f367a9ff37d1bdf

SHA1
06126aac175016e82ba35e072cd251625f890609

SHA256
ff769fa64945176f409bcb7ebe92a385e9f9f1b11ccb095a14384dd209127011

SHA512
435b0e73dd48297d250f395377cb2e8944b07461b86dd22231968076bb579b30c869599fa2f9096437589ba1156581387d6f6d88ee6255fc7f3c1aab89909cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
e411640e40302eb4bc5f6e38291590e4

SHA1
3d470269ccec0d75ea2dd4cd03510c5caa9e5f17

SHA256
6a9a5fccc539b88a0df99e79dd6366dcc10738ff884318cbc3e491396f85fc70

SHA512
b5e557ce1050f86966fb2f463246d48d00df31def2cf52c6466eb562b0ad5cbdbe1331e19f109fb7b4dd71859f7fc534de10bdfea72d4a949d80031a397b50ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4a6cf52f76c45bc3fc2f076a70be2aab

SHA1
727c6cb5608d5115ce307f66933999cbea1d4ea7

SHA256
481ad08d4731abacdff7bc57e32fa96dabcc0586a6021de75241f663c727ab3e

SHA512
5c8c416e4e99e26e5f35198c7263fe8bcc93f35cb0f1f28f4595815261e81d7f041cf90e200710b857a4a3df6904d81a948619f9c66622f82fafd5bc0a8a62bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ec0b332dff9d42a7209bf7e643645e6

SHA1
29e2ba1bc818edd6213f5c2625a55a60a6a25389

SHA256
b0c4e2e8cda48fcd8015e3b68732456befd028cd85c1eca8f42c0a0276a543db

SHA512
c1df7029e0bbae987205dd7472544388bd454cfe168dfac01803742615b7128c920d9d1f26d97cc748dd829ca4baef22fb05a6b1d09db661fb1f98fcfa73e889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
086dd29a1fa8b48cd9baad0e49b48327

SHA1
e0e27eccf1c35866cb4c65d41873040bcfd6d786

SHA256
92599b3bf9b0fa5af7b078050ae28d730971de2977e86ddeeb5b87a6d50cd835

SHA512
e0132cb3d7ccc82e19c6bd79c64a7bb85cd06bc5e97aa4ccc1368f0506d9bc601372e4ba81358eb444575f497ab3466db3df9ab580fac7f581e642b23f686159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c885d7f9182fe5f4bd7b9e7c9fbed56

SHA1
f1ffb1ecc70565dbe62e8a18b323e4ba2e270e45

SHA256
d6c22f13b62c1ee406ed99b545ccc4c5787946e4bf22704f2f0ece412c3e08d0

SHA512
8c4694c3099e317f0887b01e1ffcd4df69dc26d8788dd62e210d88142e3b6026c06ac8877733fdc52c609e0f1f6d26ea95e3721f8d2b6bf72123c452c8e79181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dac3b81b2e2e7027a4a1987c69f7229b

SHA1
2532f385dc613bc4bcc32d940a896b3b7cf57865

SHA256
e6727e33a97923774917461b5e49be21ffa6bd94fd692ea9550930cffb9c0abb

SHA512
36416cc2ab7e06a9723c97b18d69687b7907db9ad45dab590e3806213dec82a82355e64a25e22f5e9b956a14cc5abb10547b6c82b59a4edf3a6f42407ee77a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8905dbe34d355f3fa00d551aaab667e

SHA1
87b64d619b1c29fa9eb29847d2c9d50a9e28c4c6

SHA256
03dac41b0844d907390a00d227bfaa04218162cd2e55eada6ae747f4c19a8906

SHA512
4ebaa4ee8b6badc0304d2b872e368a1c67493c81a3e44337f4396b236eafa02537a006c0c0cc4208e49b99792c1fe9ea724c8b527e015ff10e1c30b5126d6a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08f5aae6421fdafd0d4bd6c6bc95eb53

SHA1
a1bf44aac379927f38245b65c7366c2b9c040969

SHA256
e3cba04e654c868bc7235120963dc6ec8b23d2aa606ea0018c339fd7e3c7407d

SHA512
7e9bb3b18738ed6416929ed1229f4b854026b1af8a214ffbb3aa9942d230be286d5a635e61a128a97028f1d1a3e3df30f96331cf79f10bc6980431f5cd9257be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e31363cdaee523d6f3f4a295622c1b7

SHA1
6be38bc3059dba092089f4e0d41c2fc89ee88806

SHA256
54275fac1bd59929ee73a338dd1bcad37f09fb7f5cbc8a81b60f9b412c15038d

SHA512
f263c9502af61d40a98f5faaf3c2e473d653ee98d8c8ef8496116ead3aa43b613642cce66573141fdbbb49d59e687841636a89b692831c9912e4cc813a813188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43ebab98ba82374f9f89dda6a4f33745

SHA1
3c70e00ba815896dd1b0ee6ccb405389ceef655b

SHA256
e76b3f8d10b4f8c9261ac94d151621de7b12778fa2678d52eaef2148c379940c

SHA512
0373ea31625256bd1deaf6d3e32dde216fff77896a9f795ea0a7685b1f203828af34c93528800d58fbb1dcb8c4a0b4260ce79c63046937a57274a1dfd4768dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
925f4196ddfe0cd19a56324d814fe4a6

SHA1
f3a0e4ef778ab6097afd12bfa3dcea4e1d5f3f4e

SHA256
81fca569bd8d10eb09c9229aada0b1a94010362660f4ed177b38986d588729a7

SHA512
68d4f4af16846210464f6bf9f45b75a9fc7bd83536e1326f68bd318e818993d02e9a2c608ec98b2b4e5167d9e03adc5eed763536f767bb2383877ec8c48c7ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77ba303c004e2b60fe628d72a3cd0091

SHA1
da23d1e76e24fd4726e296acad403a4853c1f2ec

SHA256
5f9a9f0f24d9ae091f6d60927778c263abe04bd78a56339a5f2836e02fdabac7

SHA512
cafd77ac21201bdb3c1885de3773305b675415d3aca1d4c379b397da899667c8948d60c419a79bfe2fe1e8a6cb06a1ad25ec9c028b0f6556f979c1733eb80408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ffe706c61c93214b23bde38ec604e61

SHA1
d6cd02cd6bb3f29bc093f2a00f1bba8d0d4f49cf

SHA256
28225adb49f4a3366b0317892a69b6553d48f5f9d295acd1c5c339245a335070

SHA512
58400ed504d7dd23dcf41334877977fad3cc83e7db442d5b3ce0cf28a39cd2cf1b7a6ac1437172c76b981ae4697da9f00df6f686d3bdc8059cb8c93a5142ee75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e717959ea208ac59d5df0df466bc7b17

SHA1
025374d2641e8d2e738ba610697e98100640aa7f

SHA256
376799836c8bf578d054f46b7f57a8b6a07d6e9f1d759ca61ff3869306cae5b4

SHA512
12d0d8113b0c70f1f73042a5c788f3858703dc904e21c5c856011b2e85a3f31400ec68707b9e1d141fff8fefa8103f47372d4123d0bff110595b9f30869633c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7eedb0b56913b3814de6c7e40b7335a9

SHA1
8d774a61489f32d802c413d24315ab9abdb01b4d

SHA256
bfeac91fabc6254a38f5d1956e3eb40e79028a11bdf1f1239ec2c68cce9c6c6b

SHA512
e7ac9bbb3ac64ac6825eafd6102e2a699108481a08c73b8c095e945e17b8449a8acc907edccf02ce361910229490cd5154d5f17f213cfb39af1139916dcb4207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd40295a5a8bdb938f7363a04789cd9b

SHA1
675b9bab5145add1560bb4f2ab902b6329e894e8

SHA256
e93eb46ba19d2588e105370bf49787d148b86b7eead33eb48560beddaa4ccbac

SHA512
5cded136c580a48a894bb2a63da13a266fe106c31fb3130ccedafa6578a9e97c15e2720a821f3e92151f7c7f8ce81926695280ed1aee97c57a8586f99c029cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87158769513adac3737fc9064c993e6e

SHA1
ca06bbb7f758dfa8d804483aba1601bded77ac26

SHA256
3ac211998f334a08f482e08c67aea48d190e7a07591b3ba24fdef45d64f7e3b4

SHA512
747b6cef28733223749f5111b3d6ab229a4d5b481fff4a388164b6dcb670b393df431a74a3534d836174068ba68a78f16a7ce00acb4ea9f32cf031797329eae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f32829c749e50c3280c7a8ba0847784f

SHA1
2bfccdb1b6f9538fd0822352aa4a085c6a621a1c

SHA256
18c6de190029c1e8d87135751ab46d45d881e8460a0778eb3d7d866655e585a0

SHA512
500916d2c51ba1bce9c7b1c3c93ee0863782be6605539496a472166f7cd8baf531da917993e77fd024d53ff8c1b623db8c3f8fd90bee07460eb8312861fb3288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db14f795adb18e7235ec02ba53b27a5a

SHA1
ae0fcf2a579f424d5d44a9a6691a682e972cf766

SHA256
d4da428f99b9a8e23102d64389c58dfc36cc4e92a14893de63e5c7109905e4c6

SHA512
1cf9a701c7f984019ce56402286d36406d54da0add4a2e68b9964af8ac85dac05e1ae44cdbc3e4af98c44dcabbc46f76409a8168514b6aa21df0c51dddfb80b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90ffd3b0e53ee2f3064feb901ff3d4ae

SHA1
a4e4079a24201234172706eab01beb39583bb815

SHA256
21a16ed746fe4905f5b598f6a87510cdafcee0a0c67364b05b00a52e3c2b421e

SHA512
580d49751b7fe69dbeeff2f11d470eb99753e8c66404772ca8330655000ff9f6abee8bf35cc892a84084391b90c3edb319ea17e5068dac1916064f8a4666d375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
859139eb24158d71dd965a0df2738040

SHA1
85453311ec963e101ebbaeb4a3a8a6cdb2df740a

SHA256
d3e6279268c5acc0d937d58d0aae88799a089e49b5d5fd95204119a3b655190b

SHA512
44257ff19488a52f2695861a474254a50e05aa0ec3faa9cefb2ffe693d9fb33032b4bb03eae3c7357f4c5f907b6e438984aaefb2842985818d418b82b5c1f771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34b0032bc57a4c13389670488a84774f

SHA1
f87ad62d75c2cb8effb3906e8703235afa050e82

SHA256
8aa4906c959b55b789d7444d4342ea54373f278e4ac3201eca667ed5a59b6b9c

SHA512
907ed7d18f7c7b4a41c8793d985ec8076bc85aaf4585557b3429cc8b6c2bcfe0ace500227f37bacaf7c51d46097263d587ec508752c9a000c02a3c12515ea197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589248.TMP

Filesize
1KB

MD5
6c1094c3d6ce203cfa3d47c446c0226d

SHA1
db161cd71fae3094764b30a353ade7ab3376c724

SHA256
f395ef7df781c7a15c9d71c64c21345c3951a2fb2d7864bb6e607de3f3879fb1

SHA512
6fa0654d032bba2e91050fe9dcf9ceb7bf5c31d5e1d2899ad1f38c95dffccc758c7a6f066da5027e8b091c219d305a6864e3a263d2e197034669df1beb22a484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bfb5389f2de3733349b41f2c6c2a6ce3

SHA1
c0cd1a2a12cd341e51db69699bfd7384542698d5

SHA256
ea9f82cf57ab366395864a70ea6eaccbdc985c5acfaf2d02a0c0a33dbee71a26

SHA512
2df9911048789be014f839fce8f7dcd44d75fba920343fc49fa7acfb74026cf1b3e739633fb69ca666dcf59ac3d79c08940640a4ac9d96cf723a7453c9ada644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8800ae688220b9917b3a0dc4b27d46b6

SHA1
406a4a33ffebd037ced1ce924fee1720adc3bb32

SHA256
dce8dcef56cee8ee24773a99734334724970286ab72673077e75fd71ccf5f89d

SHA512
667b2ad28e5087b9418805984f9a9a56bbc09761310fbdf44782cb7df145514b34860d262809ea1092a8868033e60ba8be5e4dde622e7c4cea85f2da7237a2e1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294256.crdownload

Filesize
22.6MB

MD5
bd3eefe3f5a4bb0c948251a5d05727e7

SHA1
b18722304d297aa384a024444aadd4e5f54a115e

SHA256
f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

SHA512
d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

Download Submit