hxxps://desperate[.]skrin[.]xyz/

Analysis

max time kernel
320s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24/09/2023, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://desperate.skrin.xyz/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
1508	msedge.exe
1508	msedge.exe
4828	identity_helper.exe
4828	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe
5512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2988	1508	msedge.exe	83
PID 1508 wrote to memory of 2988	1508	msedge.exe	83
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 1060	1508	msedge.exe	85
PID 1508 wrote to memory of 2600	1508	msedge.exe	84
PID 1508 wrote to memory of 2600	1508	msedge.exe	84
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86
PID 1508 wrote to memory of 1256	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://desperate.skrin.xyz/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe744446f8,0x7ffe74444708,0x7ffe74444718
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6912 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7120 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2141315320811018915,6022849622388644178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
108KB

MD5
8bcfe59a06ecd3cfc267abae32010bb5

SHA1
463d4281357bb2289160aac929376a05c9e814c9

SHA256
16161f2248199807b8b579dc73de63b6aa87adf4b10035582e1cef96cfae693c

SHA512
d3d1a10708a4afa957a4b7361d80b3d1643e9d88bdb104836e88d1585c477f7eea4249e376e96453192d371003ac3da1fe61ed4a85b9e068dc747474ea14a15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
32KB

MD5
0200f7023e675f8a31e61e1cc440cc97

SHA1
e23596f1536b1f9281dea242e39163191f33fd37

SHA256
f6c96ef5304d7d665980ae84fb7f9f1ebaec767a6d4e3b076acdffb5c101f702

SHA512
42237c138b612b55773b44549871ea6534936e4c27756330bc5ddf361597479762d940b3f50269f1bba4cd7fcd37645f384a3f0a9d68ccb9b32c6f6411bfbe88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0d80bbcab6b4540260928cc3b393c4ab

SHA1
bb0feabfcb2fea72109fc018b3da2151c32fa073

SHA256
c41e8de7d52c9194dd68dfa064cfbe1a65535be162d0dd524eba210e0dd79b43

SHA512
d5366e8c51558e9b310f83d9866ca265385d4d2a0da44a96092ba0f6b6b22f730596a1d9d3a6e8e45624ea321199e9f04ab1dbbabefbfe09af62aee7356f41dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\LICENSE

Filesize
1KB

MD5
07a134d64793695e852ede1d8e87d45a

SHA1
039af01ff4f5dcd5db30e9f732406e1e31be1252

SHA256
4e428611ef0a0a265b678bca8d32baf3466c395b35f0cdb866775237c069534a

SHA512
5072c42fd5182e29917310bec2918d81cfa7dbfaa14276f469223101eeda23cfde41d4ba97cf70f905f2b227af439e81c5c5a263b23d5ee75762d01f8b07c113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\_metadata\verified_contents.json

Filesize
2KB

MD5
6ac2f5df4d7f87857021609a7393ada0

SHA1
ea243cedec127750fdf3dfce55abdfabc0691eef

SHA256
34b76b9c414df101afc802a9a97fbd3d1a01dadb65940462fb4fc3d4ebb48f23

SHA512
4dad1a367d129a95737a5de8587c2e7762b8d432403e948ce9a124d189bee5497714a815e001e349f16116543a232e60a3924e10eae1e391c93bc7145e24dc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\content\content.css.map

Filesize
507B

MD5
4948052f09919bc70cf1fe4b59a3a5b6

SHA1
ca0ee1f98762cb48295934a2d62f5df6b5059f61

SHA256
083773faff418320e8da1ef76d2d867bdcd2bc8d8d64a412178a941635776ef5

SHA512
c6234e0ceaec1b304698299c42763ec71de9140d3e0f8767ac77b80c8e096e56e354140ea6c0e25aca356e6c6f85cb842bbe12fc07b1e40fe5f954002748258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\content\content.scss

Filesize
441B

MD5
e99bbdf4d445d9df9aa8365a1c3bd589

SHA1
0f20db159c4fb62eb4b70b1145424ff811728de7

SHA256
ba3ffdc56728100fb3ae0c769f2baa09422849adb3e7ce15f3469454a8ae3d3c

SHA512
8240381448adffcc53f223b56fb1e1864957652ca5ff03616a7c4274fb430d010e182504b852df0ffc63c43821ce247c441b7fdf0b5d83c84824315d8ed9243f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\icon.png

Filesize
44KB

MD5
fe754308da5d7ecdbc07923661dbac26

SHA1
1d8605953dc3972f6e4cf9288c54e062d4ee2130

SHA256
b618b6b496188ce39b29581666b22e6c9146508fb86154b3f65e34ea008c4a99

SHA512
d0861a44fec0e616e5ed067e596116dbf6a6e86d84eb1fdcc2b331c468b04eb9d41ccb10f3cdd75e4d9fcabb7a8701e3d568d943f113004a680eeec77f0b643c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\icon_128.png

Filesize
6KB

MD5
5636ffb32c7ff82fcb3c3e80000f68bc

SHA1
7b90e61a7ce71b05fdcc3ec096587a6fa8d12b75

SHA256
c4b95e717539134c507af6c28b3d34ec201d7604237a6d55adff4c1a26e890f8

SHA512
9418444620e3e0c7481bec8826c3a2da71f0c26da82b8ecb85cfddbd959a824de78eac9428c101b0ee219728f50319229e966f9eb05d8c3202874865fb388f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\manifest.json

Filesize
997B

MD5
757df64642ef05b35b681d550330e037

SHA1
6dbaf3561c212ccdc2596e74982b32fccc74b92d

SHA256
9513d5824acc63c9756d1be39d5ca1fe8173cff514dfb09ea329d6906f94ecfa

SHA512
646b79aacecc21c7adad0d2d3b487ff8581e4d1385d9d4a4c3c4e44094958c061c8e37158805ce3bf148baaf09d8d6d90d06965bde37c5e86e368f4a5949e383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\popup\popup.css

Filesize
722B

MD5
bff0390bd62554ad935c8b1b6a6ba7ad

SHA1
54b98226422596c968623ac25a6f44e75c7fe660

SHA256
140674b3fe045266412f440eee6863af0cefb9e04e2a8737684774436efbe65e

SHA512
e2f7aca2536eb84ac357062322a314f30e88c0ceae8398c2aed151bfdf1253b8e58c10d9455119b7446a9d9fc00e8ed793f79249cf5bab8135a05671470ff6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\popup\popup.css.map

Filesize
606B

MD5
10ddc67a01cfd2d399858ddfc1246fc4

SHA1
50fc9bda21aebf7c15316f3dcbbe09ef33e42363

SHA256
dd24419bf6881b95b086b81f5036e4d5aba32d3679608bb95ba691fdacdc30bd

SHA512
d5daa1d4f57cee8a65ca3a0e392dd07f20958c69346f01ae17824c331af48bbd38615a1c4235184caa1ef0cd1da14a9345ccca568259cd79530509ea1702c409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\popup\popup.html

Filesize
721B

MD5
946406584bf154d60f299c56853c0820

SHA1
cdd7b830b47f76c64c734f65e1e47f43f6df6a8c

SHA256
4d075b088cad511589e7640edcdf741a46b09f2de6ad05d79c81980cc11a1813

SHA512
18ea827f6b11a93b5e89199e79753a0192dc99b44e9bf55d62f89919975a062f05cd9fbe9b47233b6deddaad4be8d3daed231504eee686d002d97aea74ac7b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mokcmggiibmlpblkcdnblmajnplennol\0.1.2_0\popup\popup.scss

Filesize
509B

MD5
9e7ec1f805c3ae8581f39ce5662bc648

SHA1
bbf5b874a5a275b78b12ae9a2aa6137661c7c246

SHA256
b0ecbd99f3e8c7c38fbcf3a8ec3c36c48d9346a416f37da2320ca1b21bd44dd2

SHA512
159e13caa75ea6cc13f90ac153f3f6f8ec0bd94ceeeb1012915a33b5011cf4f66365ee45b0fd3fdade9df424640e5fe5f2b380707064cd33fd9264b0bf954646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
182f5d62e9c572093f67ac580e8c0f0f

SHA1
735feae8ea1e90843698ec5014cfd8560011dea7

SHA256
4e00040cbcee9d742806dbd479abde63529e27a7fb91bb986ead8f6fac2eb5a8

SHA512
922cc6113d4f07484fbc19a14588ef90eaf8774d932047387bb74d6e95e2fd1b892d8f9233a7a56f83d21b8a980814df493c3e814103b243338d3da2b54ecbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
efa3efb115834e9ec49fc9a8d76a17bd

SHA1
6d143345010eef57c90e97eea44cf5dfd86d63f5

SHA256
457b6bcfddd0b0150bbd9d633f75ada4d2e56376cf29e53c3ef20f6f48022ae7

SHA512
18c7438dccc748ab310fcdd2a2db8a0b69399a0f89ec287dd5f8e82370d605bbff235f5604460cd29f50a2cad7e1dcb4ef68ce30431aba0294398ad95259c3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
196c841a23216a2e821001dd1cc7b2e7

SHA1
1602bc59253bd5d181decebe48c7e807f00b79cf

SHA256
aa336950bde57e2a240747071b6b298ee85f8979355e1ef0e285762628ea6567

SHA512
e349be67fae7732f6426584335b6a0d783bdf56dac9fd87e71cc9c4500e60a42911d51de4e0b8fdcfb9a298f0fcd1fbce991dcf38a2e716d0e02d893d735e269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98803c14846c674f71e7b4ad016a6be9

SHA1
6d53ec4c5263c7804b23940e3babc9fbbe790b93

SHA256
8daeab00d1d676f4cf06f2369fc2a59d3e9e357c5dd0c5f1c349c3c853937c4f

SHA512
75895d3ebbf2d928083554f53fa4df9613416151bd0e6fc9b72ab8ff4eaf7e33104d0606ada2d5133c6da2cd9127e7d98f96d33bb8118d05d0fbd63ce8923b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fd0447a31b7dba7188cf4c96557b2d4

SHA1
e1b244c842edd2ce0d324405e1f5df71fb4ff64c

SHA256
10794f776b1b417840fd2a0f61eedbc2b3b8e4f140457b6df04a6c57a091dcc6

SHA512
2aac4b6058ad56362e54a365b522f31195e66c3a14621ad450c1cbfbad98166a3fb83de8a287d0556b3db1e9d2d3941c9c0bdebab26c1439e072054375007715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
708689c6364cb2b1e47b14f3c827304c

SHA1
fa36931b26cc8ea8774b78a90375d4560de21e87

SHA256
bac842b0a976eb1bbc7fb5e819c41b092330c0d8412f9a75ebcb5710bae7bfa5

SHA512
3bf00078a8121fecb31ce623d2d2bab3d25a505188d302c9881b7d9b2c68f716ad113e179aef11aad5c84d8346fb6c98586f1b0969782a0fa40c6838e18ff901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3c1aba3e5d55a5c287ca79e95d96b24e

SHA1
43269df649f40bcf0a7bbdadb8943bcce10ef317

SHA256
d973b6cc774d3b7ed4619d84b8ef191b6606053c8e9974c49b30592247794cb0

SHA512
cecf4d790c5f2da9b1e0e52b1ec3e6e9a7ae196d407b633080d1240af055f06dc8e04bb328003e17190210a03d6da96e8423ef03932005bc987f0bac2f300d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
097866710f6a839ea199d851bf6376a2

SHA1
49dd3d8e6c877883d8d50b2c1356b5820fa93110

SHA256
859d7a7abea08f34b68e35cff873aa37d29f9c0bcd627aa750da515939766cf7

SHA512
f0ce0b21674f01785da8119d7b2199f0b42c38d366d9cfc733c7b418996f27dd33f66022d8f8c1fca083edff21465ae35370b565277b5bced67b76b4300a87a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aa92c734bc322c5a74f5e3b6901e1059

SHA1
8b60f789d0be591cefeab7b4d270eab15781a4b8

SHA256
a19a42264c7046f028ecb656c0af39e6288b6e30c68511dac0214480e1560f70

SHA512
f7ac91ed9caf90d4cb9960639fe7b0451d14b2ee9aa015c36073221b1b7cd437041647cecc5f32c4c8a00a986a32091b63356797777fbdb5239d5dd05e6963ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
27KB

MD5
00aa17d891538136cb90a6c0656ce359

SHA1
ff4b53553354774b7f0b298d41bc1cec93278bb2

SHA256
2d2c5fd057a0930503096ba9bdc3082274e4971fdfc52dcf309ea76a59753c6a

SHA512
1952aff0ffbde718654e69588d51f8be935a3bc575546b55966c1bd72c958641244aa9b6cfefaa220b75d6e79687634c19c508890190511187abcf6f93033cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
df12a7c410fe06390d956bd2f581f004

SHA1
af77f1e3e8db90462146025be772feff8a6d6ecd

SHA256
60ab1d4cac1d0b235136c400eb3e16ab31c2ccb4da4dcda593b439aad52bd38b

SHA512
4716480e6664bbc7e738e2266de5550f14f8a247bfa3a0a894fb3b338783507e194575c3756df52a7d982c858f2f04587cb8d2c47846ac94acbdcc65b31bc2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
8917be345a3a5c7a5f7cf5e3306490b9

SHA1
1303c12c36eac10b0a03393c7d9db0d64db56c98

SHA256
a5725da9af860278e85c201d914b7b42484b763ebb778a73ba36e00418cdfe61

SHA512
bea892d9ae1c1ba65203ff0a278efa13687294ad063dfd76047ce69c5fe4b705f07d96931316c75bfc05ff7af3ca11fc5ea25b3033c2a70e2b59e7fd89e25c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
f8ab6ed66dc6208f08cebe8a9ab45051

SHA1
3c4028cfad63ec18a628b3ea83c6cd8aeee4a805

SHA256
bb02c6f2acfd6cfe061fad31c349185d7ecdf8587a14bd2d20b40df294482088

SHA512
4a7b538c8ba68c3a1b2be9b1182e734835bb43e73cca6472a2c76e6424aa74a02d362e79082ce7d4afb84485a377a8751c98bef48c4f10d5cdf07e467a67d256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
b0c3eaf699f528da69efa817095bf82e

SHA1
a887b746362250082f152707fa22028695a5323a

SHA256
cc33145733369b7ed0677f2171cac824258fb8d2582df23c78fa8010dc0e4682

SHA512
c37833963891e767590ed693d222db013fa0d6572146d8ebb22d46b63ba7ebddfc31d06248d5f356b242cc397d3dceaa5ad58783796a7afc733113bb6b8f4974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd6a6fd38e6f7a3bfacf8e28c0ae3e5c

SHA1
78296a7cc1463d922cf14edac6ce4a7c9d9261e2

SHA256
e3e42b833deed5d84f06daa614c479f3c9093b1654eb0b067431278b3182378d

SHA512
26eb4a42238b44f139d3b49b17148c970808eef97851a13fcfd8c0c92f0ec50a0ee8f38e2f776829dc0cac2e55b549e51277f816b61dca5f093050312ad94a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c975e302603f4d726b2cc898ae33077a

SHA1
361307aabce607fddb95dc6ee9c9bce13b3c494a

SHA256
81ae0a0fd81e96647452b7e0851c5540b8000d4737b86a51b4cdef311f03f780

SHA512
7ba55ab7c15d325424ba248af5d9850736a9764342bd42a57402e057e8aeb5f22d03fec889f806c43a6e744401ccd8a9e6f095cd1da3af03fb9d8d5a81fd08a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5339ee47ebdff0d4eabb1e6f626463c0

SHA1
b939d7434fa3cc9fe4640a2ae4857987a2870a60

SHA256
d75918a80f528ee5222339147565b06e581098735f6f2ea5bc9765499c1cd4ef

SHA512
9760dd87ecc177c9f2b7048096d931b10ad9dbf2b627ce2ae6d9c0adb086b2695b6cbdc16cdf9bdd3c483fffaf458b1bf5bf738b9e4225118c307ded04b8fa01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585752.TMP

Filesize
372B

MD5
664d56e75e1fde8b1d013b5bb1992754

SHA1
dabd606d1d952782981cdfa107b4840da2f32963

SHA256
61e4c6c48e807ade07f6a1c876d28f86a2f84bc001e2416159cbdbae8552d7fe

SHA512
c66cb08eb6cdcbdcf2badf19b6595686743df2144ba8518e9afdc917c2c4b7e03eeeb0eb31344175046919d64fc368eeeeaea8f5061ee4b501b4e3be6c7390da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d417eda772f9f25bd4395ca6bba9600

SHA1
f15d5618edc3e31e8c2645ba5faa5692317701a3

SHA256
43acd0b6ec8aff99797351214d2afa282080a8e8c1de7af6af9cfa6e88aca039

SHA512
1f2af8c8e9b9d73fb123e8a25d194bad72471ef471582ab8dba2efd3ede01668fae149578970cabf57641ab2f47c4ab0710ddef2ccdfc6af384e100425807442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0831fee10ca0eff861e1a7680aafc8d5

SHA1
4b06afaa5786bcc490843f9b0ce9228895ea0450

SHA256
9f594be1831591f22899621bd076c648149aca3bbdd06b4b78697162d39e7a04

SHA512
f93009030c673452fb67582ead7006e0ad7c700bd4a13198ed31a591203fe9ca0bef3c8ea6683dd4da9c7d4f1a474ea8cfa0ac07fe546cc6811b4e976a9962d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1508_1614929835\CRX_INSTALL\content\content.css

Filesize
636B

MD5
c2bafd6d8fdc4b79d8065ea0c7b246d0

SHA1
85adccf8c80b6c295ed91d95cefe14b4f2604209

SHA256
d60e4e713a9fdb1b43a69da04fbc8b9157212d63e9f8f1cc5e324838bacb78aa

SHA512
83887007218dd4fb77866b1eb007209ec7d710a788bfeb737a3de370ae0b0d734cf7cc08b1a84e962fce667ef4342112ae50b925f267834d33f69da184486d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1508_1614929835\CRX_INSTALL\content\content.js

Filesize
2KB

MD5
9b263bb146d419fdef49aac3c6e43dc8

SHA1
6cd62ace3dcf372578872d3b7937e3a602d8d846

SHA256
3fa3a8120d0cbb87505d5b20ce20b7232be071dfa26f0549772443154f318111

SHA512
d8f4a9c83c2d0d035c7304a01d85d34a577d3796dbab00afffabfb9cf783ed94ed8f14311e6d292d4d273529f103a0e44845bb226522ba4f53dd8e3da9b55ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1508_1614929835\mokcmggiibmlpblkcdnblmajnplennol_57805.crx

Filesize
61KB

MD5
c2329ef3e31eed3dc5a3728a1139737a

SHA1
39472355ed91d4255a86fa94543f22fa22a7eb67

SHA256
d41b0676f957267a44b2cdb310b4e778cbf3cee7b3c46e64c55f295e44b27752

SHA512
54433dce7f905395a9402c8a63069177c1d82b8905772faa771f85463551e4cd5a603243cf533c0b7695f2109af258691fa7302c773f73786db289c6caca992b

Download Submit