hxxp://roblox | Triage

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-984744499-3605095035-265325720-1000\{D784F094-5B2E-4009-8836-D8D426B7872D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
3968	msedge.exe
3968	msedge.exe
1012	identity_helper.exe
1012	identity_helper.exe
4752	msedge.exe
4752	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	5768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5768	AUDIODG.EXE
Token: SeManageVolumePrivilege	3888	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 912	3968	msedge.exe	29
PID 3968 wrote to memory of 912	3968	msedge.exe	29
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2884	3968	msedge.exe	89
PID 3968 wrote to memory of 2736	3968	msedge.exe	90
PID 3968 wrote to memory of 2736	3968	msedge.exe	90
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91
PID 3968 wrote to memory of 5092	3968	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff52c646f8,0x7fff52c64708,0x7fff52c64718
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10841700249226621245,6218758535793383904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:6060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x3c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
29759317b0e3960ea7f3bec3084aafe3

SHA1
a926ff5e1ec37c865ceb5664aa8ae862421a5883

SHA256
6ed9eb80fddfbe1cc4995274bd6054565003d76e592ca4b19dc03900f158b3ab

SHA512
8165cdec27e9f6d12acaec3c2f05131cb9d6a966bd2fbf1af65a7a7c381c8ee41f049ede6035d10429d076ebbc8cd6e305b093972822d412cbb1c5cd4fbbb070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
f658006220c88b9fd1029bd3e0e6db32

SHA1
b49befbed57d1d77696889e050d5b9f1d0294566

SHA256
c1669907d00ff2d6f449d00b050f92438b8d0cb7ed61ad4768670404792636e4

SHA512
ba098902c00099dc78a56b85af6da2c2b238697bad36936bf3211725b8d55115710dc6f278a6bbf9e5e925e7ed7f02019dd2512c42cd730cc14b0049ac8bdc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
adfe56a46f26200d644cedd429a7352d

SHA1
2b895289fabe6186230ead963ac036b94004d1fe

SHA256
e8d294f1d2243f9c371b5c13f65cc76e3e44dbd7ed648b8963975d65421be426

SHA512
e8773d525e2ec3c73ea548635ffc95cd872b89202acf9a92d5a074cd179f18b9074a73bafcfc4f81d2ac07f4cc507534a8371df037fdba1dd18a26fd21e206a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1008KB

MD5
610c63a0e64c97e4a19d99f4be8cc266

SHA1
4b82d7243f6116c1ac8be5f9de808932b74ce44c

SHA256
859ef1a252132aef5b8197d9ff81fd4f7cacc6284e621acb5a1a981da6c04712

SHA512
fa940e3fd850e328d907279d9414509276f280ca34dc2778732aba675c8328f01710ee428ad1678063b71edb5642d05bf6e3976a33a9c6d402a0888228dc38b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3ff563ef230aeb9562d35d2c34a1d4a

SHA1
506ebbb4daa68d334c532d6f8eddc7be6eb54d25

SHA256
0696f0eeb1570c0708782153b91b0c4b27ea96eb1b0eac12665620a9b1884f31

SHA512
5dd53a33d33996d7f30dec0525d201089a433633ceb2c79196b252188b8ae714c75e6721da708ba33467e4067c642b6ce67302e6bbc0a59e69d37a11c4a60e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
550da5e354a6c0168e1d900d0a410bf0

SHA1
7a252415406acb6806b94896bf72c3c5d64181fd

SHA256
2ab42d5b64b793f74f4c869eb075bc72d8cd881f844dd9d66e4df3a1452385f4

SHA512
57b5d18cd4bfba666adb552ca93d158b8c09c59e38b708935b6d3d1724d9182e8cddf7441c6f9603ad0c3093e1ba7601701fc3fa3c082eec65576a29f40964bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6ab332e4d671f337ef9276c5dc0d26c8

SHA1
0ad91418eefd9179f711b339070a066139d489f6

SHA256
0b355f036120c038dfbdaf7fe5893f1cbac6d97f2065dacf65d6c7d5e7e36610

SHA512
ede74285974e5bb10fab93f337caa32e409422f491cd864fd0d59243a32957fa9974cc064624885e421eb78b58a1898549eae6405f1e26d8ea4c28b4516bbac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3251b83c51f6db65cf55ac9c99168120

SHA1
0e0db4619dfb16f8299568396d213e374baa9f1c

SHA256
5f2ea6517f1038b5173d52cf110817ec3393d41139ab6015b86b76ff5f54352d

SHA512
bc91a45dae672e019b47b9586437bc6131329d72f9d2dd0e5668ba12da68d246fd33b1e402b1c53af3c08fb1fd54fbd53614dd14dcffa160dadfa301c837d0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3947391695d54b10541b1a2cc0c69124

SHA1
8b152e3b03e0c08d8568d1e4e5eab43fdff4c84b

SHA256
19ae38ed0a3c73a15b29f9bde50cf592feba9f48bbe574e91383cfa5f95a8c71

SHA512
337e4968b1c01201b0600c427d1f14e779cd8e5849f6114d67603a1a1c09157cb5b673ed706991c139a429ea505996f39059b8ec96ae063bbf4e70a3df32d205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8fac0ab5afd17fa8faaac9c4b95973d

SHA1
b7c8e9fc89f110db1e45b5c0341a7ccf89eb215d

SHA256
01984e0735320cc8b06f2382dc1e30d5e0fb26aa55011fcb7c0c215268b3ce7e

SHA512
c85a97ce320bc50976606dff3a9b12a40d55dc58f9c18b742e73fe9094a9f5c1138b8a7cba77f4a14d93efcabb45980a428d70d0e426433a23d92e4afcf9521e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f655efc1ac60da120ff49abc0158d37a

SHA1
f026bb9d044d2dfb7557872b50a92908b3a980d2

SHA256
66d6bb02c27e342e78da0763ea8e71c5a9bbe05f9546429349fe809cd2019de2

SHA512
805ca7f006750c29ae26b24983a6caf931c5e0aca261b587eb5020592dc96a932719bc98b5503ee65451959eeec8dbd672cf71ffbb06a7445c8d7d9fd1ef00ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9228ab6e72a54976bb529b58119b5ec

SHA1
bdc22b802ce1cea4e2992163ad0f47598d3820e5

SHA256
8b58729b0fa9eae4826295bd6dee702aa1246562942669437d3b99fe76770a79

SHA512
99344885f19a0cc428cd6cd5001b5c9a9b8d65d15ca829a932a10d19742218febb8e81f4b9458292638b6ab93495fae248bd219ad68051e4c090139f7f7f8dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a22202d866c61932bbf9c07b86bc690d

SHA1
7689661f6205b9f2112570b16271d68bd44641c1

SHA256
8d19b8e8d7b78848e72a54e4675e36aed9dd80e3b2e81424140d84e495d0cee8

SHA512
b41eea3f6100220cc652eb8bd02070f17f00d327f442ea639f0f95c5f6adafaa62e398147be01ec472a2be20b084e63f44019520c6080274265b1fec0002f509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0ea4ce4b60e477b2cfc82885fbe018d

SHA1
8dc74271ddf8a39e16a4b2a447cbf160057e76b4

SHA256
012fdfa39b959582afba8b19bd36b4b39a985cad00c631dce6cb175e1e800c13

SHA512
c2d608d0b4769c04fa099e294668fef566c9c0b220364b926ffcf3e5d8f896cf7fa8b71425f74e9fa03dee094f2efc36b986f30d63b98f4614a65734b49e162f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83100e91618f9740ed09e566d0fed2e2

SHA1
00413abbebfa2323399081a6f1f112152fc927e5

SHA256
120a98e8cdd10f9d8944ef3b471ee48d87e653faf65118e0198e9a76fb31d81a

SHA512
0acd2d6f26e0d7c3382a409720cc483d216bca12e8c68aa13c982fc260869061250b9c5eb734dd24481ca3d683acec3439243b6b96c8e7c253e9fbbd3b2ae2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6234e97bd7cabd79d27968cce909e26

SHA1
709503a0b216187c49e7639d4756fc6c656e898d

SHA256
6022ff6a33464831abf0770728815a002e190a31e4821eff62bb01d2d89ae7e8

SHA512
e09c0b96cb04cd7233143f62ed3a713155b2628ef5c5db37d6534b41f237d61cdff57ad180ed84171a24043c11cc11a93f4369ff1997485dc069801a57d47226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b4e046dc70fd5af050a372b47d120ab

SHA1
1edd15a7a83250a4f430da322bd050a227e163fa

SHA256
4ca7e447b713074af30d0b7007baee7006f8a80984363a0a1be1ceb25de19cfa

SHA512
d4a6f9ba6b6480bc1d141cb4bad92ca329aeb6115b85ec8173c05f051b739e3574e70f0d851d46d10460ec44ffc37869c1f8c3e22b41c96f8ea85a067e891612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\194d59a4-0bcd-4387-b830-2da3c25c4452\index-dir\the-real-index

Filesize
2KB

MD5
18974881150991982e18cddcffee66b3

SHA1
02ae09d3bc6fb7c1c335f08863fff84b49e85486

SHA256
976ba9884cb9abdb21874e85fa12590d004a7383d2844d474813f5341c706aa5

SHA512
ac5ecbd44d31b485acba4c58b78ab2432834a59002cbfcda97e83e02dcc764449cab405772ad946f19442dc2f8bcc382d0116040752180ca495c994a94cff86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\194d59a4-0bcd-4387-b830-2da3c25c4452\index-dir\the-real-index~RFe585abd.TMP

Filesize
48B

MD5
9a1b488f0af64f99145ee14ef03a19db

SHA1
35a55202ce1e9b492c73955caf5ec1d8cb0d2619

SHA256
38fbc9050071b37a5634b7305ca668ddfe531acd56cce810c569f6c1625c3a3a

SHA512
eb30917ba1555682655c93dd70193042f67b63fd3c7b4310c88afba7537187bfca572f9074217dcbdbdfc79c727b8c17d8f72c56220f2025849e85be015bdac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\598f1196-99ed-4065-a372-3d617756f8cc\index-dir\the-real-index

Filesize
624B

MD5
d5830cb52efd7715380352d46130dda4

SHA1
f2418d298c066172927844d5f8561cff52739659

SHA256
e8e9bb1cdca6a1e9bd1a424c640c55ecdc599fbee921559ea3358f4e5cf08012

SHA512
bc7daca7e8fe53e98fb0389673a772220b14b4e63a70d84edcab7a3ee18f57d87ffc7743622a81c69dbd2fc4eee7264e7d31c52da99c5ebdd64c5fc77b0f6c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\598f1196-99ed-4065-a372-3d617756f8cc\index-dir\the-real-index~RFe584afe.TMP

Filesize
48B

MD5
e1aae3ad1cba35904ac2f59620d9b77d

SHA1
2a2b49218a3bedf5505a0ea8a8df0e6c61f64fe1

SHA256
0fa32ff01089cd00bbe2f7a0719644b339f5b3080dcfaec06d591cc1f0710cec

SHA512
191ab6a1cba8bf959cde35828d3e6f1cafcf56d379934ae0eb13da331b2bde3546596228df1ea9d33f77bab25d45efadc96dad296de756bc55ca58858f396317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f1808bda57b325bd767a2a4e8df9a379

SHA1
ab611855c2f96c607f9e19ac588adc15ac6b8c70

SHA256
4e2d394abf802a20859ef0b71b0548ebc5c488e7907074c7239e9d095bf7d31b

SHA512
9c2377593154cf21654e937389f4bc1623e57eb557741ea3821b142c6768d47b2e66bfd59e3b563d16ffede61b4390f17c15db357bb94cb09c5ff7364ee150be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
c8b9a55b793fdfdab7d4cf3f1f28445f

SHA1
56eb8019b5be3120546d4dd8749280c85c869937

SHA256
aea6b305998c458f86ca3b07b90dfb9ba172c69eabf13ef136853f2297dc403f

SHA512
78c24c4fb03f5403e2c288f325646410f81a97ba07a1af058ae1a6657833b3adb3aba9de8418d03cffb1895681ea5ff8c51c8dd7187f5fdd9f728eeb4bfea35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
4eb7c229699e0edd1878ff27b2e4d352

SHA1
7781f3581427f0961cb196cda6d504ad884d4d8d

SHA256
3671d717f9a436cc228b7295485c9e44e577cf4fa7341efc748792b18a2a33cd

SHA512
7b22f6db47b70896ae3253710c33c8e766d704dd0191b170d4fa7c2e7356ee154794c939ff2e4bbd72654516dc82411326b363a3de8c79097429eec91df7acc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ff94119e1870700ae1ba65748c04c152

SHA1
6f4c3bcbaf235ab8eec546ea0d998ce5fcee801f

SHA256
479096770de43d08d8d171f67cd98e723bafd44d899b79d6c8e7b7e981bd23f2

SHA512
923ddb9ab49e11bfe877c153f0769ec4d98afe607d222a8dd94904b1534ed83be125b1ce26a69425fb2d394a637691da2560460f101807b02e2f5224978eba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3312fef616d65358a9e6e5f79eae63c4

SHA1
0ffbc0a271062807fd70a48807ceb72c88f57617

SHA256
04d46067856e25452ebb8bb8ff37ed340ca7a86d86fd8f823e4ddbe2e24e7e88

SHA512
d94b3b8c2f746d23a3903feb2dcd69184117b3320cf110137ab384bc185224d98f18db068b7b103bbbba6ec4928f73699366de6cb3c4dd448f2a94fd56bfc4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
17800a0875e2bd9ce5f7eaab0a4ff3a7

SHA1
d64ea96b0e8bc24753d4effa3357581f35bda1e5

SHA256
513dc33388a02242023f1904c1d7c7bc014a69b8551296a9a59f4e7ae73f9c69

SHA512
401ca4e40831be5b4ed96387b847b793729f22ec1319f4693c4ca5a4d4059a61020e550e1a46f85658ddf7f3ea21dd2892b82a963f6e87c2e74e9de82327b298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583d23.TMP

Filesize
48B

MD5
895f4bee47ade458dd47e783c5dbb9b1

SHA1
72ade089110d010b90223514164409cc656ede77

SHA256
6e50cb8bda7305cd37b159ec591b0ac1d317d91816b699cc9a7ce55f9a869117

SHA512
a682ced967ade405d7d78af8b00c5619b20760881b1880411b1972b1ca1233b5e5d8b3be5b866da0f25c56d776fe566a6a6620c2fb6fefe8bbc52550c1a1c694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1589ab2c50ec0a05af362bc3270f0a71

SHA1
a6dbcd39456a0437b64e55d1b61db1628d2dac5c

SHA256
9de6c1b2d4dde0a3bb89a507a40cb9c9bfd9e97f3bd7aa7ab26849b702ae2aec

SHA512
144b473ad42c6e9a2b4590174f2c5c46d07c9cb1b3825fec7c2070709f615e3a5f2b3b3fb6d0c307f29c70e3cc00695c94c7d9c02428381ad251be77f9cdac63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25af87b029c98a9a8c8767d86972a160

SHA1
19c7822f69b1d461723f3a7716dc137cb7d075ae

SHA256
ec21207feb9a942263db53fab90346dfd6b00b7612f340177233ce29c2fe9bf0

SHA512
f76cc1ba9a61b57cb65becd03edd96b9dd95fc6f2096b3f1dae7687af01957757492a14fc50c4c6b03da7599932aab741f0d9b0cae79f466ead7b121611a6b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58293e.TMP

Filesize
873B

MD5
204cc5afae0a53fca6201dc9ba394738

SHA1
ab927e1aeb0cd6288f29e8c9cb68a037c66abf61

SHA256
5a31c7ee53289751587bcfd765c3e2c1a8629ac0345e0eb084b3863ed7f4f90c

SHA512
95a874fb7c4280d782158e2fd32e06b66ab02d3c0ca7f5a23552e666b6ea06ea4bde1b6b5d986349d3a86dc12ccf996914e80117dde94bec85517517b0f56cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ab80fa7464f2d31f71df7d2f126c011

SHA1
4b794e9747fb75113c74b1d6ef40a1a7b7eccb04

SHA256
b4ee815dd17c2947ccbea566460ecfc2f2be86e324e9506af76caecb787b4a16

SHA512
25658eff4e8059fdb3be506957d85243a1055f6158fce48074c1016d06c96b3c3676cce4c47ba624c85cb74dde6e367b49632fe3ddb580c23211005d0773ce29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df82300c3265a057450f452191df5de8

SHA1
07d3f96eb79f4550a20d190c03691cdcf0150a52

SHA256
95f97a9015dc50a0fed2dff76ceb19aa25afdccf5a3f8d078b5c7dd8354e648d

SHA512
43cdc6f67e0b34b6d70588fb58859e2f266fe52d02001874f86da39cc2337bf84cb7240cd875ea0edd84642b15c580d30054c8501a6a760235b195e3c60cbf2f

Download Submit
memory/3888-744-0x0000025BBEE70000-0x0000025BBEE71000-memory.dmp

Filesize
4KB

Download
memory/3888-758-0x0000025BBEAC0000-0x0000025BBEAC1000-memory.dmp

Filesize
4KB

Download
memory/3888-761-0x0000025BBEAB0000-0x0000025BBEAB1000-memory.dmp

Filesize
4KB

Download
memory/3888-764-0x0000025BBE9F0000-0x0000025BBE9F1000-memory.dmp

Filesize
4KB

Download
memory/3888-756-0x0000025BBEAB0000-0x0000025BBEAB1000-memory.dmp

Filesize
4KB

Download
memory/3888-776-0x0000025BBEBF0000-0x0000025BBEBF1000-memory.dmp

Filesize
4KB

Download
memory/3888-778-0x0000025BBEC00000-0x0000025BBEC01000-memory.dmp

Filesize
4KB

Download
memory/3888-779-0x0000025BBEC00000-0x0000025BBEC01000-memory.dmp

Filesize
4KB

Download
memory/3888-780-0x0000025BBED10000-0x0000025BBED11000-memory.dmp

Filesize
4KB

Download
memory/3888-755-0x0000025BBEAC0000-0x0000025BBEAC1000-memory.dmp

Filesize
4KB

Download
memory/3888-754-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-753-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-752-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-751-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-750-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-749-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-748-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-747-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-746-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-745-0x0000025BBEE90000-0x0000025BBEE91000-memory.dmp

Filesize
4KB

Download
memory/3888-719-0x0000025BB6880000-0x0000025BB6890000-memory.dmp

Filesize
64KB

Download
memory/3888-703-0x0000025BB6780000-0x0000025BB6790000-memory.dmp

Filesize
64KB

Download