b6c42073de838a0a0e173417c84f4f45189232e51d953983d0465c6bdea29a3f

Resubmissions

26/01/2024, 16:52

240126-vdthjsabc3 3

26/01/2024, 16:48

240126-vbe75sbefm 8

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

your.selenite.save
Size

1KB
MD5

887dc0080729ed1cd3ddb3a779362635
SHA1

447363e528b094d61baf80609e83dca82364a95a
SHA256

b6c42073de838a0a0e173417c84f4f45189232e51d953983d0465c6bdea29a3f
SHA512

f54db50288ba51f65402bd956eb46b75c0bff81f7fec197df52b88ff7ff50e5387776fbdfc3467b6e4cd391efaf4c8a50814d9874053c81dc0861723054503b1

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{B754E009-3F18-4AEB-A520-49309ED7D7DB}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 839643.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
1840	msedge.exe
1840	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
1464	msedge.exe
1464	msedge.exe
6060	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2212	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2548	1840	msedge.exe	98
PID 1840 wrote to memory of 2548	1840	msedge.exe	98
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 2612	1840	msedge.exe	100
PID 1840 wrote to memory of 4384	1840	msedge.exe	99
PID 1840 wrote to memory of 4384	1840	msedge.exe	99
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101
PID 1840 wrote to memory of 1436	1840	msedge.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\your.selenite.save
1⤵
- Modifies registry class
PID:1052

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb529846f8,0x7ffb52984708,0x7ffb52984718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7992 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11589567815412543667,7431871066462449826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
b497178f4f139f4946f12f3d2c3c7d40

SHA1
808224835bdad1cc119ceececf26f1d72a402708

SHA256
d5ed7de78e8d2af7f80d5de074e19c2a91424164ab6bc219ff312f1c410905c6

SHA512
0b27b6da45191b27ec928e08bcf496a94a1fc4e6b00b0c094ed5fe7b3b42cfb2a4907071dc41c1ec35cd6e3075a890bd3ffe5a5921b20fd552436d235cbf4775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
163KB

MD5
bbdf9cf20bdde7c6953127bb30049bdd

SHA1
ab5e1a085d3bc74e10eedb970da7bd749b24d854

SHA256
e4246cd5c58cd2abb80d19c02d0a7530cc619ddfd377b94246abed653555e563

SHA512
e072944640dab909a170a743bfae59fe8f994811ed0e829f5d63f7c600f6185fe745438b423da7092ada9ebf3193309189f5562f9f526cfdfd6ec59585cca36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
d4757303e821d39c255e81b762a75e8f

SHA1
3e9187160148da6499398720034f694facec9625

SHA256
bba53fff2fd55582441070262f846a9fecf58edee623d8d3bb4ac200abb45356

SHA512
fd98b0041b01f108b4072a6ea27ad2b67c2e3f18f789e691bb4cdb6ce8d4cf06e9abb159bef9fc8e5c9c2b4e3641bfab393adc33096f570e15b2f58411690485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
31KB

MD5
11c44c147a5f3f021a8807ff3b298417

SHA1
0c142f284b8fcf42939b338bdcd9bb14fb1b8f82

SHA256
32a62d64a1485039a9bb02b60b0ad170cb82b6e3deb36cfaeb88e7d6af242ef1

SHA512
75c8953aef90fb49342a9290a9c1cd8848cdcfc4c6ba50b9d3e3f8d937550e89c078c02d3bbf1b5dfe76275b3cc092a6487cc6c8d445b0d9acbda6658db3030f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
135KB

MD5
6bd9d0a970f8af81fa46363e628b06f4

SHA1
f22a45882e2ef21ab5f4d38da2016c87fc86f002

SHA256
51d65157ec558011b13d28c51e3e6a053a44f69f3ad4172214c1df3aee9ddc91

SHA512
3c3ddae2f50dcfbea2b604b894a205f41030ba7e46d15824a89db3494f9ac897b6fecea664af5b045522df4308bf2e094e52157246ed78f380937223a70599b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
19KB

MD5
173eca26e63a2291c18853fd7c000e22

SHA1
46a9e0264aa80793faa88707f80ed1f696249935

SHA256
5cb9f1ccf0e7ac0e50b252796d3ee396fb3ac18d45b376fc657b57fdd618843a

SHA512
0904b4b5de0791f57a8837f287f55a319e7dc9fbfdf64132f8256d2b371c1bd8eb0f8a00af305fd393d0860280cfbe1f3eedbe3a2dd950d8251c133ec69b2211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
62KB

MD5
7e1d3634dc2698c348b4a0198f85008d

SHA1
c4fd6f11807be8e77006b944912ce22cca9c275f

SHA256
08d5187a65c4042a12b963153408d44307f9444d22e409a06da1029e50ba28e5

SHA512
c1264d57a6001a7028cc12cd5c1c155d6d76c8ca28b1004a4f8820fcbf2ef0b3c78ca75d65ec7e9e6eed4bbfe9cfc7d5870b91899d179a228ead4fe37edeeed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
86KB

MD5
1a1c9f8ab327c5a9a6d7f55331386c77

SHA1
7f2f8644c66b3d1a3288c45461d4676867cff10e

SHA256
a4442b88334edd5827319792a0a61c62311c923949ebc1eccc364dd117654368

SHA512
a737362747180fbadb32c6f596fbb347a6989107d655795afdecb7863c0bdd0a11c2c7405b1538422624437af5ff22b83b829f6bf1b7bf7019033a2a330554b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
c82344bf405ca88a4d4b5e29a220fa2d

SHA1
1c51f5b0786c55909d8aef38c8f8a62b42d2a1d9

SHA256
c383733adfe3b6743da8facb8e40d241f6d64c586853f80825edbb0396f634e0

SHA512
5fe3be510c21d8782f130acdfdae8865cee4e372c6023c3425738ba545717068e7ccfdc0e311cd0bbe6da6c529ad2835eb3358ccb9ed5107a63cf0a1a271cf43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
38ee512493531707cfcdac4db8c43b6d

SHA1
7a0cd3014c69dfd8023b3f7ce876b827681c1c50

SHA256
feb6ae7ca5281afa40e9fe2c8305c902c26f1fde3b71106f017815cee2ea999c

SHA512
0b990dc8e818b9f3bcbd5049f981da196547e3ba7ba9f5c6ed982cb1faa6cd14af53f59fc0b449fb0d4562aeeafe4fe5a09c5247ff020e8dbab2b0ed76e82f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
37f256cf522dd04a0891001eda866378

SHA1
8ddce3f524e77708576ce5f62ce016e7f839a043

SHA256
42c87b927856ec02cefd4f77706dd88cad46f8b8eeeec4d2b4033572691e3113

SHA512
dd32c4f21b5b9a34844cac04af55cb41d319fc328fa9f98454cd0843e0c3ad3c5ff1e94b6653ae69201879e9da6ee8781baec2b290e991811c131973c3e9b081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2afadb62663f8fbd7e20b726f2af2836

SHA1
41295f667cb341c6544b05250def5b42174ab7c5

SHA256
0fcb51c2f99f977df3c9682700bfbd2f920d17ceae3be0cdd896106d890b33e9

SHA512
68b6fb09d48bf951a6fd44cc1a23943ea12ac56a2f94c5aa664f03158e082ef71996a9b105019fdc210994217b8cc64f52f41ab43e0450dfcf7244026c831a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc06b2aea1d7fea9d7ff13aaa95359f4

SHA1
eaa1022ba137a085f0e4fb26afbe83865c455dc0

SHA256
19e7903ccbf17ebce968c0be1485f5037205d26744e5461568a455685bbb0d9e

SHA512
dbb9e31069e4ea991497aee97d9a62e8edace924f1bf0c5f0b9fb19a827d94e048e3f7a6467736fb98ae61a87a7ec50856a5e3c53a8db318299104f1a6e7c9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc9e7357d736b0cdfd12f8b7408beb86

SHA1
90da21013eee7dd391d0d8d3628bb49300567a4b

SHA256
4594d9ae4851fa3c56f7c0e18bc5f35ff0ab8d133466dc93690ed20704979562

SHA512
aeb38faaf86f0787e03849c627bf2e27d6900382d18de7d6b8c620fcdcbff878243bfb58aafc4ac2890c9bcfde08110bca61cf4c04b28160011afb2ea1289e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
524bc8a834a5ffa59b4adb16bdabeb7f

SHA1
d12c22e2cc354ad93bc3f2c4ddd3b842ffe0a625

SHA256
8986c4cf7bdd392f5d63bfa8726646e74ff8a1c465026a8d33c003e1d8d5bb4c

SHA512
2a0e02516dbdf1b18bf814029862e9f680888117e4f72c211d45d3c7bb3fcaf383056e9769bb0b5c5b8b26f1e044af1c6da60cd7377a30a725bde23de96aff32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
10a72fb9b910e81409b947242e82a5f8

SHA1
f06b36a1faab786fd4db0f9d8230df883c06688d

SHA256
2ee5ad21eb825603a75ec6f952c86499b9ec6e7797073e917841f9c99f218c51

SHA512
40631f4f5d20cb62932ab003c5f6507012fda3d724d8eb37e0b5f6992fe8fdbadddddc060db64cd6c63e05d2de8dd5f8e650cdd40a0a9c529d1d9c78bb5c89ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15395105983591ebbed49d965d9ee895

SHA1
23573836b2fd0d0728b325fc43bc80172dcc49a7

SHA256
d9340fea4d7ceb0a78387b8dcd7ce578c039151c0d11059c9cb27b4e82fbf401

SHA512
b45e90c74178b8f8f498702ddd25cb0876ac757ef3209d45dc1d1b49c43f79beb6542c4685feb2c4c3a0f30a8570b506ce61a457bc13186d8f236626d24f3b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
91c191ad314fbbf6587a3bfefe637fe0

SHA1
cb834c9453559bd7881ff1ce96fbbb4d50b7ab05

SHA256
11e187e3d35dbdaaef2e455a631f66f1e883bd62fc9da68dcf676702db26f2ba

SHA512
3fd85eb5e461ecce64512540eaca27bd4d2e8f2163cbd8c83bbba07db22b71ebc742268d2be9ccadfcad41dbd622fe2ddf3f174d6bfc4143c72631d3c75c0d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e9a3d11812dbb084badc27b429757402

SHA1
f733a78e0507f0ea2918eaf821e142021ee16071

SHA256
bc44a39387252f15f20da8fd307b00ca33514be2e5d252cd7380c291bf2a482b

SHA512
926e8d0a8cd731562043123bf2523dddac23c30ae55f894e51210d5f9adc760c09b4cbea13e76cd746d9f1a18ef12e601ff88e63ba541348b305ec822b2433e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7cd010512b3598d970ff80708186194a39d14730\06c93cc6-a9c7-4aff-919c-674f5d33ab60\index-dir\the-real-index

Filesize
72B

MD5
81d0e5abd5db9780c5cdcbd44156056c

SHA1
e3c22af5b8a1f313bec9feb8ed11e4b68531f13c

SHA256
fe66f569b89e81d3bcd00c7d00d173e58e357000f84578f8dbc99f607b3f0120

SHA512
be92d40a2bedc35127c46672350ca1e71b9c2b3013d3a8cd0c5884b78d412ab5ca4328ff7567a1d8ff5c73a45fdef70ef5a1ba638c1f2861635ea5a8effd6712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7cd010512b3598d970ff80708186194a39d14730\06c93cc6-a9c7-4aff-919c-674f5d33ab60\index-dir\the-real-index~RFe583217.TMP

Filesize
48B

MD5
bc011d5ae9bbfd92a77362884ab00de3

SHA1
f945e5531aa2956e62ee16314b241f06fc97977c

SHA256
f8a84ab5e8c9d63a528689c067f47bff2b92e7a92bbf118dfaf39698ca75052d

SHA512
151bbab0d2448a3e6d4bd742a711e68dd771158dafb874aacbffd507d05c76d965b92a716e74bfa87940dec31c0e3c84d521458454972053abdf45b64da2c880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7cd010512b3598d970ff80708186194a39d14730\index.txt

Filesize
84B

MD5
d7ccca7764274bd905b89f54fa44ba42

SHA1
fc218092e08c00c0cecee36015ddfcc1d71223df

SHA256
002b13eabafb2ef2101eaffc5e9b725df49c18462dfef827c10e2929ca8f50b9

SHA512
92e8ac9498d8ebd4c75f630825fb1ba647bbc9e55ef1f70ce4cb959c1adfd3662014bea764a2447eaf96ffd139a878e6024f261bd1d910c7d6eab2697713a75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7cd010512b3598d970ff80708186194a39d14730\index.txt

Filesize
78B

MD5
2f6644831d05e1a9d431ed02908bc11a

SHA1
90049742a6b9e9759b94e16c8f24d16faad385ff

SHA256
6e574e46cf9394e7cc7f39b36beea0834d5254d13c3b5c1bde489bd73645abe7

SHA512
2465de668bd959b3e1359b26c634b3422bd080731ec51ccb14e77912b2ba546639279f5f4a8a97bde37e1d135b2110aa6da42c5423ddf7a8f50aace05feb05a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
6KB

MD5
da19974882728f867af72d93ad25154c

SHA1
673b9bebf2fd33da9c98d3d5d5ceae69c4ab19b4

SHA256
2e57f7ea4d773701ddfd26bed5ce4adc10980d86577f383fa27a676c16ba810e

SHA512
7deb28b5d6ecf434cbbcd9a72b7f48e54d31af69035642c37aa82d58915c79d08d881152d13384201a24e57d872aa2f661c6c1e4d591823498f1beebf6825e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2dd07624abb2a00ca4c435107ec867b9

SHA1
b3b5386bd7680ffb844232edb5177a047ec285fc

SHA256
5ff5e51296ad581beb63001feedc5b77d8de0faeb6226e3692f75ec71622c4b1

SHA512
6c1387d87b2ab84321570551ccb7d4030960f6f5edc8b89eace1523a1dc58a6d1ff89a382f2315869755102a70e0b25167866aa16eb6fead165a695a07bc04b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5831c9.TMP

Filesize
48B

MD5
6debf2e68d183299f62685f519e86341

SHA1
5f581c578996903516b59461662ef9c3e491b357

SHA256
d4bd7bd112bc52e8515e0bbb7e00aaa226c78fa998cdad3697836ffcc26ddf90

SHA512
d974969e9b57a12dcd7f817fdfbbc3e5b377799fb0a009cb786dd1b32e1701ef46ac7ee839b8cd0a5a7f50bcd9156c3931e18be7eb041f045a94b1c42cafc9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
13e0c5fea2c30d49cbffcec6860f241d

SHA1
efcf28ef3dcbf88daf820b6e2f64448911dcaa89

SHA256
101c5d255d31fef9a40666dc1ebdae4613b94502d85782001a25511069d8f277

SHA512
3c55bce3ac3ca459752486d968b5722aa80ac9c6658e9a7562c13cfe60868745fc523384a20026a25cdfca8c8825029b1e77937bb502c64470d3a94b344bfef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b9b11f5eeb2126c874ed674d84c0246e

SHA1
5acc5e92f79f0f218d2245cb9e8c953bdeb8fe08

SHA256
ca8b24b07f328e098c22f7feced357edda9874f6882c0464d90667f1e1a2e21c

SHA512
1dc3724d9c0cd8a92569ae8b1cddc7f052bd1fce13f285886fe1eb1f52b9677d9af6c58992c2464c45559f6ba4e743f8ad067900617379c9cd35669d0f79675d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
40ea78e1aa298a57ff0585a907a2533b

SHA1
cfcb0ac8fb826d945e66f028a08475c873d697a8

SHA256
a7e118dc477975cfcb102d2f3a9ef9e886e9ab23e902688986e1d8565086af72

SHA512
2885111afdb18617cfca841a6abc8f1a086ff98a5abaf3b565798af0a8b745ffd4e0be3c9b456441c67bf511a263f9e38d7494fa2f359cc780ea25d3dece9a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ddd4ad0d8e168ea5878e2552d8ae2a22

SHA1
f43bb7931b46d44760047f4c1723b77105de8d7d

SHA256
e4bd3aa2a467dbcc9fee30707f615f17e7dd1ee6e13c4029a226bf2aefc9f6ba

SHA512
e44cca3f662928174de4039ee8f206f80209bd45c10885ff92abdf390825a57f40e0dce0856936b6698e484ae50e4ab0dc03ee723154395523c3b60c15550829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44b390d3dfdbfeccbcaa997c5e557788

SHA1
76f5a041fd43720d92676a52617237fdb0caef4d

SHA256
9a503ac1847f4e60ed8ceff111f06bb7770025bfa6b8b267465e691a6e0e83c5

SHA512
671df66a016446be0af80367d04153f7b252e760bb9bbdb072c234934421bf12523a15432a827ac4b1c1e19ef1a3d7272642d7025b05c5aae39a986f59b5dd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76b4693319f41e1b1f8356b9920deaf6

SHA1
651e6c90bf873d39b88aa050c3a178a114444294

SHA256
e0ea5074f262f6b35e97b3dc890d2fc8ad82bdccd6295ae8da807bb1bd28ddbf

SHA512
e3444abb88d95da574fac0d202810030f109b75ca449ae778263e20a8072743473b3390e43ceb877dc2b8d83f57c4b967ca56d8058bf89606574fb7234a65df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4d4800f6d4bb251a38bd3b9a494668a

SHA1
2428d0c3e33fc6e9ee9b2a17950650771762a415

SHA256
21b782820dac681f83a3f355a60422a57eef5333ded68f5292e4c9d53797eed6

SHA512
41478a43e7bb7fc1c85fb0c638745267c60d5bb6c07136a8103cced779c530b5a596aff7e7088a0a6055bd8578e769935bfa498e80f63df7e2ecb1f76544934f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
a964e4590783b1ace541885744af395a

SHA1
e202cae229325467e95ec593724fa50d2dbb2fe8

SHA256
26910f4bac3d978ae44d515a0c2bc6f2024a6080765b3d4435dd24be979cf11b

SHA512
b5f96524302c277584f2bf38124a5073a45528dadb22e4509c4deabbc0cd3eb541c414993dda0e657f8387bc1e06993d3d6b7d5e904bfe2bffa9ec556b4a3a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
63799eedc4f2701af4f264e2446cdece

SHA1
dcc891ae3800ab25be0a27ee9fea955d763783ee

SHA256
bb2f96eb62db1f51e8e36963515a19bcd3451b81e24c40c6ccbd0824685c6f32

SHA512
354ae795d5989dbe5d175dd669cabbd9067483eef3ebcc79d4d57656d90c94bfb74585bb2bc04c901301248b765ed5c8c6bd5d8cffa8deae4e4f90fd2c9c8333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e9f.TMP

Filesize
1KB

MD5
736f22a70221d9858e393945e33fc374

SHA1
14392a072a782699ad367d1fb50b853b9a6a6a76

SHA256
12c12cd37b8ceb5867f6a44fd2f6220bccf2e44dd4cfc3df48baa338c26f8400

SHA512
fc4b885c082d3294dbdabeba2fab43700f06ce3cab47448ecca88418891d467acfc88788319c089e1a8d05e8633b79df8a8e7817d993d53207f71a262bd9e303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95be2654d3cd02c24ce0047bd6b3b3ff

SHA1
7edf4b06e2e27bc478a97276e7902d466372b870

SHA256
b281cd67d0a2ef1d1fcce525a1e57a782c4e8075d28874d3e82da9dda97d4e4d

SHA512
180e11a1b8ca78386f9404e02d21be99eaabc9cee6d93ba69a6987569528f4f079b911b9a8728d9cd851192373f8e39dfa107c7ade97cb8e2a5c112c61a52a50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
53bd761ba5a93384d5444e58e43af5c8

SHA1
700eafd98d354b805280856eb8a1b3782fab94ed

SHA256
73ffe0cab0c96249362ac243928e2e2cd896540552de6f445986bc0f40bf2a3d

SHA512
b9c229ecf3c1b7aa3096c0c161208f6197dceeca44507279c885262160ce0c85cff4d3d27091778e8243c475d2ac084e0f3942ac31fe934b60cdca5e6e8a3d1e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 839643.crdownload

Filesize
1.5MB

MD5
5d7d2184288706b00f73678f2771f9fb

SHA1
e31c7e279edc5550dd344ec1f6e6e141d568a7da

SHA256
f7a822894ecf6af59edb78007714d19903569c010290e7a81eff28b29fbed753

SHA512
3ebf37af72641555afa078436b1d8f5939aa218ef9f7df23e350f946db01b87c310216fc03d3426a56ed30c77e4d415a3c8bc60e00753599e34ab8dbf51484ac

Download Submit