fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686

max time kernel
1037s
max time network
1040s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-09-20 1.23.24 PM.png
Size

83KB
MD5

c573be523efe7fa6841917a134efa791
SHA1

48e0eca79d2643680c0c360794c5b3aa23d663c7
SHA256

fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686
SHA512

09ffd2a2ac504e70dc9694d4149dd4dc0b34cfc4f4c7196246545705676f99a848adc28fc6db6f44056700efc1abfd4eb9b1466d679cde2b9d130f198d220801
SSDEEP

1536:kavkTHuFTMYCMLkqSPzzF7FwhXuAEOQV6W5bw+zmu3bs28OaTKmWG:oTqoSLrU8ZEnVfm+zR3I28QmH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{CE8E5F85-2F90-44B8-B85F-00B9F7A3B7CA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4352	msedge.exe
4352	msedge.exe
2340	msedge.exe
2340	msedge.exe
728	identity_helper.exe
728	identity_helper.exe
3828	msedge.exe
3828	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2672	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3988	2340	msedge.exe	96
PID 2340 wrote to memory of 3988	2340	msedge.exe	96
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 3636	2340	msedge.exe	97
PID 2340 wrote to memory of 4352	2340	msedge.exe	98
PID 2340 wrote to memory of 4352	2340	msedge.exe	98
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99
PID 2340 wrote to memory of 4188	2340	msedge.exe	99

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-09-20 1.23.24 PM.png"
1⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff92e746f8,0x7fff92e74708,0x7fff92e74718
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11507924357652385086,15026251107463439693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
203KB

MD5
58abb3d394cde5ce2e5ccf38fe91d5c6

SHA1
a4cf69466b156e65de8a3a67396cddf493204fb1

SHA256
8464f836f1bf72b659d05ac3d8742c7bd2125c6c5612221e40d41dc4b74095de

SHA512
b7ec1ef9b7317d0844b9939eb75cdec13f638e3e4e6f80dc03abd9e0b853836728fe33b85cec34cffda365484768a83508d90478024f9b985f9034161a956fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1.5MB

MD5
ef11ead07b2e00d9328f5a303f3beaef

SHA1
740e3b351fbbfb208f330579d4b61a6cdff065a2

SHA256
d17d048e7c7e0d4bc2a133e8654dddc861d822293267c687017c7c003e964ec0

SHA512
792f40ea2e814d20f607189674adbc94b359a5264c1a21c903cb4bde58396dae9900ec29bfe6b59923502b323d891f18401ea568addbc1162539af42ebad6c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
46KB

MD5
3b40598a735a304a93194868c712d563

SHA1
6ccfd7117bf97966c78900872119f749873e5347

SHA256
e8b23f654dc1dc41d425a7ba52885933403e1ee55867aa52f18b641e93a8cdd6

SHA512
4e159ca9cfb5ebe7af0e847923f82d4219a467121cb51be9a0f0f6a2345067e234df5ef51206e71c80e5727333a5917e0aa1ca2fbd7ba72f280b69fdb9acb3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
774KB

MD5
4e08eee044c91ace0ad7a46cd9542a0a

SHA1
b542dc6b9818c8c1e07563d3656389c67b3ed5f7

SHA256
e5602fcd6ae093bef4648c93d192f79d4d6849d783096aecfdd2f53e3ad85982

SHA512
72851bad9b83bfff6a47141bd5ad47bf1a2fffc7c8c62e611606b06208f5daa3c52ff49f60945ae58884e22476069b99c7a7f44f1ea8d624cf2ad4f4227d3b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
31KB

MD5
aac9daa9fbd0a896f415cb631da7f954

SHA1
94e7321a4d9cb4f42d662f5685a36920807c8c38

SHA256
c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715

SHA512
2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
33KB

MD5
27a05b77e7bba6c2b279f1a67cd6acef

SHA1
3164de3d460475f745bba673aecd9f7d799d7509

SHA256
71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83

SHA512
5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
04c561dcb92a88668ca9b2f6761655d7

SHA1
d59713b40aa65dcac56b2ddc3e184ef60a659709

SHA256
dd30634aacfa84e1a1d1dfb09665bc93fb3f2fa5905403bf1ebe2e8455c01dfb

SHA512
59f21dede589dbb301d9365c508f5186b37f06580e61735005289e0449ff4ca4eec0775313f899d95b950bd75ed149abc1d28b9e23ca081e7b71de908d4f861a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
96029adf843f257ac43eb80f6a9283ea

SHA1
3f4671bedd5681cbe37c67bc1cf4bcb8106c7641

SHA256
74396057de95e75701e4262ba3b43fad33b4da776d501456d6e92b02a42d6145

SHA512
39771886331a49ce43d9d9429041022f56fe688716589077ecb4fab42fd54986217de952e1dadc3061d42c9a54436e49d9bda7ac65a71b28226fb8b95c456a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8472fe4684f40acadd7a933e961ad586

SHA1
0c06b3fe3452520e3989f8b01ac1daf091e74716

SHA256
54421786489fb0c9d41295695a046c5c0ba984c32d843867cce0b81109490de3

SHA512
0824b96e86fd169ea0a9def549cb5f008750241aec64a24e196c619a9742f5f49fa7b66a9740c2fe153bce7d69cb7d846c52f0b46ca176c85b2d79e965069afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
63bbc65a4adbaa2e019bb09732f3680f

SHA1
61c4eb10c05f2f2747db729759236f688c271634

SHA256
d06205792ffedf7c42eb9f5d4c5500bf8405eff06c982638956d3d268cfc47cb

SHA512
7204cc641f15df2958a40b1cc3821a5051dc0d00f245b80f80985f5dcad3cbb98270df9e08ce508e0d08a3c1d9e191fa6cc98e369678b25529ebf33caef1d006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5567909a0049d7f92e61b00cf6247387

SHA1
87656d74466d5eac6a6d0dd55297a80086cc41bc

SHA256
29b9ac7df172e9eb733468869e1b004d29abbe787ed8411a8d34765109997206

SHA512
44d205731bcb9eeb6ef50c5f9fcf6b55e7a7b95f4822f4f00bc158ff8de430d1e831cecb6c8b5d4d89cdfd38237a47e4f3efcda40dec293bed2b64d40695c1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b16917f6db90d0a2c8ce7130653e0bf2

SHA1
f993980df99afa587ee7d93cfd7d1171d3fad4ee

SHA256
da76bdc054bf14c92fbb0d66b8134ce36551f307d3e2286f06676e2ca40abb8c

SHA512
a9bc5b1d01e775bcdbbb61ee33a691349cf161bebecb9752ed2bee62dc9305b87973c6815ae91fdc6b1202a0ccecaffa0ba4a1cc9431d0ee2de5f0ecce426361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
194a8dc91126f79f30bb45683c1acb7f

SHA1
790f30723adb31d727bf47bf161cdbcd02a045df

SHA256
55239b244189965bd19f14d7fac6c418727e0053e8f0b39ab80fcc24be1ecbc7

SHA512
999290646220754b81927fa98d31b2bf39a88257fa7e2752b3f06d799b65e5f083a88d566af78e63e73714b0c419e5d6bef868743e0e6034f4217e6b9cb82537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
85f0e7a0d3f04cf87e07adb120503204

SHA1
5b8b0c31bebeaeed94a9b0df8dd215d057d528d8

SHA256
4c79e413096942e555ae7521639055a4cb656dc0f85fc52ed2db6d6795d33b46

SHA512
d8031c8d555fef9b8ab5f6ee48dff33444415dcc992ef818f2af58e1f0b8cd5930ad3317de24f3bdac55525a952b4101d68ef67bd68dace482f0266d431c6f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
18c52780c731e906c1dd027f35018b39

SHA1
124536407a450667a1ba086a21f9bb71b3727175

SHA256
87cca5cd65eb9dd93ad88e6f34d739d3d51010952c7ff45cdea87d5211172f8a

SHA512
0ea3f677cfc924451ad2c0e54900ad91a3855a29e95701402f410fc8ea82e55810de8832bdcfb3bd41d6be0d7d5fbb50854c33c8529e5e1f5df0809b041024c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b6383dfc61ada9e9d393a97813d8dd4d

SHA1
5337350f29666a607a6f2b5bb7a3173bc0db7652

SHA256
d5d23be8a170daa2ca664719394a5c00659a70241023fbfdecc66b76fbbaefa4

SHA512
fc25c946c4b8adef61748747368aebcfac85e1608735570174a6b167f7226b8f46f3c7c4f8d6b6888936e13f56415257c0c3e9cb9dfd6102e428e9373752cee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
649d3203aafc96c91cef18571d72b152

SHA1
a2ef1da116d4d964c44f386fd75e5fd9d229607d

SHA256
07ba1069f646629eec5b168930b694e5bd3be004ff9e71c74e74a7439ddfa7a1

SHA512
7dab0b82a0ecb86df370a84ec745c4288ced06a03cf78ab1a6ba307d74e5014d46d97154b7dbbeb92ed0a0630add39b28478bf5f696fb336c3ab3e63d03f1edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
20bea17bf12dbc45bc4ac95a369aa737

SHA1
605a2d967de9bac08c4e1c04b818e943f801f37e

SHA256
5fee9fa0668a9170674033bf4684e7e876eeb4b017fa88052fb6f5e9718f4ffe

SHA512
f6219e66cd713c178d4b1af4b8018ddc5c6d3f876732fae7fb1e3c6f87a3f20e792cbeee81f3c72adc497e995d26748754b99127cc278171ac9f0508fac8ef7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1be4521b341b05104c0d0cda59b01c0c

SHA1
4cb2b53371f2dbfbe6b1539f31862a7b3ec073a1

SHA256
9beaba322fb6eeb0691f09893b9328c101eb2e70a9854cd7aa99ec154449d015

SHA512
79c8e30aa1effa11248e0c084cf5af15658c0001758d30d7c81df9713dda499e6f29057ead3cff1db1ac241cb8fce6ddc2527488101bbf212aabb8b73ba6387d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46464e9fee8aad6c60a0bf9318c8bf26

SHA1
a9c77c430b8bacf906d0782ba9978308376b5e39

SHA256
1979f996fd7650c39208b082c0ae9a1d0064b9f55d6288b7eca622ad271fbb9b

SHA512
8fd7cae84ddc76b92f2353802835bb6a0af0bf33812ffb6e598810258b56e5f323da390849e4d158173ef80e9b56620562ed83acb7625c75aacc2701816f18bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1456b081ca38310661fd94156f655a8b

SHA1
720399c3e008d0c9e5cefba0cee3c5be00e4f4e5

SHA256
c149ebe130238137cdec7402e2fe2e5c67c6c9f09fd462671dcb3610db3835e6

SHA512
6ae92bfa8944dd731f92837ec2324ddd5ddc631237ff33e53d373f2d69aa34b3ea2894cc7d65de3b62417dc7af0843b5cd0fefeb685aab6f936679129962537d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b2caaf375e86d4dfa7b38cdc3a5f094d

SHA1
b4a418859d2e9e5093d4348051bd68a36eae7f4f

SHA256
77c7f70fd8dd43d1f1254640782571d68224dc3252a883113e1fab9fc742517c

SHA512
4c0c484426779c6e288f9c83d6de52d92ea73498916d97bea8ea160cc4a50d6b4766d7c7bc946888a5d259c9658cf96d0e9639aec190beb3d3cedef975999f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0898b5af-3098-42d3-ba3d-0b27db87e727\index-dir\the-real-index

Filesize
624B

MD5
d7ea3300eabfaadadc5301f54cf3a559

SHA1
5f04b5148e7da62915a4146de63b40d03671cdd5

SHA256
d2e4d61d0b24529b0afb55bd73f0ebd55feeff5ad82e03dda08e9484fd158a1e

SHA512
1c75e00e8fa37a84f6641e75149fedc1ec9b987bda05a4c3a7212c967c6588eaed4ed1c2cc7afd4427d46baa9782e1f37977adb499ca64fba648800cb0ea8bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0898b5af-3098-42d3-ba3d-0b27db87e727\index-dir\the-real-index~RFe593fbe.TMP

Filesize
48B

MD5
ec078d1156ec2662149b75511fe76eb6

SHA1
9d8cdef7dd691b61700964706943925393adffb1

SHA256
ce704a62955bc53c041ab99fba4aeca30a9d307df2ae2834dc698dcdbf293e16

SHA512
7e8cc7edee046bb5cb3515322d32327bd3953cbcfd5538406c037a6b1f6fe035a813d449401a4145fdbaf3e2eb954ccc01c9643447c89f1fa22cc8b78d23a612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2504bbaf-4e3c-477e-bef3-53bb89ad910b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5faf4b9e-4e42-4c1a-83e4-60b310eba150\index-dir\the-real-index

Filesize
2KB

MD5
b126ba90777ac14d7756002d2e8c7eb5

SHA1
bdca87fcba35cb1e6a9f5d274ffcd0391119b262

SHA256
2e2f32463a524a2165ffc0b320380db956d02638fcf6c3ccdbc9a940b3b34236

SHA512
ee7a18a157930b7a44e473fffd0d8efd6fea746a9032f11a379258cfcb7869cb832eabbe69ccbc8a0504a5f714b2091fd0f1a28282a1e8d6dae722b101920b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5faf4b9e-4e42-4c1a-83e4-60b310eba150\index-dir\the-real-index

Filesize
2KB

MD5
106547b60b536eeac7e4f64ae8561059

SHA1
7412fe8874a7e6e12cf1add6dd68e09b13fd9bcf

SHA256
f80d291b9d4f72d2a579066d79baa4d4b5d39d730420f7610c489c6fdf8fa2bc

SHA512
9676bc97336b9d1e750ee0c819fa08a2e0d7bf76c429925b75bf2a8ae2936b0644a0896085dc7440fd31ad806a376de73859fe81da14d7e2cccda7eec3eb8aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5faf4b9e-4e42-4c1a-83e4-60b310eba150\index-dir\the-real-index

Filesize
2KB

MD5
bb7d202ee3f2a09a2188957e4d4b6a4c

SHA1
c44097c28fd083c86b2dc21cf7dd0a9fb1399aff

SHA256
4d5ed91cf7e3746ca11cffd02b0e8245144e9d155e4b21828b121a1ccff3adad

SHA512
f912850f754c2f13366e0265b818bf70a12981949aed10cc3c813d597a95c43273485e547b391def4e2654432e7379a57c1c5d33a211204e102998b2a2a7f467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5faf4b9e-4e42-4c1a-83e4-60b310eba150\index-dir\the-real-index~RFe58da6d.TMP

Filesize
48B

MD5
0e96b2c2da471053cde993df21b44756

SHA1
bddff24e1d47e77d9125ffa2ec1c092807affd0e

SHA256
d79ce1be3835e29421114556a9066a036dff5df004c6820bed88c8ce42e8892c

SHA512
d069c455e7ed0c2ec8f6462a4c6e478158858c050ff99edc3744adb66f3963975c4e93ca9252e0dc3e6806f0774202fda6887caeb77ecd73a84d45f7fb824b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
a562cb88ff9c01fcc75d7d3cec02a013

SHA1
ebfb52f0c237c7d2b65143094fd261b80619c1e3

SHA256
ee071d1b8240df1c68b9f3031fbab290f7704e92830839930cfb9262b90b685c

SHA512
c653e36ff0f2b9af9f57e3d3d86bfc904b39934f7a6e558a9bac294a3b48fab019cb1f50bbb8704eac41c1b72b12f3ad85a1717a18c5c0d32dfe9136b2ab720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8c3141a2038d1a015d69f6ca45208787

SHA1
25a55a44e3600a9c37e36948a3f17d8d15e1547d

SHA256
0fd63cc15058fef0b2459367e3a3c77ab46a304d0c9d01d2ecaea1582a105ade

SHA512
628ff9d4522a17da01c29647eb673f2cc1b1e06abf38bacccfbb377945f3494175c516a1db5527cdfd14917f4ba46c329464e07e1769667cbac6039c23d9c26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
fea7126312c28bfe0a748f9943484714

SHA1
9822e9d268f4352b5706ee7945a3a46820b58a43

SHA256
bb9007e51ead3d53e855c1c1c3e1345e3b1b7dd47db641d27f50089a75dc374b

SHA512
570fa4a7d4d7d1061e9abe0116838bbbd7e20a632f3c6f32c07088353d09c7f0b5a56d916d72dd43a858b4364995d8429d3c0786102246d2657e54dd46c10ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
c274d956f8e6bee4640eb2b1669ceedc

SHA1
24a49deb487e0b7dfafcd4ec1b0b81e8a4c682e8

SHA256
0e599f72f643ee772cad90e4cdd56ce7dc9e30b8d979662347aabd1d60ba04fa

SHA512
2126440513f5a537329d5b23075f0349fe64eb26bd1f1bd0fcd39b4b30dd1f0a201389e04e5f0e039b93c75dc1a42dac50efa0b34e4d3f18154c235f3148126f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
12647c9935b7be7f2a102cca1926cfce

SHA1
c50ea276d69efcd1513fee4f0da2e0a9d2c6f73f

SHA256
035b38f26a37c425e8fa61152d6e790b7d6561af5d198a386d851a9fa5dd5354

SHA512
98d4bc50a926ace43f86b803e9423156ef1d2502486cac388c25b85d1a3a7ffb2b8c51e080b1aa4467f711bdab0bb3cbde6a17339b166d0cfce29eb2a6a32c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ab6abc1f89e32a524df0638444b6eff5

SHA1
3295f1481612fb7222783db3c34ddd830e1489de

SHA256
44561760e05bc956e9e836a63839f7ae842542b070b88b4365f1491180ab458c

SHA512
b4b60f31dfb62dc473009ee22c00d32b9eca8f961561778b1a8a8795641b49ca7bc404d10c32ca864810ba4bf30e80786bc952293838c9c2570995c35ef9febd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d0772ec45544be33232b5850d5a2a022

SHA1
5c1325187abba805104dad6150872c26c560dc39

SHA256
f5750022c842b1dc9dda219bc5be3569223ba90bc4539e885966f05933d62fe2

SHA512
11daffb0d800f051777f568465b8b87867031d6d2bc0e46e8de81d6c4c8ce88724811302ae9e8eda6b1425f8bf445f79f495191e5ca12c7c69fa788de40eba27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
63e7d7d89c0d5a6bcd1b8f2ce21ddee9

SHA1
7d854ad58bdf3c7dc61a3d0f16d9efc86ee23b09

SHA256
4cb185c2c70b74ef44018a721ad6949ecb0614c70b84665c24e034b8c9a5ce00

SHA512
9f5bd50219ee884dd2dbe661fea3556f1351c484a26c6d3652954874ef8bb75bf76cead7147236da05a8c481386df42738339d06bfd238ac5374716e41397188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0add10438e26a636278d9286cd72aafe

SHA1
03304c31c04a97c4108df75da2f884ae8ad90aeb

SHA256
c76a3e1ed526e981d116edcd87cf5be9b8705a758b1c195b729b3fcb71124cb0

SHA512
515628a8d6ce693bb0b589b790b32037479006034d943e3812d48bf67fb3e94e483bf41a99afeb54461de64272706dc93d6ee1db2f2e05363b6d6d407a5f335a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9bf91d993124b2c9a7a952ab5f06ddec

SHA1
7278ce5978662eb40615309ff04d151f72cccc0b

SHA256
f86a0b38140f73a41e64b70ac85fff040f69eb5eb98837b4484d3ff04ee84447

SHA512
780c5fa04ea90aa686a9ce553b9ae428563fba5f37d86cf4ea5067436adcb567f498a325d6501f5d5b10514108f166f513a317d19d54799334b263ab6f8e6242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d5c9.TMP

Filesize
48B

MD5
3948110c1f03af4c1857dc49f266a126

SHA1
722b532a948a9efc301b323217f95b125d4d1855

SHA256
13ee73915676c1259f1f7db15492e1a3188e65d18dee6ce1316e73b7da188259

SHA512
b0e0104db9700a0d67e01557a7eb18fb29a4d5d9b604026fb1b349306e60d95ea17277681970ee1c11834d70d584d79f85158df192da21ced5f0f7273277dd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3554a7cf8528b5b1505d0d1ee214fb77

SHA1
7e974837b3ce1ce350c27d81a225522b11afe7ed

SHA256
d1954f3246d15c0cb9dec91f9f63b7025613ea10eb334735cec32d32118a07c6

SHA512
ac410e12db7a574254b06a8c75e0502b4a378b0c963de92a5dc97c48e41a8a55e3e67a0838f865ea226d87136f68c0a8dfd32c219a40d46b70d5ed9a78f221de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0943934d1a3f15c576ea1f063066486

SHA1
8189a149c4b26c18b168125bcfc5203e818829ba

SHA256
87dd266aa8d3dbb21efd437019dafa965de7c5aa1078069ea13e5e53dbedbd9b

SHA512
6f780d1a79ba637a867fc78b7d8b7ed1cf98234f394f133b1e61f698d97f0a9bda32aaa6392c217b91a7898f476c6c58d12cca24b830f711b476623e7bbfc585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a851.TMP

Filesize
536B

MD5
3360631ae781492f49855e80f2964cff

SHA1
474803e301b09978d492f6ef18a045b4bd288057

SHA256
f7fa0638b72d48d94d3a28731098d4586ced184b3a393a85a4ba565ce888e2e9

SHA512
ce170a40cdb0289cba93a354214be75a242653309fc2a847d308cd4d6219ae44a50934bfaf063bedad43282f7f938888a4c5808ceb91cd06f946a06c0bbcc873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e4907ae4-1479-4639-a4ad-fd3468096970.tmp

Filesize
5KB

MD5
52eb82823b811ff4da8fbcc2aab16361

SHA1
6f3505ee638a453bfdabe4004ccbcfe2d12404af

SHA256
78c1bfbb3a9d14943a76ed3e3def9032cf8420cb05f67f943c394da602e2829d

SHA512
82c4432d4d0b9f7e26a2de424b1bcfca9790bfe90d399863587fb3b864714dad281dacf7cf247cfc747650bb6d754ea4835764461c9c868b001c39d857e55108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1825aa95f84f3ca69b9b93ad8ba8196

SHA1
20f5a1ed30b0eef0ee51d056071c1d8d7349a1ce

SHA256
8da57f86f099b2995bedc83631e784cb12b60595d20d6f749b01254a3915b96d

SHA512
58165ef9c083d5602ce95c139366666497ba9d23cfbbd157b3c11f0e44b84000c9762a6ae6a60feae0debf82ed9f6f7a2bf20811f1f9feffa4bb43b51223647f

Download Submit