hxxp://youtube[.]com

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1712835645-2080934712-2142796781-1000\{9D643019-3779-4128-8C61-7D754DA97018}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2260	msedge.exe
2260	msedge.exe
2476	identity_helper.exe
2476	identity_helper.exe
4156	msedge.exe
4156	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5008	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4544	2260	msedge.exe	71
PID 2260 wrote to memory of 4544	2260	msedge.exe	71
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 4772	2260	msedge.exe	89
PID 2260 wrote to memory of 2972	2260	msedge.exe	88
PID 2260 wrote to memory of 2972	2260	msedge.exe	88
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90
PID 2260 wrote to memory of 4296	2260	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc10e746f8,0x7ffc10e74708,0x7ffc10e74718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2855244492591846994,12386962663621800936,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
31KB

MD5
f11ea88996343792763ca879be59da5a

SHA1
b83d41c5d1cf5d4d0f6f12c420871dbd7a7b2909

SHA256
60e4d15c3c8833b2733dedccfdf2eb38025be0078c3ee4bf2d439aa166362548

SHA512
bd330b3d4d8009ea02c1846a4cd9de78e49fd0cf888819edffc40f1e2eba903f8441055c1abbf29ffd066417cb53956074ec350c2d1cd550f097446f1d45f24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.1MB

MD5
d307ce6ce114ea2d363c2e709df6f9c3

SHA1
e8173b7467489dbcc7fa23bd6dc2557a70624ac6

SHA256
ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df

SHA512
6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
dc2518877d590b92c0b05e4375e35979

SHA1
04d5493b7fa65e3540e19f6a07cb8aae3fdd8f48

SHA256
4d828658600cc0149ad36637796f4589f83688f55335ee0ce637be86a63cbbc2

SHA512
4ca9f71ece1440ca6ce1afd877193f60f60d4b5f31fab5efd876439fdbdc64619e81ca18aa452cf905b3806ae75eba88ae02189b4b52c89e840f92963fa914d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f34765279b9d994a8830d333fa1e72d8

SHA1
b6189640daa8ecbce642dbdadc5c35e598502b89

SHA256
c253428b6d3a9e7462c79146e5694ca5206b4f9834e81cad2390667a3cd1dba3

SHA512
7e0e2d36f143039641729982e8d68aa9cb5b7d4cafe9c63bd0500cc0344ee6e922296ff62be7c626a0bb693f88931cde9d974d4b31f3bf45bb7b9361b1077e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
38ed74113d2057ec8feb8a1623a0259f

SHA1
46ad0f262b5566665a3896871ab839b7bcb1f7f2

SHA256
7757993731527bc7a4eb245601e545f2fbb19bb66abce7ceb92b4ab379dd2a09

SHA512
a888dcf69366d4cc38bb872d9a3732c38ae3b09f3ba6f882384f24966eda61bbb7b9a34e5f6be01b97cc505540d2b7df83f332eef046ff0b6152293b70674e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
11885537de82b3233341f5810cc15f23

SHA1
0ebbbf06f70d37c4c779aca1f8f5c732f92c84c8

SHA256
29813a33de98fde039f5b091355d2a3dceff7e634a6ea65099c9ab3884f922ed

SHA512
61b03a986feb38d95dba228da493a6db48fb78862de670059681c90166b0ebc7991fab1372fde57f148a8435a6798c5ae0bc879df5f9fa695aa00cddde5daf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ec6396ab68bac1c15fd8a61af6453139

SHA1
3ca6cf802cb36ee8521bf92cf5c3953d6e2fad69

SHA256
737572675bd9e29d54c112040d7abcce8bc99382de797da61214d2f9c6050009

SHA512
1fc32fa1a253256e31342f676a037909770189f9209785db745b24ac05af807f3552792f4b1df68d9dfa7d4825779dc83c938153be24dd46affaac11a5d88bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
19d433905deb6827603e480025586b13

SHA1
fe0890ad8babfcdd8984399f7b9437560ab1b163

SHA256
0d6a55c0282fb155a83abfc000611df40d412214e5268b8a8ecb86db34dcb501

SHA512
395f352ac8545c29e8a5b1496337d41b8c11c8bb36c7533d9deca06a4b5a7e1fb3113019da47d2ce43ff11390073474c8275412c8473eefa439237dba994f4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54026523304200f601cbad5b2e17953f

SHA1
6d098d70cc94d59abdc8e80da9deaaae145c3154

SHA256
0ab0f139bcfd61701e34b0550bbd82a857bd0426936e1ec81d28476f86e2ac4a

SHA512
e2f31a1a3b5680d688c3d21c4c6b34e0c87445ded9b825f86514392b476aace3f1aa20cb00f03ef381e0ae02c4982e0a9dc0afb9187d50ef19d63d36b04d1c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93aa497eb1633088b2135cabbc015261

SHA1
32fa924200b232f7b13559704cf828082bcebc75

SHA256
2d414beaf26e70e6c792f0b07071e3e1cb8f91bfa77ed14ef8fc091f2879694a

SHA512
299be429ac793c8fcf5bcf8177558cb38bda9e6adcfb754b5e9bbda78aca7685da0c865c9276868b45c6344fc5cc13ffdad69cd6e759f77104bb2754ee0689bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
42a02558a844e56818e00718dfc2ce68

SHA1
e7430774f600d2b6d7a92072139a06bbefcb0d7f

SHA256
c5e025f5e19abd1659567262df200a277d172baebfaa5ef2c0c7a45977254568

SHA512
f7b25ea795eb19055afee5e2fbee18afd48accf584254e6c5cdccc6e5c15510ddbe644fa7daa4d288586f9622cec4eba892ed8385fd69f8fdbbda6c4e12612a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ad1b7021983fa0c7d15d35953d4847d

SHA1
9d7b8e1748c09dc0dca16a4a8cf2abfdff8aaa01

SHA256
dd559c81d77341ca0a03bee75d324f73c2d359068a890de2931f228541768806

SHA512
a934fd269c890507f5885fc583f903626daa72008ebad2f4328cbbdf22608e76e234652d5ad0fef2181e2e0c55bb1e29424e9139c5133478639b9650b77d5670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
61ec9007620b692fd14537acda184864

SHA1
b520e21a68d4f2abd599397948e77b88204126e5

SHA256
ad449b5e833cef8733e2aca49a09c34f66eb9e3217b90f8a7aa7d91b1fbea68c

SHA512
b6989745738b9e74d297ec56b6d5df05781642fa92269bef2a36d85afdf611c04e0a058df32bdd1a530ddc36049985b8ee4c079e38eaaad5315f9f786465d44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
46c8e189b84a00c393d734655a19f175

SHA1
a95c69c440e34aedbcccda607eff895e293eb900

SHA256
3ee288c6389b324d3f1fa79416c53ec31db6ac0b4e7564486852b2be7bebae7a

SHA512
2e7cd8ce0fdc4e52bdec86f5d8670570ae2f59fb077473a8e371ab5b8eaa10e274fd2714606a47e262ed9511b603b5f4de5f0df86c5f458ffe21e938b2ef4216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b73889fcb48c5754f890e78c9713095a

SHA1
2f1b7132e43c351e591d2202891d8fd910859db3

SHA256
87aa1682272542633ecd12246156fdc1301cfb4ea8db3b2a2abc282156df311d

SHA512
7850d2c6c992b88da75129e16da28e32eb3eb16de786f73c5f15289c639c6a888b1318a49dfce4738a8824609a77f701ebd3b96874234053accdd7e8147e880a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19633866-7d9f-42fc-bed7-20e74889dc3f\index-dir\the-real-index

Filesize
624B

MD5
fcfa04c1aa2928de69a16a7c71bb8a98

SHA1
ad60f8c14f495d7ea15972acd7c1a0bcf426d50d

SHA256
a6a7aa06e17c9f7b655d55dba5ab953f2785985a9b17ea5acedebf6358d389d7

SHA512
caf87e168c1a054a1fdb6b90863eddc740942a38576b71820d1b6c496b2eeec8a3fcfe2358d02aa9714e2b4aba0c06ffbd5378748af00ea3af117910df637a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19633866-7d9f-42fc-bed7-20e74889dc3f\index-dir\the-real-index~RFe58ec4f.TMP

Filesize
48B

MD5
aed2a9951b56afdd8f918c02a07e1f12

SHA1
9c413a94d8835a556ec97843c1876e01b46e2cf8

SHA256
7ca930c9031829d9dc5ff3a603cee152eff1c0651cecaad244fcec79f8900697

SHA512
df656c4b066bcc761eb33a8add31f9f1e6e5c7e2d96ff1babc7bb0e8f367be47e82b011d63af5dca4f3757648477aefa960ab11b5f9a20dedf0cbda800a961aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49180345-9091-43c2-875a-b52b6b3a809c\index-dir\the-real-index

Filesize
2KB

MD5
84e6709f616593f4094b30fd4269f2bb

SHA1
8bcf8ed4095c2c52a5dc88855c7c3bde8ca47ebe

SHA256
9f7205eea5b88109216f0ee5babf1632d4c68d7a78cf42f29e9ba6f8921a8fcc

SHA512
fbd88852b8f16f5d3df07904d00bc782c0c2341d4530adc09522486f4a8c18ec48e8eb3cfe32a11351bd77e8af0dba40dd1e2768285acc8fb57ae4799bd082ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49180345-9091-43c2-875a-b52b6b3a809c\index-dir\the-real-index

Filesize
2KB

MD5
2c9f19c535b2da20cc6cfc3d10dfc4cc

SHA1
64ee59d8f4ca97269d7d74a7de129c35111df902

SHA256
6480e3cb1695300a3d0f50f8c6671ee8eafa7b42cef7c3d92165615f8141969e

SHA512
2df04c5c48ee3b8229112f3a9ba9b0e9c80800e300f5d9254e9a8dac2cd98bb583a95a1f6bbeede190e927040a2fe2aca0172cc59c386a0e913bed922f65762e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49180345-9091-43c2-875a-b52b6b3a809c\index-dir\the-real-index~RFe578fbd.TMP

Filesize
48B

MD5
7c24f09d18ababe8eec0dac8eb5b298c

SHA1
d915f0e179819255e0004bb79398911f7949c30a

SHA256
7d0fe1a2f501b5ebbeab151f2a414e07bb5b156d8853d13a363a85c73d3a13de

SHA512
30ae9805f04c272241653a08427ca8c5d77b8e91b09a16fbdc235ed0b974c870a0f95d23a15d48bb41649ca0b6d94818f9dc98ab3976c9822ff70fcab3fd645c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a9bdbc51-47e2-4583-a449-843acc9b0300\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d34de27961997bff5b9b5bcfc79f4afb

SHA1
b2f7ad634d613aa66c35b8a7797237bc8f6c62a8

SHA256
60fb7101b59e9cf5c7d17bfc81158074995dd604aca0f268f201b7f77e0ea44c

SHA512
9c4b7b8e631b8eaad51f34f6f1e35f45d2b48a095b91f75712a77a1610964148f4631ddd3455ed1c20c31cd1b0383ed2d5d34c8e091f515ea3adc2dbf0aa6b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
337bbdf365e286af179bb1b5b37d7a4a

SHA1
716743de5f17ab6200a0dc092959e64bb215b224

SHA256
f17744db16217d6e7c16d7a1913e58e3c1061ecefb87f2dafcc4584fa39e1248

SHA512
17c1883793c500f6408f78151d9053bb8e04c849269c46e8439f63d0027f854e06fb98af3d5768fe4e99caee1c2fbdaf577caeaa4b16ce200722c3d373aaa5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
6cac96a9325389a8a1573590fbcaac73

SHA1
364b43f8c9f587b98f840d591691b991604b0871

SHA256
d5afa656940943f8b3249b1c339ac53e4649efb79dc3aaf27c12d915416a11f5

SHA512
3d524eb770dfe1a0eddb1c20064b7b86637e4df340f97e0f7067c6c3f76a79ff50dcb244f8944d9aa823f997da6e420c15badce8953bcf2565719f20aff33922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
b50c65bb2f3e3e8636a36c925efa2b1c

SHA1
b0bd8d28435333ce363b36a3892531065b2a4ce0

SHA256
44b6c1b8103211584b0a513def4e3de23e004a7b6560edacf10b719f3b6b8fee

SHA512
5b51c5a559f224b885de743f2132ddf4621e89858e78999ab62a017938c72721c9540db28c1b42328cdabbb2c70a54568a61a58d73b2c21dd9b3d668590ee08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
cc7fbc85444ca4d7bc863ae800123bcd

SHA1
25a327aa34499cbe222f0912a14a88fb7678ae9e

SHA256
dbb2bcb19d7f9798b2ed82f2d99e97b48517fe5180395203ce2dbdc372f2fb15

SHA512
95113bd049160a7688b46a32306d93864246bcec1dda1750b8008bfeb7cb409bef50d6ed6e315eb3e602869a05e896baeb71572ff81d14cf673fe4cdf2303521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
bff9020e573e6b6098b8ed254f147d70

SHA1
2efb8f63c56782f0036d7c74889b6ecd7a47976c

SHA256
15810ee6baf68584ffc9af58309be5c02e88ac97d9cc610962961deeceae95a2

SHA512
2bc72e360e4c62aaaa14eea4a4529623d86fa62c43b527b520694c3bbee77c4602ee91d2e0d20d2caae73d2c7c5bed9324aabde575b2571029432ebf97340a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
82B

MD5
cb70ee159aed8d4a957dd5b8b36727c9

SHA1
397ad473eae44df1b2a58219ade43868326635e7

SHA256
55127203903b199f612a51785d6104bcb6077f6120de84223e1eda6df707b1ea

SHA512
d8274860e795854b3e030815c518c4eeb501bb151ba4c6712c3b9f61d3f2c20ba762a5044235d25a2b5163c842eaf28c1b6fdfa9fbd4f38e1518cd7c6b55d0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
065340107f7e6b7c29171d675c6d0bb8

SHA1
fdb45b6847e5b542cf3685f0e506a34d30e9bf39

SHA256
00179350755024ac326f59fa24cab6eef0b911818ab3909b14108ed11f33e889

SHA512
4c42628d06f250777a2d218c3faaa75dda86993982df7b8b35a82e76ef227891581ce72d2c7bbaf66080965c5c2c38a2e097175f0eb6e2d0f7838d0efe6fe8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b182087a254cc019c8f820e8d4338f3e

SHA1
5d31457f98a76cdf3c177947b3b472aa626f5b1b

SHA256
bef340854e430a0a706a58a1d2d5e4fb89b8193ed387c291a86d5a08200f61d5

SHA512
d740353523e21c1d0d1c720fb6c9f0fed1129d5299155ee7e2fbfbaa279ae50a6ddd6131494d0cee0761ee0aafe2694b8a871e0c1bfdd2822b3a3f68312c272f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578acb.TMP

Filesize
48B

MD5
619aa561c6f049df1d2a7e4cda849ec4

SHA1
d3ce603c6f3b63a69e710fb6d3d2b74e88666a82

SHA256
edc31b7a6e130ad7e4d251fca77901dceab129708686f210b84d8f0c0fa0564b

SHA512
69290a2b737eae01b9c0b6e0cd6c8ac6e39ba835cb64c2fe28d7589a653bd472c1e40ab0db6170dc5d28bb0273724535030a38d9053351a74a83a4ad64fa241a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7269773e0e92ee4a282d1892a596c4b

SHA1
8b5457393fb165cc323ff64694e87e560fe9ec68

SHA256
ffc33af27b077e660d548fe025b7f06abdd45fbe0dd6f10ffb09135f94f545a0

SHA512
fabfe5cde5ab693c9da42c21cec106b0dbc9983dce62ee8f223873accbb26e84a5d6917ef4188abce74277f7a51173722ddbbd19eee2f21bdaadb1757e11549f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f960b4cbe8e908d7e05829b1579b520

SHA1
8b66c941d0bedad29c99c2518c0cab665332da9c

SHA256
625c851ffb8d4f70b97054b7d7902f1831ee75825f623a161918388083da8100

SHA512
33d139e216119bd70f966ab3e2ee42b473289c3ff4f0a3a108c03148ebe4acd51464cb2d502c25d3d4ced45f3187044d684e093d49d603114a0f029014377edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1bb76f8cf614a9a6653ba90c9d32712

SHA1
5707f8b6045aa5ce30e0518fe1597f6283544223

SHA256
06f145ae63b926fc589cd3e67a3b7605a4030decd94e8065b385fe4228d7ce24

SHA512
929a636ce4bb6251e064022d0aba59baa7cdc5cfc20a59f0fd42e1006fd70a8f0a363405bd76f71bc92da364867e7765734b6df5d40390d4d70304134c697822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12829941b02b534e27e0cd61d6394ef3

SHA1
43074b254f0a35009cf5152620edd1c034d84b73

SHA256
c905c6b7aa6210225b1a108068a73ded15fc3938cb31777c5055a947c07461b4

SHA512
69e5271490a1542b1e3be6fed17935f9b562b2b040e7649b18aabd6ba8cdcfdf16c1db7810a81f37811d17bfe3925a477931e476d479be858b6e7a12a96131f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c870.TMP

Filesize
704B

MD5
0dcfcc3adbadff5d08cb1ad444dff859

SHA1
8385d826b1b2d0d7b4128ce2a668d61dbfb2d0a7

SHA256
b1d7313f8edcf4ab838da683b23883060febb531d09798ed9b6db9bd1c4c7f9b

SHA512
c10621b32ee8b66814a3ed035035bd1be3e3a506a98b47fbf84c33972111a49b0e2198ede74bb34da2edca660431eabfdc0eef0d5e10b52f2aa14a5395b1f838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0af9402664aa3e3534cffb7cb1619449

SHA1
f721b31f221ba3c4c41b9e3845139a205c6893e5

SHA256
a4d8829c4f638a9411c950acd745aa292e3eab8dae7a7d1106c4aa0a79d396d5

SHA512
33c98829297e7b96c77fbe5de94774f171b8ec10e13c867b55ce5f4a84e4fff0501731574f3e105dfc8f92a0f1e2bbf1bbdf6b0916e53b4c198eccf52de7545c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bb58584fdbbefa870409a1d683db681e

SHA1
9d54181dfe0da97372775382f1e7f2f1494293e9

SHA256
95b6b0eef7115a725f7089c869d00aedeea571a317d16a53e5d6d260ac55ceb2

SHA512
7ddb9f15bb712ff1deeceed29402272cfac7b7ae4c06f80e1230e6dfd50c4f2a2c223d03d83fde52fd1704bc39092678b38a907b5f4de5a1fa1a93e28ba6ce26

Download Submit