hxxp://d | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{E7631048-BBB1-4403-A455-75F1C79379AB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
3108	msedge.exe
3108	msedge.exe
1004	identity_helper.exe
1004	identity_helper.exe
3532	msedge.exe
3532	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	508	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 1680	3108	msedge.exe	52
PID 3108 wrote to memory of 1680	3108	msedge.exe	52
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4880	3108	msedge.exe	90
PID 3108 wrote to memory of 4032	3108	msedge.exe	91
PID 3108 wrote to memory of 4032	3108	msedge.exe	91
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92
PID 3108 wrote to memory of 4736	3108	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff933446f8,0x7fff93344708,0x7fff93344718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5456 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18158135351288364671,2879418646889120917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
212KB

MD5
4c2bbd143c5f215e770c1c5b3e92b79a

SHA1
30dbf6b6c2cd031378f1191c0b42a24f3ee2128a

SHA256
8da1252eb6a8ca086800324302a78b4e0c77e4c07a49d96d254283b77c198b7d

SHA512
d7780ef1b46d25730e296f9cae8fa5c4bd98f3643f6da191658da06196352e05a96ea3e94478a9fb07422605c9bc08acd3b3224450c935e5afd5da6348bfcbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
452cee87a193d291cf0394c0a8f961c9

SHA1
5ed43fad7737f776e85433d7fe7aa70d37eb4606

SHA256
6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61

SHA512
355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
47KB

MD5
7cf459fb6a385376d557bfc91d964087

SHA1
43df1c5a3fd47487a815871ae01ff4da157bcac0

SHA256
6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979

SHA512
a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
777KB

MD5
8318db8ce08e20961a259124b01ed12e

SHA1
cf66e2d5683836cc4c21369d3a422b4b9c177238

SHA256
adabe0cd0f13b34099125f1048d14a62bae093d484f41903f90da8e4ff23736d

SHA512
9737ae97918ed8c36856e29908da81f1e462f0ef7e3d3f742c634e3ed81b6e60d3e9225fea972def48ccda01c84c608da16461acfe7bef1e4ec9e24a11a164b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8268cca5529137ede9b0c9a3b814ebee

SHA1
19ec8ab3da9af790d71a149f648dd40c50cc84b0

SHA256
5e1307bcd27dcdaccd170a9f9b0fdd97d7084b368b5e67de2ecd4f632d64e3c4

SHA512
e2d6d306589dee05ab0f265cf5989dc2dbe78ed425ec71a053d4cde4efbc5fd37f40560f7b80e7f408a11501a72349358091f267d1d31af8738f5913ec3054f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
31e06ed71f9b7c859acf1d1ab12c2e94

SHA1
566b03503eb98bd090abec26be42ee98ac052c62

SHA256
b5855395829c14b51b168ac41c15e2c7e4032fb6ec2cf995017c73e5d0422bd5

SHA512
2ba3d97591696305254885bf8977ff7001a3dcfdd058a4c2fe279578eea8c76f99d7cce9524e298ad1024916d7e9f753220437008904bdf18088daac035f9f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9aee23df5dabc8829244ea58dd7442ba

SHA1
a14545ba3c890283c56e258d36bee5e178d88ed5

SHA256
db5dbe2048e8a1cbcec7328da1f8c80c02112b5492e321973bf8838cb49fa778

SHA512
d83ac5f51178b08b32f75fdaf7e119ae8da4c9ae1e61909e5039e315297f86f458fbbabdc73932df8838cd1e57b0f9282792ec7242db3fdaf108619016a46d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
947eec1fe46f29ddc7b6ea9f020b8337

SHA1
598d3af15075172682e41d6833af122e3790cbf1

SHA256
654e0636dccf93ad6da52fbe506129c6ab68b0d916b59ec26f52e9903967f078

SHA512
0bfb152eedf94d4ea5b374d2f7d1247e3f172eb0fae6c6f853ed81ffdfa2af9db8dc0c8e6e165296452c8e4d374a13b448e2a535ffa91c3d49f36569019c0742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cceb15baa2b671a9884e4e475de53799

SHA1
53ed00ddf3ea5c66eb84c42eb5abd1d5d1f6dc7d

SHA256
ed9f42dfcb58e67c63940cb56fe73a8adc30d50582767fa0155fb12b2f1eaebc

SHA512
08f90809f6d99c52a790038b51b3e7ae485095466c3f7be6564b0197649b71292d757c513494600a0a39f9c89ea1bf5cf46277793cb7337f75180770f59a9499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
15956dd81c7def16b13e9c3f42f6dd33

SHA1
4d1810786b023089b78cfe00acc2e98ef18697ab

SHA256
cdb690a12c6bbb34866884f348ca17127db61b78b8754673c55ca36a4ad846a2

SHA512
b34774b95ee8b07dc1e22dda4a30b8dad95ac5d42b9a9dc797e7e0341decfe78a05864df87072b43e2e046ff90e16128837a3aba2d204fdfe64dbcf658bb1f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b45f65a485ce62288705fbdbba13adc

SHA1
0a3d359ff6d7fdb67182ce677e6b43ae63514b93

SHA256
803fe0ce32d1f3debafac5af01cee903b83c03c4bc684e123f647e027a505b14

SHA512
59d47a6347e64081594b54ced06e89674977e3f3c817104e359bcb38a233a5225b7a3785b4830f3db52a948f8f667463b0f3609355b6a3301f7872cf2bf3b768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec2af1fb52382a715052457a5d91207e

SHA1
e14073c48ccc13bedaca9adc984810beb158e8c3

SHA256
17609f3cc55f9dba9cee3703d2ffbb4714495ac883e139f148a3cda2ce13dc18

SHA512
dbb4d609cb0eee7a42034820ad89cb088c5fdbeda4e8f59e42055d8f9de651632f5c7d66d3d75e0888b3c640f5864b327c65630f7500baeacb9deebf10531717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
83e07b9ce59f307c6cb3b678414fbece

SHA1
cbc39f6548ce2ddcf8eda57c2afc330a40376ac5

SHA256
a37bfc89304efccec9623d00f3ec487a9c10aa6d89ca444bf21ec4e1043e5144

SHA512
3263ae7dcad573e947cc34daabd02d0829ae02eb2c4de6b13ee47fcb826a8427e04612ddcfc7038711441d48a5d0dc333dfa48785521cf25717362ffb288e173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0aec57eb-afcd-4a9c-9ae6-4bc0f0cfde00\79c8914da9e4e296_0

Filesize
2KB

MD5
df2bb58e3dc880ba7c128eea2a1bf706

SHA1
04fe6213fc352ccbb77ab2803431c30c8db8b0c0

SHA256
de3001c064bfcdb50f9d2c8cb47f666be5acfcec5e51fc1e60b3c505c5e74b7f

SHA512
8c8ddfe12b2e2315f49eaa72c16135b6afff36977ba63f80b8ecc45da318e5586039582b42223bc70c5186d5026f7f660b6dc39573a603a2b8455204547c5044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0aec57eb-afcd-4a9c-9ae6-4bc0f0cfde00\index-dir\the-real-index

Filesize
624B

MD5
f1432f18ce3ea230ec91f3f4ce4b97ba

SHA1
832256492ec95d171dc51ce0cce6ae1c6ce6332d

SHA256
27949509cf0d80047025c1e20c60b1f80f0bc0597b8a86aa432e05e365258bfe

SHA512
fd1f153d0c1eb536b4ac4d0782be8ce8e4881e4db3714767d9f8dee5883a1ddccc6675d638f16b7b5eb533811f68815bbc5d7730ac60ef96be9cd5a104f4a919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0aec57eb-afcd-4a9c-9ae6-4bc0f0cfde00\index-dir\the-real-index~RFe5811dd.TMP

Filesize
48B

MD5
1c3f381e4857d82bf55129ca58160b49

SHA1
d1319a253383235359352106c747c1e95d74cd4e

SHA256
a00e5e1a3a5b15165770ca536e14bdfcf1724e5ed6fd7b6a59338a2473575c58

SHA512
7d7d461f8806664ee1c826c1388f7157d7df56201ce2175dfc5bca629a5b6648de4aaeb42907836356b9b31a224caae37ed3e6c9abfb02e02a43b7a6002540b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6757be03-2392-4b9c-a9d1-1f74f18b39b3\index-dir\the-real-index

Filesize
2KB

MD5
158daf4475cc75b8494d507fa775318a

SHA1
5df6b1cbdf4c1b09a22afe4cdd2e1727c8213e8b

SHA256
1b765a54116936f2700741d3c59a2bc1ef7403f365b7d3ca06e8ca16d332c52b

SHA512
73939941f034fb82886e1bdecde5529e2f3c7d977c6489d77f05d36eb534222fc4908f49d3f3a00aef120c40cf3986fd8d1b49fa452c716a25b995fcc321e89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6757be03-2392-4b9c-a9d1-1f74f18b39b3\index-dir\the-real-index

Filesize
2KB

MD5
ee3bdcca83f64f36d9714506f0c57e7c

SHA1
886f2f881b3590a84a59cacbc9c07905711d2cbf

SHA256
d8600e03a2b3c569e3d3ec4059baa72068ff831a163f0e2c43366694044491a2

SHA512
5dcaba0f7afbb179da9d518f6a6f8f3692fcc68b7f824a1b2e73ae23e68526be2218d6484f6183da8ca0ae13efbbaf6da2006a0a44293c29b614a68c67bc09d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6757be03-2392-4b9c-a9d1-1f74f18b39b3\index-dir\the-real-index

Filesize
2KB

MD5
5941266566af757138bdd27b68eee60a

SHA1
4ac683bb7b0e1e560754758e29f5a71f2324c8a5

SHA256
58eb8646532acf7a2b8964b8c64c6d6f0eaa6ddcd433b34d06bf088e19d23608

SHA512
9a04c5d97fa8b5f9cd40eeb5d2fc4a26cfb63729bebe2b2ca963913b8490a19c396f7c502d3a5a33c2473597ebfa442c7b60af00447fb4712aec9a6cefb8df0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6757be03-2392-4b9c-a9d1-1f74f18b39b3\index-dir\the-real-index~RFe57b15e.TMP

Filesize
48B

MD5
f6c1c5e442681adbd8c116c83c1dcf29

SHA1
3a84b6cb253e613a23376dc79088d91c32a2fe30

SHA256
de4893b45c5e041cc86b65353e54d3ce0c8312d33b4be3627c012f756d5b41c5

SHA512
4eb6f341a0fab50ab27e83ffed1b2de9273ba711d091d27d304f1b786dbb530cb9293351bfa3098c3aee38f820e64e54082c36219d3db9248ca7d09a82f0ac8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95cc0268-b880-4018-8d4c-e6aa39f8d079\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ae00a54207d9c6df7a8976306ed51360

SHA1
a1607222298e5e7701fe3420747c6555405d3235

SHA256
ff4cc7853998fe3e21b950ae9cfdb9af2bf076ef7c25dbf8d966d33e8142eb10

SHA512
5b731df2620eda3e1ac0b7a78f8d303bd1a8ce7eb50e819b46335e9f33f8b9102da218a486cffc8045408cfdeda581776acdcb5d8d32acd93156337310ba7045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ea5e9136bf07430a7f72f057462d22ce

SHA1
44b0408480ed82e5e992fb49f0895fb551c7b6c9

SHA256
10db84999d46c021d1bbcb1151228cb8245e814f1d97e9a2f780a0273285430e

SHA512
7f1dea58bf1f0c281c3c782b32dcf9367998d99e7c167f835731c224bf29686d204b96d53edb6339615ced7c4081a969ba33ebdce18589b404bcc6577d025348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
db9488804ab61a2a977bf8df3fc66ad1

SHA1
f250cf9ec430a796d2e1c08fca7a9d482f91053c

SHA256
09404bf85f4171c3d601bbb24169da3ce622b10130e57cc3bd68b462827f8849

SHA512
f6c41b4c96cdc666e3ecdd9b9085fabe4f98f5c9d523f2aa3c84b047b24db17dc7e7d269ba48f416ad886df7fcf3ca048af56293c947d92d5dd47df190649f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
d713deb1c3fe9aaba7441ac049e51bbc

SHA1
08221ca9737e0de118ca4dde69819f38fe35556a

SHA256
0c922c00eafd4d0de5c17e09712a03a3af791940d4ed3a4967d6a55ffcbe9220

SHA512
6f67f2444fcf0d5e02ffbfbdb84d145217b759a0f45070127425e509a0c5aa745893c96ef60e2421ce11752cd41823821dba6af2a6d31fda3f1c0d42ce521091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
0c30d0ab577004cf22760914c2ad3840

SHA1
544d0e4251755fd8af2c4873ea6d7d692583c42c

SHA256
b205ac4a714619576acd6279638ff4c9b27458ecaba99107757a20ce4db4a1b4

SHA512
ff7dfe208e7be160c33b5222bb72026d1819f168d72fe2611193f497432e0a727571e2427a2bf234a867d1dc277e14214ed6a21514c87d15bdb89d95405b77ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e78df165d94511fb9ee9b3be1ca5698f

SHA1
10cf2bf8483b0c2370d66528a73032e1ab115dfb

SHA256
059542ee307fca75de3e72e753d103dc9625979cf38d3c7cc30b6eddd1c473c7

SHA512
57d14c8392462367c29a6de4587ce91a8d3f5aff0dadf6a44c1862921008b2d964cae57f3a3a3a263eb745a0ebebb6c97741d38b15462c9b8b2a81aa3dfb195d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
6e9248adb6c5c424b3e6548037a2b4a0

SHA1
f073e30b7eac7fc5a89e6f2c1779802c02b98d9d

SHA256
d1978679736f3bc90cdea55dd427ec70358cbfc167d5da4d6f3d9a9ea5e4d0cf

SHA512
04c0db643b6412b51b90ac0fd6b6a85d0e667d43d2b3cf0a829edb686a0fcfee9fa510b5d730c90e6f42fa7e13f37e081c78f6f3e7907f2361ee75c0a5ded39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2292d9d82973caf44b807fc1d0f0b323

SHA1
050fadc0a97203ceee47557111fecb45f431df0e

SHA256
a8998ac91befd2ff5d5847220cf2deaf5abb4b223920e602f5d1f276e5d95ef0

SHA512
4cc08a79c38b6fbf80c172e32aff486cd4ccb4c7b0499fdeae25a88c3dcfd43fe0d18b4f65998bcc7953cc69ae9df38b393f016eadca8bac10de1d568c664c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
aa2f690315899e0faee0435c9c88cdf8

SHA1
595879381db40afd38b12ad172a2abef511360d6

SHA256
7219ac15f4f69144d265447f38b7a8a6b55a37f22d981bbf29da4ce79b3b7fb3

SHA512
c26f54371a43bc626a460f9395362242a33c055e036d133957de026b89c584727785ff0e67d5cc2b59a9960e46ab545e24701cc73b2a3baf4145aa99b7ad21d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580819.TMP

Filesize
48B

MD5
72ffea2c4c1047b5c9abf727ef8db7c5

SHA1
86fa40f1185e1c876aa5702731e4ba7e978f1b1c

SHA256
31d197a8b9300d0977ee0c6f57d10fa069d9537ed57372b17654f83aab078731

SHA512
0e64cb012481f2dfca24ca1c64fa90b71dae56d5e90610f922f78704f58e3c846f56bbebaf57c3e5be2b4c38f050098b36c1a554f34f2c67428c05f19f83a921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9963649429473b1734fb38744f9a568a

SHA1
cd28d65e6509ba70996a020a3c11bd408bfe1607

SHA256
65ac16e4efc4ac5d031bd6717e20a658ee0635c81255afa82c11971344e4cfb3

SHA512
c996c28f7a04e386c759441b82b3c498296444c6c09c18bf3adee9f6f280d23f3c4f297618063b6f960fa07c16c8f986384ff1d9a127e1597bc0dc03138882cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4dc53d502912fba42d39937553a377a

SHA1
e64ad5c680ae2ac2d9e806df1da22dab7b4e5657

SHA256
fc3d7198864f3d7affad030e16b27244388430949eabc3f65c3cb6d6b8968fdf

SHA512
2a0fdf4a11d504912e092aa57c8a68c4e88c2abe4e57e4a5bb03c5d9dc74be4afeca2f9acc233fb1e97bcbd737b9a8969d66fc23549feec26c47eae2ae13bb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ac2e.TMP

Filesize
873B

MD5
b6902c0f8217cf6e7eeb9a57c39a2fff

SHA1
fe0c418650e5b94bd49aff00cea09f3008a4aebf

SHA256
67c00dc9c427623f5bcec3981a2ae14ca239ec42b99ac2bdae5048487d31bd39

SHA512
7fc4aafdeb085be82317ff61fee63f690e9a0ce8f927dfaa51f8cb9ab7c0f7d542c44ddb4f5a0e2e05a220486fd9035b558423fe669fdbce34c9e6c0c573a59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8cf7a03b56e53e6551cdf7a80c80258b

SHA1
f56a3e89648e673c620c7e12e20cfc8027d9bb6e

SHA256
b9efdcd2967d0abeea4ee38360e76a6ff981b051d985f0cf4f20f62a5f942a61

SHA512
a19df8978dc922c9217065f0a1ae9d874ac947484cb42988acc90cc1f382a348a5c411a480f1482dcb66d61c3faa5dba607d2df32a83b5b18f4a238bde64aff9

Download Submit