hxxps://rcs-user-content-us[.]storage[.]googleapis[.]com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8

Resubmissions

29/02/2024, 08:58

240229-kw74jsca7t 1

29/02/2024, 08:55

29/02/2024, 08:47

29/02/2024, 08:41

29/02/2024, 08:38

29/02/2024, 01:40

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rcs-user-content-us.storage.googleapis.com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{43D94FA5-A76A-4ED9-BEA3-7890AFFC8645}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
4516	msedge.exe
4516	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe
2064	msedge.exe
2064	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4892	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4660	4516	msedge.exe	61
PID 4516 wrote to memory of 4660	4516	msedge.exe	61
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 4260	4516	msedge.exe	93
PID 4516 wrote to memory of 2676	4516	msedge.exe	92
PID 4516 wrote to memory of 2676	4516	msedge.exe	92
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94
PID 4516 wrote to memory of 4232	4516	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rcs-user-content-us.storage.googleapis.com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa7f946f8,0x7fffa7f94708,0x7fffa7f94718
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10559935121594708098,9560482691973299183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
212KB

MD5
9938fd17b172bdc10b284401c55bfc65

SHA1
2e8b40a7d6b974c3e09e26df71440c445525a609

SHA256
c7daef2774cbf611a79ff767c2486b0aa3b240daf4f50725df1542f3e773200b

SHA512
1dd313f52d357e64574e952f3f093d5beef33a943e053dce4bda2841ecfcced70d53e1abdb699f6bf182cf1dd45124c6caebac43f528c3efd430500427526087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
44KB

MD5
2d6db4786c532ad6116002c873cb80e5

SHA1
00410d0de25ec575b49a6c987d5b8b2c7bfad0f5

SHA256
ec7a48c88519bf5d45cb698d8a1026da9c2cfbde79f10e60d31cffea5f96cb8c

SHA512
6e7e824a49c1f2123cec40d3c3af73599b0b9a08ace3262ab4471bf3144d149bbc099d1fe5f7b5fead38e83b1f341541651f600fa5e9ccb31261d27e55d8a76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
46KB

MD5
3736a47571d9bd71b4f11ed4e8e5d4bb

SHA1
6740cfdec8d9286b096c51d5fca1f6b6bb06f124

SHA256
43014829e3eeae26673871134ebfe794428117f5d0a4c2a7e63d3e987c6e2839

SHA512
79a09182fc691b4c0ed62603f0ad7afe8c71ccffa2945f9052ff1e510d588dc6abb6f4312a16f83282639f2813ebfa6b830e9dc284fe01cf13480e1181eefba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
19KB

MD5
56cf88a250e483d0b17bd6b3a5cf245d

SHA1
7ee18462db98275a742167c02a7bcb9b9cd9ed56

SHA256
287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a

SHA512
23ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
778KB

MD5
914e94c22bb03fe3392a5d82e282a98e

SHA1
f7a8b2495fe34fa6ba6672f68c8fb884ad86298f

SHA256
0e01f5e4232cdd41a65169343c1ef6d4bcde3d5f502c24f99a4cee5e49616ff4

SHA512
1e7e252efe6727376dcf85c7f88b2c39c298a26d024a570d322bf0ea05a86263fb7fda30918f0e330d5b00e150be2064016753c33856fe59b6f8cb51bacd12e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
d460735b68840dad4c552976b3a6c7d6

SHA1
237419608764341e46ddb8369284d1558399b206

SHA256
4d29ff47f9b313b54a1e694413862fff500091d30bf25c0fd2e754c03c03c870

SHA512
ae897248862242ddf7e040c96f3910c242f7c0cc64f2de9bef1e5b2fa91ef834e555d8e7a9e3673b1db8857956c5b970095e1fe0a27129f1ef829236f08f4e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
55KB

MD5
ae46b78478d398b955a2e77ec33fc2b3

SHA1
5af773b2e30e632499ede982b6d26d9832ac3475

SHA256
9b26788e4a4720b03ed0d4ed0f5d08e8741ae34224cd1eef205506f0a75fa9cc

SHA512
cfbd47da4bfc6b1f45e3c5d198fe380daf4fb7b4c2cf15cc8e5e40e492c61d882b14ea2863801ffea246db2041ce64176b05093720307b33cd434dd2c4f985a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
644cdeaa128c009257efa8b79d556105

SHA1
28f7607a0a2f69b7a3fd0b572812823488d89f42

SHA256
fd3a43a3ebb5b4278dd6539b012a8cb1d9b7bddd201cf1a36f4ee399cca33a2e

SHA512
51eef2754bd7a1b75ac45fabeba7087b03722a7701643b67067c93e6eedc715f9aa0a8192006804e898f0e4bb8ed0ff6ce992e06a06d8c1130370ec8bf56aebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b18116adb6cb3977c47fce55dc9ccc01

SHA1
5c1ba09004210b6e506ab22d0a8fbdb88f53c474

SHA256
52e29cafa1b05ce178555560d8a6327232cc2e83cde3073543ec47f3ac0cb5e0

SHA512
5b737c5d66639d352d7b55d7522bf16ee45a2dab680b0f445121ec173623d4a76c331f4fb09c94efe6e62c6abb9b581db70a4e344e73528d7f676e6cadac0029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1fbcd7e19d5eaa2f27f23ccc9f890469

SHA1
f4a13bd7649bc5aec9b581cd34ac5bdf388f5f5e

SHA256
adccc724e65dddffc4f98d7a2c4c9b91097ad3f1fd39405233129ddfb56587c3

SHA512
cb9ffda42f945e682bca95fd272f3fe29d7aa067aa935adabb5b603af7bd5dbd1320dea07625bd46ee0c36f8b9f99c2d4d5f6b2aac456f3f7d3210841d33b71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bc76cf6f538ef42988e9e29e867ba47

SHA1
82b94340f47ad3c6ed0f80cf7a8cc03c014ac9d3

SHA256
725c04075119d6b418d8156878bb9ae22850457b58b0cd29e1d6d932c44b4dc5

SHA512
b088a29367dd32e3f3007f0bab447efbd2cf7d0eaae30d1067cc3f0f870215de76a2de596fedc07c4d590fc977f316161655dc937f64532059848647825b647a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c0b782aec4af9f5494fbab6eb62dd44

SHA1
c66482be334cbe30bcfe4c2e1de153c2726cd135

SHA256
38de0f8d2aede0e3f13a1cfb2b566193d889dad617ba0345cc9708cb431e383f

SHA512
40ab85129881646d1a7a20954b4856e6e2f5239caa0b822695f058601f214d97d709009577a5dc203d96dadc6b4303997c0236bd27b52571da3d401d33cf6627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bfd60e76630e5f5efe50c3fe0d534491

SHA1
d9a100039feb4fc9ecf02eb12907b68aa0a6bb1c

SHA256
d30537ed1d7c9997e377096180a325e68fb6652bd3913d1724f9ce4ec9eb7d60

SHA512
a849059b7e4c6eeda3302a504826d69c108e81d3f530f25814105fac793b998fe4ce0a0b1be1585538009ada7537af4832c2e1676ece0a621dd2205fd91a0deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c56d53d9b7f2b71ec4baf4206428aa62

SHA1
c9b7d2a2daaaa369b5cf381795e7970dd864e2ef

SHA256
84b62f0a164967adc7753c5c1177e1e62c40d48cc37b77437a2a582562b62195

SHA512
f3196473ee6810a27007aba55de9f74d12bbfe5f7224a0e5edcc3b2e08a9c828455be520368f15a7591fcbe1958ebd8aec85e3d17067952e80bf800be6fd24e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14f4a7cbbdba3b3910809e5d15bd2f54

SHA1
7f1a3afec1e69e99a6c05fe35c39d2d6d1b792da

SHA256
8e2fd86a4ba807a18156d5ce3c75d915ffd191fbc4feb5bfb8826dacaea8957d

SHA512
a22fa1631d1f68ab1e47edbda886171fb8e86d329d06de414b88e7d75d275f34497b453cc1ff31f75099c544120da312b211f410be41dd4f243d0575a003b965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
24726b588763e856cde9ad7ac15207c8

SHA1
cbf78d0823f8ec1a23b284dda2b5bbb40ab4925f

SHA256
cfd795236f5d7df1d3ac575f1492f64cb3d04fe43c2d60e1800bf257e7bcf39b

SHA512
d629f0c6b542ca869db71b2c4f739abd6a807c36d9686b3d15bb4da379706a594115447b201b265c13fcfb3f97eb761cec21588fddc803fd17d9793a47a1c037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\32a3d6d0-0cd5-4369-b79f-3ca6381fe225\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d80f0f2-5222-4290-a0bd-d83cd7745cd8\1557b7fdc2795560_0

Filesize
1KB

MD5
023e46839a28a5c7910df93ae97955e1

SHA1
b80d8361c1df48cf56e709eb082b698a287478ca

SHA256
0073444e77e599f3f959ddbcebd8636058b2a6f3fd285253d4c036796a6baa9a

SHA512
d9c1bf3bac684046a7340bef168ca015e82a366d4ff39a52c9b76e623b3ff31986732627500500b85d026de645ffe90d1ee95a691481a7a3f41e6d7823d1c2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d80f0f2-5222-4290-a0bd-d83cd7745cd8\index-dir\the-real-index

Filesize
2KB

MD5
d482ae1cd57b2a552dbdd72545cea38a

SHA1
506f93322526ee45420447cacd250dedfab312c7

SHA256
0f1070eab918ce9b356528efcf5f17c898acb4522720be3164a9c813554d73b5

SHA512
50536a343552cd43d787196610fdbc87d22259c08dc2a3ec1d182cb97b61229a85926a163f1ddc605315ca8d87405feaa090a918f5cac8981dc0e9de62c0e28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d80f0f2-5222-4290-a0bd-d83cd7745cd8\index-dir\the-real-index

Filesize
2KB

MD5
764faa170e82f082fea91f38ede5a797

SHA1
435ed49d9af3f9797b4d12c04eeeab837a618bb3

SHA256
80eaf2a5fdae7bdc53c3234db08efa4b38a8a498c9ef38901ab5504239252968

SHA512
ee15ae5644f365a40700910145ceb6a5d307e1ea7a20583039de263951e0484038ebd9a130dd18bc02ff36ea3ab39f9a36212f6aff56720e0649e9279ab513b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d80f0f2-5222-4290-a0bd-d83cd7745cd8\index-dir\the-real-index~RFe57dff0.TMP

Filesize
48B

MD5
8963652a3f7e1a06b26d8b1080c7d8c5

SHA1
3cb4b06e09b5a3608ba48678fbfc0394e8c6897a

SHA256
4461fe7756b052367dd630ca3b9fbaf33bf320b73bda9aef08ceb49b8db0a075

SHA512
0df475487985f54e98e1bde9f796732f1d6a74f3421f1a48809602d0cb19e3afa7174687b53fda275792a1c9d0b9d8736ce98c3342a0b60d77c1a6764912c1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b08ed78-0cad-488d-8aab-861d6767eb7a\index-dir\the-real-index

Filesize
624B

MD5
0a869e7edcc953e567e2a9ba6c8e20fd

SHA1
a24d7d26529426b8bd856a7ecb72ad438086ad67

SHA256
84f6f29c829859685030560eacd78a02fcb4fd4e05ac1b830e423296669efed0

SHA512
8796aa88f3ffb583e5918e5e00b4a5d87282750580fe9758650c5f948cdbafb84ee198e39d8b2638e6adfc15dc897decde6da7c2b262c99acc973639ebdc3cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5b08ed78-0cad-488d-8aab-861d6767eb7a\index-dir\the-real-index~RFe589361.TMP

Filesize
48B

MD5
13d60a288f2ffb8c670b18e86d1eaf89

SHA1
b9ab327851439f7cad34127873bc06eb98d2c44c

SHA256
b99b0f2753f982645a6896a9fe884c126b1aa42b8347786021d828ac653655dd

SHA512
b0ee860e547837db0f59b8e9ccf3ae3299ff27d5119d179aff2e322f21068cef0aad717bd13861a29f88ddb7e372317af6d886315ed07c924c8e5e73c614bc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
5f5979a06a1b8e78f836a759c2cd9213

SHA1
7210acc9b3d675ae5f88d140630c15b6ba9b8062

SHA256
b8e08f1c3d49bb93a5d76bb1cecbbf7927d14803e4c03eaccd67cdfa17ecddeb

SHA512
311be278aa8262a20a130640e3158941e9ccc14a918243d0b02d56dca533f779d7094f8a3fd8b7b93ca42ee86a25a0df7ca5bc95ab3230bef7a01174c22b1326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8bc055ab4368d3e76fd4fb37fe39d90d

SHA1
917fc07eef8d9a1bc917e8924e01e81b01e47dbd

SHA256
1ba1d54f1e91e74d3ffb0dd80cfdc5420f383e287585f370925cf619c1c385c7

SHA512
b7c36740481b9b1979a8b41ee0a33368dd4fc48509710b008fea86e4500d0e0f09aacf9e35894e8ba5c827199a0ea15d356ec28651e96e9f0dfc102ff01d7409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
9ae7d0711a1b2d960f2bd96bbfddcb43

SHA1
c228f4cb5509d8ad32b4cfe85b573fca3076728e

SHA256
9b8031e377461779de317312806d83add5294f7a7006d410823e2e28a4bcdb0c

SHA512
8e97b1b2104e13586c13f6ee195fdb063723d5ce152cc436376b6948a34d8933baa56bc17c262ba304751f72848323b9f7d66c1f2c64f9fe3e64d68d6c1cd9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
70ec8673c16e61fec9268a7ae45bf41e

SHA1
7d241864ee7a626e63e0ad3811df2543213113e6

SHA256
7f159094364f2daf26b5d135b49ddb9698182af37631f47c6f070df2b59ffb46

SHA512
fae6514157f445f14007d6eb49f9b9b5034cf4c3171214393695699c4fa77d6a4b913dda078a4617d19686ce4b9c3a7a467bf79f658d8f9b40c60dac729dafb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c970273ff5311c878919ff194cf87ac9

SHA1
962c754c47ac03831ff8cef321f907974f6eed66

SHA256
99bf9971402c5fa3f3b9b57af85a11f3667340bb02d57611a48c3c284434db4e

SHA512
3f4cddbf22346f757722a1c658e0b0e5f9428049b0161f8ca44f496769c76cb9a031d2265b63bf91f40019913cdec216ee81540b38f4cf0a5d8c03343a8e3c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
0d90a64bd56f0dd6e0645d148b656fd3

SHA1
99e3e283660331dae4fa22b5199354dd9cdad849

SHA256
d5c78152f5b084af746cdefdee6793a497e6e297a502ad41025fadcd6cd58e9e

SHA512
96bd278a95deed3fd2c300c5aed40bd4ed8065d055cde118a207dca6b380858ea43ba9b827ff9d590d210b2952acf7e06df4b556b4c70bdf1ea752f751f5f104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
fed7548faa8165b7cd7753b0f2f21493

SHA1
a5f8d16eac54ca77fefe41c7a5973e3f4018e26f

SHA256
f61bc6d271eec24b2047d5bd4e800c1a9ea81cd3e381f2dc7276cda963b5bb0d

SHA512
06fd7a31cd772fa3516503bf4789217e498ebeda5a7b37ce9f031e986df6913b59775ba725aaf428f0404fb98e2684419e22b398a38de5a32f23ecaab1fbb3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
1785b05a64dde0a2ebf6736d731c9e11

SHA1
7d3134d7de47b35b47d632aade3652bd951eca95

SHA256
4b62475355fa188817ef2c0eed936755b28d8cadbdf13832f0cca1503cf5654b

SHA512
a204718ebd2552905375a51d3543b29de729124ffd9cc63d15192a9b723ae1ffb57f198cef6a78ecd2a5f087ca73a2b347b4b2e27179551f9f6f846eac4f8227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
91be62b48b09e1e16863fd5befd9be18

SHA1
626313f5ed2de05ee6aba7e39fd3c17c8e9df0f6

SHA256
94c1a9982e33e0680db6492479be9b483c7a916160e4b230054b5cecc8ed0d23

SHA512
7c0a31d9a84566c9f624b255aabb2f96fc96fc7e0cdda3c6ab8d3d9f7c8f7895efde7aa2d5a4d8f9a3c3195d9d14d4347040dfe0dcd88529564327bf9c91b824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a0c48f780cd585f2dd3d6e0b9eea1ba5

SHA1
939d2b6aeee8caf1b375956f5708938eb6bc5cef

SHA256
a0c5f53cc23ebd4257d43f98e6503f662a6714f0a74edc8b7ec7d0a920eb318c

SHA512
987b6b1acdcff9c470b375f1a5d993ce358bf28777e41798ef84a3c99408416610574dc0dce89339deb53a3b5b7bfbd6cb89025e7305586c13505b55dc4f5eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a5f1cb027bfc21b61b83c793075257c9

SHA1
187e07a1282e3f43fba8908cdd629a4532035f7a

SHA256
8098308db0768f887ea3962b6a260a4c8307cb6d2be3a8a6a1cb1f8bf2010719

SHA512
15e7c729ba57e329814c30614c16a04d660288f4bda569d5016a46c909728f54bf1eabc70603d8ff35235fd01b2567d47fb7f6288140d92917d4e9d3fa24ca21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dc18.TMP

Filesize
48B

MD5
df104afd48223823478e542794af4e04

SHA1
259afb3c48c9d108ad86ab283f295751422c7823

SHA256
1b06073faf3f993793b7731da3536fbb9a7dc03b5f4254fc8e038202ab7a4219

SHA512
055755db8760a58e79cafe3d36f8a07d8f6e49ab44b2fc2d4e5b8e27fa8870cf5b0f393e361b4bfb73bc63f6ed75916584454d177e2339f360dabf6deeb53309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
483333034d4990ade6c5e5d69c556505

SHA1
ee547600ec818f2e98cc5a80ef46568dd6c56ddc

SHA256
9959ae449c5cc72cd80e55d61332f89e67da5b0ec058a6b90b85b2b213a72352

SHA512
9f95dc49f8b2dabef5e307c3f8f2832f2ae326eea71f4d47f7991dc2af9b094696dfe6f26b839e2eb000cd8c808b828ea7d8ddcb3d219938b643916c2845bb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3a59636d3567e4ea80d35f4b6522166

SHA1
0b7050c042f127aa6a914c7daba2ed6432ef05be

SHA256
3ce33eb835a57972acea338da9d1dcd117f962d785dfb87e92fc3590eb7142d1

SHA512
a520f2e17c047b7215296ba9dee8e84cb56c1c782b172df598f5e4913be664c8996a964cdc3dd66bfa8ee0e2dc54533925c9e0c8416e5a3a798b315dd759c345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c6425c22427771897e7176faef2f370

SHA1
d825de08ba2f2e6c165069f497e7e6c90a92bf67

SHA256
56fb26633e2833b00c3642b1bd50f4f61b24f3e24303fde325ede07560447c43

SHA512
cdcf0d8ca817fe34b251d6d1b5796bf5ca2501943969c051572c7115fb92e0989ec647ceeed6c0d7b719815a0274acc989295f3126c2b502ac08b3f18e3a8898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5049eb877d1788d2b22ae97fae428703

SHA1
746e75a162e4079766e8f15f2c023dd36ce6bf0c

SHA256
596a4c6d45cfced91e1261b0e14ac3e3e60b501fcf00d18c5a81e4ea0d259af2

SHA512
940e3d98e273bdc6c898300f89efe9c31238dfa5d7c87d33e0d0a21f258630bf5ffc1831784228255391586e95e911dde04dffbeb44bf32f64d807eb72e26489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b29460ad8526ccdf455d090f956302a

SHA1
91942de3bf95c9d78873acef5a4be5328638a3b5

SHA256
b9cbe4aec18a7e2daa5fab2f145dcaf59c68c8bcc9e19fd087bcc52ed907f642

SHA512
059c586a3ab22cdfbe49a2738b5c0978e4c2e4ac0c73533ed41ad318310c28cbf5bc36ac8a86d97e541603d57f9342876d06c3a78123b57bfaa480c08cee6c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb10.TMP

Filesize
1KB

MD5
46da578ed592040f6ca7c37cf66042fc

SHA1
e128e4f6d8412391df589a193a37f680b28dd86c

SHA256
ae415bf6d5fc4768cbf5c313349069adc47d310c9f826dc85655e05fd0334f9f

SHA512
700e10f4d5fdc742f24c2ac3cf8b473788c717b524fa2cbf671d08e0b0b740d8ea4417f98c0c485769b0e34bc08101847bf68febbf2072a6715da002ea221ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1face2b5849c609e100d743aa94dd961

SHA1
10d50a21d6edccb915132df3f3b06ad88dc4cf85

SHA256
477f4f7e8529975a59d04a7143a65cc555082966b0244907dbe8483a6910372a

SHA512
16a688a667b7f1869f3b96cd20a5665a88d66db8c3a3e268b759c84a8efa6559d3dc9842aabb20e84a392efc97bc6547a769ced49a427e33f9c87a704c98ca76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d12daf20d77fbfda9640598827ab998

SHA1
edde0839556a82397556999084e81013dee2e5d1

SHA256
4c23c0ee68f08be66fde20d162d74ff5ade36bc5a5c3fe67cbedfd2c85b7a13a

SHA512
7cfedee845c7aa8d9b1d64d4cd1bddad1730a612982d93fc01ad1a24cacc8a6364093926b42177ffd9a47ca8d975d30af8fe388cc47de81937b0621a779cc4a8

Download Submit