hxxps://rcs-user-content-us[.]storage[.]googleapis[.]com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8

Resubmissions

29/02/2024, 08:58

240229-kw74jsca7t 1

29/02/2024, 08:55

29/02/2024, 08:47

29/02/2024, 08:41

29/02/2024, 08:38

29/02/2024, 01:40

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29/02/2024, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rcs-user-content-us.storage.googleapis.com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{DCAE801B-48FC-4263-81F3-84C57356E92E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
2220	msedge.exe
2220	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2360	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2680	2220	msedge.exe	86
PID 2220 wrote to memory of 2680	2220	msedge.exe	86
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 2232	2220	msedge.exe	87
PID 2220 wrote to memory of 980	2220	msedge.exe	88
PID 2220 wrote to memory of 980	2220	msedge.exe	88
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89
PID 2220 wrote to memory of 1068	2220	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rcs-user-content-us.storage.googleapis.com/bde46f4b-ca89-4fcf-bafe-6622f35b513b/2d3625f070938c8a83f21d7f88169d831067951b4da35668f28542c434f8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8939646f8,0x7ff893964708,0x7ff893964718
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --service-sandbox-type=service --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5979839911263301188,553705529475649057,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
212KB

MD5
9938fd17b172bdc10b284401c55bfc65

SHA1
2e8b40a7d6b974c3e09e26df71440c445525a609

SHA256
c7daef2774cbf611a79ff767c2486b0aa3b240daf4f50725df1542f3e773200b

SHA512
1dd313f52d357e64574e952f3f093d5beef33a943e053dce4bda2841ecfcced70d53e1abdb699f6bf182cf1dd45124c6caebac43f528c3efd430500427526087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
44KB

MD5
2d6db4786c532ad6116002c873cb80e5

SHA1
00410d0de25ec575b49a6c987d5b8b2c7bfad0f5

SHA256
ec7a48c88519bf5d45cb698d8a1026da9c2cfbde79f10e60d31cffea5f96cb8c

SHA512
6e7e824a49c1f2123cec40d3c3af73599b0b9a08ace3262ab4471bf3144d149bbc099d1fe5f7b5fead38e83b1f341541651f600fa5e9ccb31261d27e55d8a76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
46KB

MD5
3736a47571d9bd71b4f11ed4e8e5d4bb

SHA1
6740cfdec8d9286b096c51d5fca1f6b6bb06f124

SHA256
43014829e3eeae26673871134ebfe794428117f5d0a4c2a7e63d3e987c6e2839

SHA512
79a09182fc691b4c0ed62603f0ad7afe8c71ccffa2945f9052ff1e510d588dc6abb6f4312a16f83282639f2813ebfa6b830e9dc284fe01cf13480e1181eefba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
778KB

MD5
6dde7086f9d4c68e3962f50b917dd97d

SHA1
f929a5f4b9d69ebb58a93bbcce85c3a4405cf4fa

SHA256
8868c6a7cb820d5c07b9a57ec324885e65aaafa5fc027aa175dd44b18f3d610f

SHA512
4cd4c7a06cd5f3dbe66ac2825f9dc9de37c513b50f68b915209740b8d59c138c1482a81b0e0f749bc1c275f232e4f730a4cca0d86fd373a285bb2067a5ba22ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
31KB

MD5
d460735b68840dad4c552976b3a6c7d6

SHA1
237419608764341e46ddb8369284d1558399b206

SHA256
4d29ff47f9b313b54a1e694413862fff500091d30bf25c0fd2e754c03c03c870

SHA512
ae897248862242ddf7e040c96f3910c242f7c0cc64f2de9bef1e5b2fa91ef834e555d8e7a9e3673b1db8857956c5b970095e1fe0a27129f1ef829236f08f4e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
33KB

MD5
719435b56a7ad4fa9e1c907f6383d69f

SHA1
ea2e1383d06b100fa87cb571b889a94480a49a16

SHA256
726f6667dadd675c0fc9cf5873c72521d2ea3e1105870f726d82b2483a8491be

SHA512
e2818ead09edceff2c04f7cd5833583bb036851a8bab2360d6afa698cb3b211d71d3ddca681f9eb8973929e5e0733823502cc40fa24037868c8c08d710b82c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
56cf88a250e483d0b17bd6b3a5cf245d

SHA1
7ee18462db98275a742167c02a7bcb9b9cd9ed56

SHA256
287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a

SHA512
23ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a2a716d0c3930908d36cd765dcf9bd2b

SHA1
b89acc755ffdf20aad5e65e956268cd5ec7fdd82

SHA256
ef05515f9b2bd8efd6aabf2a2f76ed94aaed166237efa1805ce3519482b563f6

SHA512
e3c35cadb82415efaf7911541567329e7985a4b166164900fa08ee4c555267504cf30652fcb32b1f3c58be15325faded30b70f9ed756aec82902ab99645e7591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
68efbdea02ea3e6d13e87d97e8cf144d

SHA1
023edda8fdde03ddcfe59beae2eddee425034874

SHA256
fe8c0490322a1f27c9878a0900026e8385dea48997402d6ec43bf6d9b045f817

SHA512
57f5636c0c6c140108aff347f1f6085db1f0dea47e30674d1fd4e32c0133b06d4927584a141b76cacbbc0d60fcf105b49c125aa850a694dc85918760c1bc7287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
263457913e9c4697b5b8093f5d54fb75

SHA1
d6f014c0debb45a3aadf88f6251917d6f92e51d0

SHA256
8e7b71f6800c28f9738561d1c025f618a62533c9621be26f075374f8e9fd4e32

SHA512
82463429c78c4a1588b87f65f6c175ab0868541a2f02c24acd25a58de33cc177eeaa81b3254a44cee0b2957b93b247ae1ab35f736c0867e16e3fa761bf952ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fe397eca34935a2ff4ec6a4c8bf8fdf5

SHA1
18576fd645c92bbfbb1973b4d40fa94b087900c3

SHA256
35871de4356f0610c1ef81959518aacefba28f2d20900215d238f8b275be766d

SHA512
91b9f441615141b55648159772d3e5a51a7be5e098215d82977c15a7c96f0252766cd3d4d27fe1d4a5bd9ed5e3dd10d0912542afdfa7a5a6136a1f291fc81818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37a5d2ef8e31d3f0d543e15d5fd6b81a

SHA1
433b1c98c537bd69226152f4fc7541de24cd7b3e

SHA256
1bd041c1a4a71d5a5a3c1f7e62e7ae0761d322c39e757006d1f2c1b33e1e2fe9

SHA512
7e418a42da5afd080031904fbe9d128be53f42c4ff890d0f698e19c71bfbd23ab7c22f9cdc6395373b923435efd7cba55f28117e3b9380ca51fa6122a0600570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23c3279bbd21500b32242612eecdd0c2

SHA1
c92ecf867bd9d1592ddde85408d1c7ac9ba02319

SHA256
87f9f9476829d0c9d8031ef61beb9c81c4653f8db08ff1b236feb70d94a89690

SHA512
a0b1160f20d6c79c5d11ccd63929f50428d2ceeaac594e06016e17a1f96f3895c992d352472a78441d17678dbde47f0f1eaccacadc3834654c8503b2017953e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9195e0d253f3ef30dd758e04c705376d

SHA1
5ce34dd37ae0a3910477296d6780fa41dce9ab09

SHA256
1a747ccaa340b88b3a0c24496ce6191b242303d8d27b34a54388d5731142400c

SHA512
88c933432d5bac545deda3feb3db00e179cb39b5db7f86b1182d03fff94a0dd747faa6c4d472fb8f0f7a9fe48523b49a954aea3ce752d14303256ac5a628958f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d330db4aacc560f04618ffba47a6bbf

SHA1
07f9708b2d15d918c54a919af3e18bf391bcb04e

SHA256
6cea8bb91c0af4e0279c5ebf777c730a671e16f0886a29c7f084748014c0a95b

SHA512
23d3ef4f0efa35e6f6b7f7265a8915e3674063bc295de5c735608c8de2dd98b329d506e9cb70ecaf363239d753426b026c4091a134bf2d809b404232a6521227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e440ddb5d4a6e69e303d7f7508a4b04

SHA1
b19e597e1fa75d4906a25d59d752c3213d00ff1f

SHA256
1bc7180f191bac43503f7c6c07c02248dd7fb6a7fad4661939582b6fb83509b9

SHA512
5972d9c9d6e3926595ddd1ec6676bbf40430a97c06d6544baf97eef262d67f5a4a3c35008c1890d9537664aa16d5e0ca9134c362cd5a7ebcb9314abf4783fddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ceaef62f910f6ef46e934f30c8af3ee5

SHA1
eb77b46dc2c73aa6ac1c3dd6c77a2b637d9be60f

SHA256
1c16ccd096c5dc736953adb317fc500358edb60b304705dbfb79c8faf86617e0

SHA512
feb4c39003cbd6ee7eb0d32cff4de23eefe8a3d69d45952349bd636c3a0a7900d4d213e9906048142158246e8cff133c316e539f545b2cfe3a7dac70b43e0c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
831fa19474615430e6463fe7d26b4632

SHA1
789280c12c9aa3c58ec5c53619335e9d9f9a26dc

SHA256
3911672520dd81b70a39b5f0d81aba465e81a4457e15c721ba0c2729539f5fdb

SHA512
e58cf00227a9a98f7b4896f0b2095e537716d954c7466d7a88bfcfb0075b56d9c1dc184269b8f4b9cbddd586866441a266249cfeae66d9bfc1eee318711bd2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3f9403c7-718a-4f83-aee4-525de392ad09\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8afdde14-790c-4fb7-b177-7e2cf5c34896\index-dir\the-real-index

Filesize
2KB

MD5
7528626077022b7e46571f6e4768d87e

SHA1
12aab87c64217e5d1c46b3a9eb72d771e77e944e

SHA256
0046f1bd9592da1ddf15df13e65a96148645ad168f8e663c9a7ff69816d99116

SHA512
62b9de1b9aa4fe732d1d3227030f0eb9801191adb0e49ef46889369a587e0b1429e29e747124e2e178a08c8d5b59e5cf4b1cb5a8ac0d5dbfc1053f1233737d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8afdde14-790c-4fb7-b177-7e2cf5c34896\index-dir\the-real-index

Filesize
2KB

MD5
4bf2273466b7395770a38a11a7c3c1a4

SHA1
f0131dc8c503e1d266e5c1f6de40c0a51cdcc39d

SHA256
d5c3a8d2c834ae650a8d2966f8a3f4f9efdc09c72925a23a575a3fff4d9ddbe2

SHA512
68884f68db2ad9ecb1ac3ccc7f9e21babb52a386fc5e9cde03620e7a2dcb4ff69fdebeb77287561ac3ed7453e9b2f7faec625a618356afad87ed9c90ddaea5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8afdde14-790c-4fb7-b177-7e2cf5c34896\index-dir\the-real-index~RFe578f11.TMP

Filesize
48B

MD5
e0a7d852d8c431d84f83196af918f8ca

SHA1
64fcd082e7e51b23520c38bc03a6adfbc9d321ec

SHA256
e3d1fdb035d78f24d2966115165062e7ccdc00fafbeccbd1808333e759179b89

SHA512
82e49aeadebba564624aaa2c298aef2d496f87734b554f42893eb364b63612493ba04133bed6509bbc582a52b670fce3ca301a0b7715d40a479a7a2d5b4389ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ffcfe565-553b-4a4b-8dc5-727a2b458be0\9105b8ae7f548641_0

Filesize
2KB

MD5
e83dcf6432bf0c7a46baf70cb2ae248a

SHA1
23449532c140e5a985bc143ce944f63ef0621d55

SHA256
76bd12e0be702070f83fb2d9c188b0bbb8441057196ec0543357f1ce3682bc03

SHA512
c2cc3166a2ebacb6f851abe38fd35ea6e5c30f6f1158b96c502e88ec4f1d2750cb5f16f7c772356ba23b572aa42db9a47fbe38616bcfbc7e009095c205ade159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ffcfe565-553b-4a4b-8dc5-727a2b458be0\index-dir\the-real-index

Filesize
624B

MD5
d65ee046c241c82a2898f2ab710ed3ba

SHA1
e7b0b593c0822d9a14ec88bf4d42b16f85aad64e

SHA256
f6452b0c636199c0cc8ee10a1ff33d7c3df881b0e8632a0e11702867ea688f3a

SHA512
4f517077acc1a7bf1169e1591b6d17177ed2a3199043ea2a206660f48e107629d977e7dcb66ae3fba96dff063e6a516b37bdaa10f0d6e2ec3a59b9419960227e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ffcfe565-553b-4a4b-8dc5-727a2b458be0\index-dir\the-real-index~RFe57e8f8.TMP

Filesize
48B

MD5
0116bd4d06d48b8f5f871b22a7c33aef

SHA1
7ecb2d69058b9a49ec83dc43d99bd00efecd1460

SHA256
132642dd44f7d363af7dfd9705e2ece5fc5694c2f78b844f1e90a8076de2f5d0

SHA512
98904b8547417b34a35c472f0c52e07e97e9a8a7aef340179f31eb79a9c4640e1f215f266855f0643d04dc6a662c130c05d31b15b2a5ef64cd9a862e0edf6235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
628655a415270d9fd36259440928095a

SHA1
e4dafb26e4f500a31e643af46932217c38b93669

SHA256
15fa6a9c4ce6c2d0070720279927aab4663b2b85cde37eb6be336ac9df1283a8

SHA512
12e991f448d2cf8eec0d09198e4977ae072975622d0235bfcf83bb25a5d6418a853bd28360658b8f77a183a18da217dd722d662c43ddf4cbe1c2c4a639ade33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1c1b6e9e2df010174ebed3325a975ec5

SHA1
803c8b091fee025e4968aa7f277a458015a7ec83

SHA256
48ba76fe2157958f1209d3b025a596b95f3b2d3cc018aff7054c3dddb9427b29

SHA512
fd2cedade5ab57a0b8aecc58e92d887aa707a043055196071ada4eae69103186df420f32cf83c1b0ecc60cf7c25390cc3933cc00bfcfd467cc664c1be087b7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
66575e62aef66dde8762ddbb3fe3139e

SHA1
a0cc609b13a0ec9d433aff9d7bdc056e480b5f93

SHA256
9bed0137b2de5af4322f97683db0eacb9612aac6d38846edfa2925886506d975

SHA512
1336cf2c0177814902745174f420d0c3dcbb523eb6562dd7901279f9cd6be15221d31bf2f8d68921a6e75e71735b69c8561b0bcc0f265e93fd14ebc0a1172d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
b5a3237af7b88fb4234f43483e5dcb40

SHA1
867b60aa7625a71bc6fadef1a21bca1bf1419af8

SHA256
8b2a532453a25c9bc5d4ff8c6e9f10bfb8e0850f35bdfd6f56ab5317b64b0796

SHA512
6f0530515dd0eb443fe718ba8a558cb47dec0006c55f6f0f5739085cba904224274a8647e6142aa9ccb8d22ea14bd281a420ffd7fc946f32c475beac499df711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
955edb2c8e746f2c5a1d7d3b1669cfb2

SHA1
e3996f5a3281aee0bf095b3e1a3474041c7c35f2

SHA256
198e23ccbb9f754a7ed9f7e5649dbce083cff9486fd7ace7767bb519a6389c05

SHA512
5f935293a42798c7f546bd4b9e40cbff274e57ada674bff17c28d03e50c22d76bc262a321b9b834e96194b292f3da5a52a1b6ace9037a92b059c37fd2374f131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4a8ccef3a72e22d8548eb4de5c6829c9

SHA1
994dc0a5884e7f119378898fe3c6f062991795dd

SHA256
80a79d1cb605da1678dc8fc509e2dc6a437eb88f032f99ad354267c0801cade9

SHA512
fa2925955875f77e3c56648d37644ed397d85ec380a2e5d04a787a96b81eb80103fc02372f1c89ed3911df1a885ef8667bd6ada40f2cf8934ae073ed2192f910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
29430e62c209d5480bcdba2b105fef5a

SHA1
7807b19eb73c902bb7ff09b1c7ff53c5543d20b2

SHA256
15e8016dbd728a810cc9482284aa20f7e888d8a78a650d1c8fc4dc4e217ac1fb

SHA512
917334d8acca8b62afca5315dd549d13d1efb67c67fb35414db0662f7cacbd5cfeffeda01ef847c9a1cb989bd7ce40d6f98b66f51789ce5ba6ee0cce271974a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
2942d1269f7ee73f257e4896add0228a

SHA1
7a7c684d283644254648fe0fd4ac2ed4a68ded80

SHA256
755a3e898452069291de7d8f342417e0d59462473b55d98ebd593a37ea3ab998

SHA512
7ddd8869919e5bf536b8a176758580e78160c010dceb0bca1d899ab1e19c1a2b429bbdf6cc454c8a881edfe734221b60b3a5f0119611d3331a25a94bfab9448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9665a6a9434e0dd05b88fdd9dae9d807

SHA1
11186d909de3bf6d2cc611608322500486a1e6c7

SHA256
0497ffd5c45f0b82fd3977aa548ace961554aeb002cdddc21a818b55c240c5cf

SHA512
76bd14a5fde0414ad05a90b581832d16fee4db4b96624e274417d47c1e15956fc02689165b7b15d76a693e1d37d4dcb3476bb0fea11b35e115693b7db223c33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e05d.TMP

Filesize
48B

MD5
bc85bf3f490b5d636b9eda033514f264

SHA1
b7132557b10594387b1a208212c70119657daf29

SHA256
0062fd9d95e25e7167fedadc923e3c695b97c45f2889325994ffd2709b9dfbbd

SHA512
9c3f439a48aa9579c4b56797f061510a57b935cd6993df7e024c06f49003585f030b346abc3f33115860747df7bfa29cf5866ae11c28712107663791be884307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fea91aae25195123e3b408e0a5c0f8a0

SHA1
483f1c371f874c9abd68bb21d4b0aa444289ce0b

SHA256
2d518ae8d15fdb14252b7ed58e3ed9de6c4c7ae63342cd38cc68bae8ddb52f4e

SHA512
018268e92812320b688e503cced48bb185986694b5193036a03cd47ccc7b7d8d7a94d43751ca50c2e07ef721377177c818b9485501e0b6a77e08e087c0bf7592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
30a3d68890d18dbf02ad219b39fce1d3

SHA1
0f889c5ed04240b6e4801e5f1f3153bb77f7149d

SHA256
f9c6d2e8df38a8bc680dc2488dfa1ac0b0e719e32c1766d9ef57c8a988425f76

SHA512
180d50e4df442c0ba2953ce5ed6eefa10f906ad8122c75c164f5f4ecff60e565ebbb20904fae47c337e589d0da7f1f8a49b26580ca9ef74fd544370aaa6ac5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad66.TMP

Filesize
1KB

MD5
9227d62295295a1d548525e5795ca72c

SHA1
d2eb34e97bc5e6640c629a930cebfdb423ecf85b

SHA256
d927297c490a36f791bdd7d31b37f3121036b545bd4bf69c1a60f4e661fcd4cf

SHA512
9c39212b463c6f82117c4fa91edfc4537e1318e6b5da5693f0da75f6b284cbaa01b19780a2e55e76c2d610fdaaf7918dfa25595d45ec057a61f9f5b949a0a1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c2227d5f592eca8f559fd36eec80be66

SHA1
d52f44f719ace7ca6e983121618537d6d86accec

SHA256
d7f386d6aa503937592d6602f4ce8157cf0db746f0ed1e42ad1c12b13e7cda25

SHA512
7d4f3926abeba938180cb30d33c6cee3c77887867b8f7a3e5e6861f0e62c41600a195ece8a5acc02558fbaadb4e3d65d03c42b85c385abd6ff218e98d7462a77

Download Submit