hxxp://says[.]com/my/lifestyle/10-famous-social-media-comic-artists-that-you-did-not-know-are-malaysians

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://says.com/my/lifestyle/10-famous-social-media-comic-artists-that-you-did-not-know-are-malaysians

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
180	c16d-35-240-187-111.ngrok.io
160	c16d-35-240-187-111.ngrok.io
175	c16d-35-240-187-111.ngrok.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
2464	msedge.exe
2464	msedge.exe
5456	identity_helper.exe
5456	identity_helper.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2264	2464	msedge.exe	89
PID 2464 wrote to memory of 2264	2464	msedge.exe	89
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3784	2464	msedge.exe	90
PID 2464 wrote to memory of 3640	2464	msedge.exe	91
PID 2464 wrote to memory of 3640	2464	msedge.exe	91
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92
PID 2464 wrote to memory of 2056	2464	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://says.com/my/lifestyle/10-famous-social-media-comic-artists-that-you-did-not-know-are-malaysians
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe162246f8,0x7ffe16224708,0x7ffe16224718
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9804 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10108 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10092 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12402325516153293883,7097837869928431427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
16KB

MD5
920bc99abc68fe3a50d810ce69f7c16b

SHA1
9516c92f926382f44a8d058b9bcc6739c5e1cb12

SHA256
1b4799d354dcbea3ca3473c8d6fd8b4032c932142f7b39d2d1f03d49aa700501

SHA512
86c8af11472b664473bddbb3410cff15c9c362d4e2d063f1b27d13e7272bd9808dc5adf16c12edbacac0535390f6b8ed8e177e93d5cc3638eaf08f5903a74666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
17KB

MD5
199d0bd2dad0534ab30ebe888aa97d7e

SHA1
2c6cc5980849ffb67fd3e92342b937592f091210

SHA256
ce2d1bdeef0bd671ebb2c5575fbb08159b0f0424ef4557f7d13f6430392db020

SHA512
15760b7ff1b8b90cacfee4fb1cb1aeb4ea2c49e77edf3ab74c46b2b3ab1f26c413e89708aa2b519173530d03554b55c34ddb7d32e2528a7d8af9b2f04046833c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
17KB

MD5
ba17c0d215c3faebbf80d19380f12aef

SHA1
8d3bedbd77a48388bf66bb5f60369bce37692c97

SHA256
7e6c87b32a1fa23f0d7e598d66f3a52811d2440cb1f735dd4fe3811bd72e5ec8

SHA512
29c4e818d2dbb39de22fe36ae5c1a502f5d61306ff7e681c0369fbedfd2cc07f5f5073d00106d5e3c00f8e831bec8d546645cacf7b81ca5455cde1a213276241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
34KB

MD5
8f802a497a3eaa00e5250cc452a6a007

SHA1
cb3c0eecc4cd6dcaa144e43b1d2aa98541110ec1

SHA256
9935b1f06d395df2d10c0e69079f037e733626c621612703239b52f2b5b1bc24

SHA512
daa5b3deafe98c24647d111e7020c31c7b3bd2b15cfc545cc73f1619c544edc0ec40bae147e20724c4ca949fc2b4714631f6cbd89922cc21aaa08a704e33d75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
57KB

MD5
c7a97445902ffdf63739de1c7594642c

SHA1
74640c690474b97aff1afa1fcdb4651a484054b5

SHA256
a0b47b9b6bffa3bb6185478b905b64328d7d4eb3d94f023220a944623bec9da3

SHA512
2ef5e2cbb888742d779a6a34b52726112c509ba93f017e3a0196a43ee5925e4111e9f462b9d3e63d8e451f039bcfd900ab4cc7730f1d8241f52de7ba44a4a23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
43KB

MD5
8bbf041315bae1320eccd55dea3adcc5

SHA1
ea2e2636816ff9891534911acbbb58a8f493d34a

SHA256
4b550b895cbb37f9c70db6d98dd717f78eb428855b7560ad42655cf79441e1cd

SHA512
3ecc38538ce271e8ecd77cc5af83d0674428fbce6cc7ba0481c0530e15f2134f366d93d792ba11f03387db5b777cfb89cb0100284800b616afd33846d172ab1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
97KB

MD5
75838024eedb29e1146822268012a357

SHA1
7fe23fce759da55e163df2a32b4998bd24531237

SHA256
a7c7b9a8cf54603d58e40730790afaeb9953c5af5b000df63fa3feb65f99a07d

SHA512
0c9a92a93969d6354bc6abf613d8f3b58e2f3a45085c168bf6e00e241735b3389bb71bbcabba6cac99237f742ca608e321f3869a0a17a360f2a670aca0252666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
62KB

MD5
daa01cc5a9b8b3a7730d8c940015554c

SHA1
6d3091870737fffb408000a4664c8a6f088b5cf7

SHA256
60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d

SHA512
7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
19KB

MD5
e3f13ecab8e7069449875e3b6feac17c

SHA1
fb29d4fe1ec3fb741db603eb8cd508496788dab6

SHA256
8119819eb27c388cd2f24a57fbde3d0801de94b70ac866943418f768d9c75a1b

SHA512
2c715df8208e130d63e1a3042d4493800938df82dc10c8175ed3d67eba9f7a4a36c7cd5fae39f9be83fce01d31405cb823e2b88ef88ba0f67b889c82bd43dbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03ae8abb408d772c_0

Filesize
241B

MD5
8f43648efc56b4038b8e91cb048c6231

SHA1
debcf671c6c3eb436886a19ef0208781b536a75e

SHA256
74717f2c50faa34d010a991ba0a1749e3fcc5b4beb719d704163bb53931947e1

SHA512
222ceff38ebc5cf78f8983d964f9d8a46efcc21f9742290d2ef9b43ef40fde04e12090aec52eca7cff2dd21b327cab59e3663ac6c3d0284ef7d44f9a1cb37010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0428a497eaeb6edf_0

Filesize
7KB

MD5
75b61dc6ac0eb4803a4cf833e200a151

SHA1
f8bd6e635b4c81667a1c941d4265b12435159ce5

SHA256
640c63bc616b08f4d430a8b50c88c015ee69c593a039d068149538ea6ae3a23e

SHA512
b9bf53b5e09bdfa87d3769508eda5a1a1e3ad181cf025d361eb904d93347494980477f6e6af5349eece6949aaf7207c8394107055ea2d3f702cc598dcd9ccca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c9723e6a0c0c264_0

Filesize
7KB

MD5
22aa9047b34aeb7d626c7d6db6e0b7ae

SHA1
5cadf578da8c36e43c3e773477527108f70edce1

SHA256
8d5b2e8ad72f1c70ba825e8d800dc6d7b6ccf140cb1cf678e7ddf641886c3a72

SHA512
bdb3f3368d836b24211915129fdb955a0263ed8d25c7eee0c5f175600c82874bf274f041fd28e25dff361a2a0a14a8627f1f1d506e04c9b66cc1190c97fb6201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c47e9a32dcb3fcb_0

Filesize
241B

MD5
dd02d15c2ccbc90fd1e1eb20c3846fdc

SHA1
d9bfa4ce5f61c786a783aca68d7dbae1d697f7aa

SHA256
334f58e180dba06a4845d25c832807680a3b43558300c8e5a2462922ec6902b3

SHA512
6fdadc2e5568305143f45c4c0fb7363365faca468172e4a8364f1864d75921fcf52c56350f0d9e458edbe1caa96516ebb767bbf1f305e2af31053388ac2d5f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34d8bc3f16f1c71f_0

Filesize
241B

MD5
8c2b6e63f18900c6aa1387015343f63d

SHA1
d6426a932dfdaff1ea98d0d27a84dc346ef32cd9

SHA256
3232618aabc455bc63e7d3387a5d1678518cf5ec04542500fc2a6273a7febcee

SHA512
2400efaae5a51a5501c8888bfb80e9995ff2dde2d21c26de29faecc213b77d09f63567113e8a75ba963b860ea1fe0265597ef58f53db85f2a4d83abca25511c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b946e4f7dd2519_0

Filesize
35KB

MD5
14f8f7ab3da759955b0e03dcc622d452

SHA1
e4929bc35c3c28528ee22d22b7551a8779ad5925

SHA256
9118666ee5256a871265ca832eb01df43abedbb1b217f9b10a8d28c659349699

SHA512
35dfc77b8c804b19c64c9a5648b62b3e44fb4e8d0347a98519f579000274f293fa423f76db240f8d4931b6422fb30db653183811f6bedd4f5579de4ec6d223d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd157ea561f1dc06_0

Filesize
49KB

MD5
cdd5a62f586e89ca18da345113dc7b96

SHA1
5c14945d94d157ef238ec175bd08b9784e9114bd

SHA256
a3690875fe45c9b81a2558d45eaffaf7f93c0defb67444479f595aa980bd9bcb

SHA512
f602ad593c0c91079c54d98687f26169ef44314a0e63b507400338e7e2b51495bc779da9b2a151736f091890ff09f4af5c417e4bd4888b4eecc671b2c6915b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1cbf04371db00ebac9e035ca6cf6c893

SHA1
1f012c4ca28565902a1ea9df3557bb0a1a0c483a

SHA256
e65c756e768ed46622af7433bf5b02f29682116798ab1ebb2de3b1ac313d51ac

SHA512
35305440e6a52ae33c6c1d417c9cabd5dc13167f5847636083736da09807c493a67b79184b052365adb9ede098d76667572c41028f2249f5a69f79bd72a10a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
105816f28c7bdc65fd45a6abb253085e

SHA1
133fbd0ef49efb7480179e88e84aba15ad6945b1

SHA256
f616f4aee81af8273648b6663fa7bd0ff0021cb7f4e58ca80637496121fcf232

SHA512
ae990fee7e3fe46e2fb212cc2be493ed876d5194c0bb16b2426fa249c86fbae3becd5085badcf3194a536ce93687ebc0281349264c1447528dec14b03885f53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_says.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
1928dd5b489c9d67bca0776c489399c7

SHA1
e1bf65d638940985f8229c67f8795aede9038483

SHA256
a3fc6212bd493b8adea875f7573956b0ffedff8d76c19d0c89077bca84a13002

SHA512
872f8f0ebdf22415192e07e37f38064db18d28f20c1c81d84249d4efeef37f63bc5eb590b87700bbe03645389d8f985d87567b3657602df008cdeb47a4ad1832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
c5ba3b13c79abef578d0858c8d406edb

SHA1
23114e166e3e63f7fdc67c93ee42bdaca07550a4

SHA256
66401210a5adf1259748af97e840d44669afe1eebc13ac67f97a6ea96ed41855

SHA512
bef822bdee5f60095c84d03b683d333d299baa2677f8105be006bd9792ef9531a6a86d6fbe836bfea3a3304759b2ca31183b2b18f7848ecc3ef0a6c773af1178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
00215632611057aa984ea431ea5245c3

SHA1
6808ca75c906c46b5e3025ffc719b7d1e1267191

SHA256
79ddb98b3aa9e411c32209ae0a633a37735ef4891dddcff373f5399907d08622

SHA512
5668bd79e3372d14b928b933937c5cd5022fa3f29d2fcd6ded5ce388cb17817aced30d50c6d9a3b70bad8f04fd71254246b226af4d83109137684f0086125246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fbc3d4ce42c9352b3402cb23f4ffb8e

SHA1
54164747d05a0f77734a1aaab37cf5baf9e3b05d

SHA256
30fce8ae892a094abe74ca7d19da51e66a4b8f49e2b042d650d0beb8a8ea166b

SHA512
c4735b85419db7af3509ca60675859edf8ae74dc92448b0339f35bb2619d20480732b045b46a73b098938f48f1374bcab62dd2ff9bb71de31b481fc6215e1554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f774520ec271bc7d59717d7032b318db

SHA1
bf191726a1f74e38ac02f476aab994677883d6c0

SHA256
757b9593694b1cf6c733a300170c771dc7a30cee51cb9cce577f059297e686f4

SHA512
20b03c18d82da550550b93e405bc6f683656a6f162a94387dbbedd61f35b06b79518c42ad3896b3f54d07563fdf9e8d5dfc441eaa8c3a79b6cc885cc6ceb8f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
8a0e3935af3377493bd7f634332f19b0

SHA1
bbf97e38ea84466284625b9e4f91681645d00202

SHA256
12c55c6cb94df2c488ca72278a12d877411df865e1be8333e0bcc481bb6f1a6e

SHA512
6164da66d37814dce70f10fffa5d2fe463944988537707ca2de1b4534d14554a6da066d170a58279aa527a59f9da9afb336eb1b66994d53e8f36938fe1746218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
a1cf8bcef1d4a0c407440bbe3e055cc8

SHA1
dec2e9fbe1092958e0cf21ddd883a48ef2a10a91

SHA256
ec99d212283bbda9b79a1c535c90edcc834d74ce758ae73905cb72fbce3e88fa

SHA512
ca2a1fc7ca725185622904c89bde9e242075bb90f9486f89ad0d9a96ccc4c331fbe6c10584b0d38e188ebdca12a7826a4b99f4189d97759a4008287f228eae2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
e99fe806102a4721c73c5707f80950cd

SHA1
055da196802931b4fab7934482495d695a8e9424

SHA256
8dc78bfe7596eb51ee25fb2103da28463e367c26b9efee2e6a768663d8276b3b

SHA512
1c08583151f70923cf5126eb79189682dc370459613df95e3f7c273572bbea4f14c1555e8e32403818dacef9d09f0254ca2b12b8d4a8035c306d1fea93d07826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2d1d4c236760d7ca53fc4973a3d3bb48

SHA1
3212650927fa6afb7204093f236d6a4e7d8710ed

SHA256
d1571c876da82b134f8a18c35c02761b208d7cb3f84db16b3850e5b371056d27

SHA512
fea95c2ddfc6afc8112f53c8851cbea39b5b8c740530689db9bb03d313f4c9def0e32467cfd5908a14b3088ec7bbb524c27d4579c8124d0882eaf40250b38931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e668.TMP

Filesize
48B

MD5
65173897aabfbff5f8e51755fb43d78d

SHA1
763f9ebda53d027f7f70d0abc6eb7f4b144022ab

SHA256
693d70802169852e74513df1e29890043f85733e45c27752959ee124b339c9a5

SHA512
d8b46ef34737bd9bcf329e575dbaef257ce168d2dbbd9b86bcbd9d8cf96aaae9dd84f6e6a9cce7bc20182d88fcef6e9452499c1f29085b05907b13fca21c586d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8dac48c896116222c0e141b67c491166

SHA1
d6920df0d6bd4b91e2a5adbd2dd3dbf7e0a66cd4

SHA256
684ff9e0de5c971d26f0401284c1f8441e37124c41a855650b091654426592ca

SHA512
cbaa3044a1c58cc68d4d25e98a3d526c4ad2adc53693ec98e7cc01dd68d88e0f4817d678108cadb7dad9b013b21766c8b131d980b2c0d128f9195a248bd54c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fe4710e12604eb758afee20d56210353

SHA1
bf2390049e40ab2c080143e79818b8162791ab4c

SHA256
e9b2049bb476fa2fe24e021a0ec9bcc3ef77ec8b44814bfe18ff23a45d79d9cb

SHA512
8edb82c9369808d869125d6b4aea4c58fb8305188106edb45d425fc0737f983ff94b284b0c83b827251cc32f9c89f55afb4bb5f940fe4597b41459f9d3f415d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
da5bce617fd0264952dc501b3a4dda24

SHA1
9b3a235c38406eb38840fd446ea6249384dc8f15

SHA256
ced02388db0f09350ded3d4f2ccde9e8cc6f3c762de39e4c1c8c7796d33910d5

SHA512
9271f8f64413670e39c7a31198872fc8ac7168811bac62d149466e916d2a5d996854e5ab4465bf24d8cac3d04ec3fbaec731cdcf8461b35a53b84bb27c4cc75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
dab42fa4a2ae416ef9a07e5fe5313794

SHA1
0235afa8d696dfac903c24403b1f06fbaaec5db1

SHA256
f1a92e44420cb5767542dcc0749ea0c284f427cebb05eaed81045e17e03656df

SHA512
e095c404660f18c778f4f8e53bd2302d894a078eea0d41a61975f7b44bff406137c0ae3e0e30eb44e704b73f58ebfbedf9e64fc60dcbffcefec2ce57adf4d06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2cb415da1f86587ced1ef66a9c643a51

SHA1
e3e57e2295f72dc2559efe963629eb88562628af

SHA256
38db3ca350f7ba6239042c6d04a3551603bf234a683a6e2c4bbd07134d316042

SHA512
906ea7b8417dd1a99b2775f031b9d9b69fc043056ee356bae757e589f0d156a853d88aeba9ea957f1f28e7f26eaa1226791c6296ee056f050c0d1d107ac0f58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
19d50d29dcd0701d4ae3ba36174cc863

SHA1
5095bfd8ccb81f5f042d272f43825aaa70e99e3c

SHA256
ef332f77c4902cab2468846f4ed0e6ebad0d19d3507f08aa1e6cebc0a2968495

SHA512
28e32c94a107eba7fb428828725ed8ebb8413bb44ac4a4ecd13f031601fe540eeec5f17ad368cda86cc87408103a830277dc77e5e5e83179e140e3d455cf7444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d88d.TMP

Filesize
2KB

MD5
66af275bc3a44b8c71345991d48b9268

SHA1
9a0ef5b13a8125624c4b0104be13c6793d0d8dcb

SHA256
fcdb54bbe1cb617620f59bbe4a4c29ea350964735b3bf30e476fce7384e3f272

SHA512
760f4560b71c3ced82e93a87f7bb7c4debe2c39a124c2553492abf5870cf6972a821e9f2cbd642ef132c901f7d2c6e13ded1a95683e6bcee7c1b4363413a4d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fa1aa5842cb2c756c928abae13534bd

SHA1
2e0f19f87bc97baa083b2da5d105d0430d9dc5a4

SHA256
0a89d95ea459c3255ae035bb4d3a7c87a997142e09682392448ae8d78a5044d0

SHA512
36f650495b5367f9e0b5304da27a08181b083f6917cc9c5e49490ee599087a5b72775f540ed6c2f45243d58e3a8b82df2621b140f3385781cbc3ca0c12287c73

Download Submit