hxxps://www[.]roblox[.]com/games/10449761463/The-Strongest-Battlegrounds

Analysis

max time kernel
221s
max time network
223s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 01:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.roblox.com/games/10449761463/The-Strongest-Battlegrounds

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "125"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{C3AD4599-B6CA-4219-9DDB-B5410158D157}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
4272	msedge.exe
4272	msedge.exe
1788	identity_helper.exe
1788	identity_helper.exe
2784	msedge.exe
2784	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4256	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 5068	4272	msedge.exe	88
PID 4272 wrote to memory of 5068	4272	msedge.exe	88
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3536	4272	msedge.exe	90
PID 4272 wrote to memory of 3024	4272	msedge.exe	91
PID 4272 wrote to memory of 3024	4272	msedge.exe	91
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92
PID 4272 wrote to memory of 4732	4272	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/games/10449761463/The-Strongest-Battlegrounds
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd385346f8,0x7ffd38534708,0x7ffd38534718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11249190248075059830,1283977382426745589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c 0x4e4
1⤵
PID:5696

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d9055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b55759b-ebae-46ef-b8b5-5aa646e6fdd1.tmp

Filesize
9KB

MD5
89e29398efe1a5618b64b851684aebb2

SHA1
bef78bae8d55e369ad3ae85105d17768902276d8

SHA256
d6e1292c4dc216546ff1d692896de9bb9626b4a9bb7553696dd5d05c0c71e756

SHA512
74607c713d7c715baa4bc05126e32f2364ac30eddca5de6fac6e499dc17ba99d7e1dfd855d576d140438bf8caa3c0212774dbc9d8b8957d4696314c4b01f64c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
162KB

MD5
7e955b9e1a49ddf1a61a6db760a22a8e

SHA1
aa2e8aa1a1ba47343800352c9c293f396b213d64

SHA256
f571268b936354bf1b9b607635e3fd5b23fedba26981317573bba8a4982f5110

SHA512
e8bced1855aa8f5e1f249c282172a61ff235055e0922d0ae4f6e9bfa0800af65814780a6661d20fa2de95d7943323937254de063489db0738e5479c4f596c4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
50KB

MD5
adf9f691d34ce1557e36a02bbb7de42b

SHA1
3f838d0887b688c6e470dbd15008af2ec171db30

SHA256
075e35763ae47fecbc2926cb1291d1bff8d32ada4c026078801380804bcfa293

SHA512
556e80f6a01e57259a27cba71fa4d02b1475c43698dbb176a5425bd5291f199650839dd115fdea895a5dfbbb0340ce25f5c12f99d0172595a084e8359828702e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
19KB

MD5
e3f13ecab8e7069449875e3b6feac17c

SHA1
fb29d4fe1ec3fb741db603eb8cd508496788dab6

SHA256
8119819eb27c388cd2f24a57fbde3d0801de94b70ac866943418f768d9c75a1b

SHA512
2c715df8208e130d63e1a3042d4493800938df82dc10c8175ed3d67eba9f7a4a36c7cd5fae39f9be83fce01d31405cb823e2b88ef88ba0f67b889c82bd43dbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
92KB

MD5
c943ebb97bee12f23792bdcc02e40c3d

SHA1
ee4abaa956f68380ae742f0999d6ee05bb52951e

SHA256
367d29284a7634a4b8f151a835e0714c3fcc7a4deb2e87e0b48327fb23ecf71e

SHA512
32f252fba6f8b53cfe31e8fcfc7372c09ee58a2e7e9b47954602522c01657ce89046be3d2091dd610d47e827d2f74607b488c74d1e01544a5dfcdc50baa35a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
67KB

MD5
639e6725df3a2457834ec7a9432a36d0

SHA1
f2bab5fb1e5f831118a845b04801dc785c0d61cc

SHA256
7471d8173ee821b204e596e13b43a780d58f92ccbf9b5773efad903e2fb11c61

SHA512
383972e45512cf0c7e70be1b07da6bb78245651bee5ce1fe9cf4129b3fdb50f0502db52f6895c2d711d123d32647205df90f154f885c8bada3f6a7d621059119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
42KB

MD5
5f29ec52009944ac50529e69d02cadcb

SHA1
67fb1190585624c08b4d12ce7088c9a4409e7750

SHA256
bdeae7aeb0dadd24d7de90a9bef300cc3eabd774a9b110a5bebfa5f0a57cabdd

SHA512
4916fef23d2c3801ce0b5c36c3660d1ad27591e16271d6954d3f4cff318284d016be539114f1923738a2f263b8fe2b0a56f997b6b09584b53902a3da99243e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
67KB

MD5
e842661401e4961950e208c02c7f9eee

SHA1
69f1ad47ac6f8ea24a67deb7e7cd2e16765d7c75

SHA256
7e0ce6ee83d72cca21cb73fd16ceb464cc000e1dee7f652253b0c4048412a583

SHA512
37228b24d2565f07e9d015ef1883454553e1f7926ecd690363440fefc36406862dbe5243cc120e82a17333157e12673e0e65398d39408bee52988ddccc3208be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
18KB

MD5
4aa317b8e5d9a18af51282e732a43ab9

SHA1
30ac409f051b3efedb1980e30dedb51161a765a2

SHA256
a52e0f8151931c08bc545dfb83530877e9401f222b0f25107816bdf3dee6d7f3

SHA512
06f78a7ad20d5d9f05c28e282d666e2f3689d20d609c3a2e754860da84f5cdc7c06ec02b38193d187ef0605d5e95e46d832545a131f6e8e0b5f10a54ebb6babf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
16KB

MD5
d308c7b80a0759e9eda249b6465ead42

SHA1
cc9641530acfc57a17acdbace4e39857ac559add

SHA256
d2ac4fe6b60dc392fbff3289e671dc42fcb84afe40ed8d2c3c92dccbda7a2513

SHA512
f38a6941865af01670d85d56bda55c0eb99f9e32c3cbe3259ea5ce5f43c1749d3c5ace7c342d1328184c10923a333cf65faf01a013b2065e45232bf53d3715d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
70KB

MD5
ef855838a770ac32beb37c1b47038110

SHA1
775d51978a70e3a08bb9d95236066f9a66bafff2

SHA256
6e3b3aa17ca7afe3c3f55add9ac2bb5ee7dcb5fc18cb794db96ae1db4e924dd5

SHA512
8cd75dac3482ae8a7255e707e61a606a72e7e2c2eeef67e8ce7dd877caefb59e6037340dbee989572daede7b05a90a172db0292eb8e4643e6c88e5f03b14af07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
65KB

MD5
61347f3a82fc558eb41f9560bebfeea5

SHA1
c8087b7a180cbf672a3323f23f7f2dd1eebb30bb

SHA256
1aa8db571ed7a212e81337dad6a434fabc1e3743933ee1dabc63e86d44fdc69a

SHA512
a6878fc366f881a553e06a53825edbabf0f9cca84593ab1446304048d144d3b1a6bc779ca5e44a3a42906a7cb9aa8396e5f0b15d9dc5eea273de7f22a4027989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
70KB

MD5
7b79e092124d86ac1cabce1ba6cd9713

SHA1
132d429d482f35870456c3a20f466d1e132085d9

SHA256
b40e183d3e266567a90c2aef188fa14a46719d397e706b2a4865c52dfafbf7d2

SHA512
26036f6b0aefb4d8f29b7c03141166bd9db58afefa175ad3e164709dee317c6263f85fa859d5faf4cc1cdb9c874d8e407afa600bfa7e03d717e78bbce284debb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
27KB

MD5
8a81e1223f24e16f583f6077f66b74e1

SHA1
98b639e615dd9abb11c92fded9ff2e0d160f7319

SHA256
6f42a074c49f6c9a374a3f01dffd3c8d74a51ff9e707327c5547d3936db60e8d

SHA512
5a772f59e92d345c9d3a50e74b61c3cb811c79508c8679a5cddffa754d5b153e6759397c708d2174b944448dea3cac3078a62f69dc3d59a7c7b06d10703ee7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
26KB

MD5
9f7368c9e3ecbfae7d1ad67e193009c6

SHA1
b224e4bbe1fde5b85ac660b41d5aab80be889a1d

SHA256
5e1b0d113102417bd9fc9854430e2304847549dbd4aebe234a62eb6c1aa0e691

SHA512
33dd31b269673896d7f2095e9d950979c13269ef262b1cff2e2a8d0e59ad4c6eda5b3d79b2d52046a51583ebdf77df4c600acb265145821ed857f78762547889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13aff5147257df60_0

Filesize
261B

MD5
4c5a39cadb05d2acdc5db5242ccc9d82

SHA1
b866a4f7640452d38d0f35b6c07ff692c4c84442

SHA256
4d10649486b4ade5572cb7359f68e85d98d5e342f236d7b0e743dd861ed890a3

SHA512
fcee5156aceb03fcb6432e18d6d2a0fdfcff95beb3993d4eef98b9c19d73abd2b06d00c0ce05ec38728d7e9033fe85801062d33ce86b9c68d49e1f80fb87ba47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1769a4fa45166e44_0

Filesize
2KB

MD5
f00f5d9fd4c2f7946e794dddfe3ffc7a

SHA1
42cb9b512eee1d188e1ad3890602b78db358b81d

SHA256
bc20358738edf9c9065b1916d8dc8ff15b5fc39d8f0020a06c41af243aa27689

SHA512
8c7cbeb5e75e6b3b5ec013ed9d4b7e19d77377b15bdff9f716be23099902c4d90d293fd1c5b5dd6d24b56dca10262ef9ea5bc0ebeaf35bf12faee5fcacb81334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b8ddd04b731016a_0

Filesize
261B

MD5
a8920bc04b3c4bfd275824c15c30f172

SHA1
ae9bf92a92b5b6a3818e6d574f6011ca9d95437b

SHA256
55644368b4b59730b18edfa554a635191df4a320570f20c45efa68108ad53c98

SHA512
04190a1ef0023529b24b2d1344f24d3ae00010ed8865742097c82edc6c524f232d9127b9d7b8fa475dcf731d099685803ef01e32556a32a9622ba9357aeeac6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35409077cd8bd733_0

Filesize
263B

MD5
152029466336622561bf5e42bbc9e035

SHA1
8dd1031ece20b1de1c8102049e48af05caf412f4

SHA256
642e233cb707429c81bba0271d2b34a385ed82c12252b212367c91c6faae7194

SHA512
6a524b6e9a03c23e3150bcf248464d386a4e6c8b97bcd90b37dd559eca7a661402c56445e8dc913b0788d557b0ca3ad4004f39d3fbdef70245f2a44afc322f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\591d777287ea0ac9_0

Filesize
204KB

MD5
aaa4e3eb0081ba54406445df355f5f62

SHA1
02aa860e0c9682e1475d9b24c877dd18df2cf796

SHA256
d13b12b3b16afd67d34fc64690d6fe4b877da1460708073e5543c3ead4844fb7

SHA512
e1c9e9dd3652b16ea2d6c9eca78f577b21c633eed10aa5f6f31da2952606365d5e62432c57ce683aa5153d5ee57c806b9b88562c06ce86b4bdabd20b0a3698be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6170dd6ac55d1e9b_0

Filesize
22KB

MD5
65e1b13530de88140dd2cad389fe51c7

SHA1
d3fee2feed8e0a8cd912ef56817c9a7ef6fcf2e5

SHA256
c8b65c270e8210fa43075f83fd7bdd70b17efada66613757ad631e4ed67abeb7

SHA512
583d34c516221e8c4be7d427f359de35109feacf76229aa635449ef4bab852400ab5aad8414e8ddd71a806c80f94a0217088ca00b656d4a694449aa606b1bd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\920ff33e880da1c5_0

Filesize
3KB

MD5
cb639cd8605c8aea1fd4c3fa8294645e

SHA1
6c0af6caac8ff6bad9759e68d792c7c0159650b6

SHA256
2ac61d93883f89011364e7a9555ed2bbeff231ae80ad93d54f947c08ae87516f

SHA512
b5495b020c76fa23fe4da92beac8e1ff1344f8514ec2aaa957ad3693e178b3b38c78c460f457e479a5b0a7b53f8bd54b5cfb9a8dab4461fb2d1b59f744eac686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9911b6fbd417c0fd_0

Filesize
3KB

MD5
0d26ea49e124af5bab06a342d6dc6df1

SHA1
cb4a39d19b87fe95e6818cbe0b30204753c771de

SHA256
7d42a4337427337cb2def3e4247dba679911926549054401f6f2cf3ed5d61a2a

SHA512
b582267999927df218eaed0614af02c4182913a0136ba918b75394f2ee80ec63ebe312803d334d54b0f499a4b734206194b7d6a026d70ec1d1f8252b517cf96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ba856797e5fe9d5_0

Filesize
3KB

MD5
f272a91e3fb3db29f457ce796923779f

SHA1
bb49c16fe774085171286637a363c24a464f9cfd

SHA256
24ca1aa235c1ad33560a908806308c7fa43c0aa535b1952eb9fc4d5944590112

SHA512
c4ce847ff9f7cf2c855aa13579867bdd45eb83aee12b6fda28c2c05ab6f842b743da96cd468dc82341a70dbfb8d25e03fe6eb7121743f40cdb5984c8afcfa973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5182458eea84ec9_0

Filesize
304KB

MD5
7f8db786e2d1c9355aa8093f84fab9c7

SHA1
afc46ee4fe414851a616f4a441276a3fd1bd6ee9

SHA256
200e48fb84656e18969814978573cd395b7db1bb68db9f588b18d1ed974b2f71

SHA512
6977b1067464d99adb8556382316e574297c304aae9e95e4b79cfaa3f671be71e52211c3dc6169102c261842a888646f4a19bb4f93cbc0479f5dac53034e0b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba46cae9af0282a9_0

Filesize
73KB

MD5
36d106ff9a3e657675edbbaa5cb78eef

SHA1
89033465610dd5f792f5d4c862ed551d4b7e1fb0

SHA256
af76456134f16fc69baca8510ec864602edb0f5352f41b7994bceff0d1188948

SHA512
3c8a9614e0091f181a5baa0b382ce0dae3aa2be8fa435c4fbdbbce5bafbeec72653d87f511dedc8f74cc7c2f294ce5263f523758da432ad0a58b9553ef7b8783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc9c88beecc4c7ef_0

Filesize
3KB

MD5
ab306c6e3bd4a7b48e05174f7111b61b

SHA1
ad452182ee1ed9831bbac8fb583fbee9392495db

SHA256
498207c53221ae360b5577dc4788ba36cffff5374cdbf8e79f3e543cf0d0185a

SHA512
f2e8b83d017fa821311b87b1123138dd2460abc82f9604ba83a9c83ac7007fa35a1773477760979bc5e44d671fc11ff4f103b4bdccbd7e466bc294fa7177412a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3994223daec5a95_0

Filesize
3KB

MD5
c1407ecc17ccc37989be32d61dca782d

SHA1
55f2d155bff4b5794acf05cd50ea8b4d3d9b3fea

SHA256
4f5cb562febfcf9341c5f005ca6d4b0c27e491de8cd7cb7f2bdd84dbca90e7d1

SHA512
f2201033e11b0578181acf11a4d4b0c8aefb93152e285b394ec042fd9f95c79bb40b8e21bd43851df4e50ab36dc6d63f04c8b0ee60e051ede4ddab05bf9dbe6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9e9c2ab953d7bcf_0

Filesize
1KB

MD5
70e27e087a7b3a2042b107412a09d2bc

SHA1
d62c0d1eaac8d8c0a20b4919f66410b3b1a9ac61

SHA256
26ec1bea064146a42e30a8debf53dc805e9df48f63e06cf63f1e914a83b83990

SHA512
081e0054bd58ca4b9de6e1663dab01e6112e287c83907aa96cc2c23245ee5ccb0d1311543ec00ab876db167ab27ddb2373b6dcf8a3575f1b5acc46ee4f18a403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6731a1e4fc47432d4663bd2a19f184c3

SHA1
9776a095547a038e0ce9e198e303d170189028e1

SHA256
0a92903621c3aaa982328a68d0cd979eca2d3268aa129e01ca74ac6404490224

SHA512
733aae9ed47220c7b2c5641a16cf4091674d67b29f596800ee9f58f14f4643baa02ba9990311ca1c2ffd69441b8aa09334905553d65bf81ebc3504892747d05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e396b68893eaec24af00598b53b97af0

SHA1
a8dfe80d1dfae1a8048821cd3325ee2ae972cac5

SHA256
0105be30ca70c7521b880b6a4e4e252a5537bb0a1fea1dcc369eeb57962502c0

SHA512
4aa5581342cc2a49845bb755bffd73204c32ea75f64bdfd0fe86fea0b09479c8382285d4883b878786c55aaa3e9a5e9ab4f77cad1141c317fdcd36387fc3ca3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
13cea575b952db986b491ada5c5f0cbd

SHA1
69ffeb924a8858d00883515333fecc27ae8f1a1e

SHA256
ccec4be6d18a0a826addc94b171fc73b84779a3050968dd7c36162bba3b11e78

SHA512
1c585b39a30052c8f3005731e0660b7049c0e2d8b496faa24539840812b5b1e838e7d5537bdcddaf541eaabd42662cf548274ccbbea92da05644af9546e52d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1bd37995d480ebedb62dd98882b5b82b

SHA1
a91218617acd4b8067f418bf683eeae90641421b

SHA256
77d6e0bb6b953fe3a74354019fdadc3fe482841eb69683e4b1745e3dfcd2ee15

SHA512
4099baee3676fe1634e79fa5d5024e494e982946b5e1588e2274cbc024dfc1b5d823a51257baf5d85ee83182e951ea2b22c5e204700699f6121e11b6a10c455e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b6412dfcb00626681baa071fd4c0ee0

SHA1
c8c15e8eaa791aa34886463cc195b0e8f9858bf7

SHA256
b45494e8d70e5fab62a41cd12398496d1307bc7b48c9ff35d67f088208d8d960

SHA512
26dd775e37e2493a816805632f1dd7f76f54e773be2427247015b11415c460d449fdb9dfb80e0fcc5ec1ef57ada168a8c6bef4c53a2f0f0bb197af4dd4b7b490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
768a817b058c76a9a7a55320b31cd7e4

SHA1
2fa0733f038ca1e838943bbced69c7310146e874

SHA256
f49480309fbdd41734541b5e8d9bc1f89af203a9cb9983b7461ab79834e9e6c7

SHA512
412431318e693cecb2891711b42a96c54aae189871065929bbac8feff001b0b10e47b80369358a1a11cb9ee834ba15f81ffa0526d8d646e39796008077691cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e675337afa717e5a7cec03b1a57a55f9

SHA1
12689a963a5efa8b67a8edc7250ae2ea48b18619

SHA256
f7797b313bea8a8038c9fc0d7a823f6ac5d9f99a92106cfe5a7a322a0c3f0d8e

SHA512
bc2b1e51b2eeff1a0890c8a9aaf30b8b8d532e18d208b4c8f0ad1a3d2ff331f18253672c73eeee1b6c1f8f21f852143db23d01cb964b57344cea80932741bd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ca96aee217333546049400648dbba060

SHA1
049c708024a8330275d99eeba9962e3a07598746

SHA256
5b2c6b596c41f0565ac5d9df0c0fad880f8507287100bf8a03ebcc2633eb2403

SHA512
7afd600c241b7b6d934f43ee89b1f45103d0c0b5914e68476104722e3d2894dc21647d44d6159809549b2f84c28d86c50ed587934e6a2c4887936abd997004d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
86d119666279e917c6f3b8194e770ab4

SHA1
337e51b8440ab2937b6ccdf867bf718431d94577

SHA256
4224c39141aeecf80d108225762cefff963f7f277f29652031f1478f8c642d37

SHA512
9903df8cac869aff912700463dd38d6ba1765caff566576b5e73e57d210ccc4b7a3d8958c640b0627f115523c20e7b8f57df003728caab68612eca0239895a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fda24840f4b9f6713c25fb8c8ce6b8ad

SHA1
e903c32551579070b64ce79a142a06530d19e00f

SHA256
1e97247c7ba0071f51292e608394f309b311084d152c66772bfdbc9ef7e06331

SHA512
45d31f93243b62025fd0a20531268fb01392468c393b350776aa5879ceb7f082af9a0feade392c1a6f663584fc4a8eb4beab1594cc345741abfb7d29acebfdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
33ebb171b3f2881f1c24d7fc7126dd40

SHA1
98a8395382ebdac95ca8e75169360e2a0c9721a6

SHA256
b834a070e7696fc1303bbd5231c890fd91b46218adf71897e8ddbb9882b6c493

SHA512
c1991a738f050088c4b3e301d313b4d23d422d5ae48bf64b444cdaaff5fb5ae4810869d202f55d56f4ba2da395fad17fbc0894953ec1bbf3c931137c826ad007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bc02510df6d4da4a28cea03dfe33af4

SHA1
dde13284e823fcd42d0b3f6966da9ebbd5cd32e1

SHA256
59ca5e60c240ffe8389d1f77619dac7daea7cef1868188e47ab58aa0ad00394a

SHA512
3a7ac498fb96074606739e057861c67b18dac886dc88b46d8c06b9315f88e09b3bd2b851894716ae04ab33dca07952c17a0fe54d990f30a9ac0a02a6a074bdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a031380f6ee5ba37558ccac8f6f3dff

SHA1
23eeda7793d1426ce88d0f70998473cf992859ed

SHA256
816aef91445ec35ecd882403daadd1a0b35a29b7069464c0dd347f181fbb6cb9

SHA512
3759055010dc3a85963dff96bfb407f3dc71e8dc307a71f6e975fd13e5c6cac215074f14c37815d32700025989413a00919636a29802ddd031a2846aed442ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
991e21823559630410d2a72a5844de5f

SHA1
2bf78ea471f401888c77cb1bf5e7477746680210

SHA256
ab05c2dcd9ca1ac50dc6ac81a0531f2ec3e5543fa75496b9e904a7caab2e06bc

SHA512
8349be9b4fbbb8e259c152091af1c2c402cf20ab1f7f4e8df308da4e2fbf8626aaf2980091484480b667b8f9f3e8a3b60a5b5ff9bbc4cd692a799c4894e18c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc44e1a3dbc5a628f9ade1613e349d46

SHA1
fd0e117972bda2f1a0ac9790ce02060d2a65fcf4

SHA256
1786abffeea281dd95b188467103fe7e038fd9f3ed1cca454af7a9486af052fc

SHA512
15a1f5202775c4938c017f9e52e6fa228a5f462d5b24c2ec271d93f52ba3138a2ed9d3b1a6c531ba9845554aa2535f32015e0c1e4ffba3782368dd54807c62eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9878dfd8655f56453481191484fd17ee

SHA1
11c5f1cc284898ca1bbaa330ef50c9243281c76d

SHA256
c217f925b7301c57a37160f54e1dff95f5173100db9a8e6019496e7408fc2361

SHA512
83508e8614fe6d7aa90287f6e4489e42cab1e71300c85d3e3801a914f9b7e49962f7afdebefbe880d9094405dd272bd7489b28cbfe82247a3eb7874d6d16a269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c488c1d19494a122382e7baef3f75ad6

SHA1
c13069fd8e7948e1ef0fa6d27ed423d4d66b078c

SHA256
67cdd4c249657ed4eb7ee5f911177f59a32de8ffd5de8c223b18ec47ba38690e

SHA512
7cfa708ef8044ff5f133b91eae86d14c5b315a03a1e7d542237209a7e5601e3c38d0867f6afdf68de897b8cc08f6ce93b3f0620a57b05eb941e830ee0a456f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9eab7433b80baa637cd52918c5cb65ff

SHA1
c694357d2289c5204ffd2e3b2bae00f62a67c632

SHA256
2780fa799979514f225320dd501debf13850fd13d04bef7409c1b2e4ede8207d

SHA512
26126586b4e9bf59573b776fae163e3644875385a75bfc03fdcb9b4526019511d8ec5167e3f778a3d3605049b0e794bc7405d4034950c2d2556fa5f092f0b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bcd0ffebdadd2c9bb852184b8561e155

SHA1
98b9bcf7853a44d2ccda47a6513b43f05d4747ec

SHA256
43ee1de2c8d4d0ab5d2f7832ae727e7dd0945f98b833e9d2d2d26efe46759777

SHA512
4d5c9dadf78ee8aa27362d2c52a3f3a6aeecd9e250cf11d77f3f8ad3fda7d663d35a166d914d323495b7164edb81098839c9da93632100af3dc36317f3fa08bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f906e1090bd8a078401e230c9dc2db97

SHA1
f3528d160f46b2e932d77753e031fcefd5984c6f

SHA256
07d6493dad0b888649df0a15a6cfd98d665bd01c4eb0e0a1ed5d535baca8dfa5

SHA512
f2413925d532821e843ad2a798ca0833d9eb8886c4fa040806ae70856b7529d635d2dbef61a197bba0c3b96367f304c4bcc2d4a6887ad4b80e41f9298fabef8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
06dd77799fe362adb87551e0833cfe5c

SHA1
c843c6ca250f2c36b159e7257ac162d33423c825

SHA256
746e3c36c1f8184a3f9c156af2c71ce6833ab4850f0c6d9604885e0ba607f5ea

SHA512
54d490bccb08c6bd8a34f7edad958c3497e523f6421a376120e2cfa867f3fe7501a06c0965bd7249290d22555d12aade1ff51f2d8cbd441e4506bcad90f6bfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94c435f922323e105f63854a97d172dd

SHA1
5bda40cac83006b574e8a66bda95ec6a9a5c8b9a

SHA256
499b618c6132f6b8bc24da473d7779b54e5c6b8c7a527b509dd497479fb94f8a

SHA512
eecf8dca9ca97780d428aee869a73c17c62a367b616edf42bde44e78cb00254edd7f97022c078effc1944e27358d237f8aa8e1467d4f332de8e1a0ab2627869f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9e2afa3a12d75fa18988212c8d7dab08

SHA1
6ecb1b9f0dce9a98150304e1e8f4187ef2e05b96

SHA256
6a4df42a8f2b267ffc2c6afe0f4698dbe2805a7292f9d5e3c2ab69e4c5e38e08

SHA512
23f86f9f1360db27f4cf9a8e693ce8c390047304e9230ebe6647eaf4cbe9edc916dccf89ef18380060cec7d0f2dd39ad90dab66e9502b2d402d9a0fe14d0b5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
52b36862af62d6393cc3f780f2eec35c

SHA1
f7645ca6d3e7b25dccf76dbd37d501ef53e8d072

SHA256
ae00a83a25bbe2c5486c501c93032e050bcf455e788f042749a6c370194f0552

SHA512
0ff44f4e11b68752754fbf804211f0a77a86206d4dbf0d1de99e23d5aeb2a7a9fde897077cac1b17d80a79163ac9d8240535c8cb1c8dacdf91a2e04355aebf06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8a848a293b4e26f1ef21b73be639fa3e

SHA1
1c91a881a8405841b83eea7f6d518ab8b462672d

SHA256
4a5d9d61ccb6c90302f2997044f453017272eac8f005715f17803435c9c9c0a6

SHA512
69c091c0327b6a76355c1a8b6da129e1f92cb9586defeeb3fb60f1c06d1122e7bf06c2aef1f3f88f610ad42c368c6843e5df18d006baf63faf962bacf317bad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6feeb8eec60bc69d9072f16120bc7680

SHA1
43cc4860cb8f7f20ad109ebdfd7382555759d4d6

SHA256
5c7f384301271e43e8a8242eccbbdfa0050bd6b8bf5baa354569724ee7671cad

SHA512
1aadf7dbe5083e847effa5cefb761a10120b3958e61878fe8238fd6bb2090a7b156e4b867087f636b4978a7e2ec69b63b9d3a370851f220f0be75abc8870bf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0e6a182bee64331d4757303dd8785d2d

SHA1
cdfdbe6996f4a5d6e0f06859a2b5398864926415

SHA256
b00339b551f86d52097a6539b435fb887d56c03ba2f0e4b563aefda009a00c20

SHA512
b62e3243ab8545ce3adeb08b930078f7f45eb3377d1478119a2a348fd3a6850546afbb2a79b8b82b13a0c1443fd43c31f0af016719587dc569e40fb8ef935534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8d25be8b79d2b55d4a19cfe3e4ece386

SHA1
5a163cd174763d2660cc717294e80c32b73c1a59

SHA256
ccaf8edc85c8903fd3201b4ea108ba7fec763a2ee1aff4453b159b8e633c2b73

SHA512
167726c779c18d7828c85d1dd0e4b1cb2236878e129c089c35cb49bdb2fe74cc31fc6f86affdd7765ad5e35fd59e8df6d5bfeb87f8cb899141c10c9f9e7577d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d34fd05ce77cd672f905a5f37c7552f1

SHA1
3d80d3c3a2745368dde783f156797a219d7dc83a

SHA256
686c46579367c9d71e69024f4921cd8f49f5df619a7ad6d0372a6b5e4c4800ba

SHA512
52b4b9e3dab101214e35febfcfc1c2fdbdeb176bf82b163cd712316ed553eb918162f8c88843b1b73b8a7cb39fa9fbb7781d722ff747598ba2c3a94efe48596c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
40ae86ae034d119ffc8a7ac07b6d6983

SHA1
8d23f54947aa1f717e701dc2e7379a564b3a1c53

SHA256
646be50ead4d8434b939007e8bdfb37dbb65be14ca163cc48cb9687112b5f38e

SHA512
91ceaf0a4590834f24f65dcb32500b4a135fa9d3e937da3fcf6bccf24d92f3dc32c01d53277fa62ac8595732c5dee844e76a9ffd53727f1210de107a601366df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57854d.TMP

Filesize
1KB

MD5
eb6655f5649bc633f458c6355ab8b362

SHA1
d91893c56709684b1a1d2b1e246c8b1c68e148c4

SHA256
cf350ed8ada992e05ddb301042e767dd6744da7131740b7c7341aa1c0d0c4304

SHA512
2dfc23b7705bc3e158fbb71e298b810249b5ec46aad00c3ac57fc8b6944b8b56012416b09e321be8275b7c494599a212dd11462d01441036c0f4810dadedb723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95c5ec967475faa169f99cb987fd95e9

SHA1
f5af0535130f15fa30faaebd6ddc1b454993bb34

SHA256
c0aa068f4ad1d978aca8680a9b8f5a6bb6e64095bb8a8a2de9bacf05bb996558

SHA512
518ff737cefdca89768551bc7e709eab5feed4d8948b1cb0cf386099790143fbd419e0ebf77e0752757e981a43b809d61a6f04c247aabbd29a261b716db426dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
55c9b69111e183a3c078151a88fe156d

SHA1
0ef6ec6cd5bea82f8abf42d98414f53a12f1d55c

SHA256
167b9d786494281f8712d9c0946f35e37419a773fddf652f60149025eb7f7bdd

SHA512
c36611a40cd347f220416127f1e8a50f668dafb71d809cd0762ce88378c347b985f5b57b5714d718100ba1295bbc1afb1ba7f8eb7875ef84c690aca80ed9d4b4

Download Submit