hxxps://mail[.]google[.]com/mail/u/0/?tab=rm&ogbl

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mail.google.com/mail/u/0/?tab=rm&ogbl

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
238	raw.githubusercontent.com
239	raw.githubusercontent.com
240	raw.githubusercontent.com
241	raw.githubusercontent.com
237	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-557049126-2506969350-2798870634-1000\{AB9944E6-155D-48A4-B1B2-4B6B69B06BCD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
936	msedge.exe
936	msedge.exe
1756	identity_helper.exe
1756	identity_helper.exe
8	msedge.exe
8	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2688	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2688	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 3640	936	msedge.exe	84
PID 936 wrote to memory of 3640	936	msedge.exe	84
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 1588	936	msedge.exe	85
PID 936 wrote to memory of 4672	936	msedge.exe	86
PID 936 wrote to memory of 4672	936	msedge.exe	86
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88
PID 936 wrote to memory of 2828	936	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mail.google.com/mail/u/0/?tab=rm&ogbl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff967ea46f8,0x7ff967ea4708,0x7ff967ea4718
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13318131745549414297,4425643272209884207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x528
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b1f6a6e-bbd5-4d1a-841d-8151676195ea.tmp

Filesize
9KB

MD5
f201ee49751373eb49bf3efc1eb83bb0

SHA1
e58f91201080562bb8c5cc83bae48283dd77a3ba

SHA256
19ea1171ccbe74c855f33332ce1e5960e5759e28d8cb1819d72fc25039d9139d

SHA512
437a6c7b866176f4660d33336a6e036fe14b613fb7ace5413ab4a214ac71e8dd14d7974a877e4cfcb5e82bc1298ab1ef94a88c182eb65a0b28ec5e27ea745cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks

Filesize
1KB

MD5
643c215f0d72ff76799fb2a7ac3b8ec5

SHA1
d85ee96d2a837263d8f448189a770218277afa03

SHA256
972689978c55aba49921f4c79d6113f52e068353f6bf0d16e284706e4e6ba514

SHA512
7db567bf95c95eaca4d1f9f4360db59416848b414ce85a64945eb0469a82ad590d1383fe28df689ab57e72de89c21bafa8ec7cf919b08df687c60cb2e9d84c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks~RFe58ad81.TMP

Filesize
1KB

MD5
3f18a725afc8d17a6ce7b0b639f97966

SHA1
860232c3eb57da62c81f40ef796b34c6f994bd36

SHA256
b68a0710a0952a175322b75f275133f5a82502bac0ed1df014b2011a49de8549

SHA512
21ef7eab1a276474e4d4e56189ab2656cc36a8f406fdd8c7bf5ca388aff8dbb4c25e2895112f799c7a7705a1800779979693a96aeaebfe6b10e618acbd05c0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
352KB

MD5
6d8de58ecd5af4bcf34e16cd08c9c0e1

SHA1
303bd335d19b432930b2ea3630eab724a124df73

SHA256
26b2f529bea021bf7104615a90c6e46708ce2d58f01de96f23df2a43752cb365

SHA512
2d7c4c7a2dab45fc67cadd979a263cb02f06e3dddfbef98d6d244b3a7bdccb1830011b61c43f69df539c407ca361d9a4c2566d3610d58b9279ad3d82532344d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a62f8cf3f62d6ccddf18103711c8f3ec

SHA1
a1b308c806dddb7fcb097da1e98c168262111ade

SHA256
5c5f6838e5719054f361c2d667dfab5e65fa03983ae70c4af9511d83a94d4a09

SHA512
e5bb6a06f9dfb8d9428b36ab2a53d0d9e71c31bab863c7cd1ae7a51051f707cd428ac1dc32e97a420463174448fc6ab3e0ff6866e22c80cdaf5435b0d97bb7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c8829ab136fb773176c71dde1927bebb

SHA1
b1ab8898e3adea96d352643af12947bda8bf2154

SHA256
ad331a6e6695568c29fba65465c4b400739c9bc2b540b2bfe5df74793c6f4622

SHA512
6d6f7a2ab8db79d01d808707c23dab22cbe11d2d64ac5974aa5fc1b2bcca0f3252fa6154fbe324ec9209d1ea39e04df89327d0655904a9bffbf3d5cd9cee8138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtubeeducation.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a7ee6ea83c24354def8f9126daba9fd2

SHA1
84b99eeda63ccd3b9641fd0b59ecdb57eb362f36

SHA256
2bcf4c015b4bd2f52f88eff2178f9d1c08c13cb5842736b3ac692cc7364a82bb

SHA512
5851c6bcfaa7c9863be46dcb7c8c5eadb03730657b98be692d6f495c7cf4626c1d6158de96b335737d7ba9543939c7763c95892c9e338ac4fa3f9a44979093fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a73ae48aac86fdb6d70e27e62ba5914f

SHA1
39f99a5bf430736504a2a55d7b088f3a37fbf0ed

SHA256
42a49c2bdc047619bf46bc97c8e59a402ee7bc1c40f03eb215fe6bab81a4c2d6

SHA512
c86022e5b4aed577691c4a8711c376ab56652807bed4e49c3ba2c4201262780fd9c962d450315cbea4d0ad17067187436663b8e54c2101e2c4624ff9f3983cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44d90de1a131cdabf11a8f050fd7370b

SHA1
f470a1ab18aa025d1c8711925539d5e10634b184

SHA256
36d4207271ac179ffabf3acaf3bf2dbac437633c6b87347fbdc8f0227c7786db

SHA512
662088d89fa5ef9b37de85c4733c789d65972c595e55b936da2cdac65473b51d7e1083fd02abed00161540820db2dc58ef8627f5559ba912aa2118f37c88c252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fae4391cf48885a89ea7450d3f86641

SHA1
f27f3744b3623dbe56afe31695fd4d4b2b867191

SHA256
fa5b9fec0e24d15a39ab398d964a1b735bead0074972d6373de3ea8679ff002d

SHA512
69dc88d2102ba54c5b5e175b2aa7fdcc686fa21f5ce7dc81a67cec01bd8c40d22ce029c5592c82af2caa176a1cf93edd8d669224bcb847541fdc9af327d9400d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0857fe830d654d16c61d2fe02efa0ef6

SHA1
b77da8ea3ebcfac90a6f8125507043a9937bd476

SHA256
f753fadcc6069429104917c0966ee3dae42a6ecd2d3914fcabd18716f667c228

SHA512
48e0656f8977810019aba9d38664bf2e2f7e2bc7d957a09eb5c7c162438e0fb5481bbb741b1f8177d0c6de2286d448c643027e69d997007c5cb058be17040ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51fea3578c893f6e6356293cd09a17b7

SHA1
503e0b693c5dfff7f829f923354b32fc39f10591

SHA256
70b829b7c2cb746a04fd2f48c6420a36fd17ad20a6c88aff6b4e55cbfb401512

SHA512
c7d4b1cf206ee514ca5c213d7e4b4a93035db384daea3b1a00e334353c11308f397fe88487c7fe0b3ba6dd1e3349ee9d31afa18e82c21b80baa022d210a08d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c23a55716c30cd9e37ac254866d091b7

SHA1
1c0bc3041186138f37c6fb65fabb956734c31531

SHA256
a60877f5d4a4941b8d0f0841478fd8aa9ac4ecae3cb7c8d6b69ba4d24a31ca7f

SHA512
acbcad32680204b4b8e0f419833c964fe36a1bdcfeb1477c2715a184fd55a77ba7a778b4c178baa296dd2d04bc479ebb3abe7709b7463512c167e0e054026a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1f30ceb49be8ef301c573665ba765801

SHA1
b5ebfaf7e09608284e22dbf3c8a4855c871b4571

SHA256
79d84a98f3b0607be257be0f60d61d4b30601ae8d21a632c2c243448f584930e

SHA512
2de36248db13f43847c2fe22902e2a498c6c69e752a97d1df76b95982cfec593fcfa22253ce3e18859cb60a9bd79eeec8e1063fd5675cfb25429c1c3b099c317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d89027b0a07c677afca1a17598515640

SHA1
9d15f9bfdb713f0c9e599e1a6fe9911054a48080

SHA256
31610d09b5fb4c450b3750794eb2c55aef64d357cea08e54269c5201cca31f9d

SHA512
fb2502c659fb5e8620445e6217080178c372ca87e8d668672804cb8bd39d563c5c2b4ddb6b2f89edaff09e421722add8d68899695377105435648aa3fd855ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a96d9b775bda85649d8e422d8514ae1b

SHA1
f8fa74d0a7a63dcdb47c265a1f03f1caa098fcdf

SHA256
fc002d7473f90c85880c84441c1a7d8ef626b0070da0ae77f1a79690d39b083a

SHA512
06fb9b49ec39e131e96cc0f505cebf9c874083b77f114af79ef960b03057f6a35bcdc8d86d32f5336e806ceafb4ec5dd986f7c6e6f87168d8095cdd3c1bc9b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\239b0570-98c1-4fa3-9267-8d45e2c3a114\index-dir\the-real-index

Filesize
120B

MD5
3bf08b27c3252862d8d12f39b4cf13bb

SHA1
bf16fc1717b000617bf2f2c86371e6e38b151b81

SHA256
6595b6a96746dd52fca8231379924ecda732695e4dcd9d0e2eaef5252618f01c

SHA512
bf22b6a2422f9acfb1ee8b893cbadb9000868f9438d777bd4486b65eca54f8ed712626895a4d673342ca1d682650cbc6b3d74d56b876d5b0b15b9baafd27613e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\239b0570-98c1-4fa3-9267-8d45e2c3a114\index-dir\the-real-index~RFe58601c.TMP

Filesize
48B

MD5
ee80c94b11506262fce860ce9e49fd5b

SHA1
d2f1a9da9a9a2377f0f43e0203e3eefef3e19a67

SHA256
7396f2186db63913ff69430c74e43e07006157922ff24302cc1a625ba9c6e799

SHA512
f1465d6a7910d5b4cb5fa52cea7bb5c8f55d7add04114fdc4e0950de363548f9277f13da4664541a5189facac8ce32bc558c3cfc54732aa32b628e45d4ab85e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\30796627-0a92-4976-85f4-0611b8317481\index-dir\temp-index

Filesize
144B

MD5
ba13a6f89d7bbd455e4422dad45a0131

SHA1
635f58340eac8ce00e9d7ddda90ead5359b1c15c

SHA256
c1e41f6776cb1fdbd7992ef268cb25f48694eae316286894fb1775fc29de17c0

SHA512
cc616f0c87c6f9878a77dab48a414dae4c0366c6b9fb08b5c7d935d5377d82f87ba840446e153c32d5aa3766319cf8fdadbfb4a4448fe905580a1cebaa6cb21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\30796627-0a92-4976-85f4-0611b8317481\index-dir\the-real-index~RFe585b98.TMP

Filesize
48B

MD5
b51c76c9eca2a0e3aa7ef3a907dcdeb5

SHA1
7406d49dc5e9b24ffc399a798622f923662b0820

SHA256
d292c3d7184741edb4c286fb65b7fe30dd8bcbfa9aba19e6a55409f6401b6a34

SHA512
e74e9ecdb89fdb967c4a567da0d6b784698bdcd0235c6b3b1a09697385f21f2b37cd649cd7e93fe06b3bb81974e06f4dbc5f85c5d2a8288e64bb5dc60fb6b3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\351f28c3-ed86-4ecc-b776-e36af4558520\index-dir\the-real-index

Filesize
72B

MD5
b6b8486151114f6422d3aa0c9dd9c078

SHA1
e49ceeb0a3f18670633c92639f819515f5389214

SHA256
5a02713e6d4e56ad0137b896ccf6118d8e112e6f7a31fea739344ac9306c7514

SHA512
74529b0b6119269201a0016a65e8c4cd7851923286e3c4826995bbe214cc3289380443e3a4fd6d05f45495da5159c5fee4d56b9a49e768a7a3773b757df23fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\351f28c3-ed86-4ecc-b776-e36af4558520\index-dir\the-real-index~RFe586099.TMP

Filesize
48B

MD5
0195979c044ea992d84a1067382bbbc6

SHA1
37412c3fceece384778ab4d4b57f5706ad20546d

SHA256
66711ab8b4e9049d4230b86cc7d2142476699f15bb8f769a0bd9053dd06963b9

SHA512
d50168631f18926e43a0a0c8e775cf56ad60732125b8c8e09fa536f515efda6aa727751605c0da1832b31ab34c8263a0bb40a8650c676e54cfe066a1723aab4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7e2f72ee-16f7-4813-b41c-5419ff5c2dc0\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7e2f72ee-16f7-4813-b41c-5419ff5c2dc0\index-dir\the-real-index

Filesize
11KB

MD5
8c5e5bdd43b87d967ed0f160ef34d4d2

SHA1
4ddb4d16e64683c6f2f0f87af4dfd20f9fa0f7fa

SHA256
05b62a0b3f95c0125dddbac08ab595876475d977c5bf7571ef3c95068412892c

SHA512
97a26cffe1ad92b63bbee33067949e7577f185c310bec85fa3248a7dbefa98c559e3abaacd8c6a549120de1a47bd5d0d7c12d4981bfce2a015d5e3f91d4e3203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7e2f72ee-16f7-4813-b41c-5419ff5c2dc0\index-dir\the-real-index~RFe58e25c.TMP

Filesize
48B

MD5
657c71d1254e675208cad0ea90c365b4

SHA1
7dd51ebe93f420fd9a3ce01e8ae06abbaec1bdf5

SHA256
8d918ab34b923cfb31fe0d15103b432d46cc37c2f8ea11fb8618bc4e80f93ce5

SHA512
0ae010ba89469b6cf179dd0a13adc03e40162ee1199a7692ef5071e351517a48709a185b9314fd086f868f5d8e8977f688f28a3409ca4a61dcfc39a9e5fffc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
129B

MD5
fc6ccdae976562afafd8e617a5bbc723

SHA1
5453ad958e2ff0c2a345e697f809e0fc2ce83ed4

SHA256
64808c7e1e59775c0632515d20a23f213d801efe0b6e663c85dcb29e02e51593

SHA512
88a44d9a8e6736c0011af947c69ca8fdde58712f8aa4fb54a74d54183c37fe7190ac8a90f520b3fb9efb4bd8d09fb7b83866176fdc5061e7a2375054d1b864ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
225B

MD5
3b055824e8d92d48703651d82ad1aad3

SHA1
297eb65587bb66980117a7cf2aa61edccd1f0e91

SHA256
5461e6290dc9523cec7fed9fde2a286f615b117e369e6288b5010137405d891e

SHA512
5c9fd18c7211322bc8ffc4f0771a1a341e226c5a014f17e4b6aa447dcf3d9000d00ecf3b6b78118ee982d3a959e7f4799e09c3570b182d8195acd48f2a2a39b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
289B

MD5
1b28e620afc5f7092c2aa2dcb3bbe1c7

SHA1
5aeba0236961d0ed61d18193a5701549ca4c94f3

SHA256
a5056c5215c9e2eba8f0c5aba557fb13696c1f433f41b27fabc5e66ea3251586

SHA512
7baafecf0ebc89e3a14d5207cef8f5908f83ffcdf80c90dfa8fa63dfcd58beb2707bfbea8093738710af2f898766d3f5c19a49a51c49b6311c42d991f5999c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
358B

MD5
3286a3da4cad988c79c6b4bf722a1350

SHA1
dd4157cf08f3aee89536f125874560d9051ee9c6

SHA256
e1774c1ff4646649e8c9df39d3378a36acab36029060d890d96756f1fb41e599

SHA512
66a876402910664c42bda82bec97886fec69609dfcf8c13809358f1a0c4006457acd5de79ea3afa63dbf9dccd7255bd6d9346900fb15ad459ac1f3e0f2447fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
353B

MD5
9154c81c7d14acc227423ddd39d00795

SHA1
548f803ffe0c4736fa5c0363a1c809e208724a5f

SHA256
f57ba6cb4e27b8b8bfc7372e850d06136c4b21d2c15b1300e4f42bf9af06e60c

SHA512
79410e56d9138cec3e3981f9da382a82628a06b9fba708182ec0a54fddf2dba4e05f5c8df7c57a8843d3e423c416a1111dbb16f5651eafae576c684ea61c0214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt

Filesize
35B

MD5
4e075fef575216a5be604ff489007bc4

SHA1
07be26bf727b123395be443a9245bd10da60ab12

SHA256
f2065536beaee87b9034834258cecb9b53a30f0c61efa4749583ff59c5e79b64

SHA512
7cf1df56abc2e10d8785f387a0df7cce9688c6c829c467d8a07e2edcf64d2ce38ad3bddae50cdfa4c81bdf009501ff4dda0dec9096c057ab5a452a0b2391c292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt

Filesize
99B

MD5
3cf5e619f752324b8fc55ce4339fd7b2

SHA1
b5902e97017e575579f98e78097de153f6938e9c

SHA256
16a150ae5088a850e013732dc3597c58ef3e37a856559e0743c6fb828598d97f

SHA512
ddf0403a6a0ff78c7fde70b8d82258d0aaa34f872d23ef536e21fb9360e41560bab99b3a4266dde7f5a0e5efe0ff9c15edd35b92b1c006fa65b89e143f8d81b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt~RFe596b14.TMP

Filesize
99B

MD5
b87a53fcf273ec5465552b9191023e88

SHA1
455d087521a90d426aefb22623206d085dc1e06f

SHA256
4eed8482bdb6ba0103346269834beb3443dc71e9b08c89609d8c538935bc6ff0

SHA512
5979d26fc80b10dabf94fc185b622ba2346db32e91a20059ad415bb46a399a522bcebe29f86ea0beda0ed0d6492748174e05cff85f486c45e839dcef98629a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9e60eaee16b6daf318eddcb7a14b2c89

SHA1
674b46a21179a7ec7c40d6cf468d41d917347241

SHA256
1cf8a1aa58b5fa7536870cdf295ebfe3dec332a023ba0b48b95b04df513c8baa

SHA512
0e8973e0163ddbf2cfa1e07c51a903a7b7c83347c8953681f07c53ab8638864f8807958a4bfd4cf37e51ffb1b4cce6ba61e13ff426822c4fbfb219809bc7fb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585678.TMP

Filesize
48B

MD5
c1fd938c349ae30963bcdcadf0af78fe

SHA1
19f485f92ad6dd3f545f19862a480600fa12ebf4

SHA256
410f632f56b372017502756ef7aa2355db5d749f76cc703e768050fed027f62a

SHA512
92e49e6336960ab7f954e6ac61c947c2bc4c8ed84ec9d6d0b13c1307b6c9e7deff07d364d3d070cb57756a225c3edc2024bab2eb037c342b8e59de2eed60e36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
52620b70bf2e55e6765da53915cc9e3d

SHA1
768b7abfdec4373e1ce51bc0e7e1dcf958bc4bae

SHA256
bd85350012068f114779353466b3ec04cc1047d6ca0feb7e9255e2effbba660d

SHA512
e02eba71f25f368280f082f5d69730e54b7d97f37f861d5d229b7ba0a6625d292419cf6a8b6af630e3fa4f98935e81f1c879130464b3bf67a57a3c4ee183e49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f1950687c5e9c544e1e2aea5221998f

SHA1
4c23193170fb3523abc4d4c23f11c920dd369c2d

SHA256
07630516fda58d6003ad766e89a3aae79fd23cc1bfe76afd33141ba6022f9ad5

SHA512
b9cc2fbd96058556af67d3c62bd7bfc60dd9103e978b19db7cc120f40100958915ae41f84452f99ba18508690ecabb0bfe72f42015b3e86eb6a536791bcdf18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0823637196158cc23b1e49f620dfe6b8

SHA1
121fd46790c43fe05a7aab42b497a6a5d0a68f96

SHA256
ce9187bb33966e6efd5fe7f020404458075c95ad46cc8b1e8245b29285ae0ae5

SHA512
08d7c0c4a2d477ca27eb51a9976675dcaad406555cbec57a3e33aeef41a0fce12deac5763e3d2bb75fe19c18b38e8bd8400dd0249d9688252ed732f30d5cb73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
da393c4af6ca7a19dc19c8808b139065

SHA1
1476c1f39d3973f915920d52d60b9abd0fb67a41

SHA256
b273bb9e4616331393c776e01cb2cab5736503b7cf0b0550a417c2ba502656dc

SHA512
e00d5700ed1434ddeeb1ba069924644eaa6728817a1ae09717f04678e19914676032d52b3e23fec16537398ddc81fb4a055cb8f0d48f6d46f19a15a50258ff02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e07baf3a7d7e6bc2521578b760ec4ec

SHA1
b9319c1aa8db23fe65ef7a039e7d762576dd8fd1

SHA256
eb2c7817d983ecddbc5f7d8a08361830c019d8ee7207d2ad86e0bfdab141026b

SHA512
bfdeee512d8fe6a1e5c01cb152b61e8e7f89059b5030a7fcbe932687ec9e55d9031689804472106c3d50ad7324b5e5c20bcfb95da7cc08cbe0d2ad4b6b4f7190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e53fb2e24e0e775ee2cc7bffd20bfd24

SHA1
3415f43bc74b6b032da05fdcadaa32ea14df1159

SHA256
ffce4bc4f81d538f7367f85869a80ffeae29296e807f86d6b0318f19ab79c036

SHA512
3f4b63e3da2c6aa138f2bf16bc5fe0e2692ccc226fec860a0282b9ebac8a215d315f436ff5acbd2b21ef6385b58077f88152e248ab02118a41ef850459bd816d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dba9d8666ad216c5066a94deab28133a

SHA1
68a1256e13282256e0414f8a824a42f5ac911ff5

SHA256
bdea77d810935521a50786c6bcf02fe15f41be3aa79c9da66a1a912856dc3c63

SHA512
a10d6138f2a37903c67ec172462713acabe734f151bec675d834194811547868f49a3dc081cec8f94c821fea4caa6a23b046134150207ef9915cc69ac84af927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
787d32a675c81775f6f0d2142101ac07

SHA1
a31864933821c5b737ec6bcf95cac0f5709a0b5b

SHA256
37d67537f4f3503ae448eef4ffdf0d64c8bb38633d72fec0c0420fdff942c262

SHA512
5de10bb63af76cc165a9a2dde1be7e096755e8c5da03fae843a18a1da840769bfc089e036fb90ff9deccf9f307eb701100ed44d612b03d61e825e4b2c34649df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4d088172741aa5ae09ebdaa3bb8e184a

SHA1
090a2f49e878e37da1f0d7daf08895ba01c9763b

SHA256
f25d170307478e7b862d31d48a28df579ec6bf2c978a712f8477b4a4e4011e3c

SHA512
42426152e17680d1ef31eda275c6422b5af3c1977bf7b0a0018a82988438a18941dca9c162694c4901518bf56649e54fa2a9c7aa80c3ee8d49e81a7c8079cce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d07f.TMP

Filesize
370B

MD5
8f39f2a797dc44af53c6bc068c531cec

SHA1
caf131a1af6c7991fe8b8a77835c0cae99daf23b

SHA256
f676d0d7580e56c448e7445dcfb6321e26a0b2311d5ec36db9408ba19c610ae7

SHA512
24786264d9b307b1320615fd0d65e65f91612fddc1f61fe9b366dd4d2c407d48a06581dfd6c159f021034a893de1c6a16059827b9a2b2e25a5c9c3b42e5a8794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fe7ce416744fb4d00762eccc839879a

SHA1
07e9c4d034f7a0f8565587c3992fc8019f06ffe9

SHA256
297088788badce0d1a859aa7a0633f8540dba8f4652e3e3b541d82d7d1f8b1d8

SHA512
12b88c0a9c2c737e298de6835d75d49ca1d19715e3ed00f097e363e79b95454f782643c5d4ddef945d97b9bc261c483c2f55f8b42dad0808e139e06e1627d9cd

Download Submit