e0906f98ea673355fcc9e319ba619350f69bf3118e59e7b58f7e22a344e82ca0

Analysis

max time kernel
1196s
max time network
1168s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 00:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

18KB
MD5

4de08c4974c0e09855d1790848f0cc7b
SHA1

4abe06aad004bc7b1c38011a98254e44cecada72
SHA256

e0906f98ea673355fcc9e319ba619350f69bf3118e59e7b58f7e22a344e82ca0
SHA512

c914267de0396df4d32f3f83cf06a6376c1d8e4dbdab01805c9efaddf93162121ae718732caa901635c6d04d95d822fb98fe8aee6ac81952beffa0eb97dbabbd
SSDEEP

384:rr0FDHrEk+DpmReVoOs4GwN9ylKeGMFU8Hhhb1a47hS2LjFrS7+vVJCBXQL:rr0FTr+BVoOs4vryI1MJBhbE2JFrS+Jf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{01927A5A-6C81-4C71-85F2-23CDCBCE85FF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
4176	msedge.exe
4176	msedge.exe
1128	identity_helper.exe
1128	identity_helper.exe
3740	msedge.exe
3740	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 1068	4176	msedge.exe	85
PID 4176 wrote to memory of 1068	4176	msedge.exe	85
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 632	4176	msedge.exe	86
PID 4176 wrote to memory of 2744	4176	msedge.exe	87
PID 4176 wrote to memory of 2744	4176	msedge.exe	87
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88
PID 4176 wrote to memory of 4984	4176	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef88f46f8,0x7ffef88f4708,0x7ffef88f4718
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13539172954786933797,6772452125914138594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x244
1⤵
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
79f91534597302cc1cb57ba22ec86042

SHA1
d7ab8f86e2ff3dcab8bc8b598ff6d91f8035bee5

SHA256
9c610df49159055ee3517b4516c4e64102d9d02802d0650616b2bee1e7111e8c

SHA512
52257abcdf612eb64c0b19c9ced84b9949091fe92fe466bfab167fd027f6cef570dfcffb48b922e136cec8d7d0c68a06f3f6ac520416fce5da1c7cd9742b813d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
d404b61450122b2ad393c3ece0597317

SHA1
d18809185baef8ec6bbbaca300a2fdb4b76a1f56

SHA256
03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb

SHA512
cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

Filesize
77KB

MD5
68fa4b6eae8521744d0d65b69b00fd5c

SHA1
09f919a32223c80ff276e344013ffd3b266b66f2

SHA256
590caa776878f392251da497cbf815dc15f4e4627c954a44dee7869ae4288d07

SHA512
8633b01fca69232035a5699315076fa8c230443cfbd9ff830339ddfa05e465b78ee29f76d1c85ee116e99cd967ecfcf97c5d23030a4ba186e7513b89972eae1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

Filesize
1024KB

MD5
9f662986b73942417eb2fdccca13ac17

SHA1
050a3355fcd24cfa51b19755cd41465135a5e623

SHA256
8338d20a9a23b44c001bd6d186b3d348b52e1684ff3fc34478b88dc7dfd08a64

SHA512
9bb05e892822b1933ced8582035a510402258bb6dfa8c2a38c9b33abd1c31054475a612d2112e2a4b447ee1e7c22b195b77018bd9a74a2ab34641d705826bbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

Filesize
1024KB

MD5
878135a2a6a0e8ba219f8cca713738b3

SHA1
2c8954d5e55b02841da04b348c2558c65937ffcf

SHA256
f2b6744388f9e1b2f9afb086b155d15c5486601b006981ae9f7a4984b028e53d

SHA512
df1730e687745d8341bf611194b862f6359e5d159e4393a1fa06c53420abaf509224c1569059eaeb65218f28c24751895b97b0c748685c50791a1819e176e6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
1024KB

MD5
da9ea5e9ffed33bad2415325ffece415

SHA1
0ccbffbf862435bce268838678b33efbae552573

SHA256
75ca5521729a3a6035eb9be3f1081f5f087bc5b580ff6d1a6d7f06cdd0183b77

SHA512
66c98393310b11444b19900c0f2a7b9aaff99c6d5fbe1a9a7cbf8be26843b0f1008cd93a1e7e737b4d1abb22082eb326dec6a15afd0e8bfc962fe59dcd5c67af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
1024KB

MD5
95a70b8a1be30a2daafda0dd9a12a2e7

SHA1
8ca74a9e82e42c63b66f33ba4489ca2c1879e775

SHA256
e023bec0f97b18fa2ab499e0239e9632833016f13f534a735df2201cd785e331

SHA512
43a2b20b7dd49fb0c4a6455108df7acb3e0c50a8e686aa19a646347f45cefdd23eaec9b3ea7d3390f8a39add4f20477bdc08d39a209ade90d217d5172fdfa77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
1024KB

MD5
3b886b829a74951def053f5d45174b59

SHA1
7e488e6800f50c5382d6aa84f8a236ce6b4a8d17

SHA256
4021c80e612160d9d11160929e8e6f88d68efb9ce0998e95fe0cb93a3cfd0ead

SHA512
947e72a49609412a55b461d5e2b61ebac7916e27e5ffad010e31cf2f0d199a7270607b17f4099a6623dfd095ebb05a1583b5814607207aa018b66b2cb2ac0788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
1024KB

MD5
fe85bab1b62a921b941f6dd7fab545cb

SHA1
7dc782507fce3eb4148b61eb47c6df9876a2987a

SHA256
6cf1f6b50810d6370e96202090e52adf9a684f7ed3cc01048499f662b9725ae3

SHA512
0ea63463a8b724404a4984e27043929171aaacc248154c00733a5f4a5250defa40916b327a51f33a57f5cfcc8fc220631a5c5f97eac85b4a9ecab585b314f05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
1024KB

MD5
1f6b9fda285f29fedadcd022613b6eca

SHA1
1e0248c0d1b22bab85090fee464ec7aacc675021

SHA256
3cc608cf332517c7fee7d9c6b79aa59ac2f63a141882e03ccccf84d0ab0185ab

SHA512
11ade695f5b4646fd14ceafef52b45623e19b0202a19f142ce6bd1195e887b7436e1d3ee76081bc303f0d16da66e4994bba40c9d989793e2c3320470cfd94df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
1024KB

MD5
10d83391a05752196d681e711850643e

SHA1
bb029a0ebe0e3f990ac9d616d7981f4b1e330839

SHA256
a358e651b22775427380856593e81fa1e4e98c5ff119f11b043d6acfaa79b010

SHA512
22b4759f77263b62dcad7032b4f77950a65ffb0eb503e3a49feab7b1b80bc6c3fd66f25816775beb8fab2b728e8b0dd6f4a9182cc5e88d4a0beba4aff04d9048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

Filesize
1024KB

MD5
415f775acda11edd8c8156869ffcbd8b

SHA1
a229943e7e1f9c9a4abc02acca737d3ecd3b5930

SHA256
7f7c0346f1539aa86dd06e51aba18ea83e1b748920ef473d3e9d2ba5c62f364a

SHA512
148ed0aec4afa66ee438352ed8ab74b0cc2f4bd752129df048451e935813861e4c2e11d624e32fecb81b3fa69ba53cfc7f0199b2eaf570f38ab26981860a842a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

Filesize
1024KB

MD5
624c718a957297af71b9e2802fe7a3a4

SHA1
e458b8eb6d9e2c192d120541510db89b1791144d

SHA256
aeee1210c3cdf9c6bd13bd940a094291d6ffd4fad4d0a6dfa626f7eaaa9c4eb2

SHA512
7729af77f29e4935f74c8d8c5915017241c24c449f885abd0817f90f71713e0a69ae49de2f4827e0dfbe86b91d2ca1a4115a64476f0cfa07c8cb68952a3779ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
1024KB

MD5
4ec94feb02bed02bca1df4ba46d481c1

SHA1
3f2edb0e3791408e3543a731593abe6eba55c314

SHA256
644a0d59e99a16dbad0daa0008ddc76da8a4b0281d5c226aff080e455dd3e9bf

SHA512
f96109f1869bef217d3cef715ab4c8d9a07d3b2af4e77cdab00a14e01dedf054779697427e85aa1138d7e2626f78460471e2d82686408b67273377f8145bd0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
1024KB

MD5
915d829e6a684f53ed586f90af9866de

SHA1
5f55f20cdce68d3cc111dfc2e02640f279e2a28d

SHA256
41d89535ffdb73a76f3e2d97142067e0059cad6ec5d971dbe84a151f95dff992

SHA512
77af9735dd1b390cbb2d827ad4aaffc51fc7c2ee050583fb15cec820b1276311ec93cf640a60f7f1c305449b4392f27b493016201e689cd8876469077bd76cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

Filesize
1024KB

MD5
017807e63f2ea63c8e80e6d7a50a2824

SHA1
39ebd5683c92271900b1980aea5f7e54975d0147

SHA256
6e50ff32cff5315d46be5ea6ec800b702469a7577f6e38f190517fb2c4162f03

SHA512
e9e469751ab64f5203e79faa4cde365a5682795a997d155ff9618142a31120ec77685368b8fdbd29b7733b4588aa16957ebc82666971b282e658f879275eadd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
1024KB

MD5
ddbeb96fb0d99ae2c510d0c3cd94ffe6

SHA1
7ae9f67b7e63d3fd08cc8514f9730949f5fa9e2b

SHA256
e1abbea8b9f90ff125e21a3a2f120fd61971c2595c4e7460af993fc1e1341877

SHA512
80f47a2ff71938e0b74785f57e81e3daff271c832491c49d24f4e4a79560beb56e713be1e70be6950d48a848c1a8fb486f00864fe3037b1244d578e0cb7bffe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
1024KB

MD5
605060224c769d7495f8fa7c2a87e645

SHA1
24c3b84610a3874362ced06f83f9095cafd53acb

SHA256
d3bd893b64b6e4d31d5827f1c77e5e0e213e91d01089bf20ac5eb061ddaf13c3

SHA512
beafea0b5c4c5f265b54b58428c8f542db2ad96c6ecaaa382206dbee4fc601974c0e8777986e73b8e2e737144c905ac5b89ee330ec6a26ac7cb65809022a53e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
1024KB

MD5
6879f2083ce7af6773547cf65dcb367b

SHA1
593063868179cf35113e707957cf964b09ad58df

SHA256
ca388a9b033e1b223de7f66083679b799e73492df55dda14d428c1d6a7e77ad8

SHA512
4188ba6f835c25aac8f5d6354f423f45434e32c25cf5fa8d5774e573e7716999c46e27eeab95be4c9cc4561347b2c9fe4f57af4c970be50d4c44147b824ef6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
1024KB

MD5
594f2172ba26633b0994ceb1bb107816

SHA1
7b479a719c78bd65f0aa800ad32b05b20f1d03ef

SHA256
67c476792ea6aafeba29a89651f6845f5d6cb4235237fa3e248d2f33a3a25417

SHA512
34965eaef78e551146bd6ba24f9beca590549813a2d8cac729b06fea29dbcf697fc629ed6b2d8909e9c6b191c406d5d7b83663ce0c02acf40d061464fdcc27c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
1024KB

MD5
0a876199e9f7f46565ec8c4208ab3395

SHA1
c50a3d30ef3e75bc7502612d465663fcbd37a9b0

SHA256
9b1438bd9f2dc6f97739af01c15f116d4b2c643ce0bfbb06d789c2f0cf38b405

SHA512
b6e21883820607013df1f87cfdf8ea12906df0bbaecfd80bb8d5e2894c061987a60ce6fc09f6afe90636b8a186dd8dea2ebbc1f40dea91c61c8770bd866b432a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
1024KB

MD5
d8d4526d8916b2f6274097fa9ee1222e

SHA1
a5a79d4f22cc9902d2e3b17a0ea4762a124da53f

SHA256
cfba5d582a83f2c56d7cb6f246a667f33dfa4d2f09041bd37d731022cc0a9ec8

SHA512
b5e29a8a3a47cecd4f94367213c7c358f12d676e32662e15c376348e8287a396930ff440643042b60be831aa769c641afde4fdd9757ac7034c4d850a173795b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
1024KB

MD5
a5eca4d774cb52d8bf55e90cb6401cbb

SHA1
b7ba26af892fbc20b2e69af6129254f17c3a82ca

SHA256
c86044f0a88878b6dceba6656562901e1f5d76b8fb2f5ed00cb924e605b1545e

SHA512
2e3250abe09a741cef67986aa8f234dac72665b65f7883183c35c46ab90521a7eb2e4f53cf583cc2ac57faeac1e71bc2ed634f4f123e1760d4da01a4d619252d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
1024KB

MD5
e89de601306f20ea782d3d916c62a24f

SHA1
ca622cf6dba4acbaaddf551d5078e95ab6c36785

SHA256
224553df72399c0b5a632e466337a5728897a44a8caab08b276699d467ff95cb

SHA512
5cbae144bd141a2604e6e245bdcee2679dc9d0e576f228d89ee01130b8c88ea6b7382a9335445b3bde3928f56335488eae212241dfe97d997bd35c469ec8fdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d1

Filesize
1024KB

MD5
0c6d8927cc72ed2ee7029f05be611e82

SHA1
f07b1a10887187e3a70f645be5fe3e711da28bce

SHA256
3d902b764d30ad9436c23e6e7d72e17bf33aadd439da36922c54f425b9b420dc

SHA512
32b2deb3112e53e70024bfec97339602019d9bfb991a9f4b620ce92e4b80770a2c3515691753d331dc4d1a7b54330631681a586e5cf9b5a851d372aa005ee43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
1024KB

MD5
ec604317242a9888360757673f2be3db

SHA1
226169c6f58289bfa855df411764728a3e9ad1e4

SHA256
7a3e4758e542155c3818d50fd71a85a61f1fe89f2253ddd8880a6450d33efe94

SHA512
002ff439233250cd3792dfda511b968764762915c841bbf1b8dee0da57267681aeb8324b4cf3b37fd6bbb1d0b5dc4e2711b8e781e602b85b818d44849088cff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
709KB

MD5
9dfdf67adbd23de7fd0bf21260a1e5f9

SHA1
fb7078201b1d492d194a0b7779809ea13c76b395

SHA256
db3accad751dc8e22b5b2ae602015ad90e274e373803eee16b21423832b92ecb

SHA512
6eadb8e8ecc0684376a5095074b301ce58a65de2ced8f3edf671defc8695491ec8697fee5b31bc7622f80d8ed9f98e593f613118ebf657694478297f0d7b9be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
6835f39e54c714c84ff8dfac4c269329

SHA1
e6119b7477ad62673accecea1cda465f3bf7f342

SHA256
2a46a5628f811434aedef0c7c686c86d92ad83baf587c19f8c85b8e717950852

SHA512
41b38a871cf94ff1f3989e1ed2aae0844fca13c9d99e2cf4fe5c48a048931ec7421bbbb3982eb1725730f30b41d1d2979cfe7df8d0b2dd63029c34917bedfa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c5983cde72e1a5aa09d9bbffd7be2646

SHA1
118a8aa09c36a249ca7a25858624b3f97c7a69ab

SHA256
abb22eab0eca2e00e7fb60c35081366efde4832bf1e3738e201f1cefc68f556d

SHA512
4e9e713e39bf41bf000c3eb3a971d97579fc415beef52d4d8770d6fcd3ff1f8b10c5cd516d8f23e86ac9b2bf8dd087131979e32f7434a5467d14727b2a6993d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
06713a5d032dbebec94f5ce5d0509bec

SHA1
33ca36a76680eed1fb2c2ab49c0a1b6aa5b5313e

SHA256
212d7286d12f80778010f0f06e4a0e799fbc8f86bb24b129d6716c14848108a1

SHA512
96334b5d80e719b467b730d9f2faab2b7557617120120c20b59a43d38db7523b7fc31ae04a386ee2e8e43f658aaf95eeec23eaa04044a8f6909f9a9d29565877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
555B

MD5
c945d685d9a0142e6721ccab3bb4e929

SHA1
991d97f74b11db9e2e5be3b923fd330fe3715838

SHA256
dbe27ba048a6414d2b537182e8431d1d9ec82db502fba7c86ec4fac2e42e3692

SHA512
ae0503de708e4d6b60f9b4461b5a61843677f095737e4e8f07384fc2af3bb393afb025b1d6872bfab288e3cc13f425132a5d9902e165fe69348cd932baa14486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5f9850ada0578ded3b8fffb3630b0b94

SHA1
de46bc81b22a0e884d1fcfa5678379572bc208a2

SHA256
8dc3e19605b9076dca1c0d44cae1d4785fbafa53e53f6be6f35c3c9dadc7a770

SHA512
1f7590bb222880107a7dd85df0696568b578dd420455b78be92f7f540ba07df14dfe76625ffa1971d88d7e7671fee5d98ce29c286755bed11d7659e7ab312fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1bb78d0cb691af07159a8c340fb32441

SHA1
e534574c189dd31e7c6dcad81ea4ecdfa0a4cde1

SHA256
c3561b5cc65fb4ed27eeda3b230458a1fdc42d8ecc1d61e2a35f52455c9f2042

SHA512
65ac868a7d58eb6cb5ddd096c0f52c6f74743bff8f915397bfce2f944302238861b042b36e8d9f5ae1f5f85152f1daf60826b43dc01709c2d3510507a9a5b734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f380f89dee1d850e520a6b82db30bfdb

SHA1
d89c0816afc20ee157f3f1802c6e18f37e017a3a

SHA256
78ddbf22c1b79b36231af7c9088060227b5b711e5c1c48233dd6d64c2c14e73a

SHA512
ad7672dd5bd83a8e73d6486aef76e7cca2e9d5df76e9f4ca14220f21fdbdc49677936c5d4b0d9cc495117344cd1e4dde7f511eab407adf4cb79549edd3163075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4170da391ce7d0ab1eb156ae34ec487

SHA1
bcfc9a88b1ffa8babfd788d157071d9367f6d1fe

SHA256
b20926206974eeede2768bf6ffcccea63117899dbd6e9ffc7b2165feacacb2c9

SHA512
4c1f33c997e5ee793a3a1e278f0f5d6355d7232c46cc21f0868ae1b6b97aca5f3df02efaaa6068814288b83ff1fbcc4194393c99ae0afce999a0073bd8819a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9354607fc790f1389a80306f31ac7997

SHA1
5255a0630f19b315f706e611b9c970eeaaf123b5

SHA256
059b313cecadeafbdeec10eb8a1520f5922b03199157dc911fb56cc93c9edc86

SHA512
af71020139feb33ed0e21748d78e48a4ac262d3945417ec3325085bb907898307b0f65201f611ee3fed6ee9a7004ddecacace7021ee3c2a0ecfb4fb165181fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
043f28fc748398c76e60453402039e9d

SHA1
5d32089e96bc7803937e8e0617fb4abb378904cd

SHA256
e52c3ea0321ff13c12e01b841fc373257af95b40b6eacf5ded0ddb81c61b5fbf

SHA512
e7af26f839a4bbcbab08f1b0ab67d1a324328fedbbb30900fb2e592836a0b59c03d57d23d50cc3e6f58e76bff79415bb4228e598c4403ac7469778ba14a68766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dfe7fbcbea365c14c4fc23f403f5fb08

SHA1
7ca6ad84492501f476d8e5947c7b1522b889a7ed

SHA256
cd84ea48bfaf9204539e64eb6d783e317ad258e8c998bada41c182efcc9c02b3

SHA512
9a0d873c2917878251be410b2c2c9b06b6c82f0bd672d6aed7b5c2459e47d8ba3cb920f81d4eb0c56ee9a069df940322f174da0e561699db4ef1cd7d1e967113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0afa3eeca960173a4802ad2650ee394a

SHA1
776d6968af8bc3b94ef80a23b3323235f7ff9928

SHA256
a179bf39c50a41310b143b51be77707e2cb29267f62063a5af44d74d77cef328

SHA512
061fd7f4b74eadd5635bc0740ebfb64f12e1b9b06f100785066892cf514ba2ac84b4e12f59bd50234f9561e1901e6a2ce9abc4fb14e358a8b9c3e72c7e190039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d06117fdf3ec83e817a678093db8a51

SHA1
d0bab75f6b02353ef87c1ebc872d6916723a5428

SHA256
d35d3b243a9e685466cea122a650cb63dd8a3bc64e281a810187dfd6f61e0d0f

SHA512
4f168e2a0b5c408586a1e358fa48a94eac473b673127703647a3f995452595b351cb795e779cd8b47e754151db2ddaaff8c0cfbfd29410ef3766138ad9c32ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fd04417537beaa76f79873cb9024d26

SHA1
ed7824482e0f5943b75045fb3b13cbae1d5aff1d

SHA256
1344aad8e5c68b023982bbf8b5906d69611a2f67a67ed34cabfe8bf2a89c3516

SHA512
729fd8fd83744713a169a2a7d3d8fd833fe5da4070b215af7c789516570e359bb75751e5c49ac31864c4531ad70c32736033b59b9ba22552cf109911d23c79c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
f1787ccb043c74f33c6e980cfefcafe1

SHA1
cc32eaf5eba3528a04d1e3a61003b2fe234a17e4

SHA256
2254629bbf65586e043499fc66081f72949327abafa5b7178786fb9af293b472

SHA512
8dc3d0cd66b3ea6ea4e81cf1f5e52288dc5d24de7417577f093456f82f04bea7d9f563719a23c26b6216598898eeb33239dae9bbb5677e598ebb02ed764a5ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b8b7.TMP

Filesize
48B

MD5
70c53a8be537c84dc251eea593f10db2

SHA1
ffbc55bd2633d8aa96354d3147445ee53b7d6c90

SHA256
b7b3addd1ee36bf5563bb972f788db01cb5910e6419ad2ce194e7186a1f6ef4b

SHA512
023cffe28e3daf8f767a7578069517ee5bcb57830d1bdab77b34838a7e38931e86f0d793e82949b62b29a4c9761bc807bf42eeccc4f4565c9996fb6f14ddf1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3d63db237e36072e2149c508468954a

SHA1
c7a38798ba4e02c5c4accc4df5fd15e8e6f2b923

SHA256
9deeb077a342160a58fa880958379da7c901e514e0cec1e2bff555efaad624e8

SHA512
1a54f627f562486c92bdfdd02c237377769d61ff32e20ad1849eccd8fbe1f17a60db00f317e1b31b7cfd3254b0620f009c6da24e1bae243812e2cb69cd286877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4ccf527648ccc882779e0de0850fc0f6

SHA1
9f874d63041febf8d0f46201e9cbd9d85c97e0cb

SHA256
29d9ebdd51c3c42b4f23d088c0861d3412100ac2d74b1bbd16146f25438d988a

SHA512
50e4c485961e5449d914590f60c726aebe074ae9c28a479de9d903a681fd8229ea294aac209be568216b12ec93af9b9d6b011ccc6926919ee650cb2ecbfb0504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
796463b9c5c883b3d7f753f417dfd9dd

SHA1
1a044cb59b18375215da1d558f95824ad9766db6

SHA256
0b1ca70870583993ab4137076bb6e3ef8e04e115a1bc974e952cdda4624a1f15

SHA512
e673ba85308a3bf61a15276f695f3c0f98ab7e3aeffa40fcdcf3cd464edd416dee634762d03cc32ceb0f33f36e549a36a2b9f6225fe6adb89d2ba37ed01ebb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
871b6b1d04811e03bd99d69a6c7f14ea

SHA1
bcaf75ca1275737d70eeb74d309607dcc7851010

SHA256
eb8a847a0cfa798ed381449c986aba602618322128685bdb7cdd7136732f0c4a

SHA512
38b932935e9a633c7354ad5ac46c7b42b7359fb87a040d80911010fbba0db8149a6a3e5f1bfeb7abe841178afcf1f533fe8e271bb194677ae62fbfc027f5010b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dedeaec72f08aab6be0636a6c27298a5

SHA1
e6b069d811bc6ca49c138e56f0bb98549d428b59

SHA256
e6fbc2f1eadbbacab87d309f14156c7dde99091703dbb7f2c7a0d8a149d60d11

SHA512
87996704f2a94c7064417df9d8d853d1be0bd43238fe122784d47bd13049774045b9fe6f3e983f94e8af0100b330908210dd90bbf69962aaa0a6382994b52a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a0b0.TMP

Filesize
538B

MD5
38451c459746573bd9129623e44b7e22

SHA1
4ad096360e119e823a41c9d9474bfb31d18c7bdc

SHA256
99d4ddad002bbe319f95c5d3b183e54c6e173f8a5d6c23815990044f28d0858d

SHA512
f0e732653fc6cf83c01e5ecd14a2d7423b08298957c9a2b46129e723ed9013c8772d6a2a179c00e87b24d7d7790a55e67a2d314856b58a933598b68bb4f9f83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71f3a36151751c244b72db014c59da4b

SHA1
82b2d3552ce09f336bc35011f6d24c773b3b2edc

SHA256
84486f7b5b05d24d013f6e9dffea6dd8920d934c77d92ae748f97305fa55dedd

SHA512
bc078d201abcabbe6d5f6112042e0ade308fb8591cb365fd55345dfbd3104aa6adcafdf5fc2db7899b0f66d242be42610511b6bf131c0e4dd9dcb8729bf1cd03

Download Submit