hxxp://goodgirls[.]my[.]id/

Analysis

max time kernel
1197s
max time network
1200s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
21-04-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://goodgirls.my.id/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{2B563819-A3EC-4149-94DE-CA03D8B8626E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4032	msedge.exe
4032	msedge.exe
2036	msedge.exe
2036	msedge.exe
2004	identity_helper.exe
2004	identity_helper.exe
1776	msedge.exe
1776	msedge.exe
2452	msedge.exe
2452	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3444 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3444 AUDIODG.EXE

description	pid	process
Token: 33	3444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3444	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

msedge.exe

pid	process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2036 wrote to memory of 864	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 864	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 2780	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4032	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4032	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe
PID 2036 wrote to memory of 4904	2036	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://goodgirls.my.id/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac9243cb8,0x7ffac9243cc8,0x7ffac9243cd8
2⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8
2⤵
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6076 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:1448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
2⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4768 /prefetch:8
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,302040681404576799,10926490086363038681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5764 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f1a9c7fa806c60a3c2ed8a7829b1461f

SHA1
376cafc1b1b6b2a70cd56455124554c21b25c683

SHA256
1eb39b1409ce78188c133089bf3660393ac043b5baade7ff322df5a0ca95380b

SHA512
e1cb2f84b5cbd86b107c0a9ec0356ab65a54c91208f9f8e83fec64bf17ae89356a09b0cd39d2726424f4041d7b25b962c23672b8645c2e10f11ff4d2075f4afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f3f6e86c8b7bdc605f5559df800bfd34

SHA1
862d05bfba760ae8adcbb509216dc18ead59a6b2

SHA256
5dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78

SHA512
de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
36KB

MD5
373cd53c408180c939165335e627fdb1

SHA1
0e0978e79b93bc3df23d73c042f6b5f8c20ecdc6

SHA256
c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909

SHA512
906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
19KB

MD5
7101951e3d4c6755f117299555403961

SHA1
5ffb83964bcf0d0bb7b8733de59751e451ce4634

SHA256
11eac70d3f2e9b2dfb38dc7b467e895b43f243516c77712cd5ad1e0ab4d519b3

SHA512
4d0426c6020f2e34e2c5f73a2f2a62fb6f35058caac168081b73b999c96c80e7c567881664a2dc3cea85fcc13426251cd18ceff6da6dc05279f7e58d6dc7fcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
58KB

MD5
9571c53f84c1387607c4430732c5547e

SHA1
89074e8ccf894c324e3ed4577b9fc7d2097e14a1

SHA256
2f76e8fa851453110ad8f94427825ce6d629d3f2e5e49b588715578c75afc914

SHA512
c349580a585a9cfe90c632cf056ee9a43b5a9460536d87d89fff1ad0f9715f29ce698775a70822c2d96eba773223c0abd1bccf2a7ea640a2e28cff318689bb94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
dafaf78a720e3a7db200525550d62fb3

SHA1
321b6243ef5fb426261cb31e7465013775e4170a

SHA256
e378bd78b107f7c5a11836b2ebdb1e0145a28715c517c96c0e591abb8da9db9a

SHA512
52e6dd75db41939ad7f76246b20d3cae942ac6291e27f064b85c34203e6165c1f8266f58a64774aa1c2eae1b6258f80a1429f1fd596c4a7d9ac8bab5d389dc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
64f2f0a228a0e34496d26749a4b0221f

SHA1
c7ee1bff94ee98fb6d8b29d687f55f9c5ed39923

SHA256
03d9ea7b1ad4a6e200d42b6963f5c39ccc2abf80616e7eabd3a4a5b2e08d3d7a

SHA512
13d006862d44b8388135c1c71c13ba58c6faa0c2c9bc546762faf5b733c305d56bde3f4bdae0d0249c0da4f7419ab2dcec6744052d786afdd1334c785614266a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
06ed66186ab6e66f87a4a6d096cd8db7

SHA1
2c486f79a8ff6efed354965af8ac2a1b4022007d

SHA256
0f9a5098aef12599958f70c9c5c887c0bcfe4014e469d5c63f6b89d2d7605010

SHA512
f5ce507a6f93eb13096d04de4748e5329ef78651c3f0e369f995e352eaea49bf1856316a5f074c8d768556461374fc8b2060f4746166aa0aa68d0228dcfea1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
35f2b1b9c6e17fe0506689a29ef0fb70

SHA1
1eefb11176387423f6d0c1c52a9699d8e67bfe08

SHA256
8819b8ae618543bb4555ef8faaffeafd89e97b2047282cb16a228d1d2ee8931a

SHA512
5e0e650ec597bd75e0cb34a990032610b33aa1e8b69b97b3913f9979100c90c63ae1dc05f7250f2af96c04b22c31bd26934f96724bb04ec05cfcca236560ea6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
5df7338b6d7d8f71eec6e649616744c9

SHA1
f3ce7d8a79e4d457df66b0dbd207ed381dfb9d5f

SHA256
0e0e9f7b0877c08b82045889c7a53f282ceab1f577e23615ade2f398b9a674f9

SHA512
fcc049af640fadefef4a3a19f5dc9a4d70ebfbc2b8c0b628d45b1aaa8f609bf1d218023fbc3b5b2bffa36e2bc7c58a1f132b2bb497540841d38c129e3ddd1d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
635B

MD5
89669ae997b30715734457d1d4a7b3b2

SHA1
f2ffee65f0256c40ae5259252885f8ba18e5660b

SHA256
9756e29734520cac83a227d96afdd8e04efd03c790eb0fa91bcdd742984ff367

SHA512
a6cd885cf587075619acfa612ca51c56bd5279243e06f57677c33bb02363e2650050ac8196bc84859f8ae1fd2560e58ff524e7e80f8bdc0aea10057d0500601f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
b8f9ffc6cc1581788d4e7704599a0c07

SHA1
018681776498b264c81f6206998f609acbe131e6

SHA256
8aeb872f12d0c56bcb2e5eb7fbed16af4050aab1962088052e17ded27c186a64

SHA512
982f0a01a675c56bcc69cd75b7f8631fe21b25b605f591447ef69310b8c84b833782c8cc575ce91d26f682385cdd105a4472200f900eeee93120055c0d3fae46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
635B

MD5
614827f988db099dd5197a72cfb81f51

SHA1
712fd19eab2a8379273a83cdfd6169f8c27f356e

SHA256
e1f739fc803433df1a0fe882794c6999122e7fa3fce60527469ec52762ffa98f

SHA512
d6de32438273d6bf1f7fd34bf5755dbd7d0e7218d987dec674fa517abb286403d6c257abb12404b9411048a6b71465c43547fc92cab2b48d6be7521d6532fedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
78336534395c7aee84cd439de3ea54e8

SHA1
abf89e950c250591c5f30b2c13d1d0d5eac7026c

SHA256
0bcb41c098951d1575388098e057ac647e31175c1fced7179c7d7e0d624b139a

SHA512
34225bd9703bc5a3e051284b1d67de82270f2fd7b8e3e08aac21b32fa623d1fb3cd1687901692d5a7cd8e456866ec792f7bd67b801cd1ee247a5b91f8c32db84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
e8091acc8010f867cea2d413fd69dbeb

SHA1
e33f555e21c23077c12458abd71fd4e1a4ca6bbc

SHA256
801bb388d70a18c10c49c36ff8ee6886666f7cea00910a55cae87d54cb28c21c

SHA512
4e6f6284a77626dc46412f5a7a5e63ab2f4755ba26642b6f45ee9be2f4c07e0a0ed21aa0dc373aba255b23aa8631f6536e7eccd2e8965232f3ae59cdb2e068dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
ba96f0b1342daf21bf42e8ae194ce7b4

SHA1
f26b0436ea2e9210e550466858bb70ba6400e79b

SHA256
3c050f09b97ceaae5001874c64611ac703ca95858bb19cd178d53afdff5a7235

SHA512
2ed37c6ac158db6e53e208a203cd11ed9314b02d633008b8f517f3b6adbcbab095baed0d0ecda079131c80c607552e355d0634165a491c099ff39854383262f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
ee93477f395fbfee7122ac152fa81bf5

SHA1
d71b628744ce43573b9ec0a1d6f23cb571f67292

SHA256
e19646c51bb57b9d06cd72e32dc979fadea533dced618035b8cf67f20bf538e9

SHA512
a83b5b4abc733f1d655bcc0a86b05f504586c24f7b9147f557684693d2516d92a83399fdb07de533530ea0ea19e507e72f43d8fd20e6dcbd22048e5dc3fa2aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
400b2d75e96db85063add2e0b2858084

SHA1
91a610ebc95058d1d981b4891c6c3474e7913466

SHA256
24e652da9b578cc32c70079bc134c41b2476bde5179a6fd9eced5a7499d965a0

SHA512
fb266f2f3eda35928fb1d65895ac098e9c0024e7286597177f7c90c227afada9fed26ff4c473173ee0d4eba1d0095a0d7b53698301a9e1068e0a33131542c7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
466e1b26dc4ff9aff45a611b58f7708e

SHA1
e7d89de9fd89c85d1d7d2df1bce92e145f0dee08

SHA256
82d914cfa95b62a7354a33f2cdb282d785fa36e7b74d34c5fb014bd6e9407cb5

SHA512
2c07631363652fcb0fdd02e20a620e417e1ef3e2d9ca359543ec685d93105eebf36a087f16658c0e10834a74f56936469a06339c433c78294546fbc655f5e4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
c4a4d5052d968dfb36f85a3448f4d289

SHA1
4d7507bb07925b67c9e225359bca1563592b5399

SHA256
48046505aa204601b0b922e0e03089b33bd25f9e82bf73b43d600a2eb5e4f391

SHA512
8b2e76b5c6356266a654a8389c082d7a66593d3ae842f3aeb87a1db5bea6b2e3e33250feaab093950bd4c00588e2cdcf41ed8d43fe213b2777c85e0ee56b7ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0774692b9c630596b9aa082d1660d01b

SHA1
9e5ad4207693bc68215d8b0acd551003a4286023

SHA256
6428ee315eeeb90fe75119ef735074c8fd8ef58f09c1a5d7893705476edbb26f

SHA512
b64c8ef49074a25218c2a18ec99810869553756a1fe0fa7d21db07b124d3ef6f3dfa995523214ab8462e4d3141db2fc67c6be229f5d1dced45b660de263dea77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c1b455105c31679021850176367ffe4d

SHA1
03e710f4865e0f9026603e078af02dba4c4188cf

SHA256
a9a6998ee6cc18349c71a6d9356b5c7ef9cba167ebf0d71b8a85e3f93131b44f

SHA512
add100a96d0c1cd9bb66230df96b136463c1361b6358bb407263240d6a4f04e4692a339c4665929cc00dac77a2bd50b08f692739807d3cad6613b41e6538abd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
85125c6be4c99e3e6fb6325472d62aa6

SHA1
bacfc2a6a0d18de1ce3a2f5cd12d62139b1671e8

SHA256
e051e4c4be91fffdbc188b1beccd9d6681af8754c6422c4278f1127d9b656dfc

SHA512
a5904000be7fb86562d26d9b55190bf03a4853df8afd8bcd7780d72a5fabd60dd07933cdb81d2bc55fdc8548a49793e5778f50321d8ad74eb30bf30044498542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fc95cd6a56f690f3e0bd4836c4ce4d81

SHA1
13d25327d7590e98acd9a3b18a1b525396a0240b

SHA256
bd525cf0bcd857f601976db363301810f1f73fc182b53a86d0cdb454f51ab3d8

SHA512
d534358a30b66f3730b58f381b37171fcce020c42107be436c600be4a4431ccece66a67d19ddcb2d0b64999c8d43b8c54e4ceda2dbda0591ec990231979f45f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
acdea008f17f09784d78b62adc4ff709

SHA1
71a8b82aa18c8d514d292d7726ddbc843740ad4b

SHA256
537edec06d8e3fbae44d85e58124b24035ffbc9628ac42c04583e700b00a638f

SHA512
742c90c4c1c6a89488c47092152a942f3d864acb61bb5d16ea3728c78d9fee788eb4ce667b5e6cdf85003c22d356185197487af742bcc7a8496d2e5adbc37193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fc22709a505b8b64831f4cf331bf8332

SHA1
95ae396eddd206eb54eb48203757ca172b584eab

SHA256
ac47336feefc00ee03aca7b1123f43f5d987400a2e3885e8cd30960f2b40ee0e

SHA512
91b562aee71ca4d72e0c8fd4a99653647cea065d2ee21cc79353d8429bc45f8602b1c7dc9640c4fa48bda42f3e6298bbd0d1770fa7760b8506b4da9761db12cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9fc13d12e1e58e7f93c786cc5d5ce877

SHA1
f9ca53572195c9d1bc7a58c2ba4af87f09ac9a00

SHA256
f2faa95be211649e063d753bc260021f79f11cd9032486bf24432990fa05f2fe

SHA512
4feeae96c520c4d2001ad5892d3aa00bc2dd1fd8e2b00f94b4a7d4e3045de41c5e70dcc3fb88ce0589a10efdb6f28b3a0f57bf239c9402aeea92772abeed3114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21ec364b-9f98-4fd1-a4fe-48f8e80cf039\d0f14b31f48bf19c_0
Filesize
2KB

MD5
21166f47aa6b50a86eb3e0aef81c76cb

SHA1
bfaa800ba95989df115f86bc19248f4e2f545091

SHA256
6f730601cfc2e692cac46ad31a3793ad95f298b1d16044a0dc199142ad8e33a0

SHA512
9a77c15bc507c1232dec32687466fe2b8a7dc7bfc3e2b190dcf61976dc2174023571cf2227a7e6792ddeaff4258fb534625105b2f044f1412585a6da815b1a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21ec364b-9f98-4fd1-a4fe-48f8e80cf039\index-dir\the-real-index
Filesize
624B

MD5
d080bdc8f3c2742696c51cb4d28855cc

SHA1
6d6eb23211c3158d240d67a24ecd871ed64c3ff0

SHA256
641a6c48538492580b4c8fcf7f0a9e62731f8a17d9861cf405074d3c6cdcdd42

SHA512
e464de2b3cfafa936c44ccb0e77f1462580bfd6a4fac0b5a28fc8145fd8fb3eaeaa73af17e7c23e3fbff1d1904fffd9dc29b1ca6d49054e10db665451927b42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21ec364b-9f98-4fd1-a4fe-48f8e80cf039\index-dir\the-real-index~RFe5917e3.TMP
Filesize
48B

MD5
eca042912251742fb935cbf21caf0064

SHA1
12e8387addaffe0846f51431745c1aaa7342877a

SHA256
25b460c66c53374361c5ed559e2beed31ce7f84abcc5535eb07b9bf4b9534670

SHA512
8750d0138d8cc03cd7475caf06e91403c47e029a253d9b5a10e61aa22209eb9c9186e817af461e9afeb2b43c885e00b3ffe839aa9b57699666827f077c7913ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f34e1038-f176-4dc5-ab04-a360169e6a74\index-dir\the-real-index
Filesize
2KB

MD5
42507cae02c2384476641167cb0f676d

SHA1
0317e3761cf10464d9b777a163b4b71f44426834

SHA256
0cbff34feb2098341a44b0ce390e520387301cf5e4d1ca36472e1399446a2461

SHA512
c8d25ad414572b7d2dd5abc9945029ee6410de5eef7a74a783b50c9ec0cadd6fd96a77569339059a63f16f9c377e68aca8429b453f1f9d80d10ef89a2456e05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f34e1038-f176-4dc5-ab04-a360169e6a74\index-dir\the-real-index~RFe59697e.TMP
Filesize
48B

MD5
b2cb3921b34d0552b93c5d278793df98

SHA1
c0751b7f901ea5852571518345dd8f160995a212

SHA256
b5918e8decbae9612e2fb31079343c8ed2f9f3aee7b351b38d4d787268c0e3e8

SHA512
c4610051ef4bd4064468465545827f26edde26a61d39283897c604d1a0c4f37844f14088a5853d6b4becdd82a46dd4326b1887a0881d29e16548d62e36e84c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
7af6f60ade9e99f157410343871ce666

SHA1
db2459f2384bb1603b9ad19582ab39b94091c741

SHA256
db82b443080b11a16f0589a95a2a23c4f8a43833fdb1a8bf264e6af8bfaf1a91

SHA512
1cae40b04d2f17842d233b4058c41d80334bf2de12b436023c81308d5bb77fcdcad3cd70aa77cd520d1e0c8b764530327e8fb7598f7804c0a7d37f99b4ce270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
ba0ead56b28a40fece59ce65eac99f65

SHA1
4283ea2d0ad1eca7a162dd6ccc2527296cf544ca

SHA256
91a98a8d6d97b52c7aa139e6fd7c0dd5f6a5029937684eafd1512bfac6c770ce

SHA512
d88cfae58a51b221a73a0d37cb676cc981aec14e6c16817abe42b1fdcc8bd86766cc6086fc3fcf6a5a06f3339b0b76a8dc35088ce83bb67849d89ef3a52d9cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
155B

MD5
697ecd4916dc8312f1a2c0ee3c546305

SHA1
8b229b45edc37bf34d8f244376ef279adeb1a21d

SHA256
29a23446f466241d5e924c2f552a5941adea2ce39f02ce23805fa487afff7a1a

SHA512
7e95ce16621abde3ad862a0d4eb0d95f602bf20bc3b47d7db5c5aed589001890901a2167e1ecd39ce184cd71360f27c166b6ec51308281a31283d7e349abb708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
97ff8321a37ce0a1fea6fce1905dfcd0

SHA1
c224d339e33d7a63f8c045acdb1b3eca053950cc

SHA256
40281d249387b9d6d63e3011b65f67ebd07366e6ed6d6d86243bc4d1983c1d9c

SHA512
559ca2f74dbc39ffa7cb199a7af304fe0f4d046f6ff62fa736bcb2e3515963768ccb8eba0d6293a9ac5c9e7ca2a3e37e009876fa100fb11815b9783cb8b19246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
55cf7ad7848742efdcc85dad172fb944

SHA1
6f3e83a690ecf9283ddc708c09ebc3f7b85df6d8

SHA256
b4163690bb7bf589ad454f51c9132c3fbb1cbbe31d017c06728f26599266c09c

SHA512
98c183f42872dd8f7173b5abec3da9986af5fbf9499e3086aeac49b3a8c74794831522092e79063258e38f16907a64019faf3eb1660002c1b4fdd941f2673490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
18b72ed070d633db78a4f6ed80a95455

SHA1
f0c79f4ca63399c83130a4c3c639106d2aa364bd

SHA256
46ea7d9d26334bf59302ab0827fcc735105dfdbc626596914cab0947f1e9069e

SHA512
640ad2f819484391f36c109d7a6ea967b2af55e09b893d0b7e0649c5833b0295bfee4284b348fe0dd71b275920a384ffed0e26d431b552683602c82a90b84d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590f39.TMP
Filesize
48B

MD5
c637bccab152a8780418bb9afe1291fa

SHA1
1e4ea41f545a1aa7f3a94856da82bbc54332aa89

SHA256
1b6133d9f6280752b16e1c3336a7d7a29d03f61554e93efe49b6fa63fdb5453b

SHA512
2b9f178207a9a44f7516c1b84ed194b823adeaf556969960a1b5ed4df9b7e8ea96d45033171a67356291ffb8bb18886222c04defb307a23155d8af58950c7bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
adec13ce278ced1f985818457c8a7db2

SHA1
f7f49aacbd7a4ca9b05b0bbba309f79124f8bea4

SHA256
f7083256cf873b1d72722f5e841e434edefa8b7674947f33d093157a6686b2af

SHA512
7575247d5172ccee20f756a42c6e4543ded2036b4ff7263c0651b72cebe1e52db60aa3620e20d61cb68dd30e20b50c9527fd6a1381c26710865be8af69d2b008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2d6b231b3f090cb6d51016db88e624e4

SHA1
1ff787a0787408395e14e3cb4fab19489228c89d

SHA256
40bae7ae0286fd7428fabfaa7ce253b5b3a53217fc09ae9aa373445e0ff7faad

SHA512
c3ef29a3d014d0f29ed600ac99f1498fca785280d39ecd069a6f48f0860515ac1ba25f4714b62966b72d64d0d672a2cbb4990795649fd9a6ad8a04d7a379d4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
517fe975f2e1d6817b6bcb0bf291d010

SHA1
fba584e8c660381748c44f4524946854a3f482dd

SHA256
b1afda93d64cddcf876f7f6ccecdf99899e499ed77ce6006f56a4d33b3b0f1ff

SHA512
0c2b7acd2661188f1893c4aeac5e3aa6a41b08fbbf8b1e0c693bd132a8abe0ed99b27bdecb9f5c1330ab7de92e93d243a17918ce6681f1f33782bfc190485f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a6550c505a6c2d95e22fe80c2cfe0ee9

SHA1
bd47eaeb3cbd164700c302fb5cf0ec26cb266389

SHA256
4a6337cf87b389e8ca38abd03724a9d05c469dbb25b85e7aa7be630852611eec

SHA512
2b24d91cee85cd67289acf6f5931aa205e92b9d6585935cd26b7802c7ca276f817c6be27d864dcb26813afee39e8024feb99091126bed1defc17b1d0b3c45047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581160.TMP
Filesize
371B

MD5
377cae3198c3b240df7c576f84c4f384

SHA1
100ef2879bd8f96a441c885b3b7e459560b0c046

SHA256
08d8ae48102fad0684ae58b547a082a6ed4a44f795da9e6e789dfe48c55e7658

SHA512
56c2965433b3cb8e7a9963a29e45b47828f3de3e3cecc351907d421f57a3759752a06937bcacc79e301b30500a115edf505c2ac21d6fbb8bda5fa2e170ae50dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
72a32fddc62402f4ad0eb502519f49fc

SHA1
14e272da9c02f240d1f43cbe95d46db9ddf6edf5

SHA256
b9e14cab69f236f07a24208bbb4752e7ca3b86ae4d09ed04fbcc25570f3853c4

SHA512
b097d2689cce06977eeebeae3ff8d6501c7677e456abb0b1cdc834219b44f473b62b4507677488e45ec2517368f97484bf086a7dc7100413d24f61081b63dc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5245ad5a0c93ee7827ce8ee30c428402

SHA1
3582a86373ec588a430234a118266efa5d0b0914

SHA256
6e35435d967c41880e9326b3b7f91abc34d5993ea94f7ff2c6d19af3f67449b2

SHA512
ae65a6d1c6381eb5f868601937b8ec59f3deb3e8470678be4c30af59bd05ee762d0d0843b0cf6e70001801fcc180f9edfac83d658252db292dc707e5c16522da

Download Submit
\??\pipe\LOCAL\crashpad_2036_UPLISDRAQHCTYCKO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit