3c56920c428a840e01696762350a20a2b5c438d48a69a383dfe85338da23032f

Analysis

max time kernel
287s
max time network
280s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 03:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hehehehha.🗿
Size

24B
MD5

aed319f7e826b6fe662bd92fd32a4a13
SHA1

a41433353b9101e25c7d595a46c93f0ece23a303
SHA256

3c56920c428a840e01696762350a20a2b5c438d48a69a383dfe85338da23032f
SHA512

a23671ebb9bab4eda741dd646e4cd4735bbc2ba1d147b7470cef2911230e36b7d9fead85382560f165dbfe1df3690509c4bd180955ff0e7dfb2b6807b9272b3a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{174C9C08-4CEF-4D53-83AA-FDD499B8D7BB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5560	msedge.exe
5560	msedge.exe
1476	msedge.exe
1476	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
4628	msedge.exe
4628	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2608	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 6100	1476	msedge.exe	103
PID 1476 wrote to memory of 6100	1476	msedge.exe	103
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 3620	1476	msedge.exe	104
PID 1476 wrote to memory of 5560	1476	msedge.exe	105
PID 1476 wrote to memory of 5560	1476	msedge.exe	105
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106
PID 1476 wrote to memory of 368	1476	msedge.exe	106

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\hehehehha.
1⤵
- Modifies registry class
PID:6056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dce146f8,0x7ff9dce14708,0x7ff9dce14718
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,733987478373788108,3423501951929760388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d41fffe-83c2-48e3-a6eb-861c137bb9a1.tmp

Filesize
1KB

MD5
f9870e52dccf83b515736c001aaba338

SHA1
70716915e4b841af18442e9447b1b9f08a446776

SHA256
b9c565a67276d1734ecca735a093188baa652894826d87486cd390d1dd31473e

SHA512
aab4d6b683bb7612d5dd02daec6c0e1ce3e7c845da8a84255c5616deb7395c8d3d345785b131546036406dd61027c851baaeead8dea32bef4e62506cf8f3aaa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
373cd53c408180c939165335e627fdb1

SHA1
0e0978e79b93bc3df23d73c042f6b5f8c20ecdc6

SHA256
c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909

SHA512
906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
226KB

MD5
df3641e0b5ccc838ed4a1582a1da49b0

SHA1
72576c2f1470e2e0728adc973b41dabe1efe6169

SHA256
fc301d9ccdb8e8665f86d3253cca11e7008296896fd7074092cf79fea8e311a4

SHA512
94c4c1272a8564e2e53d91b3742130e8c412c5a64dd47adc91f1fcd0a27c4e6fc9739924b3b0f40dff7255df33755e4886d053881503dbac5f3c210b4d1ade41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
35KB

MD5
fb541cdb78b0c22e5263a6d22f753dc2

SHA1
65778cf381e79fa439c19b8fd5b03e74ac6d194a

SHA256
6dc71f0989aad6107185918f0131c820dc18f466f937b9c7b1d7a3de902d24c5

SHA512
baf6b9cb7914d6f21ab13e2f0c4bdf0486da5cc8c1f7591b80443bdc6ce2b2f6bb90b6739d8faf5bbb6e93457d00de2f0c4f4bcd6a0c5b68d2757bd27697a022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
3ff290687a452d483b3919d253c9105c

SHA1
1e47914a77d889ad9c6cc21ba1cc3df645a7d030

SHA256
774923cedb9a2282fa163482f5e35b85930ac8e0ec33f57238a82ea7c928cac0

SHA512
a645d9aadc631a8cff97b92e52ca84145b9d018c1bdb682f9d01b347dda96923e569ee41ab28595ba9d793037ac4d712168774504565356032d2adf2d60b57aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\121297ffc4c56b3c_0

Filesize
289KB

MD5
2b46858a054aa38d00b715d30662b943

SHA1
2e1dfdd20ed9e59984eab019991bb300d835ff49

SHA256
c9d52d91c5bfcf0a13f5e9ebe1c2c358f8e29f9b7df264e522f6ff715f23d777

SHA512
74ea8d347f74921ce321f93c82167360ad2a8022fbf17cab70c170879b8fac0d22dcf9db6079cf9f29ae9295ae318594ce941f39d43c2137364ddb060208c58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1897780b55c7bfef_0

Filesize
3KB

MD5
b604d1d3a4970ff2b85cbc3c6e802219

SHA1
0e7c8ea17c7619b0e36fff1dbc168a00943d19a4

SHA256
8e4e338b08c414fa132705e7a87a18f7892e82a6a22cf4bc4ffaf316fbba85e2

SHA512
1f99877d1f220831dd97f2af5edcb552e1cb0419cb2176b9f94a666f0d0cd9dcf38ea247c92671425d7d2dc2e5b5e7708ec65f00bc275e297558b52fdf5163b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
52fc4246c370ee6fff5fc0c41d663cee

SHA1
0941524f0a818174f279bb2b4647463d4fa13931

SHA256
d3d5d6e037aa214f8d75c10cef9a3dffd6d42b3f9682dcc6e187e5c76a57a0ef

SHA512
c304f5a9601c7ce55e6bb8de49c651442cabbfb577e2db544c10681df139ba53023eff57818110743802d8d3446492ff0dfb49ec8fc5dfa59f55bc4cf656281c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
0f8eb8bc1a7027142ce131ebafd4deae

SHA1
6e3b375faff5898e9d4981b9e27081f13e184ed7

SHA256
9cecfb3b4c6dc0c4c5d060f0f929b806ef9cc74bdd80f98d35e0b7b03832ad3a

SHA512
b5b8609199d45cacf5f0c0154f2b3dabb13870c7a2d7be33af4bbf5ee5d41a0d7af4372d28d1fcee142de05ace2bcf994312c0bbe3aa27c488d32e2005889291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
9c6c951a9e262b66b1917b08aae73f7b

SHA1
5a6c7162adfddbef07148f52986cb0c56c4f2d90

SHA256
35a2e9a054a4cf974daf1325c956ef33de9ed6b060ba0b6d0da25b79f27f58db

SHA512
5cffa20ef475d53bd4ce4ec44afa5dac915cb5e86d37bfd9e88ea2ab4b8e0afb8dda69cb156218766c9823770872aed1c3a1b5952f18b40208fee1db3a5131e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
46ce1ee8d45ee3fd1cbb868c2cb5e91e

SHA1
f09552e3290c2b9fa892f9cb3623a7934f26fc2d

SHA256
1e33668dbec50431e6d439e099e7b543ab32e44922c411ce59765b23b17a71f8

SHA512
608bb465a9982f02d888a77de4e74a6a09b422daec9e20791e3a83765c32493d589f2c54906a8d107ff32ac9965ac7baab108b0e77368d3f83fab25df0d50c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
720e00369fb576abbf23c99f33d7cf8a

SHA1
6439acdc746c4e87d467a617c37d19f00e62d9d6

SHA256
e7b5c4c9615e1c92676222936abd51d8c2119eb1f0acc02f2979d7792ace0168

SHA512
b0de12fb2a95e6844219ddd6eb58f477cceaec88b8ba0e143525ad95707c6c59f180c0c97c90545402d2f2a9ea4379dd22c7225a207415151bc807f7bd5c8295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
c0951a740b324fa3232019805dab3c90

SHA1
27a6317506c58193fb883c0704fe8b2cb80950f3

SHA256
dfc58dbfb8c94d81c9831c894fba343d4b970026619d5152ecce13d5ca74a168

SHA512
6b6a73c13aec45d4aac958d4be9285a4e8223f254e57b4a97ef188d1700883b3b98bec385da85aaea20c66f336a139e8de55cc5e18b0330d31ba4ee9bfc87223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

Filesize
26KB

MD5
216de5884a28afa5cddf9e1d7c12afea

SHA1
5e984e99522de17c33e461066ecf494ff3fab96d

SHA256
80ecccf68760c5e6ebf85178dd1fad9922181baa296ef3cbff4da13532bdb6ca

SHA512
2eac148895f688443d2a4cf7f62fe64119693830e02790583cc9c11f8cfa364b009bdc78962c10d31287cc2604856fe7e61e9b828aa98fdd8ba99683a81a3998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
cc855c0af0f411be98feb41f6017a463

SHA1
1a92f882ff27caf1dfd2d0ef9fb356e3bba3e604

SHA256
5aa9543341ebe409c65c416359bb925141f1316bbaa00839bae9e12d2e004f7b

SHA512
72700973995f51dda00cbc3b7c75803d0fa2b4325fe95852bf88ce2a458c0d955b894411d15e54b6f5c353e70a89655e8f9d7a260cd91b7cc83c988c55646900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
53d1364030f0489ca9bef03d2bffda97

SHA1
1b3af8fe1ba639c71598eeb63560d4f6f919b777

SHA256
55956e835ae130ff8c370cea927f358617cc5af9f06dcc01e21bbe10d2ccc703

SHA512
30b32abb821fc04c9f01f02fbad3a7fdc65f7e6a6894221cc2b6c28f1daaa0d78fa7a3acf1c8b102ecf51d12e1855c8668958d4d603f2096673a77b291b40ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac70648f62ec0e84_0

Filesize
20KB

MD5
cb9d730de1546db378d5d4603555455d

SHA1
0aa008142d93bdf89d90789dcbdd96b792dadd99

SHA256
2607221a9ef480e952014ed2323d69c69817ae3a8015049a15d201a92b8d5bae

SHA512
7bb52c73704e4192675c6563b5e68d2eb01a19c0d9880fd5420477f58c9568632aaff606392e7339884748b06ea68627cf7fd086796442f2d031da78fd25d2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
f11ac5f275192f3fe22bfaf0a9db6f88

SHA1
c0d28b6a80e3f7e5a2ee7744cac34c44788249e1

SHA256
85dc57bb4da7581c4f7a5305f2f8edffc6ba857edcc153559ac646570685b8ee

SHA512
34cf705c46255edf1000c15b6d4c323d1b9adfd2ac08137d776c6f46fd27212d9e7a31d2ac188e72d2e13ba16d533869ee47543e5b65eb636d1a5b9aaffcbc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
8b196414562d7ee93c290d59f0cb604d

SHA1
937000591acc6716a6679b75ff29f2f05a3d6d79

SHA256
8b3b4dcd82a9c2342147201954daae9250b65071a6ca266cda4c15d42ff50bd2

SHA512
5c6570965cfeb0ed90980b9f69c6259f6105dfdeb19c242c8ef12154bb782b3a6842b63d8aecf5805d5949ecbd82dff962b45ffaae326bac9b22f0e33ffc2829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
9a0df1be8abc5527359928a50602ba5f

SHA1
c00423fc7748cfcf1d401b1d99bbb4a5db3b99d0

SHA256
d7d69dde3ec0a6aba5af7b9c3590b22f002d9db8ecbcd4c469a889100a2f56c1

SHA512
dc935a32e7697656a66b1dc7e63bc93a12701d93e6e62c79ce6d2a2e0324016e2056a697fd1f9d253c660819b0ac2878a9fcf12c133443a22da503c56a87738f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
4KB

MD5
9cbb5e3dde33c8f5bc6d70274a353bb8

SHA1
305b497f5e02e6f01361ee490151e95aeaa8f041

SHA256
ecafaefb474e3a8500965dfbec9e5ed7ce58348d44bd72dc19047b6f20e68ff7

SHA512
91657d76bbbe18927f61ce39b0cadcf621b1424ccbfc0fa8f8f28700c051763e1eca423d01ded7503a0c63b5d27f60bb36221ffd4d2950a0ed11f3a110d643b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
fe0eb24916821c434cdf4719578e59f4

SHA1
692e0e1b6c21c257cf5c9dec16c44401fa5bb909

SHA256
ddff43a5b4fd0687e5281c661613ed9a5d5bef43779639120a0a79413d46afc4

SHA512
056b3c1599ec2b335a2c8fc4d99f0d051120bdcdd3f0ef96697ef4b1481a7d19faaebb3e62d5511fb3c3194f26dfaf827a098419904c7466c9302e62fbb4555e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7c7736ff3356e27a939173c6d0684888

SHA1
5ddb7156b807b74230da6457c211cca75dfb10fc

SHA256
46baa94474804db64a86fb7688e72e842e39c4f5e012c1161d9ebd8193269ba2

SHA512
d5afbbbeee8fe56ca666426d694c914bfa3a843963e8c4e88bdc1e3050b26892d9b8a50207230cb96fba360b5bf771ccb7599d25443beedcfef33d1aa25faf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2f39fb851dbb66a0da77445e8503cf84

SHA1
7b797c668d952e5e9c44cd74c3a39ab95c2d7889

SHA256
3d9da5f734d5caa6214897393a497572b7a1a1f2f090a915babf4ec7e95addb3

SHA512
f57e164c32868e8eb595349059471e4961ffeeefa33100d63ea5fb65b5475d0658b0cf126684dce23264a0c913a5f6f4f20dcc5bf9c9fece573fe31e0fbc7263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
931B

MD5
d92d4b7d7b72d06c35d9515a021f1f4a

SHA1
155af7ade8b7220fe9230a6a13522c73ba3e0b4a

SHA256
a13103d8cb8a4e6f7ab4d35a5841653ad669f638a73712cd98985ee179587b94

SHA512
2843c63592fc5944dfc0533f4259fdbe6ba99562ac835fcf90d4ba2007e2d94e032995fac8b20e80ac264ff0f4d48158fb8f1332ede5cdb8725cf76a41508ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d71284cfc0ff31d9c3c0481e205993c

SHA1
ed9e2da205b088d4fc24e84ddbdefaf3e86460cb

SHA256
1f939df77f6c419d7b5e4bed27a3113156cc8486d24c59bc0fd8757a92d1423a

SHA512
7a6228c7cd5ca48d94db8301eeadd78d611b00c7b29a8289a0e6d391927c85d0d7be88169b523c8229657a291320e2ef16f6347b76a4edfc8ac41438e4f63a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
552d9b507de0a3f8ac0e673c6459b3ae

SHA1
0cd98367d5290affe6f3a76978df8e3feabaaf33

SHA256
dbeb884fc0a1c990e441737d5add3e98bdbc0b4173c8c511588f719257157434

SHA512
b6873423e447ba35eb231e1584c9d4946dd85b4d4b8dcb127ca446b3047dee77c7edfc838cea36770da6bc852b12aad56dcc0f18ad4d906ebf865f48cf7025bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eaa9248379def24bb707ad4cdd436edf

SHA1
26ca0b9f1d1d49c38b90237e6c1ea7cb987bcead

SHA256
6867a9fced4f60974890470fb85bec100b234cd6cc2eab8c3331591006f1b11a

SHA512
a9d4ef4345f3d0f56b33da0f4cb642f98e855b81613ab5716d48eb72853625ad0fb62fd00f3becd5d442b8597ef6edbc13c4129736e9ba4443d71ed9df3afe95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecdc4d26378c304cf78fc9754bca38ff

SHA1
33cdabf3c1e6abe624df9a05270bbcf97922f529

SHA256
1a3535227ae2695ecd2ea4ca240a626158791dc91b97dec691f28190e115fdbe

SHA512
9f8a3922f3bc71eaab993270589c142bf9fddccab4bf4757663b1ac1479001fdc6231166da75d1c8eec056e25381e401263b47f0149418d43f343135007dbd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf447531a20a72b9c445aa7e694e5b7d

SHA1
0c1736b0477e9c5a653edda6d99759f2071827e8

SHA256
4c5c60bb1d842433e0c69e01afe1342019c1884c3da5315db65a6687c47b5dd3

SHA512
ea94f02b8e3b6fcc73e97d0d2d3af2954f25b0889d6c1009e05368c83b066ad15ccb2a816ad48335e0a83d93d0b3f86b672cbc2cecf3eb20434838b9cc567557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a493b2b7689e436dd451d2895945791b

SHA1
765019ea2f694fee9bad31534c4aa1ca63731763

SHA256
1b3b76a6d33a7031d4ac6f8db67e313ffb26378c45c358e870c55d616f8ced2b

SHA512
0548822f4c8ec3d633813a7d9a4a20da48520d7c3f5df8245fd2fc42ed0c32d209f5f1e854214da6fa1d546d618abe1e45e36792ee34c9f2a7ee33c5c12d883b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
5bf980b8f580ff68cda3b4165e1345b1

SHA1
c2f96453afae26e91efa1ba5259a6fb4ee1b39c3

SHA256
0b33087262b4b3fe786d76744da90478bc147953e9922c8dea5e7fe201252bd6

SHA512
31b437f52132fe40988e9bd91c63afd5341cb2ded61034ab3c2ea875c2a37eb96c1f12c43c8af61ed918ea6333be60925ec1385296d3ad29aa2fd2a3aa8c0f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
65a8b4d43f49b187961d590f7b3408d1

SHA1
2d7e3ced676f4152529ff637b36a491567fe7964

SHA256
d2262c6fd3de4151df276f2cf337fb847273fe018f9e765dd5a1ada201b14d2e

SHA512
01b43cfbe56cfd7679cef9f84480bd9141008965db1f75fe36336d579b605fdc75f804454f69751992310c56ab5203d0035f4750b78f0b7fdaea5ba1dd81fefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58125a.TMP

Filesize
538B

MD5
77b41e7bb9aa67052a6ec3f77cb00c52

SHA1
b01223d6209b051a77b851c7d039419a1f03e9a9

SHA256
0079b19a640765f9f68518a3979452f00428f395a72b9f87511d6874f64e6f46

SHA512
f21ac29e240eca421ed7ed44f60737953610178a72205b67839c2d7766ee84d88fffbeb6880c057620f40382cf6e60598c8bfcb1c5e50ca7621fbea238fec91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2ce08df-6354-4e9f-9405-bc48e170426a.tmp

Filesize
538B

MD5
ebb721f883981b6d947614ceb7c099cf

SHA1
b6591f37e9c81e334b1d79e452f72957dd743c59

SHA256
13556afee895ad182b88523829a6062087882fd8cff56ca09bb80e60f63a6ecb

SHA512
29e9e0dfd7312619278fa23532a68c1ed8c132a7297c4565428e5da4bbcdd6d5f8455bff73ef60c38f391ed1f3c3b6fb35f4e5b335ad80f2bf3cb6f75a3e3a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b3c50d64a86e4337e855bdfdf74c927

SHA1
b7825188172be5a417e63eec72d298e074c362a6

SHA256
771ab3abccf1d198e0366d832739010acc47b3725469d9f53b6a2e858f15274a

SHA512
9e3dc6537363db73438341ea07704c91f9d74cbd240811f5b466159ee45240ad6eedb896d3ad32bcfa92a11831c30c6037b14645e903dc3afd06d382fe149cff

Download Submit