8b33fc8d4312803cc1148c2db746b51399b72644519d3d3a3cd76c117738f607

Resubmissions

08/05/2024, 00:42

240508-a2bmesca53 1

08/05/2024, 00:39

240508-azntzahb61 1

Analysis

max time kernel
960s
max time network
964s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

link.html
Size

267KB
MD5

551dfe1050a40dd28ec14b8cf7bdc512
SHA1

70e907c6a4bbf054b22318d11538580c593c6e65
SHA256

8b33fc8d4312803cc1148c2db746b51399b72644519d3d3a3cd76c117738f607
SHA512

026955b38cc9bcd2b0a175406fbbb7858d92a30ea76b9cdc8e49950cacf84f1e7e51716267a0c2a6096af83a39ffca5221a2a1f5d0267739c33ab220fef13028
SSDEEP

1536:TdPsrVdqNdOujZdzbjvrX/3GxtNdw4NIg4BMJpTTZIaplPyH8PUVYjIt61yAW3Nz:TNs545YJ3PyHjOIt61yp3NK0/QGTJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-17203666-93769886-2545153620-1000\{F6E5E72C-9422-44FA-8907-D401DF5BA7C8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4544	msedge.exe
4544	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
2424	msedge.exe
2424	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4888	4544	msedge.exe	83
PID 4544 wrote to memory of 4888	4544	msedge.exe	83
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4048	4544	msedge.exe	84
PID 4544 wrote to memory of 4592	4544	msedge.exe	85
PID 4544 wrote to memory of 4592	4544	msedge.exe	85
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86
PID 4544 wrote to memory of 892	4544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\link.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda6f346f8,0x7ffda6f34708,0x7ffda6f34718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10648850259445706227,106906393223152192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x4c4
1⤵
PID:5648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96b74ddb-f7d1-47ea-95b7-bba64b9032a2.tmp

Filesize
1KB

MD5
59bec4cf0031389f96af3ee285d8c2c9

SHA1
deef404900a1c116e43502de51af591816dbf651

SHA256
aed844a3614a072e5ec7559eb48f28e5a84ba84054b08809de4a5bdbe0a649af

SHA512
108d162facd46baa839b0629a1a13a7b73d9b3666d91bb06c6a6cdbbde5ddb2320fc6e5ae8bcab32a70f21d2c9ad4e20e440a34441c5aa4f2d25347bd49eb84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

Filesize
27KB

MD5
75f1d5724eddb6c481e2e87727c0a19d

SHA1
3cfe079018e25b2646f23e0744bc5af2114ee256

SHA256
751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c

SHA512
a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
64KB

MD5
ba1896f60823bcb2948ff230962b6a12

SHA1
5a27c6792f2e4bf45fa8be47180035a88de61522

SHA256
35cff487184639666a2c28fbb2648bfab710c2942a00e1cfcfe63919871edfba

SHA512
1d4b596e3f2dc5c05e6c5aac9a4d4c6b0c1b897cc36a37f5b24b3cd23ad27bbac1d4fb4b431b43d778f74b8976f6bbc9da36b0bb51eb43c1c69828ca70baf5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

Filesize
78KB

MD5
872f6daae11ba7491a6026790c169778

SHA1
b85c5ff7498442d9a5f81a3e0b1d01af155e704b

SHA256
aca12051479df1d8593927f598c776d00880deac6a177eaea44d2b5ea41df562

SHA512
ebc607a85ee75ba2ecaba6393c30f794d15b505f301db1f48b9ebec32abbf8dfa3a84386db88bb3c4d83bb1a269ee64e6d8ac110019b90d50319657e850a9e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
94KB

MD5
58984fe382593daaa0aaba70dc9d261d

SHA1
1ab84c569b5adeca742f11965e215a76bf6c75ee

SHA256
fc2557dcc68c4a96c06149e3477030a2e68d762d8f7a566e062695dd74e14495

SHA512
8b166b9166a707de529c29a1451de502458c20174ac4cedff76ef005c4c98dc3e31639bb9b04ae34d16e7a674bce3369982d40d7f2120618aecb2c2bef4d9eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b8591e2c51699e2264fbe874159885eb

SHA1
61093fd4dddf7e84672af1f184caa04d7da3e545

SHA256
3afbe2151385f98ea74a9948fd6ea3179269c9f5c73e1feb4b00f6b307fa7a29

SHA512
42971ac9d45fbae12b427e251328bced45672eb44b895f18b8316d9e741378b27ac50b3335afc542625e0ae9845e55fb436e9b5d9ceb4869106ef23aab533a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3b0ce693f65e7c88101d259c32127361

SHA1
bfdb35a64ba8540e14cba96e13cb4d71e2726022

SHA256
752a7e3318468d15917395fa36513fbe655c501ecd1dd478d4f16395ccfe4ed0

SHA512
194ed18caad872a14a746c61bccd34d1356dfa2f74e6ed7a6ff46756cfe10208e08519dc0e5abb1068e0d092c3061749dde7de0631b18866527e31358b172ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9fbcd5f799e5345c7dfbb11d444bba43

SHA1
6f0fbbdd3ec4a6e24c06a0ab05a5fd5f4a629d2d

SHA256
9c7805aa4741a608e7db4e116bab25d4d1054a67dd1d133e4645f31cf95b88cb

SHA512
2cb3cdbace7506c9bf10cbaf19c9d975085d4d772933367c92b4369df7dd73fa061fa7af1594fd38b89e041218fa77cf06b0c68c83ed06d51e08577f1d344205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5c7dd23d0a1225b5b57590b9a0199422

SHA1
8ee832a3684cdc9efdb32dfc63a06f8c9b1916c3

SHA256
c34fc465401674950afb25d293c47514e5208a571e7ef7116f952e6541738fc4

SHA512
cd77ac5bb202ff46fb2c1282f82d29128f88b2a693e339ca7452e269e269611f8446b2304293f1893d5d23f60faf6712fa9f23bb47d179b8009de25c735bfd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
41ba9c69dad2788720d9e04f14ed172b

SHA1
c954eefdaf54606e5f79eb6bd951688403c0b65c

SHA256
dad93e6cad4575576fdb9f8c03c1b06866752668f4876b1abafc0085aa94d1fe

SHA512
63c19ece94fa5c5ba4a5860e9b0b0968a009fbd753cdac69408f430e1220fa6006cc0dbf71ca7f6b409df83abdeb55a300383f8208c9ae81e35381a73a80b747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1b96f55d34c8f31c2c3531f9a5320a24

SHA1
15837c289083cdd9ec35362917cc6be123b37d29

SHA256
2ac18a5a15ac5e62f9755bdfc3b95f44c16ab3cba7b04aeee37e6dc34aaf0b83

SHA512
39f6ecae8710caaf9505e11e5b938856114f538e32488f3f681573753fbe7bebf0cebdf5ab758de3cdce87c4d3fcf3803e5759b826051539633e68cb60f151ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
20da3c1785de1b7ab4d6b3cc3dda59b2

SHA1
65ce13393ace84334ae249cc24362ddc71865b88

SHA256
74a5f7b6336aceb5680e44bed6b4cdabbf6dabc2fb84622fe15a5886ce2a1168

SHA512
1bbbcdf00dacea21fd8a21a4b888b03285f179d94b77acbe3611c139d291f09e7df6c97d41c9affb25dcdd24b60c109017e180791c603fc0b6c6593544b15592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1a2f473876ad07e7f914946768830ed8

SHA1
9c0cd0c609ba6fa8627474596f4a7359c3d77646

SHA256
3553aaa723166c071880b9e1246e5a91b1065e8aedfdbd44aed36bd3f8727012

SHA512
bd133273cf53b099b6083d73776b0d000ab48b58c862defda15a0f3aee0463bf6e9833e9abeb6dd3f8d8836d049a0ff992f38465e9077132178acff31f8fc331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f5c5fb4da20b261e4ccdd00c73ef34f4

SHA1
d9e11ac49290f199722fb5026679ed6c26355fbb

SHA256
e348a0776d30aa7ec868b6be39eb7e4aff5e56754625cc166f02cdd296416e9e

SHA512
6dde888708e07048e6d47f75b4671d73332159137596a39537d1a8577c20f1e03cfbc87075b5ffbcd05c3ea415ccc6bacbc9a7b99f82cf2f26696ac94a04b294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
635b6635ba9f9ab2d026ff2a63328529

SHA1
ff33489b73df44ee0e6498768eee85a0ddc57d10

SHA256
992a513abf0d628e6a2598284f199c314ad7082fb965cf9f12fa8f4bdc40dd3f

SHA512
f2573df715fee61059eed53b0fd8282ba10d07360bdb0ba55e994c2a3a4e002752e91e1b475b7f9efc983e307fea6286fdeccfb796bb76c43833d151098ae6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
910fc7457090ac54c44f1e5b01bdde66

SHA1
8125e97c535042c3f0723927b3258e940c93f794

SHA256
180551fadba82858dede01d1e437fd3e24844a5a9125dcd7b58e313fe699177e

SHA512
b66219a10ba78f28c43eb3ee5c0d4d6aea6829dfeb2acaf7ef5b7362ec4cb4bec5ab1a7e4f95324e5b874a2664c9fd8e8783c92636839dd4029db8bc973bbfad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c2445bf6426a47367f850d857c9a4e31

SHA1
17c86ede9135ef1281f476e0e7e73f17c30241d3

SHA256
566f45f666967f5e8377d5872a780cef5e15b38238ef086169fce6ec0544ecf4

SHA512
9c74110f06dfe6b052828df760bc99d69e9203a4ca6744077f4c8573e1897393924024a95438f2e74d37eb6fdb867e207d89b88f45f0a24c9eb6a29ebaf21218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
022160589256ef068a658e53283f00b8

SHA1
8134f32d5c71d0dd6d8a05ee4e1c33bae0fd7f0e

SHA256
3254cbe33c54e256aee68af618771aec0c77969df0127287b334bd882726922c

SHA512
5c24224db855ca70824e20e70a32ce3ed700787c726622dbfc6b44311bee2da22740224e3b9b6c753c709a99dc6f03ba5641871677e7a605dd58d2148ed0b36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a626a5055f16ce3766446cd29fe423f4

SHA1
20a90f924f7f46cc890b00e0886596740ac1ed61

SHA256
8d8f761e4d72ecfef5766ea140cb9060aaa04204c8534e7b84fdf6d1cfb2c641

SHA512
29dc8d644387fb03228ebbf5b9abef2ba0091a3a70dca092763f6ec1774a3a805006e370df62a664506094424a539f13a6bafa9ada1df2d9b13ac5b68325386d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
30c0fac29f6fcebd07872d4b3178805c

SHA1
4302f0b0dcda82857fd0f77935db6afa22d1e3a7

SHA256
b9e0e88a981c00111f6d641251d53db7e52ac8fd750bd80fc19a0f2fcbf1a65a

SHA512
5f8f0dbf3d6ce8fde21abdcd7d120f61b98ecd8e94d2f2298ac1cd049d65c61d024b0763aaeefa1f3bb45ac2627f6eeecb3cfef2959baa82b37b6eb38ad5bba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8d7523ccb3fb664cc550ed4d7161a795

SHA1
b01842158ea757ec9d30f4e72644f29ae618ec2f

SHA256
d8977cfc6d1f75a3fd81ce297f4a0a8e0ea39d53d270f7579646acc48d9df45a

SHA512
abecd6aaced795d426f59bddc76d20bb2ad0f26b215631dd8f406ce4e289abac59f81605b1c8822f0bc0dc79463d157bcf790ccf73504fedb8a348e9f0086b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
d9439be02816244adbff9fb5dc9effd3

SHA1
4165d34d3d0a93a1a51b091fb932a05c845e71bb

SHA256
559d59bc878df2aa78935b7d9ee60fd203c9e9405f01b25eb2a4a3551f155c44

SHA512
f5d4548598b10812a4599f8f1c1b8fc609ab86a47731b181bcb326525f2d974abbfb29e5ce1804c050cecef889b2663f0b8b0adf6b4496e2f794db2777b2a1bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
2a93746ca2f4acd62c17296d67bc2cbb

SHA1
58e47eb38ed19f11f2175d8bb6177939f6a3aa4f

SHA256
488a803f0ad185ae6b3e6c55f67626082c1b57a07951301f1f1a66b73bdda4e1

SHA512
e1e4f36b7e321aab52bea4478f9f8f25cc35a116e2b0ffe1cfeba8d0842b734faeac71a5acaaec7d6b4ab2786203b6870e036ed8023b7d9f552a795e1aba8403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
a3a55dd4dc41334884859c7ae4bc826b

SHA1
4d4e520f61181e0b31eaa5e2d6f596a85e317574

SHA256
3b9b5c3ba1b30ca16335951ed4253e43d4f80b0f391fe79e5816d570d4dc80aa

SHA512
e83ed6c1319af3d7c9b46198ff7e8893ff66b666c4bb491c6b1473e861be953497508243ada3e8652d11f983a07402827aa448e60ae06f9d1ed207e8043f2182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
415253757df015801a2cc752d4ecc9de

SHA1
3d81a0cb711a64c23816d7c28eb508b84a5602a5

SHA256
6b0a69834fe1d038a4e29b59c173896bbdd87af81046ca02db1c9bfa75c7ac7a

SHA512
2f0fcd71fa95e19ffd8c79754af936e6010b354f3ba232d84ccecfc9a459bbb2588d9c7d23514ba9940123b2aa351dfd56cda500db7f886d41eb58d363ea8f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585f42.TMP

Filesize
48B

MD5
e19bedab58b2741d22b9c074d9572194

SHA1
43b5ac4012709ede7cf97962a5a8488769376c42

SHA256
4c88c4f3587aa7ef130254c37b5338b77ddb5c53a0d462149834077feec4fca2

SHA512
9e9324eed4147bcbe1886f8207da058903ccdaff68e7e3f08ef43350e92c696e5dc34e622ad325c71558eb7f47b0e39d30278f15689c6ee0c863b0bb792dab99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
328701c319054e66248383e1535b49e5

SHA1
0d99d4c229bc6fe5c4e28fe477e18eefd9258cbd

SHA256
990d9c428e57ccc9104841b63527bc0ffae3ef9ed146899cbd7a2586c0d13e69

SHA512
ef9f7dcaca93a8a1becd9ab4375cc730330ea9e563fe6f1571746358bca240ab4150d75f1b60c2d18fa8f8c10c77edd7ffb0cc388625f5d8465d713bab8ee876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97648f0911a252cd97bb719a15dc1270

SHA1
5e3fec2bbb7c479e794abf7f57aa6af694f76720

SHA256
5363d174d0bdf2dc490aafa5cebf50405a148d4247f8d05fab3931511411d89f

SHA512
8d7de0e5d9987f6aa7454a5e2e14c0d1b5baff078b44ec29fed82b9e23a5749b53508b79e33378686e31b92fe9f1aaca32bd7410bd687b8de07afc029fab3ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7a9e5fa748c797260e69805465dabe1c

SHA1
1028443817f434a88ba199a9de0d8282bfaca7c2

SHA256
20f5f750b522ddf8d8a3c7e93c8b46f8eab8e45355e2f0897b79cdf1605fb013

SHA512
b139ffe25192589f27dee5c3876c8da72c5df84cd92cf2da0782aa8ed7046326fac91287c1530bfdea1b7b1916346504e3c615f28c1ec8564a2b2a6357d1f2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee3ce8993c125a27ad2de72f9009bf4f

SHA1
f32ab959f850f25f5cfec6b3eee42359151e8b04

SHA256
2da5f8f00899a9c914044dd6264af78892ca805484e106bdce4de8704a782797

SHA512
15dbe00cec63440fe24c61c14352ea867af373c25f0519ea147b455991c42101ca664497d054d0667f8fbe9a4b1d1746c6088b10763b64aa2f75b08ad71dd21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bef4b0e5b0582eeb7234f245c9e64de7

SHA1
5fa9905cdb9d2fa50ed627f1bb6e15f8e6d5e57a

SHA256
adb973419848eb1703012c078cdef9250870fa6e3f8e25ce770574c1d9c82e2d

SHA512
79e145ba6fec7a64f973e2e3408f31dd40737fd5a4e148c144a95aa48e63c51191f9f72a84f0b2d1740148c90628ba20ab8e7e40c195051b1b928cb6964160fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30ce2c3a6fe090b1bf65411476f46ae9

SHA1
4ff236eda633b39bb0f2fb7a1dc5129c73952650

SHA256
6d27353a45400b4b65cfe63c0939b46fead69b719367262e8ffe3b975ef3a0a0

SHA512
e233864c44fd109d39ace8045ab6da4e73af4f6c1bb9809e34f5976217180543d3c119ad9209a0549f2464e0f0b35d067122f54a4aa885ccad4c3bfba31f66b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68bc5e8e33d505bf018ecface3958d18

SHA1
052bbec7251b25906c14219a9d8c10d09fa52a7c

SHA256
d729b55b4afab73a2ad27a36ac6bae7006906c53edb7e11e2c979b3bb6f34fa8

SHA512
247a29607ff20ac3894970b5e59c000128524944faf18616e712388eda651390bfbe5fb3f332221db2386345628b102dd4ff830f2d7fa81927a6b67a43e35873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0151dfd2b9f9553cd8c2fc493d9d25d0

SHA1
fd6d42245078b871b3604b72c5fe50d693cb57f6

SHA256
6b4caf0dece23f49782354b0af6e3795b4995668e2e6d05ad8bc54b9e26f521c

SHA512
ead07e3c8a1955260f3c9ea427e8f3593eb38d42eafc12e83d5ad6e339448f94361ec7e0939a01d14bd3f33668f2990cc07ae4c820dfb2e30a70ec4490c2079c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c96a.TMP

Filesize
534B

MD5
62de7d55415e7fa980492cda1def99b3

SHA1
58674210db3f1f00096d20d484bd66f6d8ca9f2e

SHA256
e4ee93ead51ee75478327bd5fbe060947c60460bc112c2962c4dbf728c80b4ff

SHA512
ab1cac001f3f81af5c9129c25aa30ed5f59fd00954fc54087d7b192bed2eeae0938b5f6536dfd6d33bb01cd718582dc7d58525d00292aab65cc6cd24dc817807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aac8dbba-af55-43be-b808-e0292b8a47d0.tmp

Filesize
6KB

MD5
a7570c2db478b5bc784cc668ce495c7f

SHA1
7b2528f67a75ea6d67e523f55226a084b36e655a

SHA256
ffb194244965153765f2ccdb23ecd8a1fa6832b860ee1c14aa392edd06966ba5

SHA512
f5ddf950471cfffed3ec3d4216e6805c2eb03ea4e48651bc07391a6ac80e7ac283972a9ff288d15324ae29648c1f805d642740be0c456e7033febc81207ba0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
041f18ae96129b8e9c7c2bcef79fcdb9

SHA1
e7efd1918ee5a0f1902e8392915967142a2c4168

SHA256
e2e5012f577954d16351758d088b3664d7b09cb31f94c6babb83727aba8051b5

SHA512
ab8ffe3de91b45525e694f2b70fee7d92ed3aadf9f27dad8cfe7cfb1f46945f2776b2d049b9f2d0629028db00682609fc8ce2e2fe090c015aa2e1a55930a3d57

Download Submit