hxxp://prime-core-sculpt[.]xyz/

Analysis

max time kernel
329s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://prime-core-sculpt.xyz/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5096	msedge.exe
5096	msedge.exe
5168	msedge.exe
5168	msedge.exe
2444	identity_helper.exe
2444	identity_helper.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5168 wrote to memory of 5020	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5020	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5316	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5096	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 5096	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe
PID 5168 wrote to memory of 3780	5168	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://prime-core-sculpt.xyz/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a4f946f8,0x7ff9a4f94708,0x7ff9a4f94718
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:1096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
2⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6528 /prefetch:8
2⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
2⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
2⤵
PID:3220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
2⤵
PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
2⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
2⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
2⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2030815815039628938,8708468080464061669,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4552 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4fc
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
72KB

MD5
7261f4dba5abfa7a5d164f2ce5a70e34

SHA1
410b417404329072080863daf12926b04fd51661

SHA256
2a72bd6abe515723c336e942b4e17255a936ea356f64863f9292c46782e33f9b

SHA512
fb1e210ca478f96d75da49d2e57cb40cbacee84cbd2dc4c971af144f63e5c8fb8e510b0d8883298214ee981ea13751a7f6c62ef7c31d35c2f5971b755eff54ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
74KB

MD5
5ea92fef3ace8d57aee887a1ec1c5749

SHA1
57c46e318579af180e1925e4788319d301f8fbaf

SHA256
1402c9374a72db98bcaf308b895ddfa114fa3ee7053b15085a4a2693923f4871

SHA512
c3f3689d1a6150f66e3ddb3882d763fd681bec40b3807ca037052291270119df45a68133c9719fe00bb7d3a69956fc9d028d648bae57c144d76f909b9e1ed4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
56dc352f70931c57bff6da4fdfe1fbac

SHA1
59d7ea5c2e2561845afb9a5773a0fb6100366abe

SHA256
ed833921e39f501c48e07f8d1f765bd5ca2b782dd6366d066053332823bec47f

SHA512
87dddb90b7231e70dd9c0b173a554dccc758a522f46181e1e274197186100a3c6d1ef5baca7f042432ffd5459c483a874029b8bc602516e7e81386882d666ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
da20320e0aa6f48ba855ad894be0fe96

SHA1
12325c522b1ff2199047d616e35e28d08f7a3bbd

SHA256
2e591eaa629322e1b8b41821f501f89a4fde9d55d5a63102f7bd77daf3cf0bc8

SHA512
f0e5c875f842b100dd39699f97277cbc3b417349b5ddb53b49b4f0fc1424966c1b73dc6ade5c6cb0f1fed452720676f44da75fdb4f9a97ba231ed6c3d8e29a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
89605384f6f6e99abed25f5f32223396

SHA1
9509a7a844ab45dcf38d3f3c5d06f3662019e7a7

SHA256
f725f3912b84f2c89b5a5aea1cf7e270968eb092227d6794bf5ea7758c31d0fe

SHA512
5c29479040d67aa4014773a1a8dd8d1e99955e36f5233c254096fdf35a31fdaed199852d98df2254926aaf7b827900fabdd616a618e2acb2c173b4db065508e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be60356bc1e7d95eb3098b38f8c78944

SHA1
c585eb021e5e403d31d7223dd0041c8f295c4d6d

SHA256
5676fa7180c8d413c26392d16e4f25894055ff23c2e1aee627780ffbae51af02

SHA512
8ccf06c2e18941257c14bb557394265f7c61bf9a90e078b464dd6921f2666ac24a1d7be93e80d8fd6916477b2768bf6162039e2ec00fa0c17d8a66cfd0a79488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d138e199cedf0db06eab510dd3ee3540

SHA1
6915d26f61719a91101ba1096a629468be2d1f20

SHA256
eb87de4d60a42d334d0a286c7e2fff9295a6f6de2e7926b7399391754b4a34be

SHA512
74d4cc3875dc2488deffe1d4c5c59ae3609b694bd8544b1b4ace227c6bf1afb64b94956a43ffcbe6a0f44957545bb7fedea8e5af09a361dfd6b7a0487375220b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e3bb738b421065c6f8c3a023cf7b516d

SHA1
dcdbfffc191ea362112a5b26dae90458a83001b1

SHA256
8f9dc47aca7794662ff15144042fea56daf1ec061b8170ff55832a541ecc4af8

SHA512
42ec9a1b973906b575d789a4feaa899c75d5765fd33f038e389c10243e6b478d399e27462872b07fd969116a37a261d0a8a088c85d791609de5ae3c824382a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7964b39f75841601ef50899382f843a8

SHA1
add13bd5ed6deffe958bc132d7bbf69f77b09e6a

SHA256
c7cd56a03008c65fc80245006522c669a0758d4dc03c1d42275cc9c96a81e6f0

SHA512
dc9be614c0e48a4e484d75e4139b48353a67581113813becfbbe29c1fa2b0626861676c1d8cd8c748c5837338cf9da13e71ad23d722d0f6d49a5491dbd30e7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e9cca7a48364fb893a428df856740ab5

SHA1
d77a02dedeec5c0ec7cc1db9ea3fc458e600a226

SHA256
b11e66d033adf2c184ded4b13169e9ab8f3d20ac60ca8625c82f9e1f7b79702b

SHA512
df038cf9e76e80820f77dcd4ece4703c90cbbe1df3f1fd3284d78c10168ea8510b28441ae6805674d9a2c1972965dae02ffa6746f944485fc214b71f23b4e425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8637a13f6b4da32422046f57cacdea7d

SHA1
db6b678bcd7b897a669b87b28e06328c32a65f24

SHA256
41c8c5c11d34b24638bcf5426b5a5226bc4e4d0d0f9b425e4cb50202270682c6

SHA512
b1abeb55e10efbb69381b6fa83c41bd09f5916198cf6d408aec4dd9174330c8a2f32f08881e5a2f5f2c806b8ec7a80523d20a8ae0c1d483042750b4e14443a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88dd95b9c736823c0af197ce60eb6a32

SHA1
7101796c84ad744fe95203f2936cdf1f7e9e5976

SHA256
171ef99c4fc2a8232c9a23d9ae3ec409cef63489a6a0264223ac62f8a661ae6c

SHA512
695afe86026d5f1d7f9e8d86e34f9b7ed43de692d6a4ce4ce11390062570334792c8f980fefa496786e15ce415208a01debe012bd370dceeb4107dd461eef4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
28145c7d88807876e7297fcc405c3a6b

SHA1
ca2894bf6b2018f763d4aa0c19ea69bd5a48e0fb

SHA256
6297b7250155a13230ceaa5ce35f81efd8dd00d176a44d6af67cb65b9c4acf4a

SHA512
b33ef9c56e8352ec745d2a638612c88e0d868dd7dd4ca7ef7eb3a66a8f35e50f29933d39ce20fa417c87759ad3a628f1e294c5297c6cbaf8f6ac53b901e61814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\01e4dcf8-00c0-466b-9939-3845d5f669d1\index-dir\the-real-index

Filesize
72B

MD5
3451616c6730744957330fb1c9e6cb80

SHA1
52c2e89ea011a84e20fe25a0b465be6b4ad52215

SHA256
ee7bb80e507aefda92d45a87cfa137e2ecefd599767442cc57434e08762a7eda

SHA512
281f92c7d5b70f5f96071b8b4ff99e44d13d773435a692d699979c649a1a64b77aecd77ea4c8b12704ebee91d121c66066febc6272263e0d0ab6b4f1ef49c693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\01e4dcf8-00c0-466b-9939-3845d5f669d1\index-dir\the-real-index~RFe58971b.TMP

Filesize
48B

MD5
30fa6054a13af0bfaadb19276378b396

SHA1
7bf6771d4e608a11f9e855bbfb0a5278149df89a

SHA256
e7cf0057683857ee853fc53baab64f58388c63c8b24f6332e10dfd2d0925c464

SHA512
66721449ebfb8e8cf9c5f8327e3039f587f5c84a533c0c4ec64760cec3960ded19e664ac86d5a79e40770873228f75077b9fec9050515ef8be572cd162e2eeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\0d1a4750-5bc6-4390-ad7d-73aea7acbaaf\index-dir\the-real-index

Filesize
72B

MD5
c0c403679af2b9b43f167a0c055d9945

SHA1
4c4c44cfc7155e08d413e15f58a5e8e2832cba3a

SHA256
e1d54a9989bf524bbe813567cf7dcb69c8d19d1df59a12734938e0edbe4a9a84

SHA512
fa380bb89cfc71cc20ee55c725c1499bbd4b780965f539d347f15787a35e3b810ace10d0a6d7aba33659990791dfb643001d3324da24fa6981180bfa271b1412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\0d1a4750-5bc6-4390-ad7d-73aea7acbaaf\index-dir\the-real-index~RFe58a14c.TMP

Filesize
48B

MD5
af8c2137f13270f63a2570743d65ccfd

SHA1
ebee6c2ad5b82a3bba0fe2a7d1bdd08720be0352

SHA256
0f717c36702ebc6ff3bcde4038c20d5c7e4aab3b02a89f173392a9a174fb647c

SHA512
137b225a6ff24b124d7e6a06df1f1d3652d52ce39df3c749c005ce044b65e39b126f4b32f2ef2e3d32a0eb97e16282ecee7a86861c629fe476c1284a535a99ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\1cb5ef3d-19a2-474a-a313-2a6e331fd4b8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\1cb5ef3d-19a2-474a-a313-2a6e331fd4b8\index-dir\the-real-index

Filesize
72B

MD5
537425897aa4b41c9a5c0b36c198882e

SHA1
ce7b366341f4e21041db3d1b402687ca6a888f09

SHA256
fdcfeef884ed4a15677b32c598252267a652b225af5cfe76e8794a28856813a4

SHA512
884bd6aa7dbcca0f0a229c7c293dc7a4677533e045c77e95cf45297154e19cb107b7aa9c1a56408dd89ffc1f91069eca12c6a2c4e70b68c60881c2d4543ab007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\1cb5ef3d-19a2-474a-a313-2a6e331fd4b8\index-dir\the-real-index~RFe58a515.TMP

Filesize
48B

MD5
fe57c91fcc2e7fe59f659db3736ed001

SHA1
e3d880c37de49e5480f957258728dbd2b54c74be

SHA256
aa9a1067383908cc3f8e97128dae42646827ba7fb60bff78dd1463c54df3a105

SHA512
94bada219e3f0cf2b25f970d3e9050071b1ec0bf88da019cd174d6da9978a018993281cffea24e1499c643d3ca440c54cbe2eda7bf26eeec22f6bd5e31955482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\9786dacf-0988-4819-a20b-04819604dd02\index-dir\the-real-index

Filesize
72B

MD5
40fd2f988c649ab444ee19861aecb8ef

SHA1
1740da4d8ff7a9b05170a080d296e0fb5fd336e9

SHA256
642e66e6eaa9b1279c5d6afa01a2946b146b88ecb528f6e8d92b6f4023ac5900

SHA512
8da0a74610155d472cf83f1d854c7a77b38dd9143ed75afb8754b72121b62fdb17290333d59bdfef5cd029ccf1cdbff26ddc64a3ad26b73a64f5d727c8d95157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\9786dacf-0988-4819-a20b-04819604dd02\index-dir\the-real-index~RFe58a776.TMP

Filesize
48B

MD5
a9fc7a5fb17661b5699b8a05ccbaac75

SHA1
4adc740c8f3af015496fab9b586f838a5ad55a07

SHA256
08f7b5bf108230aab918327d2c508d87bd2cc2678c065edc844005584d5409ba

SHA512
908da17e7a0fbd86db116b9127f28fbfd83a33a2412f2da06ea128be2f3c21bbf0c6b994bb12be269b371ee350d0619b5c305aee6235b8d6ed7a8278919ae316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\9c388c64-8231-498b-a079-4c2c520590c9\index-dir\the-real-index

Filesize
72B

MD5
aaa8e03a9b0f93b92dd9500ad34b2cf7

SHA1
17cc40519a46ac7bbba07978fb919f4db583c383

SHA256
c6ce63fc28189de6a81ff271abcc654dfeb4d10259b6b2da907a0c6db33daf2a

SHA512
38e83a105e9d7d06f33baf5a39a36237e58b663b8f9b09905dcb83f441aec72ec5dd133c9c7dd25e7065dbab451008654eca72bb4792a3bd27ed042516d2a857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\9c388c64-8231-498b-a079-4c2c520590c9\index-dir\the-real-index~RFe58a13c.TMP

Filesize
48B

MD5
d087d112cff076b91817e20c3bd14ea7

SHA1
d8f669e0868962d5256f06cbac1859a2cd449222

SHA256
15ae415412faf38cc762a42cfbe30588e6090cc3f486f1d32a8e4b76bb6a2605

SHA512
aa0828a96120123d9b042eafb973dfa376205dda638c7f707075ccc0e926ac46867681900536699a1319586c252f310d257ed9e889e093e4e231dbcf96ecf864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\bf9597ca-3cec-46ed-a526-677abe6cd447\index-dir\the-real-index

Filesize
72B

MD5
5ddc88cac8fb5cde5c74a0a213f8b352

SHA1
c427b24eebddb5b3590f89e365c4a2217252ba66

SHA256
f08b777cbf7fea8a82282945eef9689d5892b01172ced6c1567173841f44092e

SHA512
7806429c01826cbd6cab554ea2a6a3bde94f88a49e984e34a6097f36904edf22976425875b48dfc9341071478c8f4a36a719b7736c21700168644f44369665d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\bf9597ca-3cec-46ed-a526-677abe6cd447\index-dir\the-real-index~RFe5897d6.TMP

Filesize
48B

MD5
bf7220e36d5d48ed276825326d88e1c5

SHA1
c27e00462d773d700e063e8ed40bd5c3a8f7314b

SHA256
14d28d168f4354d82195175f21483711b341a7c588a80b4e68288b3f7ea33225

SHA512
6a30ee98ee5c7731678a9bb0906fdd5de9b1cdbed77cef5e5f871da439ea5d53b1e1fa60804d182520cdf0ab4013709123733a935850730f1b33e3762befcdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
106B

MD5
5ebc1520365f09eefa94f14df8c68e0a

SHA1
58078f65d424b0526c55017921141faf36330748

SHA256
d9afe0bd65854bc0a082046957de2f0a707a29cc7f7cd11b6986067a8fa5eb6e

SHA512
4a57656bd625de69754f2d0e5a9b891998e799423fd08c4fea5008a273f289cdc2783e43aac324498db2cabfe732b85941dcad528991279cd89adcf891259be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
184B

MD5
7bb945402c943846e50e1c3355ec99af

SHA1
06ac1821105479f24f82ca3657b3e4e959fc3d9f

SHA256
730b8a95eb4e7a28223b3af46363ed9b5062a86a9cde19e1b8bf003b9ce7b4fb

SHA512
6f7a76420d0c5ff3743e0f988f691a727e44ef9562789b76de07b3ccc5db9ed354abc35fe543ca18667cbc4a100936f989c3167eb944c682266302ad6870d848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
242B

MD5
82b71dab1f3d42c2d1586513358bd61d

SHA1
b84105504aec0c8e78cc87e94de6e64606cf75bf

SHA256
eb27449b90d96589ec4ea89f6779121a86117a7325e772bc6b1e4a94783a1692

SHA512
a2a6ebca0f7bb161c3eb4805432552b21c8c7e24b66d9235405005cc4d36990f6b4d847d4922f742301a89402e464e9acb0a98c455e56027c124ce97b9fc5020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
315B

MD5
9a826939105f844979c001c67b973360

SHA1
4f974b2afe1ea2cec5d59776e46a0d4aae993856

SHA256
9b605962e304245c4e6a5f7bf32f68b3a526c748c53fc90ea46b25fcfd5a163d

SHA512
9dd1964957a0df979490f52a4a2691cdef3b6a7523ed8c1913b0b207e19776f58dbdf910daf645a1685a37bd120d792d144cb2af683c94c79e938a53e2ecd992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
369B

MD5
4de0d195aa406fc9ae3f56d28978c4c8

SHA1
3e62081a6e2b601d6528090dc6997c6046a53424

SHA256
9ce1c411a02785c571d067e6dff9735b241fabbccd06f521f9538cf9df8552be

SHA512
6ae40619c7bf2d887a5978b59c0506a7ab3e3aa956ef65a4447130f97e0d1517de3c427d45a188bc2a7699fdb86eebf52f60f25d23907d262b5f71279699e313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
433B

MD5
e0e5f2ad0187fc90ac4d5bb8c5b2deef

SHA1
79319e2dbcea586517dbed5bdf6093808bcd841b

SHA256
aad502e4f28d710c50a92b81febc2baf55d7242f79e426a48fd49880c830156a

SHA512
8f69712dd971f250fcd5c343f8a4f7d1123f2d194d24119c269aabe4935cda863ced79996d7b1608bdaeaa335089cf37888870f84e799cff7cc1c7cd80fc7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
491B

MD5
d468fe2bb7394a87187b11d2c0e132e7

SHA1
6ba3e8f2411b75564290df928cc27dcdd0dc66a6

SHA256
e5b0aee2b07443b8ea37ef5d6200d263a9aad37b7ab352508f467b261d633415

SHA512
dc3387b14612890deff5d39d474d8bf6f6f870a1139eb33d483b2d1567ea7fde4434f614e77a859f4a96bb4ac3055c4763e31f4e0c5129998e7369ecfe87a0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
546B

MD5
b7f31d78d153f63bb242d0e43cef8974

SHA1
bb172a447055c506351b770a2092b0dfad7c0f05

SHA256
ee3a18306cc48dfbe5beba55e3061222e65fcc5ee2e8ccf9d6294c523ae5d2d4

SHA512
4d1e2142fa9150534c6c91fa3adcd3c1a2a0c023330397ff73c90b9ac02c46f86f4dff43af4e07d347c76a40b858f0523131699beaed3a6b95e1fff8078f4edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
605B

MD5
6b48eb304da1366dc0dc7ec3c6cf4b61

SHA1
1cd4fe0c7b5cfa2ae11f8ed353af6b1acebdb943

SHA256
19a941a29b36caa334b245947eff1c03c55d1edc2f22710c6133ed9cd7cddf5c

SHA512
8b67d05d7c4a2f0af2e399d99821a11f31a0476668c0b15b5909d9f8216c712c987990f0800273bce3dcf1dd495a15f1ba8895f0efe9f4ff556f1e33bae18c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2154f6d575c1549e2fb9c6d6933755683c6d9763\index.txt

Filesize
600B

MD5
4f2cef136959b3810eb69e417eca189b

SHA1
ce8e68ce6a73ba23b4dae0276fb8814a23f0ab38

SHA256
0f2976e5ae0a615b5c1db546b97c2b2c2dee59aab0a952a665eaea8eaf2e868c

SHA512
6c32d671cf351c0fb3fe8b763b2d975d38e9555d64e25f740c1570ed439cb8a19e3a13676f7def82f50723dd0c95116b359f56d6c21d4f7233701d06733c7560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a69320d49c45cf0ebc51396e11b8d358822edc21\index.txt

Filesize
98B

MD5
938008d1b1d7a13ba1669d93aeb76ddf

SHA1
802eb59b331ea78d9d41d16713c6a30d8fe0ba5f

SHA256
ea98cae81b7a227babdc0eeb9f9dc959b3e6dda85cd9653808f16cfcea36a278

SHA512
3bab72dc41b7c84a9255cb7632965d69317a4737bf2bcef91ffe58b4fefe0c7f84c0dd45bc9b64b33a99baa9441553bb70f832289db4037e5267448d52a427a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a69320d49c45cf0ebc51396e11b8d358822edc21\index.txt~RFe58b9d5.TMP

Filesize
105B

MD5
8fbbeb48224f1809e7e56bd31222608b

SHA1
b1e3b6d4865ee37a30904cee9fe162984a110471

SHA256
237044966a97c7a49388d3757578f47589afe9346fc4d02505bc293abb359112

SHA512
cf9b0da9888628ca454b9b849c76020bbdb67d88d2fa04587d573e14ebdf98bb75b6ead7b4b6728251c9cffcf4b268dc6bb5e1470835e4d5bc026a041a2390d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9dbf62d8a0a3f6708a4d546c1c474087

SHA1
5ab7ceeca0134a668638b4b3a6c4252f8768137d

SHA256
fb1e352637fb499e0800bf98cd475af0008996fb579ef45b7e73928304a4fbdd

SHA512
5c89b006d9d9fd4a8fe9a31d1bbb955d6c5df3fb2b30f2534812e770abee732d5a2b3785236aaaf62f5244e3badd73c143d43d882e363ed957b2f18ded9f4e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1a16695353c334f6ceca6686c1d91139

SHA1
2fca142be5c756ed085a8adaa3151d0508fe1ae9

SHA256
0d714c18f2fe03dbd78e3b930693894662934af5f39706093604225bec6a6d93

SHA512
2ab81607c415dcc32e5248d811cf0ffa88caa1f55c928ce602152b9e1eb9a8d6e686e7d4e12daaf1e03c45850ebd7b1255ce854b6a0864c7cec5529c450e8f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ecdbcacd4ff47c97e12938165a65a25a

SHA1
4402c6ce237ee1f5a8b0333f1dd4b3b4ef6751d1

SHA256
6364583f6afae6e4f53c278bb9c4a25dac6ba51e669cba2d548f42a2e5b8bf54

SHA512
a5cb2753385895fb08846223f80c93631868ac6d4c16b1b1e3b17a5ea77f46fcf52bc57d7261245cfc00580336611c07b6bfc8af56d83b9972b807d75d35719f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e561a5deeffd432acec27d1fc407d81

SHA1
383eed34bcea32f938aa71c8c2a4416454e5041c

SHA256
5b8c4fae30e01e13560b4c4d15c5b72e8b5a5c07cad6877d01e441c84a0bc440

SHA512
d4a29932a2870d78cbc3b1eacd94741b371ddefe628827012aefce74af5abea2bfb826353ce2093a5896f2443efc85adfcc6c27282990ebcd3b90e908635a5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

Filesize
871B

MD5
d607803e7569ef0782c88c8f627de15e

SHA1
5803430ea79f844a73a3cd8e4c0d7e5c4421d561

SHA256
d7503a443efac57df766130fc3caee7cc2bddddcd5640c6e14bec988b30e635b

SHA512
8fe7456f07d34b6536c69a7c97ea6b00ed12bd080bb1892d8cd5900a4a28a17011ce04f5f1d83571c29e90c6e9ebba65c4434cf4b508b8f8153df7930b3dff85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43db1fd888270042434f40f2b26e14ac

SHA1
821cd0f86a6aff8a8c3a827c9817cc93a3377693

SHA256
05123639025371cad3045140a1542011f9948bc3a5ea95e3c54a31afe5f424de

SHA512
40ef928c5f3646002d3644909a5f754ec340c9fc853df63c1abd496a27fc65846a6ee07756cd71b457f1af4af7e712e3b5033bcdd6981bc5186861bb84484b51

Download Submit
\??\pipe\LOCAL\crashpad_5168_VXAMUGRJUJIZFPAF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit