hxxp://Google[.]com

Analysis

max time kernel
673s
max time network
675s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{F410F0BE-657E-48A2-B54D-5801CB57FE32}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
220	msedge.exe
220	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
2392	msedge.exe
2392	msedge.exe
5832	msedge.exe
5832	msedge.exe
5832	msedge.exe
5832	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5808	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 1072	220	msedge.exe	83
PID 220 wrote to memory of 1072	220	msedge.exe	83
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 4692	220	msedge.exe	84
PID 220 wrote to memory of 3928	220	msedge.exe	85
PID 220 wrote to memory of 3928	220	msedge.exe	85
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86
PID 220 wrote to memory of 552	220	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb649446f8,0x7ffb64944708,0x7ffb64944718
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2188,833649723554552613,9043051161909861921,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6640 /prefetch:6
  2⤵
  PID:5368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
90KB

MD5
dcbf3facd2539a65956ebe210feef0d8

SHA1
061d9d36d120992846a06dd126b537125ea4a87d

SHA256
7d1913040b5c40a93c26269f518d58007189cd7109ab40c89ddd55ba70db7159

SHA512
b962496797b77af2cfaaf5ac5431a984d004372a01636f216c3caa60bb2f7c34115349bce947344f859639a859fd2b099e5657ba57aee5ae8dd16660778d997d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
159KB

MD5
652b5cc0f042ba8de2656a564313cba3

SHA1
e43a835499aa8de5e766fc60b706366d247c8ed2

SHA256
74b5f9800cbfee478d07794bfc0915560dc5c6e36ee470a071b440f0d40bdfd7

SHA512
e6d17d863da212445eea009b64593da4672b12059042a4805333102086ec3a516f07f43913a6aae4071701d7cda59e98e3ea0d5bd364fe32d604a50235a1402e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
02023493d2c94dff5d82bcc657ac458c

SHA1
33649b7d97969167266e68e2033f44737fb6d341

SHA256
f6bad2c69290caeb60fe90d21e234c1bd14208a7cd320e1b91f07bd163acd097

SHA512
a1748a94d32d7861ca0a2698e8fcb7fe6e3ee52a2a733595744eb5ca81c7d1cb82d20356144034516d9975780e6433da2266c28d732dad4264210c35da5443fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4ce4587b68590c5854a5cce492d9dc35

SHA1
a57eb3cb0d0fbd3a84842b5d261002e4d5e4cb23

SHA256
2b95f0c323994930faec3aabbb5a5450daae93458ceb4da7300ff233170e9acf

SHA512
e47dd28997d795de3c50f96ebd02d84350699571f635879390e47c30ffc2f33f2869005c4f5b48ebe30ba76130fe6b390549e59fb5adc5d686d3da51943155ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f1a63ba8f6c910356791a74454660e4d

SHA1
367550b6fb11ae8e6995613d4d478b84d5f3684f

SHA256
6beedce77d5915681d47072c7be541ee0341f85c1fcf223005596c13271df46a

SHA512
00ec7ef79645ff988d3e5f5292fdec60e894976da57d63568a40e5f5b29f55400cb83e5ab1e85fa7d97a25f2bf9d305e72f794094d5aead9b7a8aee039606fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_tubesafari.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7a97f02520ffa499c836bb828a3c98ec

SHA1
9f634c91a366020937781142b79dda3a2d1acc9c

SHA256
07b3713c1dbe303b618c6e9a478239c01b4ce20b9af17fcbf26dc23498fb8f10

SHA512
c23bd98bbdeb2d9c66d170b0b727165d52f6443cf3be8fb72c53cd6cb7b3b379e25547ead63e9bc6739466694ca93aab4faffb4423e250205334eba5c3a5d29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80d586a1115324781e622550ed1a6639

SHA1
ee838dd3dfc64ae8168d6f7bc9a586ae36523715

SHA256
6f736cac4330dd3dc0a91b8765c8989d2d7585d567423eb2f32ccb253881a1b2

SHA512
7e46c7d14fdf8c876772edd98c9c102a22573b4b287aa08b35f76895b54f92136c025c7c57b7c8ae5b3c0523cf9151f9806d7166fd8af065f5425f26d7d3419d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7529ea0f669c67ff2182165c779cd418

SHA1
a318dab896b32c268b2023677c7d8bfbebb3304c

SHA256
e657c0a5db5d75514d6307425cb8d288782bf341ddc59922912a722bc07cb130

SHA512
5863d7599eac096d4358bce399b2e6437a2240f48d5c3dd51f7978ce94725fc0cd5e7bc4a35f46b7f36b53f0882e9145279f7710b65f5d82fec1a23d8bba3c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20b76ed9d37be78a64b6b5a16104e115

SHA1
dc6fa091f8996c604bc5ab6f00283870f52002aa

SHA256
d09881eff4fb6851507abfa45e6f6fd36b5411533fa4a755db5a9c3407c4d99d

SHA512
2a87a2087386584baead258fc9e445f9c82f9fa65bffe9c71bc08c4755c8c9fab2ff1a7ef2fe7d63157df48755536236df4ca384916bac9b65e6db70c6429e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b004f1c42d89f7eca30071604b746ec3

SHA1
7c0c77655fa46354a7a8d18d7d5ba64706a265e2

SHA256
f2584c05b4eef0e987174230d47b8f52544756da393160072c4b0f32911e1dcf

SHA512
ff0254bef07a9c349cd77839ecafba19eb9e877b6a84216c278ac49d2e30d83a0afe24f292407cdaf1eb0f76cdcf8bd1ae98d6e860f0037847dcada37310754a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
585c3bf8d9d86591ece1cd29f3aecf33

SHA1
4517b1638b5b19b17418fc5ae76454155e22513b

SHA256
089d81f58b7a44902923ddaf4597fa9484d78cf57258e45fd6d951e0479ff955

SHA512
0072ca115f4f4d5be289b2d9d2423adaba4671b8024f0ed254ad8fd6d5fc32ba2c0db9d7eb5c2a62931918a7dd3df32a32a4363297a01aae18714281421f18a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
530e4e168e7bd5002dfaa6424285ed05

SHA1
665a4e85bbb1d5d4fd76a3683fbfa52496651ffd

SHA256
fd241bde94c9098071fa1fb8c1cd694657db94ee8968b17aa6c73c2d26628390

SHA512
b88db4910df13aabe118f292a83d4061ca781201f4d629ae4bd706fed750ca22104634e801e7494ab68b36d96055ff37afa1438664bee026dfebc368685bf013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
241ded6f0a3fda2265aa654e824802a7

SHA1
1c800d6d77b563b5b6a8caca3242a82af8ddcace

SHA256
0645e22c9ae6496c48424d9ed2d4a32b3b5cc4cd3a20d29da2eca47ee932043e

SHA512
c2f15c2e12a3a4653607c3eccbc99911ef8370fe776e5486546f0f70064ba815b76c36309fe9bbb1652918730bc5d0353b9c1188c5af8a9db19d21a7a823cfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ed4a039801f9200adea0a9893dc268d

SHA1
6bc58b1c98cd50685069c790b4b487ed008b7301

SHA256
532be5d758f661a8aa75437f66a3b59c55a81ad96cf726adb11ddb2f08b9f695

SHA512
52d25c489a87a724031ccee9b33a3b15775e329636977058086ce11236d45dee418c411af0cf122e1a61f92a2575f19d91b4ba680437e8d3832bac3197ff95bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2799a69fe7a82e3096fe0568c984152

SHA1
a1cfa73c67518a62d4d99c97d220a0d0b2d2cfb1

SHA256
fc22bb0fe37108ab28151ec8e1a30aac019bff262e0daa40a930b1ce5b11747a

SHA512
3b4bc91a3a73fa75e85ce9f75bc4107aaade23afccad2de03c8e3ddaed724ce7593a326ab50a1597cbccf6b18c843ffb7133c3d97ef56275a3369d73505d4e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c64b5599f3503f8c0cd995c2d5a51b0d

SHA1
e96e82ca407718c2dbdbb317b7360cde94dbd672

SHA256
bf6762156f178861d9dd0a49f1bc31de9e2e3818acb3bf526ae50f63e37ff5cc

SHA512
b0a18a618891eb9ba4fd1231cee39d015cddceecb791dcc0ec1d336bcac9e29f3f8eef917a0893795b23cffc7f1224e7eecf1f3702e36e8bc62eba3c3e721908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\028f4271-d02e-4719-b894-3279759b9496\index-dir\the-real-index

Filesize
72B

MD5
8fb7368661a73dad9ff58a31d1ad968a

SHA1
deb4e6bb4c4181c78191fa0dc42474335d079d90

SHA256
1fc54cb1a14fc4ec9c9e9824ec294ed05e57574a0f3aaf9449703e1efb717763

SHA512
5a5df0127640d96fd4431e823fef6a1860853673cdcca2f0441cdc28e7033b41688417b4c1920222fb5b4024974b7c3bd8606ee13202e7f4dd9487c0756813dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\028f4271-d02e-4719-b894-3279759b9496\index-dir\the-real-index~RFe5ac96c.TMP

Filesize
48B

MD5
937956673db30281f5808167d7658c20

SHA1
42f666ecc33f383afd4e8531e2dc0088a13dfcc3

SHA256
9fbd57d5e747d5fc7633ac35b849fd090b79ee650bebfe78b3cea395bdd8a258

SHA512
4416ecd9a27b4d554a243efcc82db2033b6e29aae65d0cd92ea6c0cf269188715c778c84185f0eff561a1e178d3cbc43078ac02a191880f844af1d9cb76b91d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\c7b0074d-9b9f-4abc-a68e-9f6e00f21e9e\index-dir\the-real-index

Filesize
72B

MD5
252d0e9f97a3f6787bb95f718bfcefbb

SHA1
c9e5a2c3b8350daaff3257f7cbc7cfe18b7d2328

SHA256
cdee46a2b4e9d99ae00cffc2cb44a7f740d2e55428fabe10f4ae6bbe665f99cf

SHA512
aebe8c9837a8fa6b11ca3e0842db572a6a485fc4c1e74b56b27d966bcf6c5104d1c89809c661d11bfd4e891e840d2c4da5c8e903c8d62ab90480ed3c47190cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\c7b0074d-9b9f-4abc-a68e-9f6e00f21e9e\index-dir\the-real-index~RFe5ac98b.TMP

Filesize
48B

MD5
df45dd0a728cc541217820dc19c4f97a

SHA1
47b298f6b02d4fdf3c1bbf896e8e12519f202f5f

SHA256
945b3425716c1edee3d7664d010a14706fb79f72d7bd641981d28d1bfc4fe566

SHA512
e4c4c040c75878bf8ba3cbfc0a9b9657eefbc43eece58b44f04c6bb8835cffa056002245c874f3e9e6c161d51cca36833eadcac8b035427bf18988d6de67d7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\index.txt

Filesize
150B

MD5
be45ad00a4591bd74695f19244ffe6f2

SHA1
c5ed2ed2e98c23a0cee00e619fa79a8bfda3452d

SHA256
1f9f94374e5ce93132fa00322aa13b8e1a7d986574066cf0c94f34d13f89adad

SHA512
c9df9977e8f5acf6c3c898dfd05a7198ff8d95b6bea545b5f6b6a525721a4bf5f8c7ab96b9507b0d4889dcba0e0c71e6902ed855b7918e62b03091c9ee352eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\index.txt

Filesize
146B

MD5
57ae01a7e5557a1a5ab038c5c61ac367

SHA1
bef3db64197e3d5d8ee7701e3efe0f34273789b6

SHA256
564b35c97f16181602613f814180f791bdb2aec52c76f238efc47bb7b20cf078

SHA512
6c63cfda4c34a0c4947a292b02bbb69e2c6cda23cb60bc3775754fa232809ab0c81522dbd77282a93b4d818bfcc7db52479bfba9da94471314b9b82744c8244e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\index.txt~RFe5a7b3c.TMP

Filesize
89B

MD5
c5b1b3b6078ad8d42ad2fb483b727e29

SHA1
b1b83ca9e6ec30b884758dbabccb33cbfcee6489

SHA256
d93c9507a879657e6ecae50b0d0f7b3e3ff52ffb40d9ec2e740ab7e53ad00885

SHA512
99200e5f1cf7fbd8908c57d5957f9f4763dbee105216c3da7750d53aa30ddc31f76f480587e0ffe70c12cfcdae364df4c97584161b7f32184b38df09c78918a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b2eb9d73d736d7803c78286afeacef7f

SHA1
d173353c00f12597b04cfa9b1d9b66698453d453

SHA256
dc199666b9b44082e53a7b00b561a4234e56bd2f3d97ac13a9f76f6371815282

SHA512
9f56472e73f49aa43993651245e78e357aea6c79b341119cffb2ac06b2577ea25597a630fce2b214482c113da677090bad83f499e950f3b773c1fabc6602697c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ac8fe.TMP

Filesize
48B

MD5
c526b3915646d784ff5b3db2f2aaf5f0

SHA1
ec547f7fdfa0ab5439b88528a7cb28ab985a78c2

SHA256
194961826fecd4c7812208bc64da56837c68c3b6fe642702bad536b26233c9bc

SHA512
e3d53b66b18011a39b9fdf1ae2fb25729aa90c7b63492ba4c5eef4d9aec4aaab9a4c32da1e0bf67e514976db753402355c44210caf82a76353b19db7f51334b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1b9f286c43222ff4b3e7be2ed421f66

SHA1
ed55eb954fc24552957c402900f3ff0c01f87ed4

SHA256
fa73eef20ba001156a1e2324cce1c988e5bfb291ec0ebf4d49f253eae034c1ad

SHA512
9da02c4622a9cab288c2f66c6f6cb37db4644a6969d1e7ab3041790cf6697d6e45c48285ab442e2390b6619fea6a40f1454a61a8a3ff57e186bf3889f53abec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb980aff1ebeb00660bffc712ab7e922

SHA1
560535e988027c7c873901f778dfa93c9e16a957

SHA256
112fdac1e162be3ed014c1fe81eae539457bccd56c0abd27b9cd4ab7084276c3

SHA512
03408f688e6eb5b6a23ca192dd4ab6523c6704f69b78e052900bba86b870c61384c334992e470e5009d36f6cf298711a1910da35689a9f58ab6417e275b69b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1d04d6c00c1bc4d2058e8ea88dcf46b0

SHA1
715d8abdb5121b98ad0351a71f44f6c0ede4910f

SHA256
61ed71a53e2c25b6600d1f77cc21ca90c4ddfc14dae269cfe4ad7aee876efb63

SHA512
9ea5a2ba9290768b3c8ff278b469beca2f091f9d315428105217b849cd5b9df28e28c8d81af52217f3252f205eff767fc9481e150fabb81e3e5f878d41dee77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04e7b45d18da4d65c1ce663e6529a88b

SHA1
7cfb41771bfb9bbf19d8ea867d677ec07c7ac1b5

SHA256
dff271aa2387d0d97c3fb4681d087ce1ff41ceb70cc73faea16ecdb68b961b8f

SHA512
7b865d117fc44ba023c67de9a437f6ba79e1a88527a3230835c9e4a653775472eb54a7b9cccf06e7a0d4481ed5099a4acd14b6c58e8dd086080fcdfc474e7ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c0fe.TMP

Filesize
204B

MD5
e6afe3e459ad203e439b40dcd69a5543

SHA1
24c814098979c9fc0dbd8c79ca738b4a413b1883

SHA256
0a619a64b7e9930d08d8d654effd8a4637da0646dd7fb9f20660258121c438d4

SHA512
e774b04782e861dabca5e2a9a5058fba936d584fa1dd403f593dc641e16d3332b81d4ec0e2b49bb321e2e2d039b89413d02a7ebc572a40a20a7df0ccf9dec5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12cac95b807f9199e49a37a62cc9b4bc

SHA1
665acf665fbcb962e179396cb109c76a4dc2bc00

SHA256
4513e066ba26c072014fe9a333ca8907cb8ae8a45cf6e634f70cd0e50ef59d35

SHA512
c591ece71d2a99ae1aae61c0663bd4f25876f72000bb29b1b8b0d646a5c9b51b3c93ddacb258de369d40cba45fa9feac95342af98a418e5e16bd6607a18bc044

Download Submit