hxxps://childporn[.]com | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 13:30

Sharing

Report Analysis Logs

General

Target

https://childporn.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{9866ADAA-6F54-442A-BA53-E1D9293A66E8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
4616	msedge.exe
4616	msedge.exe
5096	msedge.exe
5096	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3564	4616	msedge.exe	80
PID 4616 wrote to memory of 3564	4616	msedge.exe	80
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 2068	4616	msedge.exe	81
PID 4616 wrote to memory of 3156	4616	msedge.exe	82
PID 4616 wrote to memory of 3156	4616	msedge.exe	82
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83
PID 4616 wrote to memory of 1624	4616	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://childporn.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda0183cb8,0x7ffda0183cc8,0x7ffda0183cd8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1096 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10940 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10996 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,327103659956817667,5951040262597958743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004AC
1⤵
PID:5944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
bd108018da555f5c0594f566e868a9f2

SHA1
a3d1a82145e14e97570a33216986d981b14805a4

SHA256
d150e884f10736a8152cb511752a5842d31a79520107703d3358b839e1550b9a

SHA512
57e588e609ec5e5c4999071d65168c3a6ec68e8260def579e08da21918c2c4e5290bd6545b9b25e4141d41165cb5190e2f139bd9bb8f6efc635a0258aca041cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
504ace26fee993bc67dc8443366ef799

SHA1
7d7d1ac5d496e26b25b953c7dc6fbcb524d47203

SHA256
69c44acf5fc660374208f3bad43d0603b86112081f19f37eec60b8f6ecd976b6

SHA512
1c4f742d873e667bcaa2c9452ef44e1c380780d509df4975491c066556c70c2a661eed086cfce5ff0083b6ae2fea2e4db8adca964d2c6882a26fe10e1f4940bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f1ab346-f42d-4532-8aaf-c8bfe3e74769.tmp

Filesize
6KB

MD5
e669d497b067bd6fd221865534246254

SHA1
0714e4b45ee4feedd28aa0a0b275dae3e6ce1de3

SHA256
2eef50c09f48b30a4489371d0d60d505d3057c3fb280b999ff0e61a050e9c62c

SHA512
9cb9a6963b2db091da4f1a8c760097def8e7abd408754e7f86c97f9367f02dc4e2bc4871a07672547f58658c8c21c56335f7507c0d3e2f4a3facfef4b3b8d0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
26KB

MD5
b344a94e4b09c6b5b4ffb607d18361f8

SHA1
534596a136d16e1521b8e69e88431d01d54c7299

SHA256
b69b1a3101269291c18a694a4da19b9a82b8dd6962da3a3c2103cb5404fcefdc

SHA512
272f46e08c6880ffc55584b207aff479a793ff7a267f32ee4b2f7e664b099db8411fd199f5d9e6ea19291467a99608ccf06c3434d7326dc93daf71bd8525258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
63KB

MD5
c66b356b4dffdd9b41ccc287bbf41bb5

SHA1
dc3320b2ec136ac0dcc5797076bdae13d1dd421e

SHA256
592e6b6858f6cd5150e061f5a42d6516ed0600c2431f0519d8e4ee8c9448e6be

SHA512
23103bfb07b254d880bb6c52d15b3a4c0264c7fae1e5268059eab7648668d5b454fe366c763ad77a3198fecdb2703ae61ca61bd951602e31cb1affa829cc90f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
64KB

MD5
8b37bb42b1577b08892393df19f534c8

SHA1
e12eaa944bff9ccd0687ac54811a3ada4a5d21e9

SHA256
6cc9e87df3ba27d6dd288a0593a4f70a17ecb0bf5cac0a591ff72f355a9f454b

SHA512
9dba0d070832cecab4c2aa922bd07395b7493845926a5bed5c5f86d61c3b2fff1f6fa12069b7b7abe4f15cd58775ffa238aa36c47e100d7ca544abb3bc1a29b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
67KB

MD5
2919cc4c64690f90e92b16a3681dbadf

SHA1
e25f9396676f80e13f9a864f9bfcfdb38388207a

SHA256
e9bc834fec23e22d3273a7c3eb97ad8442124617adef75b7ea03a18c31e752e2

SHA512
d1984b783ead2dfe249d28cc6d0d7126c3daeb2675f7b8e7d5393218033a1493cb80cfddd7e0fd08a0de3638f3b3b50dad0fd7cd26c1da7eeae54895db3773be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
22KB

MD5
dc65d44759da4a4c4d7ec0573eb85ac3

SHA1
86db65695bbd345a0caf58519db2d857b7b7b8c2

SHA256
79a090ac7ff00d4c00e010b24221a10d8d42c0b9d70132cf9d3e530cee8000af

SHA512
8f1e675d3513e607236f16c4ed9f042d79855705f26607ee255cb0e5a658b45893b385877612f53c6af0dbfdc6683448cb6b0a409659732f5bb08c9fa91c2f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
153KB

MD5
3975b572f6c339b5fe669dbc68c4c0f4

SHA1
452295715dae557ca752cd097d51ffc2ab7c4170

SHA256
ab0d5949ad7e4497ca50499ecd7db5700704ba4dae41860aad0878d413386dca

SHA512
b6a8a78b3a856ef405d8f1889dc9ac2ce84da5b43b95888aa5a5456d13eb97cff1267176f91f2ed47c688846f2ff378b0eb5b145da13173c311efc3f94ef0bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
40KB

MD5
1f9afc8283811c01fc0ef082c02558a4

SHA1
fef19060fa600ef79a154aa03a3436c550613eb0

SHA256
f1acc56343f30dde6f8e64ecb7c905fb8c9660e8cf307f5673c2a9d3a79a6943

SHA512
44dd8643d499019bf41af8d9e64d06893cb44a2cc167518c59d4d23c9a46fc8210e05e8002853202414c0ad2b1174b200f55fe5efa1348c0b7dd07b54b8673a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
62KB

MD5
ec9f90ec6bed87600e5e39164cd3b087

SHA1
f29d21a0ed56c099b30d6d6dd7f36de6616749d1

SHA256
00f3b25c0af6781454d1783baa17126a5c93ee90a578fab48f800cb260665709

SHA512
1aae8e6a2de5ac8ac612460e91e5bfa9dc7729cc1a0ffc5a4dbe84376a16af1a9309e72b0dc1f0a10f4c09eb56fab6a8f3b82257509715550c93bc67e73a3252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
52KB

MD5
55c1b80239e76c7391debfc0aed30d91

SHA1
08c5a0590cd84bab748de44e5054f289cd5df6df

SHA256
5c0b28c47ab6ac80f530855da63c70793f5b3397b079247ecc2a9a9a72f84b5a

SHA512
b0c98f05411f69f9304612c9a2910d69abb6fd4ec336a429c97a806c9bfc3d69f2b57b12125116af86f1bfcba5fd20c6e6df57482c052feb191ad94f4462b29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
1024KB

MD5
422e8cf3b7f301be8a5df0ed75985b59

SHA1
0098bff8528acedbcb72086c680c1ea09cacc61a

SHA256
33302f6bc8255b478b3400821d4401f0f6a041ae3fb57e63ff3e7162f4cd9f87

SHA512
cb3d90b4ffa46d8a2e459b0a96af6ea8090ecc2bdb4b849a0e3253f3e94e8234be95a02eb63155c0195288ecef92497de406ddd1108d0da7a744da3079ac4579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
93KB

MD5
785a28d2af8494a2a8b1c5769ac72177

SHA1
8c5a2b36490dd46b8a87d9e84df424c78307c109

SHA256
91951c3290e727ceb24f02d6eb677f9f4a1714a0b135eac1fefda5343d8bbb80

SHA512
d394f0fb935d101fe60007e256738d9f76ed4310ea44081a53eef8b174b5f32a9297e07da9bb46cb594cbfbcb28943bc7ade5811c23ccc788c7b5bff8e10e735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\128d3aff11cc5409_0

Filesize
350KB

MD5
113539c4a2f81d4a50f92dd33da2ef99

SHA1
922db40c6f125ca5ac76c24a48d5cc9de2d4108a

SHA256
f90f082e42b4256092dd3d559ccb7fcd7bbec628335fca706080baf715dfc8b9

SHA512
73f2774b2de3e4d7d71884b51345d0b755a3e0e7cf0920c8f2231b304ed573660f1b287750961a5464ba9744373208935767f18125c4e435cc2c53e008044ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9287a82ed5a7ec0e_0

Filesize
257B

MD5
e37a21dce8113c28297a68124d655c22

SHA1
66e80c36981af5bfb9d9c838962eb3d221f8ec68

SHA256
62f568972f3b38c2396a3f57e27a5541064deef039d81ac813d1140bcd7d5b89

SHA512
329b99ab91ac31e95e45e29af4728ec3ddf0062bf2bc9f91aba8aede52da23a3c7799be3df34b3ca279fdb0c5b7d82d085fb150732731227d4b9f53186d14f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a44b10701ac1235d_0

Filesize
53KB

MD5
30247c42c5261f83242876e2e9d99348

SHA1
334618762791564d2bbe241df563869ffe06ca90

SHA256
eb8a5a95df07e488f8bf411f9e4fa5709879abfb0510e8a4cbe695fada1f5983

SHA512
c63f86b9655030340eb9e91684fcc5b578ef59f825f4378eaf8fe59718f40a2c37b8938e0e0595169536b46f4aab3777d0ec035ded736c0289176fe596b16431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca7af6fd500df149_0

Filesize
33KB

MD5
9d018403108ba4649d1650535bebb8b5

SHA1
f63e704439102cb254d1b5583f9208d917123eba

SHA256
f53c23ff6adb91093a385d84f05f881eedf014c8cf994c769575b0a9a6dabdae

SHA512
34d53236649e73541bf083b51445358f030d6ad5852a85912c1c91732a02a6bc0536e75f7df199343e95f2c1ce03b0a189bbda61ff41821cdfcb9a38e4c2b9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d883b78db7b84b16e8493c9a6e7e0cf9

SHA1
829c0d54380262d826abdae9054d8affe6cccd6a

SHA256
d48305080d065770de9cbd7df007417786952bb716bfe9142e6cc227ee47c3c3

SHA512
37df722c507fce5cd89f980d619bf5c7ed500f243a02ad669af922194cd50b7c14aabeb3c4b8eaa1c17afbe7394dd84ac4b2c51906a33ea2c8b093ee7419ccb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
77410f75d061f61fa4e252992f4e67bb

SHA1
23013326cf7d84c100ed503e6af8badb4bff8ba7

SHA256
e2a77d86ebcff8a256d6d24a3f769ac1ddcb480d97af475c7a32bd4189121ee7

SHA512
1a0f4e1e7ec919bd6fd249f2b799f6e8752dce82b6e3403e0e167b16b95f2da38e31c10b68b1c6c08c832de1649d42f9f22ba40618fd83d863067fa8af170129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
0bb29a951fb1e63d7331ffb65683c507

SHA1
f043ab6646d23f36bcb2e46dab97b71ae1040588

SHA256
8475d2e1d94a4a4f2c129507095467991039d2104183ec1f6ed93e66f8f46d04

SHA512
e8fdece7fb08100488585b05da23786ba30d85985d42fe3f23f14c2759159f08dc213b1b6ce60eb826792feb902bf746d83aa40b5e9dd657918e71541e63ed0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
822ce0028fa23218bb2fc12d5c3a5ab3

SHA1
55279a45f3954957142cc8640bca7bf741b035ed

SHA256
00dbfde8b9613e5faa5d11b7fbc5add2ea7b9a1444f3d81437efe829fa685d0c

SHA512
8b6cf391025e0d77a53904bd0a4203346faf41f1521e346f6e2545f2f6c5fd8a7b2a9071b35d9a43e29ed2b0e5edf54877b61bdf85481b6df2f078752f474ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ed298e94b9fe5cc7bea2928743a6e4f8

SHA1
5593e9258bae73668d04a6bca346c4ba2e13c661

SHA256
aac16e29f0b3fcea60d9848e0e4eeffe505d820e9c2c77e2cec956e5ce4a4e77

SHA512
a3bfbc582d4933d31ad7c7fe3b27a3c23c0b272961957a89d736839dd8aa200314a3590bb6a705f57e995cdee92db74e0734c0409a300f38f04ebb9a1a1aa964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
419693931cc80fa7f2905609e9ffadf6

SHA1
a208b83f1e283addb9d4e2118a1a9d924ae704ce

SHA256
4f072acf80b282cb846ac0a6392e5c90538bd2a49e4222d4425e054b5da5d97a

SHA512
2448a4c399c9083f469e357a5908e0194bc9f08fc26ab2413497b1939079ce6ada1a929e3e76e373d87129046d3c5db52f22a2331e6074b45c060fe4cfb41d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05143f4bfc3074eff3851d6c2fa5a5a5

SHA1
f35693de4de5e1bf9a0601ceec1b543fb1c5e8d7

SHA256
ca14d295eea8b3a59e73887997dfda08c0913a2cb27b4d5890f44b06c293974c

SHA512
bc7e56b23daba9e8fb9487b22b30c7bb57c08606a9db8fff3be8d203ad5be50f7849ec33bd67b80b134328b3efd58e997948e49adffd70be5ab706e99482d73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
883ffdfaa0d905ba2c9db1cbb5e58614

SHA1
f9e7ade3480c0215eca135040a3a448335120ad9

SHA256
28704146265a5ce23eaff4fc8e0ff82980b279568dbf054b47eff2b6cb96c5c2

SHA512
bb9ea56bb2ac32979698d06fab07953597639fef002c531d862b500a4f41062c2f7a611cafe1ace9b16bc46b890106188bc1e43d8c3850cd5d2dd3814a2d6364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a0fe.TMP

Filesize
48B

MD5
d1a5b6299537be632e16d6014c1fa95b

SHA1
094a23a2b89045a73f24ed48d913951d7201cb50

SHA256
ad76e8af791c96f43a6076faae6dd4f0a97823389803909466555ee22afcbe1d

SHA512
b5ef910efb47de673ee8920981f911601a49db28505a4e531d6e049afd0a583bfd2c934d017bbf92f572695701ce110478ed637ce9bd45bc92c0b945a4d4a92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1f346c57360ad725cc1ba0172bf0489b

SHA1
367eafdceb7a09de08ba60c39f118820f7696ad9

SHA256
61547cfc4659d6d75bc5632a65f5bdc8cca5dcf65f8b17b81a8b2fe3a16e2a3c

SHA512
9897f334d3cf61a7c95eb6b1f1e8b55e9a64022a76a76e24ae594adfcf42482233d6a817594b5692c4f129661a6bafa53c62a8e34de9a8285e30ccfa5850bbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
850bbc4d2b65d559af4cd1a6ce4363da

SHA1
4cd43b1e5245fd4c9c4d7d33e158d995423dc372

SHA256
152ac7a828da365530cfa4ca9e5d5b768983efa29b105595b7f9f339a6adaf7c

SHA512
5a3bdac8f08dddcfadf3386b5cfcb7c695b2b7d94fa241b94f82317f9d5eac2d80398a7163936c04fa59ccf69051ba2becf042397970e83a84d244d34d55e89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9946fd82866b0bd1a62f0d2912ada1eb

SHA1
4478db621e10a88bb839e608d3131e4410f8ca41

SHA256
05f9454b3132c5759b76cbf10cd53a3f4f66a7eafd3f70d3060bf3ba6c1f7f04

SHA512
3c2e732795ca62b5fd495bd9d97ed863425d93a1856c987e6b34b0422250882f4d0f35b198c506ce564cf958734ac951406d127c5131f4ffd1cbf777a3c0b8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
dc3a343990e39a7e1fce5a39786826fd

SHA1
a3dc8dd2830337c67df7ec0aefcaaf46a2fc6650

SHA256
1869fed95436651378d5cf22d1619da49f2c778f7c0a3e91d17143f6f96b5faf

SHA512
c217ff4f8175ac8bb81cd0026a09cdbcf6a4a7692f8b02a2a5713c7f6a939c84a7f8163b851e55f62f54da84467cfdec8dbf8994a045824648b9e2cba0d5854c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58755a.TMP

Filesize
538B

MD5
bb4c1160b0049e1f8f0f3ea635b48419

SHA1
5c7bb0d70c8c46c99e7c2c2d172b560372d58b31

SHA256
fcffdd737c022cb1bb5c892b574cd7f164be60c2373e0f48c74e98d63bcbd100

SHA512
3874d2d2e90aa8f9ca638d913afdedc3931e7c6d3e3b5caf474c75f783a6c4df9eef9b88af061933a3fc9d44eb1169a8e8fcc0182f16ceaf1e61d36be2e6abda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39e114a47931a0a99eb1b085b20c5a6e

SHA1
84d73839661b6b73278e37b072d0dcb8df48ac65

SHA256
0b65acf463c3fadc86c8ca6eb30a71776a68e734d98e0691e5ba298c4b86c650

SHA512
fce916922fd966cf33d9a82c240774c4954e98ed9a8e5a7fb9d4f1dc24dcf034d0b8b744b8a3ccc406aad1c80dd7de1a32b4564db84d0273d3082226b2437054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9d083eb4ba060f907f6e0e65a3e60d6b

SHA1
0c1e32dafea9be1ca865ee6739933e669e019d47

SHA256
6d0f51fd972f5ae5b1e88f12550202ee2593bfb897a24d9602ba55145d37cffd

SHA512
ca7bce376752fc516652de2f9469755168dfb4526d5e895a0611799883f56715caaa95a81d9f267a379c6c017025dcb5c6730d2249d4d1f62ef2cf8d3de59345

Download Submit