hxxps://exe[.]io/LTACA2024

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://exe.io/LTACA2024

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
337	href.li
338	href.li
339	href.li

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{17227181-93A1-4624-A528-3201A877F76D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
1068	msedge.exe
1068	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
4636	msedge.exe
4636	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5572	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2512	1068	msedge.exe	84
PID 1068 wrote to memory of 2512	1068	msedge.exe	84
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 1888	1068	msedge.exe	85
PID 1068 wrote to memory of 2756	1068	msedge.exe	86
PID 1068 wrote to memory of 2756	1068	msedge.exe	86
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87
PID 1068 wrote to memory of 2208	1068	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://exe.io/LTACA2024
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc80aa46f8,0x7ffc80aa4708,0x7ffc80aa4718
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9102721869125511654,11688936682679276847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:5336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3baabc18c7d1cd9758f725b56b501a1e

SHA1
af445ee3e44e6d53d4baa2ea16d1f3dfb5424c6f

SHA256
76deea9721c6597488b05c5a54522f149c8010fbec70de0d1c0e9274aa78d8a1

SHA512
a714cbd35534639116f38c8834773c08fb3976c3f16fe907f16c68d2dbcac2acd2de25979425177e275efc9ae05f3d33d423a08815abfecc69315040446ec971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
5cf56719562e7ec900143b43a45c1e78

SHA1
21263050f19e8f5385db659c43246d18eb67ec2e

SHA256
200292123ecf5571bfb9ba694d4a1c28b74f5edc5c0b21cf314cebda3eab9739

SHA512
07e5268d5bf9d3e3a99b8965569b05c7d5184d06d32cb45cb7fda48f58ba56435f849e013b436921a62b12dc7a36d75afc67bc2405d4d457ec2482bcab2f0d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
30KB

MD5
c45131f7ae91eb0c98f9775916537ebc

SHA1
0e8f44878a12c9a8a5e7de0cc763fb5af00f77e1

SHA256
b2e36625243bda02a4df31518b0fb7cce4a9694c8f50ad0d7c58c1c0530793f9

SHA512
4b5e9c76aa5f729874498f235abdaa87dbfbaa601007999bdbdef1dc3e657897706972e6608baab21dffc855ae94d7bd5f4842ecf504402bdedc3f908d7ab0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
144KB

MD5
3b0650447674e63f4ecc8e781def0fa4

SHA1
29014308bf69683f507db387a2d6917bcdc73eee

SHA256
7f53c287b1419addd5560c55cdbd70e91e7a5fae82906cbdcd8d6d9924f9e794

SHA512
27305b0710a05fb76c27f9c39db56eb7ab2d4530e9e1a4b14a1082edf41a893bd1d8dfab60cf01a4d2e820f2ae4d8d14f278a43021ce7ae282ce0e63387a55ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
42d9fcc7172456834d9e05605cfb999f

SHA1
d1df0982a953011482b7cc5e97803a5fae290ba7

SHA256
5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575

SHA512
5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
31KB

MD5
60140bc834da90837a9a4d1530484677

SHA1
d99868b0693b332681b4db7927f3f11b3ed37607

SHA256
29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e

SHA512
448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
23KB

MD5
a4e1fa2a01ba084e60efddec6e4839d5

SHA1
23b4f262b12c80192b450a6c7bf427d30ab08b4e

SHA256
e2d40be84a74632da135d3598ea27f0f66c0f1423cda835a2ee4e5309a2776ef

SHA512
2dde67841512e336cf7f47636f031ab2a3bb40e435743362ab92c908c41c6986432a03a5a66ef183f6ef1c6e7e211db9ad0402d9c573ba342d85c036fea67de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
28KB

MD5
314fd6de476c090fb3a460db973c13ae

SHA1
73bac1af55a9e3a8c4bddcb6f47dd33fba2883b1

SHA256
470a893939ed6bfd9e81dfb23aae63d75bd5b46b0874bc3b887a4d73745230dc

SHA512
ae7b2d51f39722e16a704008bc36d3bab206998bfb504da25ff70e228eddcf94f2a47e183ef8a60d46ef143aad648f83a49c8b0c377c7692dc6a9a4b1e93f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
42KB

MD5
164be23d7264175ad016a13a0bcaf957

SHA1
c35ce3510b46a12a5ad3f73edc9ac18eb1e8018c

SHA256
4bb1ef87d7b93cb72976e936bca7f607d5dee5517dfa739fcf403a2cd130f6d7

SHA512
7dcfeb8007467dec38af535e1240cbd15e951735720e66e5887d7c69404edc2b2737fce054a369726b46b5a2038bc296b136615dc981d56cad7a8d674cb88aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
22KB

MD5
b981b420f6d756301a1db26fa0c3b8d8

SHA1
74932c3e72f1ee36425c2bb762762da2ef8c53f7

SHA256
7c76643150e0ecd6ed115cbb4afdb41942b69f2ac22a24734896b6d6eb5a471b

SHA512
7109d7e4b752f01aade27d7e58364ea333cf25317c873ffa08b5114b632b4227f2852640a4117bac626b5e1aa8d1688b0b6edde1f83e5f65dc6f66e9c13d314e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
62KB

MD5
be87ba7e57b063801210196bd07e078b

SHA1
0384f8cff41132e206882fde73a6d530e4345b6b

SHA256
1c57b06c205d185ac807bb12d1962caf6c29bf331b852543bf2a6a80b2c341c8

SHA512
42dcebe61edc9fe52ee8c863ce36e00132ab2f3e85a48f98440055996e0446d16d4034b68c2f60f3f7ec242bd455354f406c8e26f0e1ee380a0df79163f0f7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
56KB

MD5
5794c0f271b3c071fff63113025bca4b

SHA1
4ea21baf6a7b2361adaffd65d63cb93dbf61ac5f

SHA256
3dbbab7478af3c5b449d54a6436a22b19b7ce5f5a03ac240dd300f98e9564410

SHA512
c3f5ba6b9a85843d56bdbe438dc275c9e5cc24773200449d368f756c2678a469ec7abc78903afde1eff24d90e5a79cf8d2e182456770de4eaa374842d8589860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f597ca3a66519a2_0

Filesize
223B

MD5
6045519135dd750dd62b48eba10d0099

SHA1
e7f2970706e850e79a041c289ecfa5b0fa7cbb2b

SHA256
5ad859424d7115b05da8a5dd142e8fadefb71c334295c83620fca791734ef68a

SHA512
d9388067dba917b7cdb296ffc4faf7414a82ce9cb597fdc4f7b94add970ca778813400295df01aa559e373352245454df7dada2672b60d0b180ebc495133d812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e0d9272eec04de2_0

Filesize
220B

MD5
f6ac14e890617f38f8ae520ee5dd47cd

SHA1
1f5af0235de656588c9cc399c83c35702b747e3c

SHA256
62960b7888b0a254959fe9e3d3dc00e1192b67b2af3e41fc5885e39fa01fef75

SHA512
390376ad2f6a696bc330b69b1ebc322fdabe0ac2e995e4b2d2c02880e86e6cb2a21fd66acca7c27248c138282a045adfbdea00de8cc8ea2264a9faa719b46a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e9ad7242d72fef7f9e473a01557d31d3

SHA1
573e5b1fe40d9e9263767f6ebc234fac3a2abdce

SHA256
ae751aa6eb8130c6ab45825456b7f103402db80ede17d9f5595732128e0040f2

SHA512
bc2a35829b50a98094a35b8fed2659e95cff6d369c967a666a46eb135d7fdf733a25da7822fad564c5d6da234acd06575c78da0f7b2c79fb71f0539eae5c52cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32587655444399347dbe3f50d8a78a4b

SHA1
59b4fecddf38d7d13534d98ff4be820b9beed47e

SHA256
629207adc261d6f57c01324210b723277020e9eb246612ec17739ae60c5244ee

SHA512
2be51bb1a06719a1422dd20fddbf393e0582ed15a989092cd6974991aa1162c4655f842f60b7c743479d497195956581fbadbd16f624a5ba352ebdb3073500ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34ba11f415bce6963674f9d2f6bd2876

SHA1
d8ec282a7e92bd351b8b5daf2d7d40ca6e4f9dc5

SHA256
4e3488d9605bd6c0840f55fef366e314525bc9c9a8d92cebda4078f87846a958

SHA512
7060a6f18238133b134f7c07a54f570c36c3e8bc7b7980055bee77691dab1a05451fc401f421b754ec1504c3a23044481df0953f4e77f29742935d661c5b3c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6dd2bd55b5d2b068f095d788d8dc59fb

SHA1
aa099a071c391f93cb5768aac293fe366b4bdd5a

SHA256
24251411103fd0ddf3c657c5599f664700d9c275af80c3e52abc2634870e2d5b

SHA512
838908cc13439b6dd58bf5f511e9c31388c0169bec523a7327490803938f95f9df30c52229fca992ceb4700c78d2bd9fc225b82fbf7bb7cc5e61e7fe9c2e3b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e9631eb843f352872cf2b1a7812cb931

SHA1
b8dc6b3fb9f19e3d17dd9315303a32e400d3435a

SHA256
c93d9c7f5bf1f2d0f9ede46ea6bf5522f40950c1272c85822a3be057b94a6643

SHA512
07e06a475d08e013e6ff1f42d0decd5c78ae18f8a926fe318ed6d36b8e46076597481732647fa50a856408fc6ef07dcf5c94a18593ec01d6939e2932ca9a84d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ad8af06e4b85621e9d1c5df02272c81

SHA1
4aed2c29916b76c53f843464a1f3d18d2b955418

SHA256
59e55b4160db59a30855e3ae0cc47f5fd1f756826be0cca33100085698606153

SHA512
2408639dfca59509fb909410ff33677f7c2703c7dc8435b14a370e97a494623d5909682954064ce4d399025f172733ac35d3aed0da56d0168247d58da58bdb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b69449ebc0dd53ec14edc39407ae12e

SHA1
77d12a3fb33c1f92404a6986844ad3c253ca63e2

SHA256
238d66d8a59608120592b025391de91f0c3aeabf8c80878c0bf1f7b72e890594

SHA512
48d8ce7b2c7a72989d71c047448495fe1102ae4a07c2bc83f5ebeb23c687f8858b15bae71c4af03c051a8c6ef1412792b4e936685c7736bf9b9e6756b36837c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cd0e6b6d3dae4e0c85838eb50d46324b

SHA1
3e22e366310d9253da224b0edf65b8104e5c8633

SHA256
e2a040bab8d614481205cde7e62da5bb47dfae73ddff9efcc37a76950a5760c0

SHA512
2d8e3c5c2cca2812ce578978ea48c21b518aac68a9e41ea1ceff450446b6172a11b80ec2e112731f1d72bb014766526a41c4a7eee3bc869590cee7637833e136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d472caee242d30467e08b92403e9ee7f

SHA1
ad005cc0b2db690e0ed6a7c86bc55cb82ba6d0aa

SHA256
6615298283d941904bf54621685cf15f967f7509c8c8a776a62326e914cc1e5b

SHA512
311a57b5df608b0ab1538cfd41673c40f432f29af2ddaefa03d2f033924fedac15a25e32947ee50676c8b757c188c45f15f3c0997fe3a388fb39406775775fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
867f68100df05a547dda3541f225e809

SHA1
dd46b4cf46d4b26b0c32dd47dfbce0af54bb6230

SHA256
572291209223c16cc9a6f60faec9a7d62f5161bf1f78aa5198c95bcb9d459e32

SHA512
87f2b225a315d967236da039d7dabbe70184e19349aa522084f72be25765a898ac86b50b72e3a4169410be2dde03f7c657624bd2e4eb1bdf95dab45cbe4eb9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cd9e6b5108f5a03b3d1bc110ddb032c0

SHA1
ac8d35bfc44bba767f357bf7f4bd5fd2c2224f32

SHA256
0fcd77800a75b44e4bab15249ebde205bef76d873837fe9103807a89c1186c4b

SHA512
918112d87f89e44f5c54f2607034cdba1a065326960582c6d4182379a88a9540dcb7f9b3f83bf50ae8652ed08db6f19a0ddd01be90c0039af1dd305d0240ca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
53fd179c1f880986c9f17c575348d700

SHA1
c68a89d47e5bc7c5b74a44b89a8e3d1b048ee65c

SHA256
dcf9c0730dc853f88cfa08eda5e7edd811f784d9675225399c34464359fbb4f2

SHA512
bea0d52fec95397638ccecdee4601fbb223922baf08f21fb0e11f8f9997f1e205923f685432f51c2eaaffc209e8e1bc4e5c12c0ce42f5ba8208dd6084067f0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b2c65ce010a43ab52c4fda432a319f67

SHA1
8919154c6b29dab66246ad7b1e98ec85ec184eb3

SHA256
e9b3c25a1bb7cc2cf50f6c252c4c8595234cde6fe498c333582f690734292d97

SHA512
f6493032d15932aa02986b5666ccc9270fe21a99ad6f82373f8a5d248615a650700e223e7b29887d2bed3bbc4404d2e5f9c1e0a3ca14b3bed4c4dd4d63bdb0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d85ef2252cf2c9da6f463970eadaa0c9

SHA1
75fe8c72f85a70d36d001caade1680aae0740ce5

SHA256
3ab53a1dd5fa9b5a48b62fb62c46adc05f6e6afedc2c0dfe5abf9437aee5008c

SHA512
95fc07dc2f2a7dc52afbce6d90ae90ce3bcdd97b3112d335305c5e20c2b6d75e42919f71d2f92f0393c8b98970c9f79b990bc705a39695e66e42e25e6314ca5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599800.TMP

Filesize
48B

MD5
fa1a5639fed70c42f4270ff305c5ca70

SHA1
1dbaa0c853c3983f5f989722e01bd07170be56b6

SHA256
a42e7f1935286258c182003835704bfca761726657707ba87823ba6e6555e606

SHA512
24204a05990a233560329c58a1bd45c091957d80bfae62c18f6ac50b53d8af6fe53d3d1d9dd32743c453eb462535474180e21a1c153275f7263bdbd2a4ea26cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10d9b41865bee1ed763746ad28895816

SHA1
62ffc1f5f508ed659747556ccd0810977ea128e1

SHA256
93d7eabcbf6242cbff3a75ead1232666f59818035180d0631439ae64e29e92b1

SHA512
b72875096ef6c4f891c4f2799ccdf774cf51988f560639132bef5ac91b43f985e5ad38a3cc3f0dafcae80b8d6437b2bac7b556c55d2bf25610bfc13528ca4ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
914c98b5863948f626e966321f66e032

SHA1
daaa4f934260da81bc21411bff55845dfd9b6b8e

SHA256
0e83433fb2e234f91a2ee6d1b9ceb26452fa7673cb78711f8ff31874442e880e

SHA512
a84cdf0b888072de294cb9c2943363926a2dd73ff0a65c27ca25a466101bfb8e1815220016274498d33bb63f818e0f96ea096b13be8e43cdc03907ddd81164ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
48f12b9ee51b41c337798f4c7b0b409f

SHA1
f72ad7e9edcdce24a86e4294de392c239c5bd2bb

SHA256
56d33ebbb808877e02fdefc5b5c4cda92a71eed9f80b3039dd33d048f8f5293f

SHA512
a2b11474f2c37255f687a0618655d036a9d445dd8e8af809409082c55edece8816cfd8310ef7888bce0ee1af55bcce0c63131221eed98c7e198063ae7aff9d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
774114dc0207aa695da494e863071775

SHA1
7e9cd2058bdbfd878f2019fa79ad90a7f50c7805

SHA256
f881179d36f52d45f3d056fdd381b761ab6ae09d16e1992d630558bbba249fc1

SHA512
f97e6bf122c0b4b1aa7a2a92f67648d0f460e86fdc6fa78a2a14b2dcf0dfe65a432fd53ef362b8fce6a1e13509d3986e214e4062e3c15c7ebccbf663c8654fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
02312d8ff326736cca442b14823852ab

SHA1
ecc69330ebbcc6aac1be80e259b46232dae2caf2

SHA256
3545ddbc405c695a6344733e0c0a69085be92537cfb6d0bffe4aea654e2e0f9e

SHA512
fe4e27f8cff8c4fe155e6edcef870bd816acf9d34906cac9af706ba3b4ad7ae726908382099a5929acc7642e4ea7d9ad0ecbed606981b56addc8af9fe63c5552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
435d18e8cf75b76c60675a07e2a33f84

SHA1
051e1baa1370677848bac99bdec02d040ad00df3

SHA256
9d9f7bc7f6e029c50a9551ef5cbeca9d4677eeff80603876524c7970155394c2

SHA512
f75f1c20153f0facc8eb171fe7d6a0a060dbec11af4d13fcd16ce044cc017055e45e8a975b4bd1de2941118a12c4579a9b4221e2d895fd479f56a651dd7c8ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8c1.TMP

Filesize
1KB

MD5
af008b3d8085494f3a18bce5fba86e86

SHA1
db762aca1f263c3917d72ab8e1b6b3ffc508e199

SHA256
82e5942a0766576a6920b5c5ae771d1e0159e3880d910aaf0234f3c202002001

SHA512
d21c3dd6714f6e479d8763aa297bc39ca5eee0c09ca0f6600cac5be173d3bc0b566055095dfc1c6707a5c997f246ee69851e2364213160d60059f3cd39d0f834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\afe018ed-737e-4317-8cba-fd7070f622d8.tmp

Filesize
4KB

MD5
d14fb32f92956d9cce4efffeac7038b1

SHA1
4c6a203458619c94af51e42fa51cc17712496876

SHA256
554c39c7951e8823cf952c5a2bd1e9c3fc6264e274e40c029f59101a3ee0e0b8

SHA512
8e99ee86c1f4c9b121cd7244237ff9cad76c856d205865427398084dae55950bbe77a41ae60acd016c6e29ad49c3a0aa070b8eafb49582687dc8466c62542db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8560833ba0c07a53895595b5e1b383a9

SHA1
5c388c6ec440cb95488e5844814f31295415d95c

SHA256
97d16fd667b40e3a9bfc5403c8606963557e6cf29093b90fd48bea8043b50569

SHA512
7db1888efd8653a75e0dec7ce00c5d9d746cb4fe7f6627c8c4ba516465965c191ef26e6a161feea2c557070a50eaa0c6480510a626235abf805e9e8e09b39bb2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1ef05a1bfec17d17459bfbd93fcb148d

SHA1
6d09144594fc6aa78dd334a63477c159e4a77612

SHA256
c8d799ac5954ec8031ea25d899d7607f6d09f3c553c4d8460160eb2666eebbf2

SHA512
b949621a9330e40f5cb664cf3e53ee6889b1f79676b8f9c555e81831e4a025ce3990d6f6aa64504dec5ba6247d112fbb825d893e617eb9da47b91cbe91758756

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bd59fcdfad89a5a57e2a4792807d81f4

SHA1
e61c12c00ae98918396532ee9208b4f9fb94740e

SHA256
e1005e854d071fb18d0357f51bc9e1bda42b529f1114c6043fb58c975ac4161c

SHA512
82d2bf5cfc517f363e506a3ce7b3e674a33891d676a281f20b05a489b07d8dccd6c1bffa403ecc0d505b2f720a2ca49c10aa1b2c62cfb6d5d64752ac3f2e2b93

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7a96b2844276c660a59e5bd179929e7f

SHA1
b0f97e2534e446905aecce6d647269babf128990

SHA256
1cbd9e0e0a828a6b26c5b96debf6d07ce999c53158c831f242d075059b02dcd3

SHA512
e21c17f70a25d89beda4d38b7b8a8673ec1d6d9a930dd987046f4e8455481994bb0d74b75479b2735bfed975b60ccd404f8ddde3c74290526d9e10a97bf52459

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6960850c0510de9f9620343567e462f4

SHA1
de77ce47a02765b1af8d277e3284f4fe65e48eee

SHA256
3c3df384881d3e27af4b2b27110a2d0ccf13db4971b78a63c9247d09568ca87c

SHA512
74a21786e6c6c22cdc8522c4de84e1b1d604b9e920a976534f73666752d2afd168d056d965fee4977e1a3b80b42442e1068625db0abdae383aaf45a150a76cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e63c12a416740015843d0334a42fe787

SHA1
78ff9ca186e8232afbd684ad5c3af00320c0d786

SHA256
a0c3575b76fe1ae292087d58bf686027a60be7fecb3772c7b36f9a13f442dbe6

SHA512
d7971ac1e40336b6d00d461af28287190b34373fabe2df4291fd52d57c7080b8906e5c325bc848ad3917ae6f4462d997994d3dfe62174ffdeed942b81295ea9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
d6167286ea8cea772b8da69092500170

SHA1
58ae1ba98c6f6dfe2bccf2c3ee2857e593497247

SHA256
74e7ad7d84a838af00a8030b7f0830efdec88929470c7750d4e46527237471d9

SHA512
dbb8d2fb47f931bd7b6909c747a689e4e96a1d01ab6ca59c5c4ff587386a402c764ae14a4b47dccb6fa610726f963c777a68e953de2d7cfc324e646f137fa4f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
795629ab894dc5eeb33fa4ba9a2d1b2a

SHA1
9574d19f43e0ffb8ea23ccd73379db249299df6d

SHA256
3240e331d15621701d097637874465cec9355a4a2c5ec0bde101d0f03853c464

SHA512
5ca7e711639277a636ae4af3b72f5f9401e4f95ca441189f14ceab9f29b65ae5c8d10b913baf2b94414f870ec04877b5f73f1b24213a8a49fe4222f36d74c949

Download Submit