7d513bd7290428ce51f5e881fd405b3de79fbcf60c49516b08d6feddc9908893

Analysis

max time kernel
258s
max time network
262s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25/06/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89607e583ce9e70694c85b628fd03e00.xlsx
Size

280KB
MD5

89607e583ce9e70694c85b628fd03e00
SHA1

9884a6bc2ec34b5e763ba3a05762feaefd656bc9
SHA256

d81b98144e43c8b8bc9a383dc41e470dc43103f26a0a1e251b7eee10cbc9267c
SHA512

60bfefd6cd131cb193db69498e82ebb65bc3629b6184e967a52485de1d6c32e2ca1d7caa318bbfaaf7e1ccbb48f9fcaea0347ccc7ec97326a645d7e0159d4e9b
SSDEEP

6144:MY73d0tQf95tU9kgD3AmH64Y0xdOdUVe7IrM:M8OtQf95tUV7Aw64lxngIY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\99979022.tmp\:Zone.Identifier:$DATA	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
916	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
5064	msedge.exe
5064	msedge.exe
1552	msedge.exe
1552	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE
916	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 5064	916	EXCEL.EXE	78
PID 916 wrote to memory of 5064	916	EXCEL.EXE	78
PID 5064 wrote to memory of 776	5064	msedge.exe	81
PID 5064 wrote to memory of 776	5064	msedge.exe	81
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 1976	5064	msedge.exe	82
PID 5064 wrote to memory of 3496	5064	msedge.exe	83
PID 5064 wrote to memory of 3496	5064	msedge.exe	83
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84
PID 5064 wrote to memory of 4116	5064	msedge.exe	84

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\89607e583ce9e70694c85b628fd03e00.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.fbil.org.in/#/home
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96ade3cb8,0x7ff96ade3cc8,0x7ff96ade3cd8
    3⤵
    PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
    3⤵
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
    3⤵
    PID:3492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:3084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:8
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:2988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
    3⤵
    PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
    3⤵
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
    3⤵
    PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6100 /prefetch:8
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5852 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10751704807988094014,7704175030431551024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.rbi.org.in/scripts/ReferenceRateArchive.aspx
  2⤵
  PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96ade3cb8,0x7ff96ade3cc8,0x7ff96ade3cd8
    3⤵
    PID:3036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
81afc0bf5da0665d25a5dee7e2753370

SHA1
0c3be1f39d24b0244b10a55c1206a33e8f53212f

SHA256
5fccf1d8723d62ad01b16c8e53c63c38ebe68f68ec2e2218e2f0c697b9fa4f77

SHA512
81cc789f7a25a488524fbaaf46f930f03de79734d7c0497ee1ec800e5fd1f90e8e7124c55c6b8ba9d9defca243dfd6cfc237d969064cd44107bf738cdd585c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_C9A4EE50DBC832CFBC131D902FC90F41

Filesize
471B

MD5
14f2137a185edcdb34d8d5a6e08f567d

SHA1
41341712a2b3c2414a74f6787901b8e9b96d5dc1

SHA256
b29f4c1a1e45aa42e1db25c7b85dd9a66debc9ee7770c03285cd82cd919af066

SHA512
fd4f1a0fbc257a966230ac943b62a595e7127538cdda6ccb779875cb7be4f66a5cacf34a9a44b502f238b6d1f867d6e08d5caa4cdb988674ebe13ee2bdc13875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
1KB

MD5
1fe83af69b78d87a5f3e776df5bea0a0

SHA1
e6f3fb9629146fdbdbc20ad9b75327a15d43fa60

SHA256
c3045fd9b12afb7245e48998a421fe573458397c0300e8badc8e53ec9afeb532

SHA512
fb528f8f14401515b598bc50312757bc22a5935902e402637df9e7bb73b558d1518038ae0e3ccd0ec0f9099b71f209c536181823d9c44bfb426b284656297e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0

Filesize
471B

MD5
5f1e2a8d367c975e7da9592ae33b219d

SHA1
3f21a14ba189adeda503eafef72d45dc0e89fb50

SHA256
cea92b40ab5069f0b00ee8dd0c9b0ff663ed77925923907038e43679e7076897

SHA512
707b1e940aeee5c1d730f619dee3f88baef05c4abf49b0985047c6b55abb77e810785fb556dc9616252219affd09fb3306cafdec546db3107f067dd84dc3e1c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
94514623d4d86e3784ecc0eda4e70698

SHA1
f8d4903df2a36d1cff9d7716b49063c1a73f2b93

SHA256
5c0ba4299de05d6ff21d60e4eea8310327469dace4c35153488cf568cbd64c26

SHA512
f479c6d19473a52f084f2746f00088277cf751d70fa0dae76804fb167a645c4d17b2ae93b0e25c6983556f1d433cd5f9a176ea8ee04e16176ee25406e9128630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
75aa069d52611bfa0ea5096293b7e237

SHA1
51e297377fcdc0f5e08de8817e92105340f4a753

SHA256
0f66f9ec07b9c54ef6f9fa11ec284e91c395dadb57757f67a34d9b0c3c7cf9e1

SHA512
5e6a009e8b0997f82a5381770b876de8fcc47267f1c14624ef1f4ae2c16cdf19b0c9a3b43ba8377d16b6e6851d8162964cef000cdadcbfc549f241a86f7e4e56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8

Filesize
472B

MD5
a3571d34f5b8b21f215e9f7741503655

SHA1
9aeffbb1e885a9d3ca6a80b9ea9d96346193f800

SHA256
427819dda80f151bc4bf07c10979ffce10ad076457e0f70489e654bd29ecc79f

SHA512
63dc3091238c4ab19399cf054d0203d82eca5c0dcba8e7f43d6608efebe94518bcaf5647ab7776de2624be9bf391e1182b571f93248f0738cb61fcffb5e9d295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
41255323b3dda5f15627c16b136dc4ff

SHA1
c4a4743bf4208579a414ffbb4a632057d5b0b3b7

SHA256
89fc4663612e48175d341bf48d4f63c3bb0b606d57bf522370fba54dbd8606b3

SHA512
c1fd83ee3d71b5e15b6535dd9837930cca4dfe5017f78a8147d1616c6185fab6642343ae60b8c3f80dafc65b643be522c3cbeb618e992bc021ffcb4e1d657b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_96FD022BB80715B9425A095D4E0FAC77

Filesize
471B

MD5
8049ae50c8739251df7f45f2a386c398

SHA1
821483def4d47f538af762cd302226a77dbf4c1d

SHA256
c777d870b4ea02ef5fbfab3987bd8e08bec999621e374674a2bba0e433fc3d4a

SHA512
4619f2bff2c66b71a6fb498093c82777e758171accfb65bfd1908c186fa4f97298a07dc18c293784cd374edf74b879015aed3a422ce4cd2fccc87a0c9a1fe66f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a87dcb3ff6c9b7efd303360b8596170e

SHA1
28dd11b7511c7729639987a8e6931a41b1e54f0a

SHA256
81248fa144ecd74d615555d5de8397088524768289af055a2713f9f378171cb4

SHA512
b8868ec5ce00d18323e1fc4cd9f3759b33edcd4c951a6eede87918b53c56093f9475c53131ecf3590d4930e401dc7ecf9335354cbc1d8e4487d66c83b6c0d10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
3a444d2f47b37e3ad9b07f28412a7078

SHA1
f637e38001cac063ef72e1335161422796576521

SHA256
467fe51ba836ab72c83b93ad369a03a19b12896bf44aab5cc71988031682fe0d

SHA512
fb505fa7afe648d2c6659b867d2fda376beb646f38668df6cc4b7e8d713cefb876c81bcd596bd5fedd9c360173dec9fd45450f26467f7feaed428b4a6d550d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
623a702a61c8340ed3c6730bc11b8fe0

SHA1
87a2551712cc695c5b6214dacfc19b5495639232

SHA256
621ad018c4f85728559c57c337bd035ab0b11094c2ab8a7af2efc3a11c290075

SHA512
efa87dddd17fc9e64f1628b969521968c1890ed113e819e6790e52f0e5812b18f0c2279dddf9ad66d8d977a899474e1f89b4e7a134e25d7555324e10190b7813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d4131060ec438c83056fda1f568eb165

SHA1
0374809228b308ecbcb959335657b2e67cd836c6

SHA256
d7397a2e8210f010638ff825533042f8e9d60cd429f5d70e8cf43f0269f08a04

SHA512
f72b8a3597ee3ea01728d42ee7a9dcf68030e0b7f2493d5ba35595d61fbc943734133837e2ec8c34df01ea83af27497dcb2ff83b40e428ef713e10cf86075ea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_C9A4EE50DBC832CFBC131D902FC90F41

Filesize
406B

MD5
c2ab174d625373eb540d08633c49a105

SHA1
41aa5e43d3136598597391693665418c06eec11a

SHA256
e0b4cd8aa040303e47437e571cc390986166d8f210a157276cd999a5112b880b

SHA512
2459e11da50c2569074c5cb5b6b9efbfd306b272fb019e8449a6641da8a87d860aff747ce707b62b694942ed588f4e9cb0c048f7e6e52be931f964f1f381ae80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
5928b3b7e349cab85c2397d6ee49a305

SHA1
43454dfb124f5c26959ba8ec824b77fe6ddee768

SHA256
dc4f79cbabd061b34319ca46baf219ef942fe65474339598c904f984259b8f58

SHA512
641a112d82e0156caa9d4f057912b40508f8599250b2f9595bb7025a4cbb897057e1cf261a8f007d63aeeffd774952029e1fd289db54b9b5cb04147a4f4c7ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9F6005AF34C7906F717D420F892FD6D0

Filesize
400B

MD5
09ff417d3fd77951f7ff43faa6914a1c

SHA1
937e7bd70783337d0dbbce50135f51940c76247e

SHA256
cbbf999d12f4c1959c1735692aa0bfc2cacdb9d13a39235ba0b26dd70e68611c

SHA512
c48c8341f31d5d17b117ec953adee1b708a9a8cad42a3c686859a25f1145b9e95c444c2acc4b5e8e2ba7a19d8591fd6f3103071791c3c8866c7f3735917fc685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
ff8aaa138c40f607d0df9b362f770538

SHA1
b514555ba02251b22249b2ae15195919a684d75a

SHA256
d7092dfca179ab74cbefe3e932ce693aa1c504526a5236df80760acb64b540eb

SHA512
f3337c0bd4cbef8ea64b5501dc62aea91584cfcee3e720fdd98dafecd61973d6bbeef6710a1e2ebe281a0d2ccdc26f35d0264bf633e0f22d46263caf1fd9328d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
7d48274c8b67c1ba0179542b3d1d3314

SHA1
49864f85b437d180a75f87f748d6402a249d9283

SHA256
664351e7dc4dc423a984cd8a2a3f27dcf7205986510856c8977a0b0518df8795

SHA512
55623ecaa915976cc1469c77ce1dc04aa33930a3f2320925ce6f9fac27f5eacdd7a97798f3a43b63432c028b4d13279128db1d3526447fd3aeaabe5fce866641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8

Filesize
398B

MD5
e0eaa50b065025e1916418fd9a3c6fe0

SHA1
2553708035bca2e67432bc060345ee674b80ee4b

SHA256
e231eaf86900a794a90bd80fded371d142d3beed87cc6342fffb36762efd9f40

SHA512
a6863a0b4548a4aa03fb96da7491e8d07238072968a13c9978910a7df529c73fb67248469c078cfafb7eab76266a9b832cfde9c3c5597788c0e796b050cf4fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
b153970a7f09ef03a9cb675f631e1588

SHA1
fe6a410ecf778556822a77dc7856beebd841192b

SHA256
d665569d7dbfbb74e5e9ac005cfc32e3021ff6dc54ad7203456365ef0b316530

SHA512
99bd9de1ab5ca2daaaa88663708cac1941e488ab91714ac0ef3e6a6f1dee2e707892a4564680c39ee33eb7ff9c7dc80497e90febf5067fc557204bcb42cf60fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_96FD022BB80715B9425A095D4E0FAC77

Filesize
426B

MD5
61b527ddfb5f441cde94a6f2da7d7815

SHA1
62b91a47f061c8dff09dc51074d275be2fa3ca29

SHA256
bfd6dd13c3181e000ee816326b716ca6aaac75803bc0c39381c2838198041c09

SHA512
d288bb999602487e8c3088aebfa3aba573b80423a5fb6b82bd7df23ed9b07003e29f1e890d25a5fbc6acbe9d65559a4b97ecee9c3a5a06d4e72a644f45b7ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
99bee033f5f965926c3f8221e5bb801b

SHA1
4fd664203df1c53746cb29158d36392b10bc6b7f

SHA256
c730309db783cb8bfa3bce11d26cb6c8e484a51b83f009be9a29fbe792864dbc

SHA512
7ba5f4736189b87343f521f754698ed4106daaf2a98109cf7887329d8a7d5299a88e67f9d1aaf3e79ff772d1910f894b61c926e1f2eeda193e01653f7b279f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4126b641b8564cf0caf597f1e506f199

SHA1
fb13a603472a9f68a2c06f34e8bbf7fe08cae0cf

SHA256
0d785e270faebc19e1bb917004ccc77a6f7494cb8b7401d1df60d574903ac9a0

SHA512
17a92166caa78d09593051c10d874b950b52771dd8dcf830def9f2779adaf4ba95b383828accc72fa289f310de6377e2c0a01fc1b604cab0bf600ec4cf55deba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1b9e3c96cafc8b049e369619f95731bb

SHA1
e5370e1943a1c6ca2d0710ce91bb9308e245ee8c

SHA256
0de3433333dec39011514f06b7e3110f5a4a873b5a24ee4708f90b9f66bdd9a1

SHA512
9f617a92f4f7b95c2f93731aa2ad619a97d4d8230eded41b834c66db3fe76c531c6a13fcbf33fc371d57d36362c8df9ed0c2097d5e672f40f5ec239c12d90963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0db6110f8f7d82e7a8b09cd5a1040c96

SHA1
1454ec914ecea3c7d2f46e04ca6dd3b47f5a1ee5

SHA256
acff022942b4c02752c28222165e3f8968e9b54d8e70bc287ccf2b577ff31955

SHA512
467597981a5a1a6dfcdcf24d1c73e74f2428e9ad64f494b9e43b69bdfe78ecefc9dcb452f4250196c367e52e5960ae0e64a09613a2c475891aa6592676ede8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1472ae30225670edf7f565f2e2471673

SHA1
d0f027f14202d3f4e97f88bda696f2b7c76f5349

SHA256
82ec8084662a4c96549ced436af8c0f9cef7ef4a6574859636f4d94d5bfc4313

SHA512
4b72e2288fbfdbb47a29e120c8d389491cbbf7270037cd30ccfff7f26755942bfe578c4f59764f65efdcae7117962ed8ffa893b22987ce7994eab059755ff6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ecc14053de1800c84c840ec3cc00e725

SHA1
2c073f1872cd32415b14f34757980a7b2c3a8260

SHA256
60ec2fd70841c54851b8a77cea7451d69179aef7ede6c8dcbdea3ecfc691efbc

SHA512
594ba5561eaa9296dd6c64a61eff2f4495924c0ff8d70c92c229dbbe2d5584675a5059ebcbd87676ba0088457295bf61bc222bdff9ea575b1552461a153cc464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
09a9dbcfecb6c5de1b0344519cdefe81

SHA1
6eeaf4675aa24c8c054030e00ec6f08076d4b85e

SHA256
f9f3317d8aa69b6e30fca4b50feebf137ab4c2a38fbb73b3868f45933ce4b186

SHA512
419d906498af27707dd9a2ee01b2558b14018b8c743d7b4c47760f25fe8b869beeffc862e626fe1db1d181fb332b4935201b7ded5ce977c68424aa15be475dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
820acefefb66db4e91cb8a27c1f10dc8

SHA1
05d8c6ae4c3c7ba29922e50dfc7e48d97634ae92

SHA256
c651fb936ebc3377a6f0d0a134494179b52dab4200dd76676d7e1ece6501dc59

SHA512
92561691866768d2026c311ab662efa98e9da9fc7750d8fdbf9d56a35573b71bee913cc9574cd2d3eefdea845858d030132ac1a3f5221c93b20d5c121fe2f082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b23c9e421fc7a43ee4698997761880a

SHA1
bb0482cb337c81d568a994baaee5d934005d4d88

SHA256
f4618cbcfb2fc990b768c77142f3809c23f15f47365eb31005f7b678637e2146

SHA512
36eb634cec8cf6f2576866cb594201a5c5fab370a4b104f1e094994d29e04fe219c3ebdda5b098ff806f1b7e177971d436a88239cd6adc087302632a2d4b7a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb4a42189a64f76186d292a21c2fa98f

SHA1
84eb91bb1a086bae4b7408e27f38b80d593ed527

SHA256
6bf999e0084e39a3ec7cd0d6018a0d2ebbb25ddfcfd7cfa2cba7f48693ba34fa

SHA512
0f2db4ebc43db90fe9c8a55ea22471a6ea8f70ae71abb4271ad4646ee62b45ee0eec993a5c2a0dbbc7c484760a6d5612a9479e2eaf98ab53d6e205cd4b4edb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53c733b07d243157f729cd30abf02f2c

SHA1
69cb46aa2f13f57f8040e4b8cfbbd45d3bdbd8dc

SHA256
ecc485d6598992efe382d7293d0a385cd3de6672c5f2db4ebf7e0b2d31f16b65

SHA512
d7819f23bb145547779a47d1473c5fc4859fdf64c17b2e16fec40382c67b8b0fd5edaa6c17aacaa613c53b268ae4e7c17355cdac77b764e08558f33aaa8755ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
37cf7b0cb41da208df42d49beb9c7e0d

SHA1
a0fd2660d2ed0451db555396ea038d8408ffc5ec

SHA256
f7e112397aef93dccb0946c524fd2048883adc4f11b332a89475e701d3c36708

SHA512
41eb5facc8c1bfda8d3226e839d8594d8ec0ef3e442fae9e4ea580dbfcfb155953ed2d65fb7d2f93264027a8671cee488035bc7b6831d8424996da512bab4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59db33.TMP

Filesize
48B

MD5
99bd990c4bc3cecc052d56804c0c999c

SHA1
96a8c325c94f4d8bc00ef4588e80f9e45ca25e39

SHA256
13f1052f85e14775f7f527ad269350752265b450c7e88caf999772b4bfbcb3f3

SHA512
c917e8e3ad2b28b87046ce97319b3e93e214287bce3c82fd970fcd920e60efebeb97db5dd331a3c83364e677e948cb9950590617ac1293a77be0b3cc81915ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1aec54817a428c16d55736c478d4665e

SHA1
590d5f6d6bb3ce0e3960b8205604ee4641d9490b

SHA256
ef48d104d96ca4daecbd4c6ae7c09215e4083780677e972456e2e10a7db2cd04

SHA512
504b724b4f5c7d486f8ede90449be0ab62ac6ec172bdd1f298d7c0fbb077033b3d269fefd91cdc2243d1d78daa0d5bf402b1351fb24b2a6b015b13725cea426b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7223fb71c97421fccb5d4614361224d4

SHA1
7f61c313ac641aab3c85a22bba2103be50ea7648

SHA256
f7bab9f27594d96d6784e17e9b7712dd9b6f54fdc290344608c6a80536e12db5

SHA512
a08aa01bfbd6ef36f3590ce028ca486bf27d5cb876a3e4cad1d3d9ad39bbc5e070b17c16a0bdc3ca34896082063173f0c9629440fe9f44772fc2fad03bd17e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591592.TMP

Filesize
538B

MD5
63a54b2601178b2b273c10e71ffbc118

SHA1
5f7ff78f433ba0ac6de58d9e4c220d3c852ac9e0

SHA256
c5c3acbf69fa25cfb0584c4a17ef2b57cd3c17ed40d1a9be6d903772888a9301

SHA512
f6ad9e754329d36b396dc7914d5d5905e8b1c57c18f04dbfe6ea22a541e34b875e71a0f675fa7da735a887d06d3e5a76c63d471232ce2e04b6a9d8da3fc7c206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d5ec644ab8b2c33e8a63a39fb67adc6

SHA1
e9a969de852d52457de798d55a57469e61f62284

SHA256
99f1a4f61a26e106b8b4d5c0ffba80eb6aab2585b16bf474fb790475d96d5848

SHA512
cf1a252761ed7a0e9926d455eebba8176b8c6c5e87749c9dd87fb93e58433915b6be6da4b9b58223830d48c7076312ceb8fb78d3fa27b03e908ba24b6940cd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63cb2450644fd4fa558bf823ca1b6823

SHA1
2f695d97bd2c6db3b26d061e08641635f931dac1

SHA256
8e66d75a7c25ecfe69500863dd3af8db5b8f7db5e729c7169441caf5436c09ee

SHA512
3b23322831c00037008294edc1d3ec66287c1470495f6976e1361caaec28c44a3975b2aeb153b9d190a365ab23e0667dda1e05fda132cccb825c0cc7f2317ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26d68e1e1391fe7aa9b3889417c8d342

SHA1
10cadfa96cdf2447c91d0a3c16568aaa24fd1664

SHA256
c89fc8a75929b2e4b08a484412d40d590040332fba197bd3f8cdd16a9ef8a43b

SHA512
2b583c779ae7bf438796159903308619c1d0b208766fdd311a8dd5a4520030c10e498d5d3b098e13167c710d33f4318362e4dbe125c11a870a3e7bb829f4c752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
090d6aff22b50ef1c91bf8205e9c1bf3

SHA1
183619bec663d7d6833860fb87ecee7bbcdf0b8e

SHA256
69986cc3b1ab4cccd4349f7d6f2ad54a40d8d501cd895e40f9d56d4184c4772b

SHA512
68ca7c18fb59cb21d0c96dc4f4f296659669f632d4b0040adc0f802e1992722e0e1abe5223b9f37ea8ee9390694b4944953a56e28058d3683617962943b723ea

Download Submit
memory/916-20-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-3-0x00007FF952790000-0x00007FF9527A0000-memory.dmp

Filesize
64KB

Download
memory/916-6-0x00007FF952790000-0x00007FF9527A0000-memory.dmp

Filesize
64KB

Download
memory/916-7-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-2-0x00007FF952790000-0x00007FF9527A0000-memory.dmp

Filesize
64KB

Download
memory/916-1-0x00007FF9927A3000-0x00007FF9927A4000-memory.dmp

Filesize
4KB

Download
memory/916-5-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-4-0x00007FF952790000-0x00007FF9527A0000-memory.dmp

Filesize
64KB

Download
memory/916-8-0x00007FF94FBF0000-0x00007FF94FC00000-memory.dmp

Filesize
64KB

Download
memory/916-9-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-10-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-12-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-11-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-13-0x00007FF94FBF0000-0x00007FF94FC00000-memory.dmp

Filesize
64KB

Download
memory/916-0-0x00007FF952790000-0x00007FF9527A0000-memory.dmp

Filesize
64KB

Download
memory/916-16-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-17-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-15-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-21-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-19-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-18-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-40-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-39-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-38-0x00007FF9927A3000-0x00007FF9927A4000-memory.dmp

Filesize
4KB

Download
memory/916-35-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download
memory/916-14-0x00007FF992700000-0x00007FF992909000-memory.dmp

Filesize
2.0MB

Download