338e20d2de2d43bc339486baaf857c7ab469db6701e7a287c2197a402d212ea3

Resubmissions

20-07-2024 05:13

240720-fwl4vsxfrj 5

20-07-2024 05:10

240720-ftxsksxfln 6

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20-07-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f.html
Size

694KB
MD5

18a8a0569bde7afd867d45738a773c03
SHA1

b6cb2a5e96461ba5f009bd5878b42c40c878c9dc
SHA256

338e20d2de2d43bc339486baaf857c7ab469db6701e7a287c2197a402d212ea3
SHA512

f3a682052dfce3bec5f5bc7b0000e65eb25934443dd8e4e0602576a9178c7c543d97b21cb4e072a72dacdb95c95271ca3fe71486a983c7764e84e817c2728cc0
SSDEEP

6144:d5ZSlLmetxgpDGPJ3c7dEzR+W81TVznYaEjdwI:2txqdVzYaEjdwI

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
29	raw.githubusercontent.com
145	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3766757357-1293853516-507035944-1000\{873A7990-343A-4798-8821-4291C5D20889}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraB.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4916	msedge.exe
4916	msedge.exe
1432	identity_helper.exe
1432	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4920	msedge.exe
4920	msedge.exe
1972	msedge.exe
1972	msedge.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6016	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4772	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 2324	4916	msedge.exe	81
PID 4916 wrote to memory of 2324	4916	msedge.exe	81
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 5080	4916	msedge.exe	82
PID 4916 wrote to memory of 4116	4916	msedge.exe	83
PID 4916 wrote to memory of 4116	4916	msedge.exe	83
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84
PID 4916 wrote to memory of 3956	4916	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb3cbe3cb8,0x7ffb3cbe3cc8,0x7ffb3cbe3cd8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8281325048751993830,8615551515284163904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:5664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3200

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0xe0,0x10c,0x7ffb3cbe3cb8,0x7ffb3cbe3cc8,0x7ffb3cbe3cd8
  2⤵
  PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d33f465a73554cd1c183cbcd0a28a2

SHA1
f5c16fc4edff600cb307f762d950500aa29a1e8b

SHA256
22d8c228cdcfd3e05431d7377748014035a3488ad3a0d4aecc334e724245a1f9

SHA512
7cc94f77f3943143ee86eabbfddcb110ce52c6ff0975842e3a3d06072f51f2c48914ee61f24484a539888ad19a7e6a1becfb029485cd5984bc736434a63cee95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
575466f58c7d9d3224035d23f102d140

SHA1
2fce4082fa83534b3ddc91e42fb242baee4afa1c

SHA256
9da0e657652daa1ef86af7c3db62b0af9cce372a5f765c98c68479922ccf1923

SHA512
06503e718fe967076dd8a061b57debdc663b9616b005f8567099a84fc7184880633079335d622c243918efc3356b40e683708fb0583084abeed7db6168a212ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
43KB

MD5
3e4c95c68f28bfed38f6f12a8c2f197e

SHA1
0e29b9a92f4cff6fd69522f4b972d7dbf000f306

SHA256
256e9bba80d098d0a90f0a4e9f6bf7ea0a6a50a4847caf5e5954a921fdceb8c7

SHA512
01edfcfa99b35c1d60e29c0299e800c47163b4382c5144351b6635f4a6092b5be87ac9b83893724b98653acf8af1277fb794da4e7c9f5b53df00eb7b4f43378a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
47KB

MD5
818a47b474bbcefc3e2a2859e374c9bd

SHA1
e01df60fcca6dd035052e1e823c431e0f05eda1c

SHA256
ec14646ac9285ab6dd258848f4b811dde887f353977af397f03fa54dd30d8880

SHA512
7b65f17c269e2c550ee006281d58a5fa6cc721d40c35a21319491f8d8c0d0814cfdbe426708680ae4cce40d9059616a2c11544dfb6b429b61e768e7e33b5cfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
d0628f548ba05937d5d362bd446fed8f

SHA1
7f3c727aabb43e164ca144b4a49f6e2112b4dfc8

SHA256
f8a80d568f92e8ec37665c04cf0def5459529fb1d62beaf15d6184e415e888a1

SHA512
88feb1b279c6cd06add8f6555b5dbc5e6307219dd16c9a1e4ef5146e966d7d0a54515e9af670857ba3eb47a986e6b4bbd9e883d5f49c359f6d5658da5ec4f43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
96KB

MD5
b38ddb462a289020ef3eadaac6592d89

SHA1
d74e00693d27a65f05fada12d27edd4d661b65ad

SHA256
2865e685724c55dd09905be343d3b1a770d01067c7e5abbd3cc94aa916c18fd8

SHA512
4bab620a8d26617b845df7a5d1a71939443c80b739131e5ed3310acb753f2ad7a3d2002072f030675203adbcaca0378baff4dcd170822713bba96f61f444516f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
32KB

MD5
b9400658387efb96b4f53ef18bafd18e

SHA1
03e9ddc38a17e4da4a4ec04d869cdadffaf81860

SHA256
029ec346019b538d20e2b2420c384b3a6c91a31f8e9c3ce386f7b111675a2e44

SHA512
1f094defa20a97eaaf696d7c9138bca987da80875901d25ae05994618b624e1df5a4a8dceb9331f122ace807187452d3d050bc4045049425f681000c100a2c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
9e911b560ef85d4cdaaa31bfce1b7625

SHA1
6f9dfd612af869a5b152d9b8fb39efc8fe8e7eeb

SHA256
ddf58272d6555db8ae991ade84f7ea3c3c0cc3e7936c6d9e1c1bbfc47dc34816

SHA512
d1d84a3e6e576c828503130d3f59758cdb46b3253ac8bdd3de31f76c1c8927aaa5500c2c4e7c07668c55f50e453ae2e6b2cc5bf91ebb383e9007a420bbccbebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
20KB

MD5
3d45f254e8b71f5c78cea03839c0e779

SHA1
24b9f2e23661a260f80cd9d0ae2e389493d0d858

SHA256
d03b922aaa69584200cd78d48c08c685233b4951e11d31ede88c25dc3ae37781

SHA512
b7825222b63e271e4d9a443652d86b3b5ba2828119dc360683a513ee8cf5d9fc7178c6ac2764c74ddd17b203d75659af5388c7c624708c24ae2946dec87798e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
32KB

MD5
39ff2d31f824372013ec02c3ec98da39

SHA1
ce6bbf746f210a0a5489c301ccc09927ae816d36

SHA256
837433384474272fa171f4386b9815a99ce20504ae0d8d7ee4bd9a006a3224c4

SHA512
cde0fc49134b49c9f39ef98210e391d126eb64bc6bdb96b67e22793754bdad2d7695b817c3b64b143e71d5231824d61b7a0c3b14c1d42b7069d60c36d67158b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
61KB

MD5
f1ff4e46d933e05ecc83dfa1114e729d

SHA1
72e74dd21a058fab579a8a93bd3d35573dad35c0

SHA256
37816ce76649d9912d61e0ba4c4e573fe30021ff5f6096a328889914eb1be6d8

SHA512
b723e2b2eb28d6160c6938ec3e0785335e99333d43ccad4bd0b5eb464ac80fe1dad99245bd2e400da7e04f6166a4ea6da400faf3bf25f68bd49e5ca957edd125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6dd0ac73f23fa266d7d14aebbdb6cdbb

SHA1
4bc2bda92079285ecb8c896cadf7c94e98a0536e

SHA256
81f96583a70886fb6e75b0cdf10e2dda8e88de8ba674418af208d42cc051368c

SHA512
9cf95e3e93f16e0c26f2d1d94628b1980d2afc5ae447dced07074973c552c5fd48f6f4b8736202abfcf4bf960f377b3b1d7dc78f783d420e34cfb2406aee439c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.fandom.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
9e3b4b05174560bc474857eb827a450b

SHA1
00ac2368f1cfb98d661ac2df9a186de523110112

SHA256
bcbc561c15173ca6e8e5730f84f977d80f91267fad9e36f7889380af02b235b1

SHA512
d6cc385c3592b8784c9d282e0397571d5236669644c51a85edc8c31ad6fe5ace0e7512cb5e71dbee7e50b5a87b4f798943e11357f4c2d41e3a53a0e570599246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
cbb0ddd6863bee5679f5a63875a442e2

SHA1
8a5aec176181327ff5df90c9482be24d75883cff

SHA256
333c9b7ef129aed77f00986ba533cba6f3ef12da29e8674a4a49e4a1c49b6aad

SHA512
646bd1a6e249d631e28b50e0568f694a1e87998132395079318501d22b4695f3ff64613796513dd7f6735e3407c9fa24edead9797b90c19caafc52abf1f86813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b509059d6ed531858c519d22d5d40bd0

SHA1
f5a63c14a711e71a1b1cd54b22afae6882abe95f

SHA256
ce1b7a53538f68dcf90b44af3495aea4a212a71c845a4b72191d79e278127f97

SHA512
4ce8f8be7a1cbb3198e0dda740f9298f02e9c2b259eda0060c4f5dfb52524ff1b8f24263101dd1b1a5a96fac0ef4b2a0f5c782cc4806739ea2b3479c81454937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90c774a6c2de0d15178546451a037f0c

SHA1
3b273ec9fece4e0b3ca49a19438aa48411964d51

SHA256
a0d5cc91bffea01f8405137d00e219c269144f7409ce7ed61c0cb78994305ad9

SHA512
eb493269074f4eed24474c5de83c3dcb2adb2725e6929f7f8c203a060c700d2bf7a89b4b8ca3eccc44e3002188d75773ff2bcf276a654e193de98aa06912bde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7924b9f4ecd60cc8c1c1031ed70afb3b

SHA1
d4627174132ac4b71377706be7e37ee9661aa9b4

SHA256
0cd8d65ffedc282278023cde241494b63031b5d32386ee9c76d28d922d531857

SHA512
d0069557d339de84de1242d0f5f31c602e36b9d4172e7a2fb939076975bea56641d4f2d5ef53bb0b4b9ba74c9c1be116eb250139a0e44c958085170afc674812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f0ad2a6d41a992f11a990e1985dcbbb9

SHA1
c81b8505dde852be8d48abd693a01e068c8e4571

SHA256
c5dcb138f137fe0ea02a24a21d454ac9ced76a0e8858e6e742db326e302290bf

SHA512
948a5f06cb5b6ed728f31463c08c8a1536a5464e6d53b228037481d98053bd56af86cd69049b1ce067c3aedadf4479073a394b1c59d49216273cb7edff785c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4b8dc6bff85624286deb0b09581f44e8

SHA1
d781ac458ff5a9a6d424f9397f1469a03f66ffd5

SHA256
c747d4d1e7e1eac0777c519aad8f26147d519e2b95202b22c3966f31bca4213c

SHA512
d10221ebff6dcebb11e86f82532ed66ffcde871ef9fdd0a97f5c259fb344dea8b276407d231fd58f6c53e58b582a1e2210d09962c09435df65fd80c92b1c1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c7788d30c11b3ee6c2629f16969bc716

SHA1
35786d43e471531947669d94e3c301fb444898ea

SHA256
2dd4baaafcc5a12b90d110486a3cb11cd4328e5ef5eaab4e2c2d8636c418d0c4

SHA512
a872231e3266705418198a3db03fc51422fc75b397ccd9ed609a2e5a037889c7a4f832220281b69694daceb497bc2da69a29e5f778a8e37387da58bb5dafd08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
43887d74e35d1f81ac74094b0ab1a537

SHA1
ba06a486c16db50ef1294468da02617750ca45fd

SHA256
6c47f5654bdb319e7bc95c904e9bf1600d92d3e47d80e349f70fada7898ed0f0

SHA512
84539df915828a8168bb76883da8030b610b57c87b9f54e0378c8001e2dd736cddcb24c5817cfd1d45ac9bd5c8be0b9c463c19443cd27e6f545a364c048cf745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585fde.TMP

Filesize
48B

MD5
10f5f44c682872153cabf52e9868c507

SHA1
e07d02e2435a3897ed2827dad24b47ac74349554

SHA256
8c868cdeb938dc0febbb60472d9d69cec90a56e502f8ec68d09a5c61f0e29a27

SHA512
365451555194626b8128ff7b66bb855d085cd7aa19472661be5f9dc6e8bf297857eff13896ad13afc95f59537e22952bbbcbffb4a3126a3bc147b7eca06ff4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c89814577c5181af39554340a5f6a239

SHA1
97043ed31fe57207b8f7ba26d4b0d73585c74021

SHA256
530b19b0561b960b3124bf9e8a2bd6865a9945374a097d9cb0606ee0f49038b9

SHA512
2cc70fdc656d7dc032967d87384de77b1cce711dec264db192b555b46f89b14eea723bef553a44fd0ab0c7f16961b1c8c0e0b289218650e9bfd944d362c879c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
32cffbf013e7a413ecdbea1cbeab1abe

SHA1
88f4a67bfd0d1a2cf026a950d1d363f2f44b1480

SHA256
0e780feefa3ee27f1fa72170e3e087b258aa25b254a79dc706a81ed3717281c4

SHA512
5c3b843ea0380baa93a0af51b3bccdd8e41fa4cdb78d69c54d08122c9cca24f5fb100e21fab8f0320d9acec91a3d60cc6c08914381a58dc0b69b62baa0f88ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
916664b879011ef79de445f751e45ca6

SHA1
a18fec3ead4521ab0220cf5f915e7b21742176f4

SHA256
50decd74c8430060f2b1a14a6966c0f15810eea25b09af2029742d3db527a5e3

SHA512
65acedba4b6b503a3eff8264ff8256ee835c10d0fe0893bf3c017320b4f91e2cf5800706fb615ed1259137767de4900b397d765262b3514ea2cdfbf5e3a7dfcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d0a1b4b0142b5f61ab46355c94f7ca87

SHA1
789f0c1bb78afc846e3c05d039bc859fb617db85

SHA256
e2fb341840b69a1fc09d93d6c7154e746378015ba9a83d74216e5ea6ebe35307

SHA512
08ffb38d3f7f619dd1ebb71a3ba30324fc75b43e9fd0f3655955a4c7e428dde2aaea446291466e001cd89b9f80d6b00bd681631eb0ebaf8fb2b6427f406df0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e18245abbd428fbd57f548e1eb231530

SHA1
9abae46c607133e141c270c359ea11d57f76ccc3

SHA256
79162d6402900118deab7ea5f68cba0106bc0564de6057359074a712c5f9540e

SHA512
bd0d233d701e7087d84ed8d8fdb21e8ad0184676b189979aa4805bdfb9d3a05849f170bb4a12d35450bc1a95ba4429b4bb88971428901acf877e98f50bf5379b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582a09.TMP

Filesize
3KB

MD5
692c650ef6e392d83d33d3c6eae2bbf5

SHA1
fa9a0048c98bb7a960ffa91cdb40c12d106ee923

SHA256
7426e8c32a5a2457f391d0cf3b2046e7a016322a2090ad5d29efb36f986ff199

SHA512
3af1dba2cfa8765583fcb17af7d480a1e8fd4c09b49febbb928542bccf519f464d700bf11f21f9f0bef02fab263c9834ba7dd873753a5a13c89085f32141ab7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0e31cf0c13f81bf0a37809b0dd9acf3

SHA1
b3fe38db8dbe1bc59a59f683886678bf8912b346

SHA256
d6a4ab02f7878966c92ecdd8bbf5f867d5c2b97b58f47b9ef9680241b834cdfe

SHA512
aad23e8d3a3072a997edeb9c4d845e516c39728a45f87b9063af71ac4f4008e7fa63900268f7af2cf40e1d96509210f0360920a11398f0b4db8b2196b44ffaf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d870305ca1120fdf39b5d25474ab5493

SHA1
55b1bdc443b0f6c1355c8f6d89f661ee6ee3da4c

SHA256
aa40aef3b47e47c74da9d392be961fba72de6fd5720ca024614550ae30060dc4

SHA512
ae9f5e88a649f32bd5377608fa6c2f41e794f98f12e4634be352a59fd64fd286b9c3c4d3a03e0ee452f0c3353a562df0685c1598a6f6644c7135f6cca29fbaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf332aadfe45461c62f66bef2b360e08

SHA1
b98f6852c1e29fed56b275d33104af02772e0c97

SHA256
59bdfb00eaf15522814ebd4a1e3ca867d4b8a7517e8df41dcf98c7567a0fa4e1

SHA512
c2b5e0134be1f05ec768b725864d05c8e7d2a362e17c5bed248deadcf22ec346f03db3bb3128593f9f90de35cb3e3404f45109bf1f4856f1a074669a1316d539

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
f14d35e09a6dc5894408e3e4d2b71cdc

SHA1
df29ec121d401c6894fa1abd4ccc73b164b2beff

SHA256
8880a0b04af6e95fed9d68f98585fa976416a373ced4706c535bb37a8820d984

SHA512
e5ec58fc970dafb685f6990b213447e9fb4e40a14c25a79567f619d68be5b05061ef736110026d389c343573e30fe134d0de442b53593af54dd29b3c446d306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
41f62efff38a9b0557e99b64771c82f6

SHA1
6645c784761332151ecd67117935a06d54f7e202

SHA256
2caf7f293bf4c39090340fa5b10d3d68b55545fa9af6b2249f9a203b3af2a4c2

SHA512
e567b0aab4d6406d7d7211d82173b2243fb3c37f56a9efa912cf6b8b59e1dde5441ec9ed1a14334f055ed4649afe300ada2309c4d7188c26fb11f75b966ea61a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SolaraB.zip

Filesize
5KB

MD5
4ec8143b6dbe27870cf8333711ff5096

SHA1
693d467ebec348469011ffef1bd370b113653147

SHA256
2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

SHA512
b513d2b9c63d999ccf459cea625bfdc481e44f0f3222996182a0d0d89fdb97ed754b927c7a429e43b96f13d2fc73e2860edca78b162a41101ae97e1a0f4e054e

Download Submit
C:\Users\Admin\Downloads\SolaraB.zip:Zone.Identifier

Filesize
144B

MD5
d2f4e27c3525699dc6a4e70864c814fe

SHA1
d04d018d5bdeba76d7682dee65f15983e402c904

SHA256
44837979ab91a37f4271233e787ac152826d91ec1409009e8dca28c88a952886

SHA512
517ff7ade1651676c64b2e3f18cfde05e9d1e75eb15d58c4e670431a3b69df8f4eb7e90ca2a1659809ecebe278cc7609402e3dd47aab484c095de40256932022

Download Submit