hxxps://www[.]google[.]com/url?sa=t&source=web&rct=j&opi=89978449&url=hxxps://among-us[.]softonic[.]com[.]br/&ved=2ahUKEwjyoO_V8riHAxX2H7kGHcK9DzYQFnoECCAQAQ&usg=AOvVaw3f-YAu5OWFQ9M5qqx8qWd8

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://among-us.softonic.com.br/&ved=2ahUKEwjyoO_V8riHAxX2H7kGHcK9DzYQFnoECCAQAQ&usg=AOvVaw3f-YAu5OWFQ9M5qqx8qWd8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
3616	msedge.exe
3616	msedge.exe
856	identity_helper.exe
856	identity_helper.exe
1120	msedge.exe
1120	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 1312	3616	msedge.exe	81
PID 3616 wrote to memory of 1312	3616	msedge.exe	81
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 232	3616	msedge.exe	82
PID 3616 wrote to memory of 4020	3616	msedge.exe	83
PID 3616 wrote to memory of 4020	3616	msedge.exe	83
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84
PID 3616 wrote to memory of 244	3616	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://among-us.softonic.com.br/&ved=2ahUKEwjyoO_V8riHAxX2H7kGHcK9DzYQFnoECCAQAQ&usg=AOvVaw3f-YAu5OWFQ9M5qqx8qWd8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe0e453cb8,0x7ffe0e453cc8,0x7ffe0e453cd8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8292 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,8099159942425693813,5336734287419874124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8
1⤵
PID:5528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
d1b6e1ab1d59250bcaf318173293882e

SHA1
bd1eeeecc559a81a1728b51c46c62eeaa8d48ef1

SHA256
0c37cfc729a7dede221e3e412473bed2cece5d56cfc8deee9245936cf9f9ddb7

SHA512
d8c95b0e57ecf94f9b761476f5f7897fbcf12f722557692b69ee67e7c0cf751c9ff8e7e186bda031f3897fd1c02ab130bd12812e67a1a2225d9a6cfe7e288e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
134KB

MD5
a2aaba082bc6cca5f3e58c4118d8c80f

SHA1
2b5b6368b90333cbaf474c85a72e6fa77b90829b

SHA256
1cca2ed8de333271371d7076f0d5167b74bd64f82ef87842ef4e1b8850fdb716

SHA512
8434df26e4ad46fb83e3916a6ba47e20ccf8d8f04665c926ea7440b36a621625182cf58e9b2f5099571369c4376e312dd70695b19e48bf4afd205762cddca167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
46261a5f301ce7687c70df15ccbdd707

SHA1
6c2334cc8d9066b6beead7cbc3c6a183a4f7540f

SHA256
6b97c1e5d55fb8c2a4db5c82cf0059c4822dfc0f6f8353fa45c6ce5042173c37

SHA512
3e4e51c986edfc98ea190aa39044a8c10a7632df67f975b411cd3b6d428d753a0f544025bc457c19f75eee349938afa3eaa7287a919afe450262affbec698cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
81KB

MD5
cacbe3aaa250a2bfccc6d3e47e01485b

SHA1
81523dcb2ff13b6a23e482cbd27ac642c14b260d

SHA256
ea0c0f236c8f9a2a8f9ba11ca322b05871d28a22746a3c1b47f550420e567f75

SHA512
95662850d3a1e6ca5f07451a1b0a114612453225f3cda61c3c4bf457bc43436d4a66377f94169147c785617f325681adc9d65efaf675f9a6799f97c81d22a592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
146KB

MD5
826d59d4239b47179eebb553462b880a

SHA1
fd27776a4511513b29c11be8716fb440de7d1c4f

SHA256
92ecd27c7dd649c430038e055d32e25968399f7e4df92b602deb31e868b772a7

SHA512
233e2f64b83704fddafe4efed8503ab24a8c5224040fca34d93a5b9527f3e8d2038eec90cd621044e23004427738a67a7b0fbcd2c5d04c5c279a01a92ea5112f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
97KB

MD5
09c0242eb092d277c72d6c504066572d

SHA1
4416fb74421548a74dc493defc19c33782b13bd6

SHA256
596f70ca892531e235adc5bf2a5c229d4585cc66b55665b65377e26d731befe3

SHA512
35aa2a0d13a831a4c15f9cf00e54d799ccbe864f002d3f68685466ecd59742dd1ef0a34acee5d54ff1fa1870d0857eb79c08508ff821a559add7cf5cf660b2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
47KB

MD5
f4dcb347caa8f53b6218d87e1b0201c6

SHA1
22aaac77e2cb089a1e763b4f76ea23e9117df2a8

SHA256
6d888ac97b957be79f723de95282eb7980ec66af73637a3f3727a00c692b16f4

SHA512
a3e354567abd07f996ac3f41ab9550c00f5a35c9f43c36f3cf4074f3d5b94c2d94a9d417c78b42e2f82276035ba1217cc216b89fa64c8a54f518a9b511cf3064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
76KB

MD5
a3e74ca07370c21de320f6739f515221

SHA1
7266c6e03c0e3a35dbb367fba4dce332c5c34871

SHA256
cf82c16fc2fabf74cc869de4867015b21bc824653422c41c0cf232d41c061a5f

SHA512
7d6b86c0659370a7419de45f28eaea29eb204c41ed50890d6171e9350012656161fb5c77d32d293bde5ea83461edc413dfff2e69657232481c62ba3e24a96f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
05c5c53bb92e2cf4391f6af88d499f05

SHA1
95a78e30760a97c10f67e7ab60620d69b39ec6aa

SHA256
6d994566861abee52911e413f1c6e5353549224edabba42bd94c1437dcc33422

SHA512
ce784a0f7ce8b6b7d4c4145c9873b01661a26fea281bd23090bbe623f74da8ca5ae35d961e984d626be316e61e2178dda3ad27c07191f488d23b00b585b22e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
0a0eb2bb21a587971e30eff2146a81d6

SHA1
dfc1affefb68150ae0ea24ae1d4e2d4f1d6d9485

SHA256
ae96ed8992de762e2b9dc8b77a1014015393d06c9ba008d27628be3843ed24c7

SHA512
8f5b84b0c0012545dd5ea8d54c54c366ab2c701875ffaaa6a617326f969e5c1ef5f468237f1b8b8e0cbe70f4cb4fdb88ee657b92ea4571624de6d758bbbe240d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
132KB

MD5
254c85dfdc35116c68ba1b26d2299749

SHA1
c3a6e44879c2cc4aad4fb77bb4c9370b8aea1bae

SHA256
d64c350e030d666f68fa327f619a8f41e721194031267c12eb1a5ddfacf8f769

SHA512
e009936094ea4afd4f6f99a50785cf5afefa58a88929acaa4026b943177c2d4c4848e146dc90f2c29a9401ec91845797d8aef73638704bfe199387cd8dd4173e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
81KB

MD5
21babbd66aa4adb660b0715bebd519d3

SHA1
f9e1f234532df5e57357f8ff50fef8611a37a629

SHA256
6628c153e6ad0ceef184890c574ab5f7171db968b34ede9c37efd8d90a8a0643

SHA512
73ac1cf6118a7569357d440cae7ce6770968ea0fb43d59365c97e164f820542cd9ba3d52f042b40efc7e7d496968bc3df0d01d74cc19c33463d50578a4e9e684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
7820201f0db0c706a0ea5bb7ce018ef2

SHA1
6d116650afbb3b25bfd6226c7d5ee00dd1fe4515

SHA256
04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a

SHA512
bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
37KB

MD5
aed5a8f6aba3a80904c4da7e7edc5ffd

SHA1
a8822cf6f63a89d540bc7b06310ca1d8cdc11a65

SHA256
3a8826e411cbe9529cd9b6475b8d4cecd43c646953581027fe89578a628667bc

SHA512
973d1122aa9cb82a908530feddf7b2189e7a16451c49d8a85238e96f25ca9e292fd0827208b4c2f5277a543f8222a6338dafdf6d2da326fee596378d9f8ca625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
62KB

MD5
0c80334d0d604ec18274ca386da3cc20

SHA1
7ad48f6e38fc58bb7ce03ff0e7fcc7f68f19c2e2

SHA256
eab981b59a865ba5e00917ec3fa2b94baf7c216a98ebd06c23d0ce0f135df54f

SHA512
53036cd1ceff91f7e17b2d80d4880d27e9f49bc5afdd739d6f26c2d03a80a08c044f60528be8a8b4fb1ca6a09a0f537e464c1970a2973e8e8a9138e739cc94b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
a29b6dff92f028a8a7516b897696cc9e

SHA1
a43ee4974ce67403cdf7ec8419deb3de724319d5

SHA256
12e8a876e2b371d19fbeb17f61f806a67b3f642be2cb2600d321345bf7b7b1fd

SHA512
0929a86fb6e8e5835cda11df2b881a87656c5a3c65c162c4d582791d6f3b74496bcfc8813bdd3b254384ba6acab7b2d62d6fa9a42e4c83db1905174cb7864cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
3d45f254e8b71f5c78cea03839c0e779

SHA1
24b9f2e23661a260f80cd9d0ae2e389493d0d858

SHA256
d03b922aaa69584200cd78d48c08c685233b4951e11d31ede88c25dc3ae37781

SHA512
b7825222b63e271e4d9a443652d86b3b5ba2828119dc360683a513ee8cf5d9fc7178c6ac2764c74ddd17b203d75659af5388c7c624708c24ae2946dec87798e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5674c2504fa978bc_0

Filesize
32KB

MD5
5c3e2f90c05701ce1eb73cc532bf4167

SHA1
dc3982acb820d09bee27e839ce50d4d71f846789

SHA256
11593ccf77da2fcdbed2ac2f0458b1ded8888269904434f73bd595042fec11d7

SHA512
259ab70f307aba3ba02991847607db56db0a1e42bd691962aadf865d57988e7b1f9981c891961e203b34a1610ad8045e264248b8bc9d127e5ee552329a5ac9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c0478bb1583746c_0

Filesize
31KB

MD5
dc435e98cd7ecc7fb9708d86391d8972

SHA1
a4597bbf6e2808bac2286c6c9302d10094e1e9da

SHA256
d48abf3401623cbb121b7767d57b70401862f7d92d5c3d32e9a358e436dc1b34

SHA512
4ab406b3c023bde99b25d0689d6690feddb967d62f5870ee48a00534a24c8513deacabd7b78a102aa13a957c39c6b4c91773473495f33c405cfab16d47b90931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77cc0de4e951835e_0

Filesize
54KB

MD5
9fc7c692d7d5225af2778b59a394ca0c

SHA1
4ec4f97295c96ffa4b383695ec322e485ae79a51

SHA256
ad31aabd915f073dd380ce65f584c1c1b046a980b81f48555ae13c67f3fbe139

SHA512
16b252e99868bb9c58bcb8e76b1ff318bd0a26f5a6804cc8d3d7906c36df9884572ac7eb893ce20dbd1b9511211ad51d404cd2e3b5c2a2bbb26a0b5cad978838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7374576f263e7e40b3d78062226a3099

SHA1
db00ddb720b36471353342992600b6e91bfd87cb

SHA256
b137acb71caa4b526335bdcb259d20e99f3f56476ce49fbc50b0fdae295371bf

SHA512
5f1fa46a0011632e464ee57c09ca1877540b305ddd26c934cff42d3d07dfb0b569e037995baaf8252e4747d83b9721528ca1e3857c1fd7b6879de65c23d15a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4a870ac2aa9d51d3ad37cd6640d82eac

SHA1
675603ce8f8d997d73dcc04d0f80baf472b5ae5f

SHA256
e79c0b8d85db7bb99f90ac8d02c996fd4628ee894057aac138b0d1f5e3e50cb6

SHA512
d5b7c6558f707996093325e49b56ac580ca22736c230204f58ec197d4a23c9d9f4c1f8ac6d21e8cea769bc8c8a21e32064766e38c077035bec8d648e8b6c69eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
92e138cc799254a8ddf615026c897ab7

SHA1
843ad3b572d664632811e6ca9f61a0536448bf88

SHA256
42df3de527c5442fd8e583ae5dfc4a5b16062600665d7a0bcb8dcb5eec696dd2

SHA512
67708b9f26ea8e5522d2c4478afeeca06b6410046e165d3c8b7dac6c3da275740af59ee64bdee6d3fc877fc79160b8af36b097e0e8916fe2ebd9d48e6cf83cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
f680216eca4f67f38ecffb46fd2398be

SHA1
ad89423f44b9e8e2ca90b8f2c660b1fc367b75bf

SHA256
0fa403dd398a5f221d636a5f60d5a3287103c26b7830b3983355a9620f8027be

SHA512
930c4f8a13aff87581e4a4ff64b4bb626798aaae34e60adfdadeb83415fe9aba902d12ff66e10731a43b045328ee89713a5f93a3649fb80e3d500283698fe79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d16451a7071c73f1f835717cdb03fd3

SHA1
a2c1fec97a0b0075efd4408c6e984143907a8d3f

SHA256
94b303c494a505472098070be1863304502816fcc81f86b6c9a0385ffec275a2

SHA512
b822bd1e3933747353563e41b02c91ba8561e5b23b0a27effc3c31d8213d9a53707c2fe463a91981243d8453330be2fc2fb7b8d8548087d70fde18cde7a6d3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
19ffff82e168cc78a3b1cd4134baaddb

SHA1
d9c424357d54caa618a15d618825d40faaf109af

SHA256
1d1901cbfd916975c30818bd28ead26dbb63ea42bac3d429c1f102c7601c9fe7

SHA512
d6ed2723a3dbb977be3ecfb091e96b0c63c9097b945d0516a815d2781a51318d82dda4b831af44f6702c25b1e6144809d52adf301f72d16f466219564deae5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6f57ae6766d767820c45cf191dbb5c0d

SHA1
a00196efde7e28c58b9a2e15e899bacdcaa432d0

SHA256
4294b68fd7ce678357e89fefe7289e7791db44df00f4928dfe80acd7a685d885

SHA512
309a496668f82db8fcc0fb112c3ba6c7717ca027cadac55c74b1e939c94338ce309d6720c742428b63613cd62ac0c9955a75cc44e2c55f777e789f1144106716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
752f7158c6687c6d7f68306f38ce6436

SHA1
1a3b350a6d01edef1022119d23cded0ea4a067c5

SHA256
fc4103d83706965426b088c8f671e969d62432f4d20155547d4678b7f6ca1894

SHA512
058d170313502344a4fff8c55e62674dbf8d28cd93c9ef91e9e912ca1d0a46e69abf54bb6b5d66c030307377f0c18cbc281af4f526ecd89271fddc7e5cbbc4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0c0643f586765a09540a05a0cb35a45a

SHA1
d0b971d8e5f245d4a33b3f0a61b4c2814638acc5

SHA256
e98794835dd72270547d8432a09fc5462bb91b8feeef69bf410a76a1a87667fe

SHA512
b9fea6847f7e47e2416ace47f6322a2ec4aa7f8be6f97b706c8e6264e90bd1014eff50034fc828a2233f2d30874f6f21f48a9addbff282107e4ab7238791db35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
766b6963a9b83467af697e7835530660

SHA1
5dcef1146a9f0dce847dbc72b68dbed6fdedce6d

SHA256
55053a785dc76309b7bed6e12f7b3e828157c6b082900c7acf184a2ac9a4f358

SHA512
ffa7cf513a2de3eb789c2da1d1dc274fb04235c0d32538ebaddbbc2f7cf5e61974fa596fd61ce96d3bf674186e762c83bc1d113687aba8605501060e683e269d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9a0a94d30839a737df96dbf56be38a6

SHA1
fba31ce1dfee83c87b5ad44aafea2a512d39646b

SHA256
c03b1ad233e3e64021f2a10888c07eba29bc11654b9cc1f6a1ed2977d27a4a4c

SHA512
41f398ec609a00c16696adfe7bf17d7a975d70381c25cccb13e37989c3f8bae4dde11b8fa5e824ac2d606b3df90c4de6530aa8d3fb543811600b2e129a6fc241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f3d.TMP

Filesize
2KB

MD5
3eb7168b036a7ba072e8590562cf4e6d

SHA1
605bfab466f8cdeab8b9585d83c048d496b3c6bc

SHA256
977625f933303e8378a09020a0c7d4d6f501e3998b56681dbc025ec8c6188c0b

SHA512
bf3e72f66fa7a9a0b1767a606e58752d29bfe9637e93f7d5e0bbd626adc470b74a1564c9686d11a208ba1ea07fa19a3d4d99cee535e91a881be91a0549b512ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e68d7c9e5fcdf6377a947fd66882771

SHA1
fd1e0fe6453f314364005e53d9f02393d1b2b4d4

SHA256
c89dfb24e13432a60ece69c43798d2826aae90adaa42e72fdd980b031386020e

SHA512
4fac14ca458d9c6dc3ecc1efd17b0df3af6fb3bf5c4303b04524d095bb5d906f7f165e8c6c9b47d2ec282a273c71fadc415f6ab08212c7c5973af1a0bba346ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8a2bd081543cc8ae10d5110c363ae7a

SHA1
fa21234ae70061203f8ae0b191eae8d0e8a03ea9

SHA256
54e91549d81050d8085d7a5ff96da7c703cfc10588f2dba3f30443bee02e4be5

SHA512
c281b01868f0a37fdbba4b45d1ce36d18136cc9a5c15a89dc4e04f0f1a8af7e625d404b898d37946f632de5089bd5aa25754ed779bc7b013bb49189ffe057ced

Download Submit