697092ca7eadfdf10879e69304e6e2dc5733058f3300742bdec1020687ce027e

Analysis

max time kernel
1347s
max time network
1328s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oauth20_authorize.js
Size

27KB
MD5

530e29a3bc9c9085ddaabafd03250fbc
SHA1

896ca8bf9a517627cf9eefd524b0af8d19f4a69f
SHA256

697092ca7eadfdf10879e69304e6e2dc5733058f3300742bdec1020687ce027e
SHA512

1078583dd6ac512427ea66177b8dd74c863eae2181f041e66145041e263d4a13a640529d5176485b6f0c9905accf53f5d22f312666066965c192f3c2f80e8f03
SSDEEP

384:vIfhfgPMEs9dCXQUXSItO4Cb+RHZuASzc3hj+1d5E6F5BUVR6NmF37pH/fkUCt:v/E19ANcUUzcRU5BmM4Fpffkf

Score

4^/10

discovery execution

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Control Panel\International\TzNotification	SystemSettingsAdminFlows.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Control Panel\International\TzNotification\PreviousTzChange	SystemSettingsAdminFlows.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1872973762-1326452598-87257502-1000\{10C47E2F-D005-43F1-B50F-21CC636F88F7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
488	msedge.exe
488	msedge.exe
2032	identity_helper.exe
2032	identity_helper.exe
2468	msedge.exe
2468	msedge.exe
2920	msedge.exe
2920	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	1132	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	1132	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	2416	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	2416	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1132	SystemSettingsAdminFlows.exe
2416	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 2280	488	msedge.exe	81
PID 488 wrote to memory of 2280	488	msedge.exe	81
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 1952	488	msedge.exe	82
PID 488 wrote to memory of 2364	488	msedge.exe	83
PID 488 wrote to memory of 2364	488	msedge.exe	83
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84
PID 488 wrote to memory of 1920	488	msedge.exe	84

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\oauth20_authorize.js
1⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb63f93cb8,0x7ffb63f93cc8,0x7ffb63f93cd8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8418273410153741977,4335902717873318534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2068

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1796

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4916

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 0
1⤵
- Modifies data under HKEY_USERS
PID:4852

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15960b37c05dc7b54098cd898fe5a4d

SHA1
2c7923730ff68a25d23f8e56c3e5b8e62d2a1de2

SHA256
a3dd370b2b481e239fa13c330f274b7d279573b77ffb813ba68a4961b36d6cb6

SHA512
7e0016a20ed5935f0b0ec2722617661b2486cfde8a9f0901c5f01b23a1545f8637149e5086281f02d834a6be112cbc8eae4af86639f7c1e1c9e2bc34cdb6f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cccdb04720e1632b3ababce0c0954ddc

SHA1
627fb15e39972f5339ba623ccf2aacf616adcc12

SHA256
4aaa61366719d6428b64217960e4c31bb925799dd75288307cd306a4ec833a0e

SHA512
4af29420d1bddd88a5fcfca9ef860d2cd1f97b9bf295c16b522a33d2580f264b35b3a373a1627a1f3be80044162c8580f54efae2e55befce3de8915c916b5bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
45KB

MD5
8f93cba86e325a41956310aa001ecf4b

SHA1
d0565b11bad45befa4af49b2a756e1db92db9fcb

SHA256
0541883adeed709547f4b0ea224383435264888776b673ef21998aafabcda0be

SHA512
a8684abefdc3fdf190daec2bc53660cadafafbec455124e1d69546232d16a662f0a6a473b2a91bd027c9245028edce53e36e8bdc90fc2d0e515b4c06de08ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
1e5b765b32c5f65973d835e9ee3ebf20

SHA1
2ae4b7b8e6303dbb2424730062c2fb1d752219b5

SHA256
d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379

SHA512
0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
9a26304b94e76feef4dea1c54693aa1f

SHA1
eea46baf20e69e7950a6020605a5fe76ac1c6adb

SHA256
46d668429fed01a024c2f17f61c0763cf5e14d68fe842e0da3aca491529a7030

SHA512
d0fab08dccc51ce2e2e2ad0145276211edc0749c57c0e75e269db396f03ca8ab7470dcd4c452a9e9c50be4ed8b8eaa6e7813e9352dea57c57519e7a1cefaa134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
30KB

MD5
7757b87a62416728cf0fbbb18aa4ef95

SHA1
00dc108edcdfc4bfdbd1ca9b777e3bfa9d0529a8

SHA256
ab01d069c06bcb2fc83ce685c45c0298e18a02ff3adee75cb81198dcd9601155

SHA512
8b7d0d6bcb2648a5cd4d27280362f875d4169d9f4733e3ce45db14d7394d2a2114805cf5eeb89518b700a2cf3588ffd1e8b8fa731b483b3dd0ef1596796db18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
141KB

MD5
ab6a1fd15e5f971b46ff30f4255239e3

SHA1
44b19b30061a405040f5c978f0b3fab9af90d59e

SHA256
93bdd90ad5cebbe654d44b5bcf1aab06866dac34f4f051a6be0a0370d62f3b75

SHA512
50c5dcbba6de9f47bd1b099e396560a4ee96084a0e03b56d4e23ad96d172b01e6dde26ce8e1ef65ea6e608d9494887dcf1ccbe5d388640b746f0fc790d1e6b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
2eaa683bca107cc82d3974c0a5ab5ba3

SHA1
f4193a9a9bc62969de064330630323f691cbabaa

SHA256
c60b55c92fdecf31b1ee4bc32e5f3362cfa0600a2ac136c5350abf6be905b2d0

SHA512
6c2bd01f892403369ac2dbd8561a730d05dd0588db39245139d437cb2f10288d74437b484388146456b869c14b1f0c48ef7e0e73dd959310336de05401e6c89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
96KB

MD5
5dca6402932adcbc3af7c067cfe87a64

SHA1
f650431806e11cf9a453afb267c63414cad655dc

SHA256
2cb78a93a38b2f796498d1426ea5161e348b07c4a36d925f520bcd9001dedd85

SHA512
3f47bfc763f42ad5936bf486522205b8a788c7ecd152eb7190f1e8acb22a5a833b8e3e24739aff0e321f72dd298cb7f4af3b76d7a88838fd5a249eabf0ec4e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
31KB

MD5
c38292237f2f18f6b1664f30e94edf19

SHA1
0df4ca545e16cf554090b645a56dc882c83b8550

SHA256
18a2f4b09a884440b079e1d1d0c0a281de47bf4e2c7cb321fe24ad180a27518c

SHA512
7e9f1c93959363a9e42930220f8c62300b47da90d1516bf2bd6198d88ef3cf2a730869fde2dc63cda19339c238e14dd23264082d42769773b26fac974c2544ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
182KB

MD5
49815f1d02bf28ef36f4051fe01eb61b

SHA1
7b8753dbff32d637996c8a90f8b63c8d825b23d5

SHA256
6abccea64c2b1884adec7b95a4949a7801c473f361514008e918ac55f3d85f88

SHA512
cf5048e2dc44aabbbeb235ba300a8e1769a01ae747a4e0cfd25e68a41c2cdf57acc7609624e41b0ad3bccf0f6cd2d4daee4d590696a03634c661045eac256f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
32KB

MD5
06457daea853b8597b11bf28d4b178ec

SHA1
d7abba5650154482a83785c0450495962cdc7d0e

SHA256
262569ce41074db7b8b9697e4886e13d7e2e8dc408efe70923d591266830b8fd

SHA512
993f03faf589916e34ae0ccf79e55b94a5e6ddb1530dd85e2cf2e7369e75435b17ff73af73e66c2ea1c44ad1b1c06610a509031c98c9483147a0eb6fc5c59f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
55KB

MD5
35b4905cfda433993a3d910dca4a1bc0

SHA1
729fe8797b504c7486458dc54ea04db9263d85e7

SHA256
5640e5d322e9acf520db209358397e42f6eb7325c89d914318a10a08407a252f

SHA512
90e625fdb21e51753d11150f316742a1f368f71c6ea4cb1cecdee900dd895a22f55faaa3c0a9894ef872e9cd0a2c7313ba0934ef1b6bd47bbe54876e7565bf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
32KB

MD5
4a2a92caf372bb12985947d80c6a2481

SHA1
b72413c1097547743ab5891129094ac2fe8fc2eb

SHA256
f44f2f08f91500d09ff9ea999385dba58c55685c48582892bdbc3925bce2c921

SHA512
9c0b502026f492a7d69b769f470c28d7ba54ee88c8944e1112cd92522cc15599cecc0469d552814b45f14028d012319cf94ddbcf30fc5fcbf2fbbdc45c333764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
866KB

MD5
be0b4a5a4cd011bbe4bc9620afa478b4

SHA1
5f6e020f3d7fad3505c0fc08a5bb54d42ae773f9

SHA256
f65bd5af45ffca87b53c164b6f3d7668b7211a59ab25d98eb0c73e93fd9ecf1f

SHA512
d0c637336d48da0a6553fe5382afd035c4b3f313940f8e2ec0e0106289054db7287fe67a42af5ebc9b5cfe0e63186e3cb35dc0bae38faf797a02e3734d6089f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
494KB

MD5
64b7f145e6d6a513b51f21f512a0f683

SHA1
2f971b9842d7f9688874897eb71e11609a1608c7

SHA256
c044d86b73701127063e8b6800ceff8dbf6d1cade71ad02ce39b1e95fca56e78

SHA512
b3f85bbc6bd87e15c8bdd6e2caeebb563e47646e03c3dab726323f2319929b7a136bc560d1b01f3e4e813e0c619ee3abd45a8df5a4d9ab1fb4a7247b1c593205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
52KB

MD5
b846a12e2ae8bece3d17eed6d7337aac

SHA1
c832e089fd51c0b2a1bf85f684c4a5c1580dbb56

SHA256
864352e249d0dcea844076a2b255e63972761b5b9126d3ad092d553e5d46a491

SHA512
c1d2b9ca56be116aca69f583489955f55960d049054d11e3fb303cf958be05132d6bd4bfd5a12ae8492ef0f5e6f34a46059c93819731c7f55c60fb47d0f69493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
65KB

MD5
6f65b9f25078b89375cfac8efa9f36ad

SHA1
5ea5fb9e94950afa2ded174afe38a19980196572

SHA256
c72ea9e53bc6d84e7e7abe0477ab59f1e8dc962ece7c4e77e4700bfb50dad036

SHA512
dd4722da91c33420abbd03e701beedceff99bee9fb050cc49d57552bd8ef0f7f5249debb2a01bb9f892503911d5d04c2874c455101d8dc6a66f06323a8f6274a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
120KB

MD5
b73270e709f01374913c720829b4b0f2

SHA1
e93d396bdd283a3b54e70348e03795103fca7121

SHA256
c1b580f136d68bbe7306bd518b7cd5380b8e474186b566153e1379740bd36492

SHA512
e0d8447181e1cdab7bb822119b7147881452487c2a214e26bf133031c418f97e5fe0bcb452fda7f1620e337e189f2242ed2b9fc88d730772382d29214322c3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
22KB

MD5
76b1fa44f2faee06d121c0d4d7c5549f

SHA1
df2c7f2927072601b3c16549e4a0d3355b4cec34

SHA256
00053128a54e346aeb40f2eedbc2bb2d54bf7bf7191ffbecf182a16a7eef49cb

SHA512
57be8849a5259cc01e9a5d413c46e96f6d9c969a7feeca5a8ec4e27d82b537e3730d399e955c224ae6765342526bbfd940cf53ba4b83cd3934d4503e5e64bd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
27KB

MD5
4d47c9dab2a0235f53380e5d73832d00

SHA1
c2b205dce440632ef3d3a3c8222e358d29db7e8f

SHA256
ad9680ec6c7668828f59db88d74f71a478af645ee392ddeea31bdd37b4fc0a0e

SHA512
2ae6fa1231f62db4eaecc6e8c0312646263d48bb0d69df1b4bbdd58261bf7dff33e8d0fdff947bd0c71f274aad18fcb795dab75e583019ceb6b04e7a2b7d3b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
31KB

MD5
442d1d56e1d05d080a6de467a8fb3755

SHA1
254e2f0dde8598ccfff22c0cf27aae9f92810346

SHA256
98bbdf1920e804e5f0d3c5b712226ff89b3a97cd0e7f5e6da1263e858653c4b4

SHA512
28e009378d0143bf997d513e2a28cc3704528d596a12750b320349aa1b1d26fa70a0c0a05e2d9264d1055f21a0cf377bcefd877eb57c25bcc664ebecae1fcc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
34KB

MD5
21371febf332094f670d2963e77f644b

SHA1
07cff6a09b316d6a22971135dbad95ec7031e89a

SHA256
97273954b6ea84899ac1a1cde70f9349e5d43899836fd5e262790f74d5641e4c

SHA512
006397cd4ac4fcc31b43b32dc9a97f892a5b90c545427d1cc4013885453df6da306dc3c9e46366ae4d198d5a9b33c8adde86d96b04ba93c41cf0dd243ed9adc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
41KB

MD5
5b6eb9202abfde97e3d691a835509902

SHA1
515f8ea6e88d5bde68808f1d14e3571bc04d94e7

SHA256
f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab

SHA512
309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
1.2MB

MD5
74c0a9aceda2547c4b5554c0425b17ba

SHA1
d5d2355e5919dcf704192787f4b2fbb63b649b0f

SHA256
3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d

SHA512
e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df825c61b148fb7285ebdece92652446

SHA1
d7d3501460eec6d828094c2f21fedcf35353781b

SHA256
3198e44211698a17a225df2f53b2dd9070fca6e1ee8684b9a4fe74f5a1ee1242

SHA512
9f8e8cd7cad174193569240766684914ab05dc8646894b757443e9951bc4adbbf6f51b4529b2339acf1502610be909dcf34349cf6f3f85536be07d085a0c9b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d5cf82816526d23811b3f046db2098dd

SHA1
04397b819ed87eabf9d883b514dcb81557ed6e51

SHA256
2a007a8630fe48dbc7d88e4b7c186e244fd15e9c6921cf86ecd42ab77c0375f0

SHA512
05cb6cac4bfb7f43f89d9998f3ee2eaad5e66b67fae7ccd4b901377f464898f6427eb4a3574f0cf7490a2966da623ede7ed934a6e8af5edfa7c85b3964b90d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9a39eb61a228faf1b92afc9808b3f69b

SHA1
8476d5404daa611b196202077be843e051702312

SHA256
a1f463fb411d23b8773f472f33bfcb27dc508e24f797212b15b64c489018a955

SHA512
2964d5b9ed13075891f21d3f0e01d8b510a02b054cdb0d8a218d235635233d878ce12968867275892fefd260e57f7220f821800688444844211f4c3fa01c141b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
424458ac7d2d0fe3094f5ac8cdb9cdd4

SHA1
3e8b035cca14460bb2ee9be3ab6f0bb57c971471

SHA256
3c52aa7c1d7af4a7cb31d5a8d2425d75a52b0a81a14b1000f01760feaaee058f

SHA512
6b414ad2cd9f07797c26d582a5733852b1c688ee9d28996d09d5a5ebc3449d8b52dc3ff24c3f4994f53709deb1d8606078478cf2ea2c1b594c48499d8f536029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
902B

MD5
a0fef5d36840a0faba31a6c5b80d7f7d

SHA1
0d8c7e99a2c9174e756b7c5a590d3dcd9741aa9e

SHA256
1a78f31c4a543dc492560c7b20617916906434fffc42c752ab15e2cc85bd2096

SHA512
5385aaead7c0a8e5048bfccf94a29618898aed85cbd0dd3a9ac45ae3ce2c51dadb2a58e3056b00d3bd339e8590eae26c0527eb85159ccfd5cfa7ab5997506d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61c2e999cd9d4f79975617cde21cdbb2

SHA1
7945701e4dbef925aedb5997da40bfdf3bcae629

SHA256
2f3ed7ed051d0c8fd8eac7cb26b7fb535011363b062a269942898ee5e9ebd0e0

SHA512
0d06b58748e074451dafa6b94df7fbdcca59b5a0c65c7ed642714232de437b5db31710aa8cf9a2f480b8e1e4315b1d7a1a3f3a761c3f105d46a4bfef320bffd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13522e4182f96c5937723885eb3170a3

SHA1
b01fc5b478491c5bab3b598f600a7fc2f1667ad6

SHA256
93c9136564aa9e67d314ffa1ec0d9051faeed2da6a397973c0cce05d40b056bd

SHA512
85f8a3faea4cf0f549db67b081baea4574437ff2ea3e2f09fa9d2c6905ddc3e61322a69f822a075ca0c87803f6c17d3f61bbc7c684cfc4f36213b3f8ea3328f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35004e120d0ce56821af8315e8e302f9

SHA1
53be7efb3c44665f36b768eef235d5433d44fc98

SHA256
cdd2ab02e54c16b294f18819eef4c0ba353ede0418dfe09d4f9beedcaa4e55c0

SHA512
47517c85f1468f51423b4b40d76130a1fbbd9397a1ec7a3d4f322514feb2df13fe9ebb3e455a06876ad9119bf52f29d6ab80154a909f690ca8a6cab97eb623ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d563d77bf4e36be92f96dfdd96a2eedd

SHA1
f2af5211776563df1ed27a11e2a2e2930cbe0cee

SHA256
d32beff3f58cf31cdbdcd14ca758b452e47490b91c46672d236e56551ad23ad6

SHA512
b809955dcbe27dcabbd4ee9481159ee7e56d54821538f7a74734f6c7da0f6746eedd4f2e40c6623bada88fff647e3d2259620ed130d5fe6f40dd5938346df528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50e92cbdef7fe60aff42a90e7767dc17

SHA1
f785bb6460f56cbaf63cff1d2b66944a87f41b7f

SHA256
822a162b27b1d7649d0c5dab83e86414899516a7adc08170441e8ff972a8cf94

SHA512
a4a57dea369c62df854f92eafdd3b6845131e4b7c295cf94130696df6b5aee9787ca257ef3bf608df81eb2b41b9bab7fdd0d3add78db12ec1521774139b110d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d520e8dcfca46be7f47662519d88783

SHA1
ab922444bb0ff7d3846795605fe4abe2ed5f330f

SHA256
bbd8a31e8ddd8eaae3bbe60fcda4342ae1c47d0350c45974fc5fcc0043402c13

SHA512
646dcc2497e82c87af92113bd29946f687291d4ee4ed4dae1ae887a378baeebf22aa153d3a63f9f1008593039ac639e82e121cddf02316b5186b3d2ea77b4b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b58a096598b75824242af0e8b481fd8

SHA1
6c781872087eeacb7872dd204425911a062c7163

SHA256
4b5e889862d4e5bcbbef601ecfb488625e7cf9325f85b26b655e8b10a9432d65

SHA512
4128a74f03c629340ce3648eb800c8e0afb8949d672551de392149a3657b71e7cfce2d70e59043047e25a6883c42fc82ee246b499620a2531d2a5b37161c265c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45eed2647d5298b3cb8282bc14404963

SHA1
9a0640ff4e197c9664669bc6ff994b0f0f100afd

SHA256
e888572739b9d7f780c1815ee0ea5010e89b12e8f03e7399ebd70a5b2b2e9dfc

SHA512
d8471676b5c8676333523dca3c19cf9ee5034edb0a7d65722ba70cbb14c9b65e8bab85aa1c7a0b1146c52932af354775a3853fb34eaf4f30506e58e8c0acce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
85ff246a1d350761f16ba023356d1ecc

SHA1
cd4a1438c052d5630ca7cba29fa2bf362fd8785a

SHA256
40357576a004ecba2e895515fb5001252e065acc5b671e252d3eb15071b68beb

SHA512
80eb9531d4739233bb7e812fffef3b1a3840bd79eefca74e538b186e2264bd69adb7867fd75711961b8952d51eba6f579704aa5be5849d13279df2715b2d29b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
260af8cb88ee6740edd3ace675099241

SHA1
a6242778f3306615689cabc7eb18992e7aa50add

SHA256
a3602f41d463a91632c967b52fd20b33d10fbe00f0315f049864656368eaf0ad

SHA512
eebac297a41334a88eeb0ed9d33242b990863a03cda28d42891bff064fce013bfc7165326493ccfbb35301a88b889a4544d5eb8235f221641c3973a522873d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9e3353a424c82eb1225ea38d374fa3a

SHA1
c962fbf765bcbda68094c28f24bb2dbaf694ff20

SHA256
f9f198a292249acd71d95b520e91d4cbfee7739526cc550e7f5c16ce789e8142

SHA512
f334b670fddb1816bed51ce5ae452b01704a1e0652b03115fe54e80ee908340d6b7c0a84e084ce25502d70df27a0cfe457b368a0a06819fe6c8e95d563c0b482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1ec4128ca8dfa7dfb94d7972df79b9a

SHA1
899cfed22cd57371b08621c3d6cc473766de7fbc

SHA256
cb6397e1e3c1c955ed3d65ba0dc0374dc66d800a82a9ff862b91770d4d078e49

SHA512
3f88ffb8592ed4fc5f74f09c687c7bf8dd4f026b4bffe9486b0e8950c01cc1b6162984c02559e99fdf00c00247aab4e018cfe7e137b3e5af2f99dbc305f484c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
641b4ecb1580b57badd55362c9e4b9a3

SHA1
c70047fe1586537bd2c980a6a397b066003b4ea7

SHA256
639848006ae47cd5e7fb3892138f6c60191fe4f6189900eb450df3d42008195b

SHA512
bcc03bc253bf5681cdc9ebac3415a671d18eed4c8eb3be535bba5889098cb90e3c555c9914be616ba479491f29c6b0bf7dee5255c9958fafe5cb19ea94f1a577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12d093d4bf5f59b6008a1ff2c4ab81b9

SHA1
59d5b8c4a8ce39248a32f599c1e19cc60b62c300

SHA256
3cd73731791650587c86572dd195defcdde5b592337649576c60c9d3a487dbbb

SHA512
e06f9b31a29865e441d0ab23c9777367d77095056c21f774a5edbb8b6a2449a3b564f3d43d8e12f205102af848afdb4b20545706a984fa68d68842839f086f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a4a64171687a47d73b9e7bb87b942e6

SHA1
3fc14a67271cb48a2f31678275a0ff66d231fecf

SHA256
a399b363e03d029242d2f3ae0fc3bec072c6825a6a6dbab700903210053b10ac

SHA512
bf8851765694c9af6900356937ea5f1f101540e435eb0af5120e2e3f441a207a4e8ea158ea59baa55eea1d5a268850721ba296458ab5c028c27d52c0c9ff15e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
841d31462f86c1e176e8597a527065f7

SHA1
03a4c699217a1221cd8bc374c3506e6018ca9416

SHA256
358785d6f1cf7546362a89765b8d41b5298e82ae8c600e39a99eab61e2e144b7

SHA512
9b8216614760cc316d68acf0d3c8d0196d5fa43198f5ec0c878ef83af88083a743049cd7fa9895482fd62e51504854d4f0eaac4f45ecc96606f415a46adb253a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7da8d073623687c6cef2d8b25d0a80b8

SHA1
cb5a5aa9951bbdb7e56a89cd43988c148e9c8b36

SHA256
d50de91c44f828189af7095eb02594b9aec890ed6356031e16d5e7f13f2bb187

SHA512
83ba8e9ee494002d0d6706bdabea39fe6a4975cea13a9cd34033b2369779d4ced01d6435286e28ad5299e4428af908f6c7f3934d99c1e2bf31e7c78be9a2379a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d7a821f85ccf6eb1e6e5ccdcc3221ef

SHA1
8491a2392fa2f3f300f2b0898948f0c2135592bf

SHA256
1bff7559001c2332f6a4c3542a0051fa75a56a86fa7a7e20dd35f971a8c8acc3

SHA512
9872701379736d3585aa55e47c45cc78e072f0700920ba4a771de8635bb8f244a3ef0d1c896595fb21a7be6cb2885ab92a09a13270788f3adbbbb40bdd2ed58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4f3.TMP

Filesize
706B

MD5
fcf916865bc5b8ea55ed8c5c219217c1

SHA1
79224cba614cf2df419ce9f5b674d5170d55c47f

SHA256
606dbd5d33b428b09df64488733b8f8d65dc49a96526194c9cb8e066adad6477

SHA512
124a7f53a3b8fc6bfae7d0ff817916e2e3a8b487ed197473ed12350ff345519d8f9de1980241383b74c6f7cab69ad0b0a3e7f60ab0be4e856e44780f72c96ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9675b12d4f9f3c0d2485bc9f352b96a4

SHA1
15075eb23cfb482d94a1c3d5ad45de3b86ca9b3a

SHA256
2b0e8b75ddbd213dc588ddccf3e1561be27a5680a7bcc6c7bab1c6e88215497d

SHA512
aa8353cb1c05907a4cfa3d0db2e62598701ac6ea31038b382046c3a0160cffe882807cf7cc3082fa9a8335f90909688abe885e10c79e10141ebb15d59987a406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e2099356d2214c5f7fdab4ab01f98e7

SHA1
e79bc813ccbf1465892772bbdfcf92ccf7ab2ffa

SHA256
baac36575cb7db3b9c9cd38179e45cf46d7fd4655b8b410e6199522522eb74a9

SHA512
8b5fddee830c9ba69a02a3ffb3586fd1536d17993f59a3051616e929029bdd3f19e5387f29633511aa85217d06efb31555ff59047aa3c40776de21d042300842

Download Submit