hxxp://lol | Triage

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lol

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2136	WinNuke.98.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
139	raw.githubusercontent.com
140	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{7EDE5341-06EC-4595-8041-CCA4FF8F3964}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 512881.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
2072	msedge.exe
2072	msedge.exe
5032	msedge.exe
5032	msedge.exe
2684	msedge.exe
2684	msedge.exe
3044	identity_helper.exe
3044	identity_helper.exe
1436	msedge.exe
1436	msedge.exe
1972	msedge.exe
1972	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2620	2072	msedge.exe	83
PID 2072 wrote to memory of 2620	2072	msedge.exe	83
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 3260	2072	msedge.exe	84
PID 2072 wrote to memory of 4008	2072	msedge.exe	85
PID 2072 wrote to memory of 4008	2072	msedge.exe	85
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86
PID 2072 wrote to memory of 5044	2072	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lol
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaadc546f8,0x7ffaadc54708,0x7ffaadc54718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12475302891421246437,2733689693986556464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12475302891421246437,2733689693986556464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12475302891421246437,2733689693986556464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12475302891421246437,2733689693986556464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12475302891421246437,2733689693986556464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaadc546f8,0x7ffaadc54708,0x7ffaadc54718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12288839363055192953,11528028067845055568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3787c47b26ec224dedac2f8b16cb44f2

SHA1
4419b832a507aa4219142d1b1f3bc03d80296e1f

SHA256
c39be3e2a13091c102bbddd36a7d18f8bbb4936abd940e55f81fb2a6ad08980f

SHA512
f63bc28e85d95cb7846d577032f754a9b4eb9602ce938d46ecd552c42c00e5a0c33def2f77f5ee042a615785720251b8f61ef4bd6f50b8bf383c2108c17536dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
7f0851b543e851a264ae6de1da917caf

SHA1
37cf43c755672be6595fa1c316945983ddead47d

SHA256
be17fcbe0f8f1d1c05a1afc6ec89d62deb18c44d6e1032b88da0558b3e505a01

SHA512
081aa80a895bfec22325df447b0fda9db6dc1977ecd6f1e5bb6248a77c425f68905a33e033f903c6fdcdaab3971a47690eb7208b24831f02d5c7ee419858fddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
976274baecdd090a05c1b56330617106

SHA1
5cca7d0208f376d2594ee9380a4d538335a1e534

SHA256
523fe6bd8250e2e019af91f4dd652b7b7226ffc9981b6ee24abba57fee81f53a

SHA512
003fff48b134ad5b6526bf502e657384046aa8037357eb038297337e1defb375b38a718f0cb31ad2480ad83a4db033f5d8a9aa50ed5889742d8a31d96201c631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
21KB

MD5
017975d305729c957b42440bb7cec4be

SHA1
4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

SHA256
6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

SHA512
216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
37KB

MD5
6e13703b4b9b3fee9c9679caa6444f08

SHA1
eebd698908234ddf27a333105f645667e2eb7bf4

SHA256
e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6

SHA512
873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f061fce7e0cfa008df4d2fe1ca73b359

SHA1
52f21eda04c4909a0b6849cd8b7ca5bf2d17ccf1

SHA256
98857bb48d4f2f1123da90fcc1f5cc77928fc95dd0217ef585cec7ac529b2c9b

SHA512
a38f2ac4e13318ed4c83c31402c58ac3221598e64b43600a0f614c77156dd790ae3d3a41642efd7a05ebdc5e678f4dd0c483d44bf2249be5a0b16da6be1ab3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b37be0d9aa794237d0b3582fcf1311d2

SHA1
c2ff38697ec372f8375304fc3f2138a069d3769f

SHA256
b0ef0842f8feaefa3f954b3f5c01823c6559492a98973b5023020892aeaae342

SHA512
ea166a4d7c3e0d73f02bccc4146d87b4527d6ab68e40efd4e43490327af6e03ebb5df5347f123cc264858966fb88e43d98f52637e81215e9cd6cb4990815ce70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
34ca1da431111d71c260c04584f5193d

SHA1
773869b63689b3a2839b340814d5bd3b6b16c592

SHA256
06c856891ec9dd86967e1644bdb3c9a921b2c591a73714b5893ee89358b2824d

SHA512
9edba152656f42d05063aa62c67d434e181411c6dbc9eeb82e9ce91c597a0adaa7a28fab82efc4b4ce78bad698ab7055c8a4b0c1f1d14e1ee80c52bc28c227d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8463032acebd4dfc33a0ef8f93a4b02e

SHA1
37fd1ba28b030bf378c8584461feb1b7b33adcd9

SHA256
53ffd5fdd96c137a8555bfd74a834cd42c396127b7024bdb9e70761265310d31

SHA512
9ccc459a27eeec1520d5bdd24b0985ac7eb9450decbeac29f9f30014d8294494707c61d6614829d966cb792207935a65a9ecfc5787da82708e77e6c4e9289b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3a9dff4d85041cc5877f214e2e281ff0

SHA1
312542b23ef925cb4e6c3be07ff214be323b4c0a

SHA256
7be2afeae451082071f7937b171a0c59b056ac50d119c5212c01b6049daa0c81

SHA512
9fdd51316d3afb9c571a9c71bdec90c76634691717b8bf08430674997027a308741928cf32d7119ce440a31ff4f46df3312c2d4bded3dfad667666a4b3501a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e9a0eeae090efab7e9927a4e70e0566

SHA1
f220ea5a9ff14a5e5123fb8bfa5acdf5c5e88bef

SHA256
c3f8bf15d6abc7f799572428831729f2fd2f36fa3ef7b3927574f998bbd5238c

SHA512
6ae4d7894ea6d612e03bcf803e5041cf6c6585b0ba997571356cd01acf98690364178eeb78935c16de16f300ca59d3e943b0259f9be6270d709737e98eac6cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e50bf800fedd3caf739369dd8419bfe

SHA1
26a4ffc29089d5e23ec876df4c18a5c57f494b22

SHA256
18b17324d01e29a042d4cedb846095691aeff005e08c27c72923801d05e0e96a

SHA512
8c11273bb2644e73a3431ed9e23140e8e9c71c0cd4edc07ee63258e83975d280b01d58fe6c8f8b1d5784595903f5fc4ae9f09b5dd0a471aae7c9ea47f543cc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29e7e17a4dfce716b06d84b5c42bc308

SHA1
172aa850c2bcd0ddf3b2740d505466777658c479

SHA256
b46e8ab8cffcae7d69618b4ea5da8fc6eb7446d6a3319221627ed5cda44d0082

SHA512
f78e331f9db8fe42736d1a012d15bda556946a60b6c92464f87a15817b5ed54b21fb1b716e2f00064d6c3b1b2e5755d03834f85e76eaac82ed16fdd46d8feb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aed016fdcb53f15920be905e3534d629

SHA1
e64506c709a232d5dd8605183cd0204246ff81d6

SHA256
72cc715b778e282b4504d14ecd0f616f1d7d51dd651256c101ea1470b50c59c7

SHA512
4137436538b7590c59e6481b76c46747e34c633dfcccbc985bf1fa32ac0252322c5a40c584ce988d767f41e716b2e971df31037085d843a9f06e1a2f8dc80400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6713464f88dfd55f16942c0f6f78354d

SHA1
50b0ee8977793f56d0e70d7856f3d2a50d154e75

SHA256
b7a942d75294c1ebabd0026daace7a81337cfed47b3059f8992dc3d7033e71ef

SHA512
1eea0f4dfbdfc889152c9dae386119e02011ea1396d1acf8653c6a87b7ca6fb88c225c85cc648dd6d95e7bc64348786c706165024b3fe0091ea80b6804d3afd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
271a158dff4e3bcc7d4e31613b1efd9f

SHA1
47acdbd002e95fa54346bc28c41f270bc0ff95f6

SHA256
cbbde5d61b15dc5386c8efad6cc560f2a76626b2bc95b09e5e84f277fc4eb338

SHA512
dbb6196e5a67f7704bd8dde6f2907177bdd43651ac603367bdbce9f3ab39551cd07f2263cad61b731ad6510efd5a4a33b20738e44f8d4e07b75acb53a8eb344f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bb6808eebd32958bce7b46eae5bd36f

SHA1
71386e7b40ae124f280724fe4b265ee259a1c456

SHA256
f9cca3a153b9d126ae559935023e392f131684b91f9ea8c47803ab46846b46fb

SHA512
90396668dbb2363a7f2aba618b522cce893c04b3d0d9a5ad0520e1ad80f5a25dd1422eb33d5ed4916b0e82678a9f72a6305b20181a61452df39d6c3cc86049df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a4c15285f795dc2cca66784266f64c6

SHA1
6305bb25c31078c0a118547f259b938b09b6c98e

SHA256
1a2870520a28f67bc8929b9d02e80de11c1f265fb39de5ebcce968b63c592766

SHA512
765de0338ab89ccf132ec7a0f4319b6a66c1cc07f1ce0f0510d3f00271e27912400a18b3dbaa48bdc3b94f02592bd1a6a6c7943ee380265afec3315df9c50762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c53502e76c87f1bb1f3a17004063d7d7

SHA1
6f7e74c01938bb074977c599e298ac0cab8782c3

SHA256
b13cc31c8e3d1277cee2765c55a79565c2866728ab5cd2c9c9009421b7b0012c

SHA512
fdae8705b3f69bdc7c5d1273d9e6838cfa034d7d476f9bafb49a51d868b43848e8df64374967a282ee2441c0a36c137c1aa26f1edc44c6e55b82c6acb9f557ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2275735564fee38c1396a6c47d7d1eba

SHA1
544f2d2e2ec343c2e157774f7fddea0d33f7cbf5

SHA256
205603fe5a6a68415146ec038deaf0e067be8aeedae78328e6906769d85081f4

SHA512
e7f5e1b1a56a050a6465031e0dac0e46fe01747780d98e142c0cb9f7f766a6bc7572a2f2b95543eac54ad3ef3ad566c3d7f9bec138bd71bbbebf872aea20318a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6637a63008c206c66a7f3c63d07ff931

SHA1
0aa0d0635be1d975ff99058de91f03d6d2da8a92

SHA256
0ae70120a0f29608038e7f2db7f7528d22b6226dc5a5c2b7d72eef1015668ad1

SHA512
8eb186f5f5fa481723b6bf6c665511faa517fbec0c5277bd10bdf8c3e613b5998899064b94fed5edce6854457b869f3a27e01524e7839cfdcffbeb8a3a64e39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367337931010012

Filesize
427B

MD5
c6f24b383f5fa77e2f0a9db1ccae6ff7

SHA1
57d1827937005e77dec572513a39c5f7b2828b81

SHA256
b67e4071de0cfcac4bf91b0c36c3eb51d20e3637376c5f6a07a7caed59e33a85

SHA512
d9c834f4eca8fa3520a8eba957babec3f7078b51700b4d019d3a55ebeb291ad451a33db84f247eb1d76b81e02e109d4190e157f4ee497a73825b4ff058a562c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367337931433012

Filesize
933B

MD5
164c969c2e2fb8097ac0ef8eb46f12fa

SHA1
b996574562e6e7cd6e111ad9e58d1d8d756b86da

SHA256
094ac2859fbe5b93fc24447938ca2db3d2fc37f7936ff3eedc22dbd6d3c06e58

SHA512
8a0d9925440b8b462c16bca9c2d7b3543cbeb8ff778a9cab3e4e88b3ca70a67b4efea51617acbb4ea8cb8b22be98ffe6866f69575af206d8f330e2b7ec5e349e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3e7dd8da9fb213bd6725855c315fb169

SHA1
38cc5e33e582b9e68f9d0359a46c25fb2b69bbac

SHA256
471fc78c66296afcff85caf2bbbd83bf2b266ffa4006a4d03908fdae722a54ff

SHA512
f31250d8eb9bcf3954729f03b62b89772170239293998296a40c926f8ec53897604bd3b5f491923e0c6870b6176a3e539ce85614b02a864987e8dcd1e1353797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5c5efd003ff998696c8431388915f161

SHA1
4cb676871f353119ecbd38114fde55d77a88fd55

SHA256
3f9555ecb3803f98621dff389d6f8a0d72ac7a33b6c9b764b8de27d2dc8844ee

SHA512
9fe5fe4a9cdae9f6c38aaa2bd8d8a14216b7c6424e3cbd3e93e3d52c61c6d080698a085fdb3ab68f3bf8bc93991c772e34b7cfd7be1a3946aa759786fcbe4b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
729721225403953b569ea4ad3101e988

SHA1
53ab9ea089c69269c48838428ebb1a135e5496b3

SHA256
ee2c051b30c1b60391b950c2b1bb3c9b686ea89b663f93049414b61d5494a29e

SHA512
4d4597dc7a19b3afd04be991db4dce5169633b500256cb0737f1fa60fca7ffe77c2235d2b377f8cd235d08141d6c9f7214a7de5efa16948ca0f1c884e0870bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a92ae9e7c3ec0efd32c5dc357412cac1

SHA1
e87c1d37fc5f05c9ba37d70143fe82f850d59475

SHA256
8a752665f2f328d922207d76bf383d65475d9ad3ab52a79b51f979c13db3344f

SHA512
edc7f12cee18e4e4754fdf695cbc19159a28ca2e83df17efb45abc7b2f5e92a49ddccfceb23bcdea871c151473671e18a63cb402e5ecc93da011120337327e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
463842806a48e5e23c1176ee36154445

SHA1
0968a33df05416d4115760fa039866661e42762d

SHA256
19e6e2a2f210388a128046075dc4902b8cdfb940ce4cfbc7febce4e6ac1d53a3

SHA512
53e716a64605364a7483c0cb33c33c6f31cad18e37f0e332a9940f7aed24ece082b4aca4cb62764f336fe8d92014382a0226e83e90dc1370a249e972b2ae5871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5714413ba811fce7d544b33d42f2875e

SHA1
e7294b9aab65c8674008027a784eb45dc929cf5a

SHA256
165da86fa6cff7f9b2ead42c5fe895893a0b1d393e0ecad2cca90ffd3f89cd09

SHA512
2acea1e885844d3ecf6b53249c6a456fddb3b7b36e9f70b63ccddd800b5da3535406842f351e61200846392bd338e8edebc6fffeea2823e6fc6173a0ce3dde52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d672eaf3b368f7fbbfc028d71a4b034

SHA1
629ed0997fad4226a84a5cd30aa5c657fcd99d90

SHA256
4bd6e2e69e10e732b9dc02c35ebb6174acca7190445161dcfb0d8d832e814f10

SHA512
494ad1755137f9924370358bf3b53a78401d27a6cff27b837b3830c985b439819784ee0ec78ee255a2ad0caa85db98e75fbd98e139f8670566481d9e7ba1d050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9bb9b997771a56d1dee55a022f8060c

SHA1
dbc6b664a930fda294e54891a8f68e72f434f305

SHA256
b1b24123073d6890f85b15520511571ef0ad1113e9cd187a231d2e6887377a7b

SHA512
31ee46e6ebd43972a3f1a7e7219f6e1a0f834ee385fc1a7565dd34662557fabcf7686dfbd3b22584d5a82e1c6729203fe8f6141299057ea0a2f8894c5cc24897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589863.TMP

Filesize
705B

MD5
34bba7a792cba2954efee35be520f9fb

SHA1
4372d689f1a171ee1fadddda3398871e28d80f2a

SHA256
4388c46b9bd47a1171b64ea3b8686e1da58b29bd8c6da6aa224fc917911a7b63

SHA512
816debd4e0aa75add3523da46fb203d9b366bfacac2bb341e2cce384f11c75a2a20cf73d3996e6d87dbd309b9baf601a7017a97ba30e89f132eaad62a35d6e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
96a3f0c71b74a46da1561a5c1906ea6e

SHA1
08c2c1c4c6751981f7c2ec3e16bac1be474b5284

SHA256
727dff2a83dde30ede36fc11e0ea69cf159b85f012ee6baa09c6abc3dc22df9a

SHA512
343434547e136f51218ff8b9379fc1c72dd84eedcf6700c90d68c98683f974c42bb59570138d8cc5c07d5500ef6ecdb626ed1ac2ca70034fa043ca7e0c4fe44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
06c99292594888ec7838ab6ebde8109d

SHA1
d15cfb4a9f6dcc28d469591ceb14276248c4601a

SHA256
5bed910373a9b78dd70c2e4dfe84f4fa688983fd600cef678fc5d6910860ca59

SHA512
a0ae9698a1a41c47a74e60b39aa4a9a87047d63f57c05f7bc6f8a7d8d042fbd5a492fb063e6b056236c023c8bc4390947f7e52bdea02e6da468c92079e3ddf63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
62d115fb3324f3f4eafffbfe1e718e30

SHA1
c83f7a73f8fc85e578687d2e1c641d75f693c7ff

SHA256
a908720f6496a6961793bcd26f87f9ca39ef096d203dc5e882532a3edde3d4ac

SHA512
a11262f06ad853322d4bc560e3593ef207606cb6c3db237fdd0c846203ee341741ef1ea8caa6638f0f0d8aa78aff714fdb10b2d50ea2a89324a6cf6d2b67c131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ef4e205882cdc4144e7b7eab4714205d

SHA1
3a7f2b8b2932796dcbe20fd3387009b7e1be3179

SHA256
4070ea09c884053c1051b3684f44c960dba2c629e33833a669a92774e166d251

SHA512
e50154153c6aff36b42d7e0c7503e1685721b0693e2e67ae5a8afc78b0c96b1bca6ea09930a5db3313e531299cd20e14eb93bfb4c7012513d34346c6eaad5102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a41e4325296c9b3233c9a8b5f8ef8f9d

SHA1
ca8d5190a596b23b35617596a31775a4899da19d

SHA256
1926a223e8a8e590a96e0eb8e7c20925b70580baeda06330cebd316cdb06ec86

SHA512
fd9f104211f726c95eb2bbb47e7f3ace92cb204f50ac76c29c95b0d776def458c040d49d707bd41ed38416ed52a157c8c89beeed4537d43bae20f4906bccc9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4459bf26eebf0293b75c624cdf1c6b23

SHA1
2a0cf63d7d2a2a729b1b84e221955a5ab46f2e47

SHA256
2ddd13a6fc974d25f11c33a905c39ba8b6d266f7c58a93a41e5ada5975c821c7

SHA512
f9246c653ea54d90833734d359ebba743e97a7978639a8c48f64f2b026affed9281e65a44d12af2224e0493df1e3ca3dfd8fd101bd4c5170471b5dd6dbaf8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a6e1cb2281619d1f30f96f26d66e713

SHA1
7f9837ed951253ad6ae658b40dbae1c9f9a8d9e3

SHA256
eefc8844667fbbee94a66f5d110dbca08a5cd30bb01d1a62218b1747795b35de

SHA512
e7d1715539fbe23e0a2336dd926867caddde66bd25ea187d7b1c56d876dfc7082f3ca7d56f5296c1d3e1520a4a4e0e09263a744eae50a7cd65d11dd0bbe81589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4ced3e59ace5a7643b540b72d743b03d

SHA1
3ff713242f6fb20c05e00d3c23c7edf311add92b

SHA256
8d891504491913f73564032c6d5c9f43e3c9010752d46a0417a86f3a03508134

SHA512
fd52584896cc6faf71ee15dff5f8c8373352a3f61947ee905401f227ebd78451f3576bf23447235b649bd5fecab824f379f5cd6b904324396db96d2614d18a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
b157e5f5a91446874322b9c45497339a

SHA1
b3ea6dc8234a05f9e222c109f7058b026a8879ea

SHA256
3da38dc71edd39e2d6e911eeeb664e07a32c0ca1888fe2fa7621dd023da4aeef

SHA512
6741f026e3a55f2848a875328357b7173b3e91afa6371b736a3b1880feed543e25da59fbabf201c3494f7f156a9ef3508ccf628df7999899cbc44c9af45d46dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
36d0fa0376a262c7a292b4a606c20bb0

SHA1
160437705873f7ea3de151aae635d55ca695da3e

SHA256
f56ce4fcde990eaa2cbb06dfbc2669b19177aa47835e0702065c79724615e7a7

SHA512
1935a50549d19b9f133811bee01cd7df9677fc1c1fcbf217298a44c903f71e45093ab7993d10af039e224a31035efecd02e406a265f09a5a5de1ecbd36e5d7db

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 512881.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit