51334d9fa7bb5eaee5250d24a1fc79fdbf75001be5f4fd5f22e971673266fcbd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fortnite_free_hacks_download.html
Size

109KB
MD5

f3773fb9bca64006f07f154480b13ac8
SHA1

8309bb94a6a5274b0a96f42ff4c47ebb40c33bfe
SHA256

51334d9fa7bb5eaee5250d24a1fc79fdbf75001be5f4fd5f22e971673266fcbd
SHA512

2574306bfc13225e5f5a6f8daa2d71d0c1f2b03dd279a99ac696f99c71e3b23fcc86a128cd27a1bc55c7be23f537ea606853c1957f706c524f8cbd8d57d543d6
SSDEEP

768:Ysu59dSN5OC5tRZ0dhNrRF75KOX7sTFPFp6OFS98Ok/3aO/djbO1Wf3KO18Ry+Fa:zRZ0dhNi1zR+1huIxmW7Kr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{1E2C70AC-2A5D-4FFF-A76D-59BE3FCE4676}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
2448	msedge.exe
2448	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1384	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1384	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 4868	2448	msedge.exe	83
PID 2448 wrote to memory of 4868	2448	msedge.exe	83
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 3036	2448	msedge.exe	84
PID 2448 wrote to memory of 396	2448	msedge.exe	85
PID 2448 wrote to memory of 396	2448	msedge.exe	85
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86
PID 2448 wrote to memory of 3904	2448	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fortnite_free_hacks_download.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeebe946f8,0x7ffeebe94708,0x7ffeebe94718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7434364529300951875,1263715632022142042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x4cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
52KB

MD5
f070ac6c29dde15a3bf683412dbe10e1

SHA1
f5f2ad0f27a23c1651b0c46dabb5683f57e114e8

SHA256
8f589397d8f2ae795a6bcb4baff013bc7a7efda5db35f2e95a3df4bee7191a7d

SHA512
03026906bf00178a18ad6c63cba5fa41e0b917dc225fc580b0b3f122a284ea1cf3b3039fbe1871e9ce35ee6e1213000a137b3c46d5e564c29fff79cefa17ef7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
c33edec7b9061b265f181ddd8cdeb328

SHA1
2bc1fb1e4895a1055297839ccc85a2f46f8d5f82

SHA256
17ea36e2472d22df9fa5eb0e47d063075f8d527c478b22fe4120a183e9c4c9af

SHA512
30780f28d58398e4456259a2d05a74f32425804b3ea2a072ee8e4d2c1987e61596d80d5705d50b5b0f0533f674bd23d38c3dfeec74cc9de5d5da1055f4b63f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
93KB

MD5
05972646ee88aa334a6c91787f126b29

SHA1
c79f87308b4716ead43602f304687e8b86dd5a6c

SHA256
be8e56b8516682825676ff0ded854e80c39e9e483610071d648605351c562da8

SHA512
2c6e02d6fa3cb7e25390478aae7405aad84a7046b4912bd6c4315d1ab1dfd382a10b04c8b82909615e82f803632decf0f2d7e5479974670956303f8b0d1c398b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
b7d5e339c0d734ae4262a7945e01058c

SHA1
c9059c9406b376ca8b9ef3454b6a4bf007fbb8ce

SHA256
336f6b24b3a56d6193eb3ab1ad382661cf24def0d2177a720121540e201454f3

SHA512
721e0e20b776c3d8a5e0a39cb378d64d9f318ce6e602c1f575ae7d9c9a0d8904441567e5e88212c3d3cbc6f7591fc1d3b9b2942e3189fe8e25c9a1925e2f746d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
143KB

MD5
bb62e9a8f1e7e522d473347c60c91938

SHA1
d5e031f06067aeed199a7ee01252d07eee3c10ba

SHA256
112d4ef73955ccf01ba760eb92d4c7f324fe2d78bbc879f5ecf1304b9fdbada2

SHA512
b76a407a37c09797b26c34582ad416c1bfafc34186f823e7629540481df4bcee68ffc967ff0b646499cd07c7ee8ccd70ab5003585f960bfff6d25b498082fff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
381KB

MD5
3a54d6f9d2094f56030b8c77810ace89

SHA1
8dd731294e79a5f236a45a98b5fb72c1543e93d8

SHA256
18d1a13bad783284bc3951b408b34250187495951238c6b094e80820f98b7e87

SHA512
dd4ffa00ef0c8df7f4af926d9462571fa59eaa00e56d525898c71f05c1822f63d31e8a9ff64b5336a0f2526e9b0cb07ddca357f16c1ba02907184313e4f7fd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f02b39241d09cc738817f0958a10e298

SHA1
4d00c0cf5665b152a1545881d7dfa861ff05abb4

SHA256
dc7a1160742bf7c143c6e4c866b2db57b153f57f6f15454aedcb39c10ac7efd4

SHA512
ea4ec229d1ef1fe813803c43c9e95e9691e9510f4985e94a37db5e0f71b3b191138c551418379c12c0c726349ff07f00f628e9693476f97818ee7d785dab7ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
24eb9bf49628b62f7ce08d9eae9ef883

SHA1
eeaac6da64e12e3d4eeaa0e928b09717f76274e2

SHA256
0cc3e09de9d5c045bf7420d9d9a3505a8d71ef169ed07a9b21d2f78335157c1f

SHA512
4dc93bc3e2edfb0367b77f9ce3ebe9e8266605e6b8277687790261cb80382bb040927108dccb476c17f70cdbd8310ff55a04c3f8f9ba727805558e5a35a021bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d447a2caa4ae40ac17a07db0956977e

SHA1
ada87d8fa3e78ec628c4c5c1fd136a93bfbed9db

SHA256
c13900fee8e5e3be5872fe4a2d00147d92fe7b97f3aa0a1039b5ff5eac8b12bf

SHA512
a8fc66844f9f50c532144bda7a5187be8f6d5540210ee1d5d3f2c8fb98b68ad3b3b3ec8436752fa9cd61db2f395482d51904f236e755e7a40b7c6913af317a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8306e9a8f1e861b5db7349e4fe75641b

SHA1
94367a2acc17603d2ec1a272d83c09facf4502c6

SHA256
67d02e884daa95048deaab23ea6aee8ede370225fdc0a60935cf9250f7fb64c0

SHA512
93131a091a56ee93fec4f388c732c655806b8f113c5bf3a883b694f10662bfd35fa2aa52ab535c47873b5350e894789d96bbad202515d9cfe31edcac91542c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cae587208917777191fe70a316b2f7b

SHA1
e3a679918fd78cc7dc07e46102e5044615cf2f97

SHA256
a812db1187103eb087ec7d178df01b45ef2f57b6b42d2947b74b3a32c403be88

SHA512
7afa5a20fbc28ef699bd97b311a9009696ae2d77b1d2a72a76b61f327d7cede6f23fc94a7e3b03bdc814a0cb6bb7ce76269c7a775625bd695d7bca64e15d0f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3f3fbbd65888fa2ad88c3f3ee8dcd459

SHA1
fbb7a0046c17a2354eca7fe59fba39e0c5df88ae

SHA256
eab4c23ba085c3f2a31d7f11c507936f546ccc9ecd6e22a2cc04188c57c00ebe

SHA512
de08035f9e7243cd389a7dff7bbf25d38975ffc3be60a0ab9079cee1eaddc8852845ac28d146509dfbf27b035a42594f12a699b104fa9a5599b978ab561cbe9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0140bda00c6e0ba7c371e5fd55a53f9

SHA1
58b788227856791189a41076a0b0ba4e5bf2bf22

SHA256
bb8c373159d56431756668fe48d914dd856ccda5771b31bb179ddd13a28418b1

SHA512
06d592ddf3b56fc628caa5ce20925920112900ea44abfe961df854ad530d91049fa00fd27e6e188dca0f5779348ea4c129392ac085389df1535a31e3731251e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da58dd5429ce5545ccfbbd5bed4cb561

SHA1
f544389764e3498fa6b7fbd85124db45636de4a9

SHA256
7ee4dca167fa5f18bda3a52ec0a4976aced122d9c4158e30fef376255011a6e2

SHA512
01d2b733d68db1dc1aea4c37b6790f768e887e124a616161e0af02a162ae9f1d088d1ef5dc997c23104d2b55439c42b0af03b5e3d87792770bff556d698c6858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42b4e029c44ece7e6041b63001e23948

SHA1
034f9f0a6b4624f341a0079f17365e844d704f54

SHA256
55d2e5047cb20a5600c524b80054585f47f425e16280c1440ef53e889451add2

SHA512
b2649976cdc66010dbe68415fb54546191f9ed1b18a3f0b1d0f7852379412c20940d24fb221cf14a49d1576fe95b2f686bbedfa8411a8aa9e624275a2ef25945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d6f60466f804882226f07d271f70adf0

SHA1
d2920e6ccd523a7618a9348a335933daf1721561

SHA256
177828b381a05f2ac95fc649dbbc1257f04e81335c45b799b7179cba8eb38d45

SHA512
d12e01e4b7e1d9e5ab05192a6c6aaf06b7be2d06f740a4fcddb04b1bd13ea1f0be9a27fd96a673cd819dc5927a3f0fd6127cfa8ed7ae3d65c689cc1d2aac742d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
71e4e23b44b5c6e9c9b7c3e31f04674b

SHA1
a291700ce9864cdb1abc85844409dd042d8615fe

SHA256
1df935a8b723ba6def25510d60878b0b52a15ad1fbd02cc810c3fce306011d59

SHA512
5cfd4a8a70520b165178b7b79e97b72523bd4aee28bab0ac7ecec97bd1c7f9f49ad02bf6b54e8b6732cb9c53d39fbac89e47cbfac0072cb690417dba38601a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee33bb560c4a151618f49f6cbcff0312

SHA1
c31e66d85dd12f6c687688aab15337e8e44928ca

SHA256
ac92ec5b5948d8512968d040660e861618f5eb5bc88695c7105c1e35a7aa1ade

SHA512
47f06fec1a4f19ae128dbdd972ed5a9eec7e83d3fbe7f06252f69ef0088fab3bf9ad0c56721cf2783157ba4bb1893bd77ba249f49ebd2d63aaa198c0eb2b0dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\bbfbdd0a-baf5-47b3-8fb8-b9ee0a879e82\index-dir\the-real-index

Filesize
72B

MD5
20c7f1844815d47ac171ee570c273e32

SHA1
f4fe7e63c865d3b25461b5e12c5f8a92599abc55

SHA256
a2de723fbf67159e6d7f925250e39ecae932b3ec2d4b41736b32bf6c1beb685e

SHA512
3f32a5465e326d98c8e345083db8dc973b31fd86b3b060ee847609da96d73da2acfdb07ce4874cc14da0940e48a0f8ae6716f255787bfb0ee32eb023e9d064c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\bbfbdd0a-baf5-47b3-8fb8-b9ee0a879e82\index-dir\the-real-index~RFe58c7fe.TMP

Filesize
48B

MD5
770eae0d1fc26f793c3ee725c248fc39

SHA1
f8f30505b5e81b9e5de507855c2cc3cba2f483f4

SHA256
3c564e2462816acaab44cd5c2bfa6a128bed4c2ce23b63e988c89f6ed3bad49e

SHA512
3a7de2d14aa0d69d1974a8e68e5c7332cb9a1454cd318c4d2f4f2ca1b563af40e2195699f87a74d680acd5ac366fe9fb43a25e3b98687490353dbaff444b388b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
98B

MD5
a68796eb5a891e22804eac18384f685b

SHA1
84ecdf89aae3cc43c3c48d23a3db68c85a5ffc81

SHA256
c4984ee1076149148b7ee0acb03e0047afd535a7f6d8533e0364d79f40f9a39f

SHA512
dce16114ac4a1d730bf4ac53e365c777b383bf0ed845c667ca6b0c39453da44f14486419e89cbc63197eacd195240cf09f07cd38f07be6b129f84c7f5828b945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
93B

MD5
9a42110dd9e95844bd87beddc9fda2f5

SHA1
3178e077c8f4056bc6b5de3c20f4c3355bae31a5

SHA256
c829b541023667073d01d3a7864467b25d53c5166995b8ac149356d69d00a998

SHA512
68f71eeadf82e4abb112442cc1597f5306aa98a8dc70b19db0032bedd4826957536e5f78242e54bb65289519c6231b8622cd88866a3108270c9b468d4faeaaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b0108ed315a4e44b816c2bdb8da47561

SHA1
0b78ce8dc5b2eb441da9078d6e5575759fba2965

SHA256
379f1f2c776f6bc29c6c060136ad6e66b00f5ffc646c3fc8f0df5d05862a5cf3

SHA512
58147c88835891a82ca1b68d96bceb7b84fd42f57fa38fff2925d04579554dffe97a6507d84d081f211bc4693b9d8543b422e9cf5f97da9b56f400d2fe1c68ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c772.TMP

Filesize
48B

MD5
84bf7180c77b315edb5754c8fe0aca09

SHA1
780252d950abf5858cf28332882284c7ac3d0700

SHA256
5bb400b173d756c2e1aa74bc83c86c8819d8b849b86289df374bbedceec97d01

SHA512
ac10d088d733b3b07875997578e5046657fbbbd4a444a8055aa21470149f76a77853fd8a2e2a9903d0642fbfceff85006077917663bc993acce63509731c47ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32cae8ddda553c08e1d6657a293f9d3a

SHA1
0a854702d5c3c7e2683b74a2fb8ceb7a70297d0c

SHA256
d2051ccdab90c3c06c2fb64e8e4d1afb8f2e7734790b0140aba91cde4b5d7f39

SHA512
b8cb5676ebbd367566e14c270b82c4a1232256f703ff5937e1c8c790fc82760f2ba80fd02e7aa2d4e3971ecefaabd2c8b3a7cedc3489f833fea72bbc4c42f015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33b6c8cf1c143db19e57d7cf43776c23

SHA1
3f754db7bea948329d08c38efd140863e834e9a9

SHA256
a77db71c2665f25d4bc4b5e3af21527fbfb6c98c2115f4de99394dda60b469ab

SHA512
c5611cedd53de9946d5e12ff0eaef4a29e71be5a91fb4a7297ea1dcb3977d2a67c07ee8ec2579f62d3934ba34ca2ba2599376b21ce74b948a4e3e1580f9b4a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bb420b89db0c6a54580f06de57ff887

SHA1
2294d1d8bf179ff63fcded3f42a22087b594e094

SHA256
0ae2e3bf36a9336e955a1aef6ac0b33c4d98d6914ffa2a00a68fd26a15b94a8a

SHA512
2a9c6888d9f4b7f0d60f8a353c1b7b096788bee1ea9fd704bf052ebd679c774194f94066a24b3251c4b29e78233a313b9a180421db19f3cffffa9ad019d4a3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
3a6b0ce12e8880329c50e7c3978ffac5

SHA1
5b70b9250979eb794402e578a458b4b3ec6efe94

SHA256
3362d5af7938bde8916790af7b689cf8ba5c408130f8410a4ca8c5b8106637a6

SHA512
0ec902e94a8e55b6fdd8e40113d51df230a5323d241db3f7418af5387b92c9379fdc33660b23f345a8a6065fdf3e1e36ea8052ab9aa87a4da6c0d29ac4460b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0a2a2535af124131b2d59ecbd47b4cd

SHA1
bcfe371765d87bd0e4b218d2ff84d3e264585c3f

SHA256
e705580e5e500420fbd2dfc280878838e2a0015a3ff5b18fb3d06e24391f79a1

SHA512
98163070d3e0c956ca5e6c0e2c5922d57c8ff8d02d19bc0fef5ad732c4f80729aa7f1e331b50ba2264c522e5579ccd12ccad66e897788dede40b98b1b6cef731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d07fbc850e481943a3614705977148ae

SHA1
479a46c116d1477abd99bb0cce920dd3e1a056e7

SHA256
22a824cbc8739ea3ba95fb667f4c8fb318a0d8f0f29594b3446ce3d3ba64f6dd

SHA512
817d10fcafb7775f4c7393b38da25356b140b73a7495280a28f16f74585637fa5c37320f44276ec1afb12b020157255f9ab9bd4649ffb3d73f4365f6853c9fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c27.TMP

Filesize
371B

MD5
215845a5cc644bb23f1c07b1bf0f7a81

SHA1
0b7f0c1de1d08a3f3f9839ae9f467883626d593f

SHA256
774fde76f0b186ee24f3753b49263b4b03eb4c4fa989642f98fe7136305656d1

SHA512
3bd8c65cd9ee0c6df7cc5bc78d9fc42d77333747ff0678eaf5c28ffd8ab1caa4e8a43f97539db2861e3c806da7c46bab0368ea27bf74429baddb5f378445b2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d02edcb4c400750451da77eea1e8b90

SHA1
063f212d44d839d2b12d0589128fa4ef49921157

SHA256
bbc927e4fe2d1f2d89dc97bae1ef4e67544eca41346ecbaea6edfb246f79d4ba

SHA512
a36fc60ca20f2c8f828a38b6bf0fd4c2839d7418192f6d273986e86aa0ff7a960337bd1a34147c9b136f79fda650636b754559627466a7a5661300a12be78664

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
062763dec0b0331fcd8af2544d5dae50

SHA1
5bce0d3ef85ddea7d18021826f0b083cc161f454

SHA256
63ea03f934f232177aa4e3c0a1ffe73d369e4d64df276a0f57f2c65a1521d489

SHA512
81b033f3deb50204f6a512d0dbe8aae86e3edfb80805399c27c06840891dbf6484fc38049e2616a5f7b4d38b3da4d43275cab64c16b74c70c6e8a5197c211a36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
58affdd167b4226d581491f5d00e27ab

SHA1
de16e0e8ffa3bac04e77538c66e37ede9cb392fa

SHA256
8dc240e54f7186fdff891ce170323175ea3a758c027754bcce664f1f3d123bf0

SHA512
1de2d55bb8b89a956f5c1bcb51cee4221ddb7df6658c32ae02280a624d0fb5e3a80402f59557fde0626ef7f6819fc69d134423418252d3371f917c8233b726e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
14a028214edc85481ce9f966a94e1f62

SHA1
1fce666e2243a50a8ee4139c1589eda35476e589

SHA256
fdb074349e313918530371ac7675210e97a6033cc7902bbe6fb5de8eb7fe5a89

SHA512
9e602655f573e64e361be39c25fee6ec3c3719ac6c0617bff7a20620262ccd60ce5b28501ccd2f498ddb7569d662067216b88773ae95a061e888f317bb319a5c

Download Submit