bda97c70c7f6d09b8b9a15a4dbfecd4b0dcf66bd3dceafdf9081821b80833602

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.html
Size

15KB
MD5

674b37621edd72a758206dc8e1f26987
SHA1

59a6e78302a3c99a5b73aa1d7ea1660b13b4c181
SHA256

bda97c70c7f6d09b8b9a15a4dbfecd4b0dcf66bd3dceafdf9081821b80833602
SHA512

4ee1e0477d382e5abc8fe95a6dd02c42951b2761e2752d12a49a1f859666fe1ac83b066f58ddc5cec171018cb9f526877c13e443ffa9eb9b9390c926cf446f43
SSDEEP

192:PNxyShvK9moqTJkNrv235RgTKy10g6X/3YYHsnPhXvTyJWSGKrTStBuYyoN:yShi9boJkNzUE1H6bHeZfW9PTSqQN

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
118	api64.ipify.org
156	api64.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{B2DD7DE8-DEE9-4E7D-815F-0F362BBC150C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\free-bobux-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
3744	msedge.exe
3744	msedge.exe
496	identity_helper.exe
496	identity_helper.exe
1556	msedge.exe
1556	msedge.exe
3008	msedge.exe
3008	msedge.exe
3152	msedge.exe
3152	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe
1144	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4248	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	652	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4248	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 3944	3744	msedge.exe	81
PID 3744 wrote to memory of 3944	3744	msedge.exe	81
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 1368	3744	msedge.exe	82
PID 3744 wrote to memory of 4540	3744	msedge.exe	83
PID 3744 wrote to memory of 4540	3744	msedge.exe	83
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84
PID 3744 wrote to memory of 4860	3744	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc0e63cb8,0x7ffdc0e63cc8,0x7ffdc0e63cd8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15091670016378880670,15162309413970697452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
1db3d413f17c20c344b3ad0dc28bbb88

SHA1
bde45e902d6580af3397a6ad61432aacd4e865c2

SHA256
6e10410de14a9df74225228ba6cf29a9a76f485add350238da41a97fecc1a7ca

SHA512
27b14c6c47e2662e38a02fd1d376d47b62b34f55b32f8d5e2d8ca52baa0e91fa984c69fe8a5d8afbcdeaf17fe4963f68ab6cbd8310ef4345321a6991b9fbe3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\01d9ded7-27ac-4bca-a5a4-c01a7e2bad88.tmp

Filesize
11KB

MD5
e919fc3f820522c9ebccb38a2567bf46

SHA1
4fc5b2686fefc1f638e81f70ee70f2ac7213179d

SHA256
c9289704cb82e2a1039fde9a55dce1ab366c29cbe6431fc54fd2dfbba72bbf21

SHA512
f7752fc7c51ce18401f2a623f77656077fdd5b776bdc9c315457d14324834a93c39fa29709723d35c3c61df47682c0b80b26a2faded6ba59a234a84cea94bc70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
184KB

MD5
09cd55fd72070e3b97b25cf9ebcf2a20

SHA1
118946c30a96ce4cacadc9d68172537b45eecf41

SHA256
58d5c1e93e922dbf9594d627aa9b20a1cefa2c32c676fb7db2b0ac7a69dec640

SHA512
07de42c626836438e2da8f4a46a05d81da7fd2ad49888d350b33f3fd3d52d9890f2844deefb6f58e1d4d8f4c6f51d9b678102f63f97ddae36d068a829e89a7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
46KB

MD5
06cfab73037b6185ef54fdb7484d56ab

SHA1
4fa3bd77e4724c98053de5fe73ade18ff6160cf9

SHA256
feda9d2b593939f163c6fd963113c53f5ba77c38ab314ce4b8ff58db7fcc13ab

SHA512
0c29a684cb9e2c8587b43230dd4b8333e5c55de9e8927cbce2ac42cfba3b800f19c2c5ed72ca409b9fd93652f5082dccfbb7cdb65e22b443ed453ab899d490ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
0e7f371ef9b06d89d3c0573233545b58

SHA1
ab9d5b928ff9957e57427bbc2450727d563d8ec2

SHA256
e5899e2a11d985e15dc7f4339563ade6e71bbdda8fa938e3d82e1d78e3dda733

SHA512
97690bb4f81ffcaf2de236beb453550d00c91cc9dcc2f94ef3ba94e7a63f6f8b1e1068ba0ec97645b080e21621de4bd92489e12d0a5ac2ba32204b33691b4c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
68c94e04c471f7236f8fa9fae7ca137e

SHA1
95efad594e576e35a3e6215a12831ea3da82bbe0

SHA256
2fc7226fac5675565ac2fb56d7db4efb0049b47946bdce2b36bd180babcec01a

SHA512
4378db2c1cd9d5e0d71d4a00b89adde79ffdd1d36caf7e194142be91125e299ddf4b9405f90340cd60c1a6eadeda672c91374ba1f8785c1f5cc55eae05a3eb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f033aea495fb451d7cf955ba74f6b0b

SHA1
a084934d948f0214aea8266b45aced6475c2a0c4

SHA256
e0d1f83ce303eb24b6f43a117c9dacbe93531007bc9caa6d2cd3d754551934f9

SHA512
e4ce8309918850e12b34da430f219e42b417cded15d9425b0e90826230819f7ae54ac1edbdaba4cef88f911d96e2fe11c85d850ac11552f2d59c1f2076b36e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4020766ad5a169c12e3874a7c33a80de

SHA1
227428c5eb662238995039435f897704931e6c79

SHA256
e3b9dcf323ffa6be0f7bf555f5e64228bd91b8983ac8e3f913d18a55d7606bbd

SHA512
f16d7dbe49d9fd8f39c1b0a8690b37deceb114ba676e92520359eecc015d53aa42e5831ad360fe267c1222274ffa58020f5eb468b63bff4f6dbf9a4746d438b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36570be97637a48540d2f216acc68e6b

SHA1
7be90ebe165271f1605014f29bd8bd2fa239d83c

SHA256
8e0a753b9eae8e0db5ae3d59fc896f988daf47bba67784e57e55c76bde2bf1e5

SHA512
d26f48a822cda97dab9623eec2adaedc840635a0ec5e5cd51feaae8f547cbbf345b6d458802c4753e44a858a04574cefcf3448e732bd17d71f1a9286daecd2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b74a446709f2ca957407620961983729

SHA1
9235b6d527d1b9ddce9e997f736c6df578c66753

SHA256
b540ff173a19a54793a593d89940097837a19197b868139e7409d54ce9de95ad

SHA512
066c5fcf3ed59882ad66523ee05a5ed31edf05c5e6b1925b8b954f16f8747c9392beb2e8204edde6fb6915267ddbbe912897326e7a33c300f507f928db5cffc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be53dba839776afa8f7b5feef22b962a

SHA1
3e8261f1e0cfc8dbcc97205ad36d9a48ba8aa39b

SHA256
576fd92bbe88ec17dfbd9b431d311fd3fb90a32ef1670dfeb8757a1e6a4a5c13

SHA512
2307960f0986b94a0912fdebcab78cb5f2bbf7d16d8a29a6eedfb019d76f34d18a5cce9a08b811e9e2bb126124d666dbf11660bcc8f472e87197d83bd5b4bee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a10a7f305b8b843da53e03824da023cf

SHA1
bf4a58737bb7345ff9eb3ae35134c365a4b386d9

SHA256
ceb1c73e1bee3836e90fe51c4a3f7bcd0791cdb95419429d34384429422d5430

SHA512
571f3978d5562cf7068e6446e2b5f667f514f08601adcd73ccde4f737efd08edd5ecbf1872b2f57f35774432d31aeddbd5b5b3cd8b5434521a7d90d01dea0545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f8bce9113c63a7b310d449c53bde45a8

SHA1
84f92167c34e03d624485abe13bae59a7ac89082

SHA256
9289426f7f862012c2a8c0a7bc0058699cd69725b7d70f94399e47814070b28e

SHA512
b680123fb8d64337b574211e395b1c40b5ed1af97f04de68af0eb87fdeccc8067e20b25afd5df3ab5764564efbc82cd51b6e13bdf3a3d7500f99bab1ddbf85cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
76f3d1648f76a19fbdbfdffb9e3500e2

SHA1
df2fdff6b74329b7437b69ea6fe6d96e61546ddf

SHA256
aef046e9bb2642c891618ebecc7ed5cffb656eece75791492be54c27055d7374

SHA512
b8a960690bd8d628730e5c944e26ce4552c359fb2ab976d1c442a0541be88a8b67ceedd5af9014ab4039672b469c7e6dc4f40d171be8b71b9a693ddbd6b8e8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
03a20aebb2e828530f9d7126faa2c57f

SHA1
d91d71f6feca6469dc02944bd61599d0468d5f99

SHA256
918dc069de0157fac89a7ceec0dc69a5982fe640fa4561a27a6ebc395728dba3

SHA512
c555efe77c9422af98d1cfea86cc7a7ab49f6da61a5ecbafcfd7f803ee851088eb52117eb350452b02f4edfd6275f0651cf15084da32c64f6f5e15a268fc18f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7882dcea8aa573939e98031fee7df67f

SHA1
0764e67dc0cc718d2c593f5e58dc1b1f456d494f

SHA256
8754f8efd2e96a9260998949a1d6ee0b1d3a25d7d56c4accfacc7ffe23521afb

SHA512
0342183ea87f80a7974402ac9ebf06c870812875fa7603b80157a4b80fd8f1ddc95e25f874514c68d23222ce1461a272ffa15360a01a9830738cb37058bf611b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55441c31679b4c2366894617f1eaedb1

SHA1
57a820bc66af9df6188d89bafee77f5ad8796ff4

SHA256
eed114eddd3914a470b5d182bb4e8943725f444bc3964f819ac60e9029a61be3

SHA512
4be1eb00b7d703161baa7394b3e98b264005cd751144591b401e0e6140fe32ee29bd8adb0fd98df8a4787768f953232509902c79fc037d636b4feee32ce93c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
08259ef0f06a61d150546dda182ff348

SHA1
7dd07aca9261fea8b51ce26ddee98c7f4ebbe2e2

SHA256
caa686657ec790bc226b801cbf3cceb5d08c0832a01ea17285cf36aedaa36e6f

SHA512
08a9baab6a85a49bd1f89edfbea2ee1f5903456301cc8b15f45aed85da47dc6269be1dba64f69f692f4864b6e087fa11f9954aa470a723bc8129d20211e6e129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c6be9cec3589b65019f061399a4e57aa

SHA1
bc27885e41a23805a721e83c9a5db0cb67cbc886

SHA256
aa882e0bf29771e99e7f826d165f3d7c2c48efee0acffc30c263097ce1d24cf4

SHA512
c14264f4689e028e26f8c3bad0be05a23342f4eec503eb30299e5a0d7b52de554f88241f0352ba35c2fec72a38bd5068f163e911f19055d53e0ac069f9257a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e8397a51a1791ed0f90a96812f5eae51

SHA1
28665c5c4c2611444ab36006a96f566f37710a43

SHA256
3f42722fe6c7f687a41cea9cba11089fb914d11bc67c495b8da6abd4f72de72b

SHA512
ca7450c9e82d332fbd3e3b302763fa0ae3d4370db369536f0ab8cf3381c57dbfc66a3a81f394fea08230e65da5e53104dfd43ae63c8cbc40fbfae0903fa89fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
39a6571db9ae7e3062a123759f08bbd2

SHA1
91b5d7134a42740b5c758ab6e230e1de8e6700a1

SHA256
c3e26c455ff4df8ae2cce575bbdce1e910d16375cab88019988c82f046394a2f

SHA512
8fc506ad6f2d3ed1cd922b428da6f4a053fffc49867274bc057d6daeed7b7f706addf31363c490ede03ae3b287bc27b25c4ec4eeaaeee1e5d757d9aac9c5a5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f89.TMP

Filesize
872B

MD5
a8119b5d2fe1bb7dbc7958292b226a7f

SHA1
ee4a58ef255140d50cd234fa5f6a8a310bef130b

SHA256
d6eaf135b8243d6212150046590817b1ffff32dfba59fe4ca94048ee3827d66c

SHA512
aa029d8a17edd9ebf9cfa78efae7b51b15e634a81fc93cd7a557caa220b9baf51cffdeb0e761e3611b03986cbf4e0dfcef773c54ce7939f2010226bfb3e76641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43396721853353d0867ac9a9f1c4db4b

SHA1
5560b92d1f7c98ad23032962a0d1930b69ccd7aa

SHA256
e18943890f499bf4072a83f205df6c86504b351c91dff4d1027ef3a43ab0488a

SHA512
420b7f6d29bc5b446c8726da8e1e25ddc9edbf9fa7228e750214d884198ec2bd108cf0db81181b074c7a56baee60c9b1df32deea80a37c2e781aaccba1775fdb

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip

Filesize
283KB

MD5
6238605d9b602a6cb44a53d6dc7ca40e

SHA1
429f7366136296dc67b41e05f9877ed762c54b73

SHA256
e315b421cb9bc6ae65fdeea180f5b12d2c4cf4117bf5872381bb20a1b28dbff9

SHA512
a8c5923c2e203cc2076030af51e4aa25f4c94b595a7f7d15c00c1c4e0eb91ae7734db9c3d59584642d18f5d63a8aecfadb06803a990ec51b668d3d93a079b1a7

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip:Zone.Identifier

Filesize
163B

MD5
e52b22d40f6fafc31ce040016f9ad87f

SHA1
20b2a27ab5817ee9ebb80bfac72294ffe2f0fb5c

SHA256
0f36b8ed0b0a6c47d98e7698f75214843c55e22b15510a473384493d853ab927

SHA512
83cc4bbc6a6e6e4544c5dca91dcfd40d325a2b945b059e8a72bf1499e6a01d560c2a97ce2a14dcd68b06b09f16b705b6f12d3745fcb0ba8bd37bae282a8a96b3

Download Submit