Resubmissions

22-08-2024 10:36

240822-mnfqfavepp 10

22-08-2024 06:18

240822-g2txbswckq 10

Analysis

  • max time kernel
    1154s
  • max time network
    1156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-08-2024 06:18

General

  • Target

    https://getsolara.dev/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 35 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getsolara.dev/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c184718
      2⤵
        PID:440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
        2⤵
          PID:2156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3544
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:3748
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
            2⤵
              PID:4200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
              2⤵
                PID:2492
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                2⤵
                  PID:4044
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3460
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                  2⤵
                    PID:3624
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                    2⤵
                      PID:3436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                      2⤵
                        PID:4440
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                        2⤵
                          PID:5088
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                          2⤵
                            PID:4200
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
                            2⤵
                              PID:4088
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                              2⤵
                                PID:2824
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                2⤵
                                  PID:2084
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
                                  2⤵
                                    PID:1644
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                    2⤵
                                      PID:5276
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                      2⤵
                                        PID:5352
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                                        2⤵
                                          PID:5188
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                          2⤵
                                            PID:5196
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                            2⤵
                                              PID:5224
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
                                              2⤵
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1596
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                              2⤵
                                                PID:5352
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                                2⤵
                                                  PID:5716
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
                                                  2⤵
                                                    PID:6128
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
                                                    2⤵
                                                      PID:5188
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
                                                      2⤵
                                                        PID:4388
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                        2⤵
                                                          PID:2684
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
                                                          2⤵
                                                            PID:5228
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2092
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4908 /prefetch:8
                                                            2⤵
                                                              PID:3772
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
                                                              2⤵
                                                                PID:1128
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
                                                                2⤵
                                                                  PID:1028
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                                                                  2⤵
                                                                    PID:5504
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                                                                    2⤵
                                                                      PID:1308
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
                                                                      2⤵
                                                                        PID:5928
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2878711252932875668,9663736982607257384,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8
                                                                        2⤵
                                                                          PID:4280
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:4340
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:1296

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            e4f80e7950cbd3bb11257d2000cb885e

                                                                            SHA1

                                                                            10ac643904d539042d8f7aa4a312b13ec2106035

                                                                            SHA256

                                                                            1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                                                            SHA512

                                                                            2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            2dc1a9f2f3f8c3cfe51bb29b078166c5

                                                                            SHA1

                                                                            eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                                                            SHA256

                                                                            dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                                                            SHA512

                                                                            682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

                                                                            Filesize

                                                                            75KB

                                                                            MD5

                                                                            30bed2adad9a2d18d8cda10803d5a03d

                                                                            SHA1

                                                                            ff777ae85efeb5fb0aca956bc39fb93b51775546

                                                                            SHA256

                                                                            476465ca3e48944b6411af3b6b6c0b3ff70cb31dc0aca154112a6cd56aef7e03

                                                                            SHA512

                                                                            4e857fffa9afca11097d5715cff590da780defbe570cf4ced2c8478494461171727676f642217138bc78a2080b9fbe361797e19e632c11414afcb672df23185e

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

                                                                            Filesize

                                                                            61KB

                                                                            MD5

                                                                            60f6eb5df7c560b7536ed2cb0dfb7b6b

                                                                            SHA1

                                                                            672e5d4cc6574b0ee45e1d79426dcc2b577ccfd4

                                                                            SHA256

                                                                            0b3c9c669727da9f25dbfa92ac7a9213ca7a5d3bc6414dd12e2f011def1d0700

                                                                            SHA512

                                                                            e829b864ab689839800268ef1e1840cb209baf73a571ff7de972573c605f855f72068d74de4ad99830518dad52a3ee90062a7508921e7cc1a335c07b9a895f4c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

                                                                            Filesize

                                                                            90KB

                                                                            MD5

                                                                            1d0ae5c5ef5bdba0a366692910558cb9

                                                                            SHA1

                                                                            2c3a996a3f08f1923cd70d20ff600e517a2fca53

                                                                            SHA256

                                                                            2fe0f9ee13d00fb989d7f47d8b46da8e35339b134b542a638ed933ff0a25ab8c

                                                                            SHA512

                                                                            46105805ec433264751e15754e88de22ad8f05bb4d31e9f5fe6925132e0d2505f3337a512b09b83337499600542d39f7ec46fe00bb746c22ff4ab2279c5d4341

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                            SHA1

                                                                            eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                            SHA256

                                                                            e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                            SHA512

                                                                            37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

                                                                            Filesize

                                                                            17KB

                                                                            MD5

                                                                            8c40080ce790a71c9b85accbbec7a2e8

                                                                            SHA1

                                                                            ddf9ab694c9fd5799f8bc82cbf58dddc85d507f6

                                                                            SHA256

                                                                            4de75bbe04ddd6afb222da24d1dcd6ba1f361142c174efacc8f7708b8b27a214

                                                                            SHA512

                                                                            ef6baa1de2eeb62b63799bd070e193c2cf367f42adfa7f37e0f2cd9c9957e922c8343413e03fedcad1114be515c52bf1b3eec3aed329945628883fc65b2f38c2

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dfcbed07853ff0b_0

                                                                            Filesize

                                                                            256B

                                                                            MD5

                                                                            9dab3e0ffda71d6bac8bf3c171dc8207

                                                                            SHA1

                                                                            27f160d45947005f41e159e715ae0ecbe9df4e77

                                                                            SHA256

                                                                            104efb6b2c20e1f511e121c71d8f08c46d9087d8e050578ef62b77eac2df6604

                                                                            SHA512

                                                                            3bba79e2a95bfaaa9974d62cce97f08fcedce6de4abf06df878f9dbb9779bc8d261fa4c574a4f14144bac57f5b7d7dd2417ac4ba64c7e74decbc959e8295251f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            5affc94d6e1c0a277f3181837c52ebae

                                                                            SHA1

                                                                            d220dec8c48bd80097a7047e7553c3d5cd34a75a

                                                                            SHA256

                                                                            839cdc69dd2c8f15bd0e724b71d59ed501fd981a2eff70a456ebadc2ff1f8b01

                                                                            SHA512

                                                                            56711ce0858b18ed4bdc4bccbe9a3d6b543c6292ceaa134593a13f35cb38493062631167f8195f3bcdd4b03981ed3d4a2db48c461b33c2328198a671308b3509

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            960B

                                                                            MD5

                                                                            fad9b0f787ec27591c7a601bb966b8f8

                                                                            SHA1

                                                                            06670da57fa40cb5bd2ca0227f81eb225dba5605

                                                                            SHA256

                                                                            a737708b16494c336a55d237499ed2ef8984a4009d526391154966a200d7aa51

                                                                            SHA512

                                                                            7a4d6e71a79aae56529cfc16693020851654644c369f9581fbc53465b510bf2b1398f7a110478490a636c265d722a8c088b2816ca5a43532acb8fc7eef3b3815

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            a0592019304e6f406b597fafaddc8b54

                                                                            SHA1

                                                                            fd4c66b790f02b55669e05761bbe28d615a939d5

                                                                            SHA256

                                                                            20d4548df32a93d5bdc9ee42d4695a2e5e900240e6d2587c958fd10b0910458b

                                                                            SHA512

                                                                            5f4aac75a7f33a4991d4648c1290da7305a91d4b1b4a60c33d5b07c83be4ecbdf9650656ea13c9018d9cfb893194201e543a666e9b8c3027378d1c1b8e43e427

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            bd9593790761ae0ef433456c93e45d60

                                                                            SHA1

                                                                            15080328c4d31955b9a64107f71a198bbdd7aee4

                                                                            SHA256

                                                                            dbadbf971e99622b2d44bfbe67155875d3db25cfb4e2b1626e3b9739dfdeb6f1

                                                                            SHA512

                                                                            f378c9a0eeb71fd69e270399ee002dfcb9944fe992241d59130f2b41beb7e6db8eb629c8eb23a748deb340b6c077c2a6875e0436c56498952a1466f6bce69345

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            35c21883b0266bf035d0c8b410b8bb49

                                                                            SHA1

                                                                            52031ae9033c372fe5a2036b7a01f86f19831c90

                                                                            SHA256

                                                                            c61d4b54ab65b2fa5e06f96614536edc49f7f1530d4190d608188799095aba75

                                                                            SHA512

                                                                            a2ee5cef63032fbfa8e2182329997000632fd4a7f0adae64af94c2f70641a758ade1e4a0d9c8b81806ce1c8813b2ec98a0233c57a4bb89d1201ab0b286a2b4d2

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            45154bbd9297614877a431958c893bd3

                                                                            SHA1

                                                                            9c43722ac9c5f073ff9c4fbc39f1bab3d5528c9c

                                                                            SHA256

                                                                            999f55144c36c8f1b1345835aff7fac9ef3b8000a4ff15058cfaad0c5ad9209a

                                                                            SHA512

                                                                            945084432c8984787b9189075a4ecd8995d429d211328464b15c2b61403b76d405988d218a65693d28cc1a2745614c61b2b8f3e2a0653bd862be43531205fd59

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            b428e550330f02ea243ee99871a0f9b3

                                                                            SHA1

                                                                            b6507b64d12ea82c518522d20bce73e9aa94e5ee

                                                                            SHA256

                                                                            8a7f6d3e68f2167e2f9b6d55a6bf7d45fe2697b925e4d942830fc2a1d5edb3f6

                                                                            SHA512

                                                                            f288c17f412dd1b5f64bb0459138651a628c7399cafc1e975369535dc4452eecf32c240a721d8383a09c87547eca3dfb44d3d81f8712540529603cb1a273d924

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            e9c355e6df6fc02ffb3d898009374c04

                                                                            SHA1

                                                                            10484e29538ca7e00a8852c14a2b7e33645fced0

                                                                            SHA256

                                                                            ec3b7c9ef8df9c2cf982366d0b97dc15c1a240fa9e580733901d73fc3d6151af

                                                                            SHA512

                                                                            0b384918326765761b6eff40901bf217be80630bb873372b8e214828893859b0977441ada6a22c8eb2442b667913fb75123bac8d4c10f0f347a6f918cbce3f41

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            cae2f5405456b14ae06119a218b45ac8

                                                                            SHA1

                                                                            f1a6be22c04c8972c438f0a06f835673627bc7ff

                                                                            SHA256

                                                                            f3e1b82b0b72e48994ee13372029ef5a481f4570ca33cc78c76b6b33d8adedfb

                                                                            SHA512

                                                                            88770731712575e1a3b3edbe40f77a0e57476b8792e2043a27a3e5d741bf77204c1b43c1915c63d0fa921f176807749efce8fbce19050b03c56ca6e90bd42219

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            f12486d79b4be0b2e81a4a4bb62eb763

                                                                            SHA1

                                                                            7819f68c5c772ca292b261036f883deb45863dc1

                                                                            SHA256

                                                                            8cd442e1658bebf7823ae4354ac96b266a65d8e5fe1d7eac0426e45690926017

                                                                            SHA512

                                                                            2e9f9b5b21ef099355f5f90390f0af558b5e41d198a2515cac242b84c015f53127842c03784c45ea8157554ae66bc28be1c9f84ca399284703ad24d066aa3b3e

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            b12bd98ed302b43864a703d69a91f0be

                                                                            SHA1

                                                                            dde0126bf58dd15a5e388a36c59918a7de47a935

                                                                            SHA256

                                                                            3c38f41389160f1bcd69c9b0e1b1eabbab571d2f8a8fa11e35dda31cea65de62

                                                                            SHA512

                                                                            f95d7d824a4916c6c01f66f387ce2852ed90b83e833b0cffba4655f9408ce686096ac2159dfc337ad6a6a1f270da4f7eba154f32b3ab0cb1dbaa5e9118a61e3f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            c2b464be303d1fb855a7423b5689c375

                                                                            SHA1

                                                                            e2eff50891027b73463cde490465a5fa00bfb3ba

                                                                            SHA256

                                                                            b8b4799e1fb83c635394401209b8ce023abf9f0f0307163e370bc1ee9954eb5d

                                                                            SHA512

                                                                            1e3b1d40fdcabdbaa05b16764953d006120da7ece5af27e57d015bd8722f8964d7acdb9b2acb172dd0d431e6938e5407a3f1d3e52524971b24e867a7610b1402

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            0241d9edcfbccc23fd4ff6cdda3f87b4

                                                                            SHA1

                                                                            fd90cd3de1722b9df18d96164a763b0b651edf9f

                                                                            SHA256

                                                                            df293f0993d6d5201759cd3dec5d31b2d805b628b76feb01db40100a11c31c45

                                                                            SHA512

                                                                            4726480c7f4201ec22e4aa72ac3a0f7f9dd7d6b2a029b159f805e43df4243a1c733ce40d3d24e11efb3fcb8fa90ffbae784e91c35265b886f06136f82d19f3dd

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            d6bc11bba5614243a7bcd808b8df0c18

                                                                            SHA1

                                                                            0f7622ea690b5a0c643c7a981211ed35bb302401

                                                                            SHA256

                                                                            664541c904163d2b9c0191f6cf980040ebab8770f808fae66b71b4a049611beb

                                                                            SHA512

                                                                            1a307cd7321d7f0b7a8e77ceb5b5eb9a3576db0d291e38333f0decc596de823659f05bad22bbd0db838339c439b5b0c7731c0bb9f9e1268b0150403a4886df28

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\509e98c5-4d3a-41cd-9340-8bbaf0588e69\index-dir\the-real-index

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            9dfd4b246944780ce1639aa9554073d5

                                                                            SHA1

                                                                            ad2ccc49b669efb3f90d4475a59f008add90faff

                                                                            SHA256

                                                                            b6a141b93844374a8aea46a9614e8df4ccb68e05f4a0e1f5b4a3c80dc09d6bfa

                                                                            SHA512

                                                                            593d137470e770af18e6b4ea777cccbada24e09929bde4086ec0e1f7b228cbc05dfdf645e8dedfcfc20431c889b0cc793510785c33b17682636e7989001a43c4

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\509e98c5-4d3a-41cd-9340-8bbaf0588e69\index-dir\the-real-index~RFe58a68c.TMP

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            8f14e65a14ae84b3033120be3066c9b5

                                                                            SHA1

                                                                            bf64bff23b18d5570806251946e8b5d2f06efc16

                                                                            SHA256

                                                                            525e547eaeacf94fc17048e021494a11b1b7a92f7b196490e4002fef229b3f1e

                                                                            SHA512

                                                                            21bc94481875e612291303b6c4dcbac670e1a965222a0528c043235fd1bab754e1af0930a7e2a379103165d40885f35eeb530ddade97ac36ebe207d3d925801d

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\65caa433-c5ee-4a41-9bd7-7b2e48146619\925a02cd30dd2ad1_0

                                                                            Filesize

                                                                            125KB

                                                                            MD5

                                                                            bef8645391fdb5823a7af1d910ebad45

                                                                            SHA1

                                                                            ae9d22a0712be11ad9b8f0fb4b9617a6b98a35d5

                                                                            SHA256

                                                                            8ac196c49df77bb804a8f0fbfc7127193a1a01f8d4676c5625bc0311315fd02c

                                                                            SHA512

                                                                            06b7029d1c77ddc2e232831be624403ab3d2f101c9e88f7050560696563c53b756ca9562b04876e20f5ffd148825bd06df343db44c3108dfac05d5d289d9e16c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\65caa433-c5ee-4a41-9bd7-7b2e48146619\index-dir\the-real-index

                                                                            Filesize

                                                                            72B

                                                                            MD5

                                                                            f473f4c33088414bdfaaf4d6475022a3

                                                                            SHA1

                                                                            8719289898c55a7cc823c81fa45bcdaaae88d617

                                                                            SHA256

                                                                            219060282ca28e655e0b9adb6f0b6338bf4cdd6f7aca184742c43ae781317122

                                                                            SHA512

                                                                            f012b075364399543e59cff587b3d26b2ea3819c78530f90a327bcd932f7d5cdad7a7b0444cc6e2ace43dfe276fdc43ecc95fe449c080cd6572f83436452e2da

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\65caa433-c5ee-4a41-9bd7-7b2e48146619\index-dir\the-real-index

                                                                            Filesize

                                                                            72B

                                                                            MD5

                                                                            bdbf249eb1d1e997b5c770077cc03f15

                                                                            SHA1

                                                                            08e4c029e7d9d3961192c5dbf0fb0f210f9e76d7

                                                                            SHA256

                                                                            551f5b1790c8bfcc145f933a436c00284bbbf031a35da08018d90f96671dcf3a

                                                                            SHA512

                                                                            129a0847bfbd606db7896a0939bea799c3ffac43b2b3e964fc538e9310a3486293a1bd213e4cece81a7c600829750367cf00eb3f61e03e515190a21256604280

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\65caa433-c5ee-4a41-9bd7-7b2e48146619\index-dir\the-real-index

                                                                            Filesize

                                                                            72B

                                                                            MD5

                                                                            27556bf2dfc86a12156eb632fd572b06

                                                                            SHA1

                                                                            f99c66ab70fc1527967bd9bf40a3fc7b7010d1fa

                                                                            SHA256

                                                                            ffbe4c46df416d3052b3416b933bd1bbfd6a18fa9f4b0bb7842023ec403c077c

                                                                            SHA512

                                                                            57e45c5219130bd84b3a249c6c2cddd180cddd029bd5d5e18c7dbefbf9091645f778be93c87626ceff1903e27e580b74553d5754c292350ef58bb34082598bda

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\65caa433-c5ee-4a41-9bd7-7b2e48146619\index-dir\the-real-index~RFe584031.TMP

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            291e2d706065292f2f697e2a7d257832

                                                                            SHA1

                                                                            d3733d943c9a9ff66c23f9aa70a36b9725ec03be

                                                                            SHA256

                                                                            9ea30fad235a7803e6d40aa28ddfee6c881a6350063755839cc594d0b0094333

                                                                            SHA512

                                                                            4124230ba76fb7464068f8e05e1504b8a85262f400693f02e127ba479686672ee16fcaf4c6c337826cf87ff9f334f520218f91e595db44dacb0eab35a4256752

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                            Filesize

                                                                            86B

                                                                            MD5

                                                                            e77a7fab39a0e4e920ce7180e6edf5bd

                                                                            SHA1

                                                                            20a3985ad588b668b50c2603e318c857d246433d

                                                                            SHA256

                                                                            bfabb17eb1ff8a773b6260bba30accfdb8fa6aac8f9e08e808936b9eaa89679b

                                                                            SHA512

                                                                            793b837df8dfdb68fffa18cef4a4ee766720050d0193c87460276a0c3b94f26d83e824e96742fe4c21d9fabdd80319af878166c525e8a26931abba86bc940b63

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                            Filesize

                                                                            176B

                                                                            MD5

                                                                            2996aae469aa9985ab5b0a5c104fe49a

                                                                            SHA1

                                                                            b62f1bf0eff2c0fce53071d5395e458319a6f71b

                                                                            SHA256

                                                                            d150fabaa8951a3817f40e6354a6a8262d6aa1efbdbc661d9fd355ea4f3d2845

                                                                            SHA512

                                                                            bce30993f27d25d78109b6c630e9d496ad348ad54395b708a2ee7f2694aac89d617956858fb5853517b5a502aa2cd0113cbbacbe3282e37a15e885302f0a315b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                            Filesize

                                                                            236B

                                                                            MD5

                                                                            6f52cbec035390002a35f87f0a0c008d

                                                                            SHA1

                                                                            a02c7ee2b6d3527ede7b9300993e233b8ca1f7b8

                                                                            SHA256

                                                                            bae2419d77060eee04556500cb9f3acfb59326c53268351a76400c0e6cda2a4f

                                                                            SHA512

                                                                            38d9df304de61485aa5a8caff5d78159003773c081f2945c61f64da642742f5a2906bb5e87ba0a070d73ea6d596bcc00173a29198be7f3bd4cb5f96c7a6e704a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

                                                                            Filesize

                                                                            229B

                                                                            MD5

                                                                            f2813181241c3a8cd0541cfc53cdab52

                                                                            SHA1

                                                                            2a2c7f6d9f0855813954ca8aa823fcc40e2a7ece

                                                                            SHA256

                                                                            e4c516668da32eee0dbf819bbc269b40447919cfdc6d741ef7ade7563757fbba

                                                                            SHA512

                                                                            e226ea047f6423ec8348b75746b767a0a8aa74a79ec633a346bd8c914d1d6037da4dcb029820b3d2ab4975bb037eb2c3224bdb23839691c147522a7df9b4205e

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            46295cac801e5d4857d09837238a6394

                                                                            SHA1

                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                            SHA256

                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                            SHA512

                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            cfc8c9c054b0325c2dcb88248f5b0dca

                                                                            SHA1

                                                                            6817f75039c074652299413ce1a8e01c53470701

                                                                            SHA256

                                                                            ddd0811a9541a7c36fd03ab75c36d470755afc1fbccae6d9662d4dfee8efa46a

                                                                            SHA512

                                                                            c196cbb969616e22bdb1addca14c221d4a5b899cabe0bbd11ab44164accea6619d1b06edf9368b71a4d124cb6d04436c04323c651ec88f7f422638c80721402a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            e1642fb9a1b7e0a466585fff9bd3dc7f

                                                                            SHA1

                                                                            5e064339b01579b54ba6dd09f458070777fdb3a4

                                                                            SHA256

                                                                            05d3b7050f2bd0a66b93d1015f6fb351700995ca8e4e8e07b7e443c2e7ddf076

                                                                            SHA512

                                                                            7a5c16dd955a1936d0dc611d2d2a95594c138eb9c5d54fd7b5993ab154c736c4256557f413a478bc13320507c0655fb1ccfd80c55d8a4f5cddea6c59b278dcb8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            ad575558aa5107e2c7116452975f9dbb

                                                                            SHA1

                                                                            a4a06b56939f96e5d6b386ed13ed8533342a1036

                                                                            SHA256

                                                                            7e42a94b2a43489a5d925e5a3ef4d278ca1b0ed8c08180fa7ee1ad6141d9cf9e

                                                                            SHA512

                                                                            b03704255d83c3e0394d57f7c8b46914cae066d7c3df2a483321c28aad4e3b1c0f6ade73845290850288761570aa93d3c9e114e1d24f5a8255c20c4a70ff799f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

                                                                            Filesize

                                                                            54KB

                                                                            MD5

                                                                            12358ac71d55120a0a89dd43473a3caf

                                                                            SHA1

                                                                            6d2bd0a4bb72850d3f7f6306ed70efdc13a6ad86

                                                                            SHA256

                                                                            bd00172297b0f004feb7a18b0a92d015f4fb925377cf3ebc8dd1ca9853be493c

                                                                            SHA512

                                                                            7062914e97f5f94058cbbe93b2363269f44014167b6ad891c44a0be132e6c0b4c0c052397512464c10f16b2bd2aafdc6d8d44afa81da5876fe601a80976130aa

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

                                                                            Filesize

                                                                            14KB

                                                                            MD5

                                                                            5603b3545f5022adf6696c8fb4ac84e5

                                                                            SHA1

                                                                            bff1839fd22425ce76a90a694ff06efa3b87f2f3

                                                                            SHA256

                                                                            17285611294829d4b8a46963168a70d8e143917cf857b194cbdf7ce6ba3d3287

                                                                            SHA512

                                                                            b957027f0573fa580b3490c94d6645a336714fdf6f5d60f77fd21fde0f23bb10feae8448d695b719fb8ca76b51fe4e88a77f891fda9d2829afa460811667ed76

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

                                                                            Filesize

                                                                            36KB

                                                                            MD5

                                                                            ad4b91d61e7d69c1087d0cf3be19ee1e

                                                                            SHA1

                                                                            37facb0ae3b1bc5de9295d9778f994801d6fa2d4

                                                                            SHA256

                                                                            a7d7a74adc380bec6c31058d6a64ad884cc2f766b5e367da2b2903b3ee057a0c

                                                                            SHA512

                                                                            abe4930984effab9fe6a1db66ecc3b0cf4bb557db6f6b30e94b92a7720ac163a3af32f57d1ae91ff3f7b2088eac5670ecf9f3f7af001fa2f90ab3194e5875ae1

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                            Filesize

                                                                            120B

                                                                            MD5

                                                                            dfd9d7cc4dbf4cda551f65a048dd52fd

                                                                            SHA1

                                                                            77f0222c7ee53e87a3e2a93f7621d5846c774b93

                                                                            SHA256

                                                                            dc059b7e108aefd1c2d8b8a31e2428b40c2b042f7731b16f85848ba4352cc47b

                                                                            SHA512

                                                                            df78a924e9f475af7639bbaadd191ad9a2d2dddb1fed24a7428671b6f13e669775fbf05d3fbfc1847a327a8717b77a580247661aadb1c80b757f275c064117fb

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584561.TMP

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            15b05e4c3dcfea1cbfaa51363eee72ca

                                                                            SHA1

                                                                            69f6b12ff26c9b7384b6054b4320efab46658794

                                                                            SHA256

                                                                            c1e2011a5af0297233b15e35e3f5987d0a250f08ec66cf0b6f3f331bba14b0aa

                                                                            SHA512

                                                                            6e3f9879cb67065ee3b1b2afde4a9aa0c58da35dcbefae2543793d80eb69b8d97f2b39f9790af83e26e57c28f646500bc1de2bd2409563604c26bfa2c2cccc7b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            872B

                                                                            MD5

                                                                            38bca3ae8403c900f08bb455a47eb6e8

                                                                            SHA1

                                                                            93f48177e7d96d5b89eebef3e52fd86dff0cb27f

                                                                            SHA256

                                                                            1def3bb8b61cedce08ad0121b95289ab37db719cbd48f17dc1386709262d53c3

                                                                            SHA512

                                                                            38a415e36f297329a47ab6d4c6f9eadc95a72bb57a507d5fd31bd55055693f6a0f93cf97e8e2e17cc096080a2da4f8dd0115d22c1e7d4b3493ce33afca84b565

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            705B

                                                                            MD5

                                                                            a4e06667328d715b67dd7459823bb863

                                                                            SHA1

                                                                            25295a929ee8a9c07c4c3450fef05528de0e8ec1

                                                                            SHA256

                                                                            351b616928c8ea095783a384b82540f154ed630640d7453e6fa9652a9a336b6c

                                                                            SHA512

                                                                            e19dad287132ea5b1c1313b136f11473ebb1adafd795c753770f3e8e4b551c2c96f8d5cca74fc26ddb7a3e7113497e69ba548845af3b108492a3f27ef411e5ba

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            537B

                                                                            MD5

                                                                            bddf9db4e6601aef23c12abead6d18c9

                                                                            SHA1

                                                                            716f382ca2e7127a780243ffb5c2a0f85d74278d

                                                                            SHA256

                                                                            84576e509acf8cb9059a224fb3b79561619344a1192cfaf37f06afa23895972c

                                                                            SHA512

                                                                            d7f046770cb4af93f6ee4b11432a50f44fee0a6b07018a0916a507a846b884ecb4acd9dbdf7b719b70cecd7e0d60e5c09147c024979425380470c9148e296d20

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            2f7e07cc14a18b04b5d71a8df7497cf7

                                                                            SHA1

                                                                            9fa82838f3dbe4c1f5a3acfa0ddce4a4e4544bc6

                                                                            SHA256

                                                                            038269e7fb5b1608eba368e88e3ec3c5181f088939c85debbadb36d772e4a485

                                                                            SHA512

                                                                            b9a564d8d2222552e9fb39f5072014fcadb12e36b831a790d4b18242484c4fa3bb0aa44d94a24864077227ac7887f37797411e8d6324c0e331f3d5d74700c15d

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e48af9c6-24fd-4e5b-94c3-8ce4145bc94b.tmp

                                                                            Filesize

                                                                            37B

                                                                            MD5

                                                                            661760f65468e15dd28c1fd21fb55e6d

                                                                            SHA1

                                                                            207638003735c9b113b1f47bb043cdcdbf4b0b5f

                                                                            SHA256

                                                                            0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

                                                                            SHA512

                                                                            6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            27cd17ea09d4334e7dbe49474e8ea0f4

                                                                            SHA1

                                                                            ba06f2eb5f1f08fc5a1be36dc702cb6199c99c10

                                                                            SHA256

                                                                            2d66a1b6e6b60591769f98f2e845026a4aa91ea5194a38d8651435e4f2cb4854

                                                                            SHA512

                                                                            016c6a99781740c791c5eae902f243baac71ea903e14888808c5f2a04a23e0db331a7f0d0598a9d068d7dea66fc6b9f1b71bc9c95f0492750dbfb2d5788bd27a

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            f3b25701fe362ec84616a93a45ce9998

                                                                            SHA1

                                                                            d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                            SHA256

                                                                            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                            SHA512

                                                                            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            ec51fe97e1fdb49b20cb133fbcfd128e

                                                                            SHA1

                                                                            bfac35e5020fd8e432f778287c626b8bbcfcd6bd

                                                                            SHA256

                                                                            713d2afef81780456d75a84a84db4614191ec31ffa0df18267ceb5dc89aaf97b

                                                                            SHA512

                                                                            532a60f21c574a742168dae0c7b6d84fabb6b74aea842cb272ec9b2eee9b3f79a079cc92a0f4ca345a467a562d1a2d0b73c589922a917ad94603a287a84dae08

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            4a1f19ca7d81a41131321ea226d00585

                                                                            SHA1

                                                                            eddda72b102483350d2dda2b840089104a3f99cf

                                                                            SHA256

                                                                            d32abb8a0ea85ca03e2550b6daf5b45e62b04697b50ca580ecaf7c6b44bb64d2

                                                                            SHA512

                                                                            389748cc6ac8b72730c2f00aa5bf4a16303bad9c22fe664bb2e51a6fcb016d94483cd4835a54433ab548864894c1f73eb472be5974d3978657f50c2e145b821a

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            9c7e06a6a8c3548bcc3c3c2581bc0c88

                                                                            SHA1

                                                                            c9fc11365af066b10cba34154c405b307d91aba3

                                                                            SHA256

                                                                            97da32a58be1322fa6dc2707519b8788bedb3985ef39a6ecd72fb80910c5d3ca

                                                                            SHA512

                                                                            aad70d19470eefb03a15837ab797fb22585a098774c836c7dca1f068ef617522ccfcd14e13a803a06ecbcdd17cfd69d6c9c4fc1dbc8471fc2ee96cdc3848cf96

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            972d6ab2330ba33985f07467c7f9d7b0

                                                                            SHA1

                                                                            a860650b11e83e0b4714a633b30c2c514e294273

                                                                            SHA256

                                                                            1b3ed806a99a9e60694fecbada02a02402a44e34cfa4f6613d71fcff6ada1a37

                                                                            SHA512

                                                                            c9cf650d3934e9a27974ee8533208387e2f6f6685c3f5266775c3a487550167d097946f39b17e6cdf6d8e02a88bc07107ae16e6b7188d3ad06278e8cf64a6ce3

                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            1b4ca9eb220e7437d2662c48df15becf

                                                                            SHA1

                                                                            04c9462b68c05f2da21f397f3f81722c91b5d1cb

                                                                            SHA256

                                                                            41036307108bf68420117a2b1c8080e95526f696daef7e9b99739ffd4f76eb8f

                                                                            SHA512

                                                                            75fa83e9c6bcb073336722905bc9e69103297b599d5674fa7a24d8576a581a656756ee4c954b8a435e023b3fe5d3122a4ad02155b6691da4b0a998c0b4b59c2f

                                                                          • \??\pipe\LOCAL\crashpad_3756_YONNRUOWCZMMEDMP

                                                                            MD5

                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                            SHA1

                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                            SHA256

                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                            SHA512

                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e