8f1373d68141153fd199fe865bd31c8052798fbb46316fb30615c0e36ee67107

Resubmissions

22/08/2024, 12:33

240822-prdrcsxbph 3

22/08/2024, 12:31

240822-pqa9vazdqp 8

22/08/2024, 12:28

240822-pnejgsxamc 8

22/08/2024, 12:24

240822-plfzjawhld 3

Analysis

max time kernel
157s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_20240403_100446.jpg
Size

151KB
MD5

c831ea5e71a02f0385cdfbb21a7f7a13
SHA1

4430b664552e60813b24df402bfd98e8e240bb15
SHA256

8f1373d68141153fd199fe865bd31c8052798fbb46316fb30615c0e36ee67107
SHA512

176f89f164e522c8585ccd50579089b77a1a6be5e02b6081289d25811ec39789710b24cced27384df2f6ceb35d53a2db5e361179581dce7888344cd6c51731e9
SSDEEP

3072:HIEGfnX3ag2n/nau9MhVAtIveKBzXEqbq5YZI8xX4tHG4xiN:HIBy/ausAt6egzXEqVe8OHGV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{D8906B79-6ED3-4CE1-A14B-06A3B7B17724}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BonziBuddy-1.5.0 (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
452	msedge.exe
452	msedge.exe
5092	msedge.exe
5092	msedge.exe
2360	identity_helper.exe
2360	identity_helper.exe
1696	msedge.exe
1696	msedge.exe
3760	msedge.exe
3760	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3612	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 4924	844	msedge.exe	86
PID 844 wrote to memory of 4924	844	msedge.exe	86
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 2820	844	msedge.exe	87
PID 844 wrote to memory of 4788	844	msedge.exe	88
PID 844 wrote to memory of 4788	844	msedge.exe	88
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89
PID 844 wrote to memory of 2388	844	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_20240403_100446.jpg
1⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe677a3cb8,0x7ffe677a3cc8,0x7ffe677a3cd8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,10239584190285686173,559163794421937860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
PID:2028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
46KB

MD5
449b30bb49e623521a2b867362e7bc47

SHA1
be2e57a59772ae53d9b4884846a65de530f65c98

SHA256
46fa082c5ac3e377c83674e8bfa2dcb5244e60bd78686d24bd8333968e78d782

SHA512
d0dbe79103c17f6e2119f95a45c5bd37d4cce4cb535215e43ac75c2c4b98417077adccdfce1db2fdd149e68108bd02e227ce0766fea90b8c9feeeec931b6b0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
2049c79ddc0ba3375dfe1832624bba4c

SHA1
aec0cf9ae1738391d630681d653b08625b276bc3

SHA256
e9cff2115e36f340c8a7cee5f24c5392259cd2c440fc9890b265551e4badf572

SHA512
4fd7488e94e8c9c990439a9200e9317eb7dc50eed35d32d17f13292d4d468949d990afadf4c654e8abadb638aced83cdd868dd6b68d4efe5aeec2670573da0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
27KB

MD5
f930621607e050dff86f94bbf4806b73

SHA1
d06bdf16d5794550b78713955629c465b6970676

SHA256
fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e

SHA512
df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
1.3MB

MD5
8816c9c3eddf1852bdd80e2c851dd89b

SHA1
2a0b9ab887f2b95011d793aea61f8052d49df3b7

SHA256
3cf4babb9e14759c28087e33a20eecfbc34a7b7c2cdd49c4610e12114659e93f

SHA512
dd313b6f78dcf75ba63d9c2c24fb1a198a9a0f4dd654f37cf3e16d452f8bfb4565d31d8bbb07c214f0036930dd9eeda9f57a36bc943894fafbef084da2ef75ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
88KB

MD5
2e63920d630e0ccd53b648ac0890e160

SHA1
9d2f7b1460feb585a29c3dca01b734b275c84cb6

SHA256
ba7be1f7ed6cbb83c7a670e1453c4b404adac2be537ce6a52eaf271626bf92ea

SHA512
87d7c366cc31264cd216848bb950714ec009d7928dd21ff74c6cb824a9dd48c633901a91563a5258903c9fc92a408d39eca7e63896ed8c1c6bd6de607d6bd77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
51KB

MD5
884b2696fd30aff5bfb005cf6e17dba7

SHA1
dc3f23043ba372c54d9882cd1e3be5b87eed3a83

SHA256
7398696f46a012316ff3a21db0ec5095985aa06506edec61f3f09d365eb9ada8

SHA512
ada5833fe92cd52a8ad5598faaf4b7c804d14a732c13e149b4347eb15de17637309be9179c0b61c753130dffe444cb9277f3c2fb870924ef4b016b89c580796c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
20KB

MD5
a6ad24daf242e845b5d55268bd5d1f9e

SHA1
dfd157ac56810ef2b816480bde8d5557665261e1

SHA256
8598c88986c155a9f89ba7a6a426f98fb2a8e6ec1cb3dd06ad75a33c7a9518e9

SHA512
c623261c1bea860b09efd48f0b623a39a18e483d6620c3ef03bf993467db0c3ce40905c568ac63be03162916f60a6e3447aa75aeaac1b97387d4cde29f463f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8146292c47600533bc6031ff30081038

SHA1
df5de4c38492a5c62b917619404ad8dce5616351

SHA256
3e6fc87e563e49d8650d95fdc3efe47ea3c744ad751f296bd1e29bacfdfe6299

SHA512
1e9705cda8f3542e4697dc7a8dfd89292cc8bf0fd3deaacd758f7bf95689176ef906c07221b01f1d7a08547b79d68276caaf2681ab340a45d2aa7fb086de4753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9768433ca8b6b47cc56c53267e1d30bf

SHA1
e50a935c57649670af06c8763ede208bbdde50d1

SHA256
25fa1e300f0fd00cfeb5ca4b7e47cf19ff85d5f146b1c817fce85f9643020067

SHA512
9557a4d2ac72720dba7f9e7ae4b30210c9da8e13b30e6e16c1425e5a3414a529fdf908e6a9854fe7f5adc279289458814d7ef6cc087c6cdf9ae02f604f6ff2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
551B

MD5
cc04e0a45cbaae8704cd7331a1ccfd7f

SHA1
feeefde5ab3bc80a034ea4586d74900f0aa7012c

SHA256
1e86558585e9dae097e225d3a0ea91b487cc5b269a0f221ce8127df94a31551a

SHA512
18c0abe0fe57ab59a7517039918c5de9fd79574bd3dc9fba4011a1ef1c47797583b1808546ec096ec09c9611216bad63f6f6249376507274d538ad58f3d01df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bae4d24acb057f51cb99c3dc8197ecf

SHA1
f297c8ab2eb7c775693316f85353a5f9f1e16052

SHA256
92223c00da52bb190890a5b3b23f28361d469e29601a46fcf3061958efc9994b

SHA512
8bbdb3d99a09b1842f7421e9d69bfe2fd60c0b1ae140970fa0af40422ea61fce1e28da8c6a54f3371a69c6ac935e8aade8e9f93bfa42e223046fddf6cc2cebb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
811552daa29e2546ad3a859dfb0f5dad

SHA1
899c2fd82864a3857d5ce107b66d53bd3a9119a9

SHA256
0c7d8aaf6483712fba45fae881c63bc7485bf2153efba5c5e5d5f494fc09a1ee

SHA512
295b60dbb340910e84da7f3b57c7a9c82dc94c26f1eba3225502c177482341d33812a22b9d3d7bb059f256d3110713906273bec8f33fbec6718fe4388325e93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
365b5c864a388740f7d4efac0ddb315b

SHA1
522da6b1efae48082f2c15e8e3c53ba5a9a8321e

SHA256
4aad159d94cc948353497d6e6dc2a3b85c084a1e8cf87dbdcaa236441c53937b

SHA512
aca2f1a3b9ea0a262e4219b52685f7e8d5a5739ad2f81b0f293c1c52be03e1506a7416378374201472bc510a3bdbe45142c6401c5b9f76a22dc7f1bd71df114c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cfc5989b502ec3a65cfdbde15612eb95

SHA1
b8740c0ad4e75da6a7d8d4532c90528caa4d5068

SHA256
e9ed89dabcd10fdd62467a291f878d7d896848eb47473388464a2e33e74d1cd3

SHA512
5b0ca47fc7d5ea22410c52115589701145218d962a27816ef2111c5b3934d91e7c1f566aeeedb5395a22dcbd778b96bd0598c6ec74e2d120523a7c436ac5df98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
93fd5367645657c20d6af9b20eab6ddd

SHA1
97cf3a00bf162d0ef96d28da65265ad281ed89e9

SHA256
70e171b2dababff471ed55a65a6654c80ad8c61f0b17e60881e2dce5fffde7f4

SHA512
c939c73a94c722db82a827bad8bfa770136531072b7966dc3307847c8d220fb41302a15ee056f62d06c3886ca556a4a019add53e45688a8208f407f5c9eaa123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5325b05f5ff5f0c19096cf7489cd85ed

SHA1
94fa30edab0ff7c34e2389d47f8e7583e1a64fde

SHA256
ef4beb4a50a5a9cac7574ceedd022b592cf7d84e490c338aad4a47c31cd0b5dd

SHA512
6dfcaa5055a3e48ff7aa4d13d4eb7ca6ef59bb065f66fcd2e69d444e088932139cfc7c2a4015459359cc2f9db20184face4f88f9d23e25ee7bf9459041629b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e8ddc2ea4ef1572c9dc45a68bb52919

SHA1
2b6df960bdf924f510b2f42129c3c708150d01a4

SHA256
c51e63600de381d80f6930133aa1895f9013e086511d814263ac55d8e7a911fb

SHA512
8f0068186f3e5e5ba54dabeb3a6a73c8c6ab279b525711a327930ade2fe0ff882421af5b1f813ce3eb6564196b500411d22f4366f0defc29039ed03cd2916e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
472d378e2e97511298b6c64d048da645

SHA1
50867ed2649bda28c7531e98c60c4061a18dd0f4

SHA256
412523954809164fb649d8d966531506469c447744bfc96aca32bf10a08de455

SHA512
0933b4ec8fe28d789ef523025847591b0e9ff4a742ef814151850084b6436f5ce5e70efd3633caa257ec0ec0e27f41d25ffc82576c2461a4e5946627131ee9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0316b22d20cf682fa3b89b04b9d5ab83

SHA1
31054eaca6b4b4b8ca6574c8aba9e5aecbffc851

SHA256
72a24ef2e41df34b9620d9c7ba0317005412d0704094c4a643ef963dfb4821b5

SHA512
a5045267d4fc749b75ab669655ffc11277ee5b2be78db799704b634aaea92165a35762f5c99fdf2e6d43a84031db04c7c81f6e9158922529b9d1b49107f0c617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d484c0f90c19fdc44019c52dd1f0e706

SHA1
19c836af2123a83370a86c6ce08578cfeed1abf2

SHA256
fd8c3589c68113edb9288daaeb508110b001f7c1c0f0eb2c4564699b24b76888

SHA512
3d3fe5823fe16380138cd80e1622ca03f52e990492f9934c43deb0676408a90a9cc80b30a6bae501e5e23affe2fb83a9572bb28416e985042aa8a20a0479b82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b51f219d55e6feed2e064a28bd761084

SHA1
2db97b6d3cb84ece0647f31ad4397661ef9a2612

SHA256
feb926b11682b0bdd315ef0a09036d8ee1bd1da84e6904b887219d55d20a590f

SHA512
361b5bbc8dcdf510caf27e4a1e2da6bf5450ddec6b53f29d2a80a685745f37dcbcf828c661c31045fa3286c35dc2734c9a06c4a074093e1d1c33c6ce7d9951ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5ceb4afa912a28ce0fdbb809bb22bcc

SHA1
ebdb883523824651841450d57e48a08438b65124

SHA256
a719bc0953a311155aba7cc2d35dd730cd39ada5e414376415ab06ab23c3e316

SHA512
b67bd2ad410419cca27eacb084ae019059f6f3f40a75a09abc8b483cb3d4bd31485bb69b7b630a08a24d87f5879662b7711d8f898dae57e6867c5b1f87091566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
1612a1537fd5e3b103d02ececc65f13b

SHA1
16de845e0eb5648fe024e39ac18790d1e1a87d6f

SHA256
4bff68797ef859f5fb2918bf0ec44f6303e89225bc4b6b4f89bdfeb63968af12

SHA512
5f3f8c019a949a18cd99387e98dd7d8d5056ce6fcca6954ce62482ae08785dd83b72e78b619a8efd9016357b985152fe083892283702f29fab61203e846774e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
ee540ac39e8513690102c733255e45e4

SHA1
8fff7ad0fc9819189b758bab829dc18d394a8b5a

SHA256
ac92c2f2c46b2a1b113f59824036101835bb99564639a501d9725a633cf9c5e1

SHA512
a3f1030d4087855b0f99d908a28c019577a4be651bdf86d3e0cb061b5fa0ae2c698474a11fc8b63dd431c2449a282bf03c721749ec93a6fdf94ea46d51122ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4963f6c89ce3abdcecb3a71b960077f3

SHA1
69f00323c02af040e72143a7c147af925af46f5d

SHA256
21a0d09ffb6d7dc178a9826c033c80500ca8dfa77e805ae4747830a09257b0a8

SHA512
a6f5ef54df7d366024402ab0a247ec891cba00fd960a5dfc24e98681b404e104cc90ae492256173015a97089003dcd1836068c76bd66882d3a3c9cb2eeaeb3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
245c51f3c8339c698093b8d3a7f68045

SHA1
f52eab04aeb40e77144be203b1d94c56b7489075

SHA256
8d1661a899f64cdaf4bb2c7a6e91435a706b1675823c4b0082bb8ce63957adf7

SHA512
679870c95de1acdc8bff10edc7362a668af829b242fda5e94c55ba395b41f8474beeb3885aabfd73078471ff6bd6560e586f2b905ca92275c10dd7bf59ef1aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d554468d10eae47e5c0a29d730ef00a4

SHA1
56c3a830e714bed39d3d6f9cb44f35a7e1351888

SHA256
ea34085693769c095a684994d2f3af765e93cf00a794c9725adc21db06ff2b3d

SHA512
2c252b270418a093c5abf77985898ac0cbfa175bc9b8264f8b67ff4a13801517416d3e5ac9ecf9a603288cda3bf31e688e723d4deefc150fcd860bce8c903403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583014.TMP

Filesize
534B

MD5
807e93a1fef7d1d7b7e087c04e405bfd

SHA1
e63fe0cc1ab0c6315a9da645788aebf3ab7aba66

SHA256
98d169c2574f4acfcf97f946055d3d1eafd85151bc264176325f1fb46190fa17

SHA512
365d115152854f7ced887d0e808eb9ac55dfdebf813395ec90e168eb9b4e3ce37db83825057ee3adad858eeb31d18713490225596ecad40dd8ad2174264b9efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55fb6f459ff8d7cb1e872ffa4ffe9d49

SHA1
eab1034f6c6048c657be2fea9bda68b5a8164fd5

SHA256
55e58c28ab1792b55b6fe1cc5b7e00ba4f389a70a99af0af7ce1ad0734715c5a

SHA512
1669e3395a051af085004d38b8cd654106b07003ad8f0776f1d69adc9a8d1be20478797489896d6fffce0be9b9dc5377123466086f88bc8b16bc18350052a24b

Download Submit
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip

Filesize
997B

MD5
b2a6338ccd902e6bfdef228fb0f7a270

SHA1
d0fb880dcca92309143dc16f52f6d7d2fa354176

SHA256
e2f28b842a249fe17909983c887ee70715114bcaa422615c3e37163dbc4307e2

SHA512
f3e50c22b898827a373a4a4f60f1b7a842baba1b20dec539f43f92fb2ca8b2344c868732697ee2bcb90332f5dbea2bc2b9b0f58d32477da2aebe402169f6c628

Download Submit
C:\Users\Admin\Downloads\BonziBuddy-1.5.0.zip:Zone.Identifier

Filesize
158B

MD5
3879cb4c0143f64248301fab6454002b

SHA1
323d1e75eeb72a8f1b2ab0cd66e68e38039ecce2

SHA256
6e78d10e64313cd3009002feb6e9e86d424ff788e8ff0c2c259d312f5ffea110

SHA512
563a555333cd3594e3da42c8a4ff3fef9c719f445b5cfeae0a866df04d275dd0495c0dd195b28ceea891a1ab3720023a7ea9dffa127ff55e61b6990db414dd76

Download Submit