d85ac4e30467fd331cb3c129a33396e438250710d710ee2637cc9b16778def1d

Resubmissions

02/09/2024, 09:05

240902-k19g6swhpj 3

02/09/2024, 09:04

240902-k1q1tsxfqc 3

Analysis

max time kernel
137s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main1.exe.py
Size

1KB
MD5

7c6211f2ff430db322cefa73cc2e9bd4
SHA1

a7104974a070c6df4c74f467bc61893487fe8256
SHA256

d85ac4e30467fd331cb3c129a33396e438250710d710ee2637cc9b16778def1d
SHA512

b00a5a3951d7cd4354a9449d72e36c67f257daf58025a280e01bf44219157c3e32ec8de012e516807451afe0cbea3910953d4ca87783cc8d8aa42e001e1fdf9a

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{AE133F4B-9CD7-4BDD-8746-792EEA65A9A7}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2712	vlc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
2604	msedge.exe
2604	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2712	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2712	vlc.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1368	OpenWith.exe
2712	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 4640	2604	msedge.exe	104
PID 2604 wrote to memory of 4640	2604	msedge.exe	104
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 1348	2604	msedge.exe	105
PID 2604 wrote to memory of 3560	2604	msedge.exe	106
PID 2604 wrote to memory of 3560	2604	msedge.exe	106
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107
PID 2604 wrote to memory of 2064	2604	msedge.exe	107

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main1.exe.py
1⤵
- Modifies registry class
PID:972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3908

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GrantRequest.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\RepairConvertTo.wvx"
1⤵
PID:512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8059a46f8,0x7ff8059a4708,0x7ff8059a4718
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1195654512083689889,10210861798595696281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
232KB

MD5
6cf83526919e2c39b12ad0fabbe14542

SHA1
9921389f4b958bfa622aa2f8ff6bc893e38e30d5

SHA256
6bf5dffc7f23eb0fd6bb5816831b57aab67f73df1ee9f78f9303891c9d424678

SHA512
5c0c2b6db46e5bebe9881f407dad6b2a26068807f21d5c02b80ee14e07b415aa1d562632c11b427bbc3b53839027c92e34f3df8a1fcce8d53415eb8ff9620bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1.5MB

MD5
6cf9052ee513141d588caea1cf390c83

SHA1
9741e6b3c8988d395cc917f65d80213820bce8ac

SHA256
7a2260bf57a4483537f3434c58ceccc766ef064c7f283a7565f7a537cc5cbd86

SHA512
c0bd56efa5cf7e9076fed6ef99e0c15e824f2430f81b58459917ff0af75b1b26ae0cc91cc43c4b6f5a02e036a910b2b9f6bd217712a9e46e623d0fad11847948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
847b283a603aa2b5e8eca3ba671824ed

SHA1
bd22d0a256cb7a4363b9d01bbf96fb932c0dbb68

SHA256
523db4796fe058fb8974fe920917652492407bca044d02852d8458495bb085be

SHA512
8195d538264aa7c7ee8c693eda12b79de3e5ae80741f4f01ab8692810170ebb51becf0b0954e48fd09cb4989c5752450e18ca10c016333815d5d4ed0cf5a92b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
30KB

MD5
80ed88422d2cff1e775877770565fc4f

SHA1
3a05cdeafb9c45ff73f46dc9c284e85a0312bd1a

SHA256
34cde565b0e5d8a1b20d8a39f474b0ef8df5ca634090f9812cf919289533eec5

SHA512
d070a0f483e1881d1d3bb4737970ef301da8dfe7ffb96c246c07cb6cf26632db8e124168f26c200538980423f41993f78ac4d296060ea28d40436d1b4a67ed73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
369KB

MD5
d4f00e54afa25a5c935a53620e5724aa

SHA1
624751985a01053546850c3705e583b15c2ab13a

SHA256
970952a5ed125518e70475db7a7b0315424c8603832c02e4773b22d86fef744c

SHA512
7b373c02d5354c46848e79fd9016c5c0b6802c13d5139b6235504043dea9d12aa34cc880c2f12d0b8d9a83dc00a178519311a0e95d05f9e6861ea1d766758ac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
24KB

MD5
aa121bcc7b8f92e743fa6466a1d60543

SHA1
daa496e2cfcd4cf9659ec1056087c72a8af2f3a3

SHA256
6b15ac3de5f6c116af47b48ff4221db6f573716315c6d3ae99cce661554c53fc

SHA512
8d2f49307079fa08d6a7f98e841ddf948aafd8c4ce79e8548c67e5c5195820c07dccbdeae5ec2a0653bbed87dda2a71647a4b8b9b5e855b62810479d4ebc6fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fc5b9b419087a0b81dc20013ceec7499

SHA1
298f0ec215b8b8e8e41350e940fab591f4a18e09

SHA256
49b2e846a1ec0ca91d63c4be990baad06d4120dbcf6a310eca040ba5db318911

SHA512
b879554b4af22d876242fd4512b63dc3f1d2ef573b383e5c6de1c05c8993394593f77cbb252e7a6afb370977503ebaa2d702f1af025495f565b33f780c4999a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
48e9646283aa9551c8bd8647a9490c12

SHA1
bfeedb123837558718e267796b5f28c53f20fb9a

SHA256
4eff96ca3b3c03479f77699c21d886c2353cebedb1eb005783761347d7766842

SHA512
6f8be87d84252dd1597a58902df615dbf4be647f4d36f43f10f49f78716d08c6b53cc1db5ba973000decc104ed1d6fb09932e3a218df8c23933051c35a303f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11b1da0658ec34895920c229e8286893

SHA1
4ba42870f4235b9e9cc89895eea0add50017c374

SHA256
83b7ca8bab3bd773aa25d7f2c9fece9cf3e28e7299a39c5b6509c36ee2f19705

SHA512
fe8d2967f42e3c68dc8e4b70729b110000349ddaff2b11ebd898852ac0d17a424e7f91a82d5acc5672c952289bcd162e1ce24ea419d58dec43534800d3a01c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5fccdf565a9c09e827f53e34e0b706e0

SHA1
71f12ec412e618333b33ca4005ad23502b3bb6c4

SHA256
6b897f99c60893d2d260d9770819bcf861afe3f75c5f68fdfdb6d0cc9df8f9ef

SHA512
51ad2937da059b436a4e4a59ac16054a7d8d10a52b07627d4411a87550d29b487f1ca63b404fd8b0bab2633ad57923422d3f6b4f6289dd7cd3c6340e9c4ae5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0034ae4a7902e655f5c0dbbde9dd352c

SHA1
a5c6092f523d0f59b3a84244aef1397649041dde

SHA256
a7e2be75c762d2950367bd268081ac4f895ef94d5c6f4215e8722dbd75aa7fa5

SHA512
3bb59d2410f4590532c22315dbb9bdb8a27828bedfa0c820059bce53b38008946b88210cbb416ac62f7c4b889871849ddcbd907d0e3da8bc8e75a3155725e642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5bcacae5-20e2-41e9-a50b-9c01e1459ef4\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdee1ed6-3887-4a37-b458-9ffe90ecf394\index-dir\the-real-index

Filesize
2KB

MD5
66b18715ac13cebdbb70e4f8a58f4d16

SHA1
d6dd23629159a6f37f99be2b6517e418ce40c11f

SHA256
a43ea195712ce94633d8a7ce8c22748551fe04021485874c0af3ae62c5b31fbb

SHA512
78efe9b650e86b08d84d5beefb565acdcf2891cea96ef50c946aef58387a5ed1dac369de1cb846d9cfc93dc7e0a0c9222127c83fab4da2797d8cd3e5b58265fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdee1ed6-3887-4a37-b458-9ffe90ecf394\index-dir\the-real-index

Filesize
2KB

MD5
783ce327c083c6b3a1db04879f14c949

SHA1
e6bf4679ef0c5602b0a4bc57a052873f2c808087

SHA256
0e95fc917e1a728e0bdb632da289e2021211040265c88257eda63a78fb57b033

SHA512
ebfc82c76b94f5053e83a19948663083c995f85124923e8992b307be1b2ac4074f2f2dc00272d1723e9ec47b3645a2d15bb7db1ff69f2b886a0dd8e9dc207592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdee1ed6-3887-4a37-b458-9ffe90ecf394\index-dir\the-real-index~RFe58f596.TMP

Filesize
48B

MD5
33a3496a22faf5a5d044eac49c23a472

SHA1
6cf93df611d54a4eb39bfeca477d9ead969fe3b7

SHA256
e77a5ebde021bd9542977343565eeef137b03e4e89482634e87059a9fbd46325

SHA512
d5a63ab530c486103c8bdb19990cbe44ba6e0b9a914ab80b7e6bfa6622eaef22989301de9cf6dabdd9394312f79ebf5b83b2b03c5f50b3b065b368c5fb786dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
982c543b1275b73839e256e50d18d23d

SHA1
c37ca4971c48df2f698af2ec1b3257e55e626428

SHA256
3d8a8ce244e60c6a3a47506d436cd2440d6b2719a4316f258cb58fcf9e74465d

SHA512
1f0e0b971b324501de6d4699f1daa6d7469af500d61bd9d0c27c4be21bf0748a86e81e675e263c630608856efb5e0b860e4e6386025856df3d21b36d257ccdc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
597025a186b1584d3a43ecb24db72797

SHA1
90f2d6c9b67e89a9bd1bcba5fde8c72b05c5c3f7

SHA256
f85f1b21ebdc08a67a6306cfb280842be3d580b9cb36c00bdb31779014d642e0

SHA512
8d7752310b32e9ebc1805fa5c6ccbcbf68ccb564b22e331ababb1c67c800b193dd718edf893af87d5933a674e4f8d50c5a26483b0de4cc89577904c5813601cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
9c273d2af6a57cd8c57ba0f7545971c6

SHA1
9a4e86bad7ca05ed3967d547752610f948bec8a3

SHA256
171729bad7871732849cf248f380f87f7eb4bcdfbcb75200797b8497184a378c

SHA512
ceb74d46ad3f489fa9fd5b306b5ca3daa43c53f55ba0c64f1f312a11c3e1508c37b2255b3b15ccc64bc5ecad9640825c6e1fa341325ae0fc90a03ff6154e788a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
32022316bc40ead481353d06a701e7d9

SHA1
3c116f56a7589342dd96a4be8a16b68d51d65a32

SHA256
02d11cd02a675528a963623a2e11f681d7a9b2df0d558b60e705213f670caf0a

SHA512
b075ec8d36017382ecc7c94cd589f3bebaa2f0596e26e93ba6366d2f1aed27d2ccca6bfde615adaf7fc09a987314408bce0a7914ce56805abbf73b1d8d6ae8f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
93fc17f2b58d6339c5f7d3a57963945c

SHA1
f67118bbac743e4b00dbebeb2ad666ca0d43a7aa

SHA256
a4dc563d216b581aa14dce881c37e981d9b37d2f584ebce9a613b55857df16af

SHA512
e5edaab3076a36b9a9f8ff176eaad1d70cf0ebd31b171101b3d5bf3e2df2492672b4f9f3f3157ba0f26d144e29ea1d7fe596a04fe4fa2448cf431d4085d93303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e9ab8707a8dedb80617e06ebb752f74c

SHA1
4c07f2b229b2cf1d6a70948fc8134918d5bb0d1e

SHA256
d0ec50d124d0ef82e1e73f1319d5ec81c18721de2f17b7439cb2d5fd82de2728

SHA512
12478e63f92bdb79be995a9aea1286c44718a4b63f3ab8b771e9a19155ba9481bc0e8efb5d686ebbc299d5cd296032fdc539acfea002c04c028495b241868ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d906ffc7cdec14d72a43e3aea9e51999

SHA1
a3359f4a7a818c357d3e5b09fe93ffbaf37c87bc

SHA256
60a1dde3f034fad0b647e81436f1589ed40f07aad1556f76b8e3a680de5f821f

SHA512
7b52b00d38501ce477db244a44b6511f7c8d3f0620f59be607a5afbcb95c74dd7632def999c412147781d28c1607d457742bda217ff5567f4459ec0f23df915e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
ba8397852c4cba9f25a80e832f8dc502

SHA1
8a6f4256e8a2a99bef3a968b0577d6e1f888a253

SHA256
40563c082fb09d670b28d6db7663a504b67ea5ccf1c92cce028a40db2f2d98bd

SHA512
82a7e505a2dc9746ee739f72fd9f7b03c9df40f5b3a4138d205d50e383c0adc3299ce3e96b0cbdf4c90a40ad2f9dfc4d5c26792552610dfbb294932768e291fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\035d6799-bcbd-45f9-af7b-f80125ab8cee\index-dir\the-real-index

Filesize
96B

MD5
8ca691103d4b2abf105b625a4495ece0

SHA1
ff083aa47812e34af35992e13629d3e809fe979b

SHA256
2f3b8c5ca271a214355a332bc242a9ba882511dd3595f23178bccbaf7dbd9bdb

SHA512
3f6d75069d94c5929d3debb436ac49047d72d041335d98e5f51734ee4d583940e72291d0f0639815f1f2f50f30889e9fdc80a3bb750514c91fc8dbac95569fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\035d6799-bcbd-45f9-af7b-f80125ab8cee\index-dir\the-real-index~RFe59b55c.TMP

Filesize
48B

MD5
c207a76be2bf5f5d15b091a3b16dba49

SHA1
529037c0f72c6d0536d56537e3ab8871fbfc945f

SHA256
9069b15bb228cbf95530dd015e6bcc1b6f2abc66aeec0a6804acc9646d3ba80d

SHA512
8d329e4d60808028293be2bc485334415f0020005747e734b289c633bf373627718381a386c0ef4d44ef6eae544349c84a277e0b92dbb70ce136c061ed0f2d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\index.txt

Filesize
87B

MD5
e6fdc8399fb58f9eeae6a26171d9bf99

SHA1
ba71ad4802e50f2a581a482f493cbd42f4e509b3

SHA256
aa75cfdcd90b49c559a7c7f7f346d91a582552d867e110faa9783a2a34c2a506

SHA512
b6e08a4fb79969dbf4882c2aa2d1f97735cf724edca91e3e477c9ee9a8645e89cff621b27e9fdfa162cf762482ddf51f97896b0e9ee40297386e4fed06741c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3ee6de3563d833b2fb341c8239a59d7a4a0767be\index.txt

Filesize
82B

MD5
2e8688fa3b8cf8aba9d89f3d88ace9fd

SHA1
77a2e0bf6902053ab64da6a0c10375b8e2183c49

SHA256
dc2c12cce5910cfa4fa04e7a402d65d5febebd4206a9cc89ffd3ad014e4e3968

SHA512
dd8aa892eecf52cb705ad7fcca6c5bc5ed397f61f297731bac583477edcb7956c145847ea36858dafa7738043800d6c8b900f13a2abd04e80d1ed07d6e616de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
94a15bea2656a8708fc049083cf0a2f1

SHA1
dbfb71187df8466afa2d769857b8655691be736b

SHA256
4c23a2c8c728860acc4cfd9b548cada6cf207dc37232265d50cf4fa28d272c60

SHA512
be8f0bed0b6d572924a15b572b9bffbbd4021756d99dbd00e9f5f8bf3dde51e449f3a5c1dbf2e7550803266181fc536a168ba86fc6dc482044fef9be8e5eebe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593455.TMP

Filesize
48B

MD5
d4510aa3919745421abe709ec0bf9e1c

SHA1
4eff0e3c774406341f8512822a73f76456abf811

SHA256
5ffa50d711c1675cf2e1f119989fb65a55957f9cee81748479018f93547d3947

SHA512
b62717eeae80f53954163e0133ecb688fc334be29ec9380ddab826b6f79ca2da26c62f426f3ec8fcaa0d104186ad06648bc9ebc0c030227631bda096726152da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c52892eacfe2a6e821d13e5f1e399bb9

SHA1
5b66c9b0b9927dd543bd427badfa0cf193d2fbc6

SHA256
637bd1fdd6dbd06ae95a9722a254151ddbbb10616bd2ea63ea40fa5890ac4ab8

SHA512
0c877a2d5cd569e9ff874d50db6897e6dfba52a6943c1116cd8691080f32d0bf98f06c4a0dc7c8f1aacfe1eb1b4e76ebc0f9d80938cf0c9ad36b40ca8234a2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e67d9cd77606c888e8338bca74aaf8e

SHA1
c4f8254b23cbe5822e763141304c8dcc4019e45d

SHA256
8da81e41f4ae67dbc9a7ece41fe06af758bf36f0f6cf6114a1a4acee3a45f25d

SHA512
acac684b01d72937d4e98680a391f3368c11aaae2da4d12504b92fd7bc131cef09d5d5fb4e5cbffc419b4392c0e19a6a58cdc8e01be6330f45cef953bc6498a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2f50626441e148882ff5cd9fe71d2f0

SHA1
565010dba0db29c247332bcd790bdd87ec634dc4

SHA256
3dd4c36c83b9af510497837702a30e0673be9b68b36acd16434d25a05502687b

SHA512
c1bae27cde106355953a9bc6decd8a9e0249f0425edc2b869289f08cff1a1a7cbdfb1ad7f7115accafd67d4127fe6ef097127093869c8b168f162b55f677a060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acc9b36eb3406446960945c2b229f26f

SHA1
91a3c13174e7a0e7fd81ad8ab08630bba54c8b23

SHA256
712963d707e4567e1c16f5bc841cdadcbefb1d4328a0895c6493c1762eb0ee4a

SHA512
099c460b42ce4b466ae7706655059a8a5ad8a8ca6d4e34a3e3cfed0aff22aafec00f55fd2bc837dde0f4f49d410e320ddfeea118faf3f823a00416225b13caf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fc4d.TMP

Filesize
706B

MD5
108682157a8479d3118cd310b178dbb8

SHA1
a2df45d592880709d0dc7e038033f93098d31b3a

SHA256
695ede0cf5f064d158cb9c4fc99f00296ec37755bb15436b6f342726aefc66da

SHA512
b6c74228846466e81bf929bb217d1544ba588a7d8e8181160a6a5712665a4616d66c1c06cca268b5bb681a6f3d9894d4c5fc5cd0ae63d9aa22365546db605baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3af01a9-1b46-4dd8-9abe-93c7039be438.tmp

Filesize
7KB

MD5
96601eed198e58483ef2a9c0c5126d55

SHA1
9f00c624dcc59276edc40ef1298f3ffb4aa48d9b

SHA256
17ee600a578c00bbb776a6678f00dce0875ab2387e408ac411f0b45379d4b9e7

SHA512
6f402779d171e0b11f6f9ed6c7261be60a5c406ffb3a2267a21ddbe2465991048b8bc2991903909a48ef23ae4294c89831df4c10c82ce4194859e0d73baa9d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc9e1569873b12cf13fb409644729b73

SHA1
abb9e8e45069588d3e11bb9ff4db585a601a385d

SHA256
8e36920e9249ab3204f836f13a81747eafb0b20b71b7f7d2bc41f3f7e3127b3f

SHA512
5f41627d558f7dfbcca3c52e179a10a1720ae12c68a98c44a0e0fb39d249d60bffcf8d57f79d81c10cd7c37050f2b13c4f420e42e6e271f22793688a0eb1c9b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.ry2712

Filesize
79B

MD5
641d00cb68a274b2e13ba06585fa1724

SHA1
3859f7e4c2cf1deb17770501d18d905e092fd303

SHA256
e92b6e6b34931d01099539d1a1f545e4c89957599a6378d7c79e8f437b65239c

SHA512
e9afc55ebcf122541557b37cdd2b87d715e076d2bfc0b338c959dbf2fc04951ad2289a2284d37592798f844ad9e09aed647d09d202c889055aaa113ce566a07a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/512-21-0x00007FF804FA0000-0x00007FF805256000-memory.dmp

Filesize
2.7MB

Download
memory/512-23-0x00007FF816020000-0x00007FF816037000-memory.dmp

Filesize
92KB

Download
memory/512-19-0x00007FF796AD0000-0x00007FF796BC8000-memory.dmp

Filesize
992KB

Download
memory/512-20-0x00007FF810F20000-0x00007FF810F54000-memory.dmp

Filesize
208KB

Download
memory/512-22-0x00007FF816080000-0x00007FF816098000-memory.dmp

Filesize
96KB

Download
memory/512-24-0x00007FF811CF0000-0x00007FF811D01000-memory.dmp

Filesize
68KB

Download
memory/2712-37-0x00007FF803530000-0x00007FF803571000-memory.dmp

Filesize
260KB

Download
memory/2712-39-0x00007FF806950000-0x00007FF806968000-memory.dmp

Filesize
96KB

Download
memory/2712-32-0x00007FF810ED0000-0x00007FF810EE1000-memory.dmp

Filesize
68KB

Download
memory/2712-33-0x00007FF810A70000-0x00007FF810A8D000-memory.dmp

Filesize
116KB

Download
memory/2712-34-0x00007FF806970000-0x00007FF806981000-memory.dmp

Filesize
68KB

Download
memory/2712-31-0x00007FF810EF0000-0x00007FF810F07000-memory.dmp

Filesize
92KB

Download
memory/2712-41-0x00007FF8034C0000-0x00007FF8034D1000-memory.dmp

Filesize
68KB

Download
memory/2712-40-0x00007FF8034E0000-0x00007FF8034F1000-memory.dmp

Filesize
68KB

Download
memory/2712-25-0x00007FF796AD0000-0x00007FF796BC8000-memory.dmp

Filesize
992KB

Download
memory/2712-30-0x00007FF811CF0000-0x00007FF811D01000-memory.dmp

Filesize
68KB

Download
memory/2712-26-0x00007FF810F20000-0x00007FF810F54000-memory.dmp

Filesize
208KB

Download
memory/2712-42-0x00007FF8034A0000-0x00007FF8034B1000-memory.dmp

Filesize
68KB

Download
memory/2712-38-0x00007FF803500000-0x00007FF803521000-memory.dmp

Filesize
132KB

Download
memory/2712-27-0x00007FF804FA0000-0x00007FF805256000-memory.dmp

Filesize
2.7MB

Download
memory/2712-28-0x00007FF816080000-0x00007FF816098000-memory.dmp

Filesize
96KB

Download
memory/2712-29-0x00007FF816020000-0x00007FF816037000-memory.dmp

Filesize
92KB

Download
memory/2712-43-0x00007FF802D90000-0x00007FF802DA1000-memory.dmp

Filesize
68KB

Download
memory/2712-77-0x00007FF803580000-0x00007FF804630000-memory.dmp

Filesize
16.7MB

Download
memory/2712-35-0x00007FF804630000-0x00007FF80483B000-memory.dmp

Filesize
2.0MB

Download
memory/2712-75-0x00007FF810F20000-0x00007FF810F54000-memory.dmp

Filesize
208KB

Download
memory/2712-76-0x00007FF804FA0000-0x00007FF805256000-memory.dmp

Filesize
2.7MB

Download
memory/2712-74-0x00007FF796AD0000-0x00007FF796BC8000-memory.dmp

Filesize
992KB

Download
memory/2712-44-0x000001D41B140000-0x000001D41C9AF000-memory.dmp

Filesize
24.4MB

Download
memory/2712-36-0x00007FF803580000-0x00007FF804630000-memory.dmp

Filesize
16.7MB

Download