hxxps://cdn[.]discordapp[.]com/attachments/1270716953182343241/1271562628149411992/tdpremium_cracked[.]exe?ex=66e697bb&is=66e5463b&hm=d05be1abb9014be6a2ea1c543e5474ba472f5d461047fb3ac9735af1ecd412ad&

Analysis

max time kernel
101s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 20:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1270716953182343241/1271562628149411992/tdpremium_cracked.exe?ex=66e697bb&is=66e5463b&hm=d05be1abb9014be6a2ea1c543e5474ba472f5d461047fb3ac9735af1ecd412ad&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2228	tdpremium_cracked.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Makes web request to EICAR website 1 IoCs

EICAR Anti-Malware test file, used to test the response of AV software.

description	flow	ioc
HTTP URL	112	https://www.eicar.org/download/eicar_com-zip/?wpdmdl=8847&refresh=66e5ececb756a1726344428

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{63A1BAA2-CE24-4669-8A4D-83D59C6B0BE1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 46659.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
4396	msedge.exe
4396	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
2912	msedge.exe
2912	msedge.exe
4976	msedge.exe
4976	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 4792	4396	msedge.exe	83
PID 4396 wrote to memory of 4792	4396	msedge.exe	83
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4832	4396	msedge.exe	84
PID 4396 wrote to memory of 4332	4396	msedge.exe	85
PID 4396 wrote to memory of 4332	4396	msedge.exe	85
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86
PID 4396 wrote to memory of 3124	4396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1270716953182343241/1271562628149411992/tdpremium_cracked.exe?ex=66e697bb&is=66e5463b&hm=d05be1abb9014be6a2ea1c543e5474ba472f5d461047fb3ac9735af1ecd412ad&
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd8f546f8,0x7ffdd8f54708,0x7ffdd8f54718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Users\Admin\Downloads\tdpremium_cracked.exe
  "C:\Users\Admin\Downloads\tdpremium_cracked.exe"
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14394085224140713654,2150436381716066505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
58756d99d2376dcfbede6057dd25a745

SHA1
76f81b96664cd8863210bb03cc75012eaae96320

SHA256
f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

SHA512
476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.3MB

MD5
af79d4fc626118fef6de11536494fa93

SHA1
fc93dd671ef898efed28b91979d53796dd4d0570

SHA256
f49a2c6412b03ca7b938015269cb915e199f9a46fe64a0a8844124b19b3e3a5e

SHA512
265f2f13b01cb0692ddf93997c51361304c6cecd9955bc19cd49c562cfd81bc92f856b87f0c8164f035c62cb1507154eb2848d4ac82d429fbb35f3bb843ab207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
27KB

MD5
3e86415691ff4dbb78d16aa360cefdeb

SHA1
c1151e741082743cd18d9b0dddc546d7f1cf5c9c

SHA256
7a47ef88d8de9d9760662e29f272827b42f33bbb10f71546d06b5055ca82e5d2

SHA512
c3247cf48cec1a773371bbc6566f27862c6e20787c1fda79c8dfd50b65b481632965047e590585b8e4562234af95bf2b617531587edc30e182ab8fbcb60f0c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
82e400ad1952a036def685984ddf3676

SHA1
ab815c9e84af6e97e3fe3007b64de13d88058fa1

SHA256
3868edc7b6a650fcfd885558ec87a789350e1d2a9a71eca95db7cf7a025604fd

SHA512
7599452d5df7fcc8cde724d2ddacf409bb6c4d0510244b05be69b747008d8c433937da083116224c2f0317731c07f50873335a9ab9a6b1b968ddbb230dcc6e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3e82418f0697137204ebec5bea897a62

SHA1
cbd9582bb4f9c492f5788bcfa1e7695977697e31

SHA256
489491b59cd71edc6fd4a1a1c00eb8809ed4e116cc621de75f26131d563673b4

SHA512
9036b27450f4a559997a39af4744fbbe4a930d8c0dd62cc9ffc8d99c75fbee406096b1af82fc4cd385aa86a619f1d6e78a97f63c5104eecff6afc34261a81fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
926B

MD5
11f869b4c4a97571d5170f5b2679f2e5

SHA1
465a412e9c73d527bb707e43b67c4244405f5fbc

SHA256
88070e78d339a1a7935c70dccc789f1e129c5b61825da6972ed4f683f872c4fd

SHA512
27d0d125b95de1936b25e09e70b8054d23ea790edec0aec46bae90c6f1c6e0212503a049f56b99cdfb51723d41eeea9b23f6d031b5210bbc546ad335bc150481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ab0067d9f016a4b8d369317e7e9bbbf

SHA1
108c857d2220d0addd1fb55e00bd4f0468cb5519

SHA256
8585cfec5a5a13ec01b3765b8fb0cabc2d2b4eff7e49db9570ffc45d3bfb0348

SHA512
5bebdb4ab8386a341399a03ccfd6a8a45274aa83a055a8181e3efc94ab46df070f06cbffa31ac279e9d560a2ee75f3b8c09338c115712b54917f2f3c074a0d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c7e976f0ac447c5afcf31ef1eedab3c6

SHA1
11c4b02ed1391dab60291dcd27e2fe337ed51f89

SHA256
c18c6ac57acf523a9c98a6f3e387ff67aef54a5200760f3512c49d2483e164b2

SHA512
3e8d6f2be5d75f0772d3a0477f152f2bcf3a066e11fce2f1fe92acc4eb88524650a050c904bcea1454470ceeac4f6e37eed839c5d3af173c974ec9846de527dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00ece6e075c0c75a4737da792a80974f

SHA1
8127b0417cbda5ffb266f4a019507f9872f12510

SHA256
74dcd3514ae658b8f83733584cf6f4a12a68aa842590963f86019177215c737a

SHA512
c11abb6aaaa93b7423feddf33af4c8cbcce47195c445ea1b5a73a43e09ecac2fcdcdb3e7b4d5ff857897d7ee64bc69a1027b56ff3ef92b1a5c617dbb14ffe540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22a52b3c37e78e2f9a0cd5311dc4dacb

SHA1
44ff4911eea3906e9b448aa4eb10816725d7518e

SHA256
ca5f9d59a0df13b6f6b09a0e1a3b60a7f5f1c8b58e3df289994b9713e59cddbb

SHA512
6c55c05eb552e68c43cf1f55c34757b0b2895b17fa4d66ad61ef658f035541e6c90cf781b75c7cc573a888226f5f939fc1704a42aa67ad9121c4bb50ba1b524c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7aaea940173908c53326fedc43ff6e0d

SHA1
61c55873dd38ccb9c8b75bcd3c0502c4b7cc436d

SHA256
b1a86990761eebfa9af2316723e9c1746f264cb97e02b3c7114d17ed84ed6779

SHA512
59728a49492393ff102e4a5ec8be9d500c3ad25ad46030ff3a9127f8641a549cfad91f12a6df8b7b01c745a2aade2460cb8a4cf7317556c8416d26328628de8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02337e0364e47924b3f2ada34cfec634

SHA1
ebcbfb9272edca897c9782a6ff360ffbf5a20c39

SHA256
b67eb726104d860aea55ac6bb92ac943a0e588f1049407aae0ebac481752b7bc

SHA512
93d2b390e94d81cf57b9aba23198a6d0ed73cb036e882a4a6a51fb597fc940a9c83f5d5b2682cf0f69801f75ed1b21a4d2394f671483995190825d823a71cdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\00ee1fd4-ab49-41d0-8b80-ee6e73cc2199\index-dir\the-real-index

Filesize
72B

MD5
5435b6ed2d3373dbce57a9a44861a635

SHA1
790a3cfe622698d068592af9766a2b7a0894ea22

SHA256
7c1e9533dd5c877d28bb812549002d95b7aafc17c7029ea2c2a712062510a583

SHA512
ad62f32cda415e5f8b59f3152e51d3f84bd9b243583c2c91a97924defe461abbe4c47574e53866b353938b2241281181c7f99fd201ab5a34e2ec36e3b3d3412a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\00ee1fd4-ab49-41d0-8b80-ee6e73cc2199\index-dir\the-real-index~RFe58d126.TMP

Filesize
48B

MD5
c2821b9a97c73ded3c50084cd8b0012e

SHA1
cb06162678c5cbc8f1cb7c490587b124b1ae49bb

SHA256
c1569297dc148a291c0a2bdb0393056e7da2fd314ad4dadae0ec3d9009913eb5

SHA512
90ade4360ec10b594e6104cf374b679d81f111ea9f0a8727fe6a1660a91ad433e8637a391373f195bca6ed9731a42a26e375e34d9ad8a74aea8c96d3da1439ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\33e32b57-bd83-4d58-a504-447c0a0492f6\index-dir\the-real-index

Filesize
96B

MD5
7fd2285ae1ec8e52bb3ce434080c4836

SHA1
372cd82b104db634aadf28aa41679ca19710abab

SHA256
42336e26d7bc3e3afbe675ff0fd725c42996b3c803b403ce3a234120f11fbab5

SHA512
88c08671d49f7ae6feab6af7879841f0b5f7ba66640fe2ed8e35a347f75a106eb9647de11f8009ed41e3002e683e0f029eaa92b1de35a27cae7d57bdba97a434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\33e32b57-bd83-4d58-a504-447c0a0492f6\index-dir\the-real-index~RFe590805.TMP

Filesize
48B

MD5
68be4eff4d8d719c93028f41e3b45667

SHA1
12c3d55ead18016e8d16e8870d1f0c66120db036

SHA256
8c0f849b3edbe8d5e9a66113ce3ee97659f98ecc328b751dbd7067e20ef70e7d

SHA512
b4f14535ba39f904772cd1255ec80b0ea2bdb1bd4c7569e75a102f197a21f1acd79c2a96eec4c401aafe59c6e33e8afdd8ceee919d8ed5e99f1807046e41d547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\7e50d584-8e77-4715-a1a2-8833997034cd\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\7e50d584-8e77-4715-a1a2-8833997034cd\index-dir\the-real-index

Filesize
120B

MD5
b4c763d9ca46f6854ef0facec00bfbf2

SHA1
8965ac050e7c1fb58d2b45504d54312c9b1c0a3b

SHA256
bf6a2e37da3fccc233007b8f7a1aca9f7690efce68dd5b5c1923a225ccf51229

SHA512
43c3a3232fbe84359b0f91c6ee12cd62f57036ddde3ca167f65d3fe9bfb2e8b9a34d37054aba67bad44277f5e46c185a26a963a4e85958b8795148f50be1b15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\7e50d584-8e77-4715-a1a2-8833997034cd\index-dir\the-real-index~RFe58d08a.TMP

Filesize
48B

MD5
7b652d0b016fb8b583b1b50b5aa5427e

SHA1
91b074e5cb16b046efdaca58a9b3d66bd10fe129

SHA256
4671127246a779ccf884b9dfc3fbbeddaa6ed441d44621631e9620270ff04c46

SHA512
ba9cb3bf53c1fad12859c7f509b07311013b53504c8af2aa02e41aaa4a201e2076a3bcfa89d1aa9eb762aef1ac96b82419fa5d0d74b3ba20149e79c9c3b3476f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\8ee0e0fa-6914-483a-8aea-52f956e3ecd9\index-dir\the-real-index

Filesize
144B

MD5
131ff9f45fde0cfe0cdad3d3de7c8a76

SHA1
2fee5b7a4efdb104966acf41c5e3e86a498bfa06

SHA256
09001da7d345917815605fb2f516b2075e6574357369368c0b9171e2feb1d991

SHA512
95f461951d0797238c1bb948cfb5040f67e0fb3cafda61fceba39332af2ca647c32de0ff7cfda3b81e36d7a6963f5cd01a50b22d42e70c8f951936d37ef5e57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\8ee0e0fa-6914-483a-8aea-52f956e3ecd9\index-dir\the-real-index~RFe58d230.TMP

Filesize
48B

MD5
6c45f92e885e3f7b80ceae8b406f6114

SHA1
16c0b56c448904353471676aeaebbf7cd3a43d9e

SHA256
046f21420c923614e04b4c71b6451565daf520e6ac881d9398f3b0f8dc4e76eb

SHA512
00638beb8b38957b1b8d69082dc92890faba9daa9aa6a619964652746355c8c1fb9de9024a4862f7d87ea3f4ecd6b6de830d1af67f56af755370d6da9d6d85e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\c2342636-23bc-4523-af31-41bfd802e5f6\index-dir\the-real-index

Filesize
96B

MD5
21903fcb21cb23eadbee5c80b5ee686b

SHA1
4a219a7864daf5b782ae615330e655252251f24f

SHA256
54f7e19b92f9730720938e58d12e0649b80dce4af7aed5e1ec5ae830e767fc9d

SHA512
80d70a75a377b069a0cf99c11a9e0736015f0d9eebaf3051bd57419252aead0ba668aebf1c882a7fdb68e5d7e6ad253da33c29723cfb635ab6c63db68c12dba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\c2342636-23bc-4523-af31-41bfd802e5f6\index-dir\the-real-index~RFe5879af.TMP

Filesize
48B

MD5
70d392f8cbb374e6d5bc234bf70f435b

SHA1
e1ee37a81534db8f8eaf604edfcb7deb150d900f

SHA256
a651ca5829c3c6ad90ebf92c017442313fa0961ceddaf0848c4fcba93237323d

SHA512
bc63b38299b618a5fa39ddf445d261e444e627f61e1d39ffcd257a7de533905b77704c00a42e114fa8cf6eeb6b44f6358dde3e0699b31794d23486e231567a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\c550e4c2-37d2-4a77-87dd-ca6f777d88e6\index-dir\the-real-index

Filesize
144B

MD5
61d75c03f93785d6f4367e22d08df596

SHA1
9eb60db0f8af3c931dde4e1bfcb28eff89c2c125

SHA256
fe6a8660eabaf87cd9beca8749cb00521c880cd352384e7dda89df9af23206e8

SHA512
b4eb6a301986d5d54d7a0218203c5f3db5106a675fc9af2a08c34ceb8075cb64919a43d1f34981492ac6f70320a591c7086c139a1c80fa56b9288eac48eef7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\c550e4c2-37d2-4a77-87dd-ca6f777d88e6\index-dir\the-real-index~RFe58d145.TMP

Filesize
48B

MD5
ca7eccdd27752be866900bf1b86d9cb2

SHA1
206d505acb59d33902f22759d057f8a9b1fb6de5

SHA256
3d03c58faf069f0fc79b2a8472f023af5f6cee2bc0d4fc866a82a5d959778114

SHA512
be7d08b58a9af54b5dfd4e1af30fee7224dd5c7462ccc45daee925a319be4e72a8230aab152bbb68eadc116f8a93037f550837e05113b501066ebcc9a878cbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
235B

MD5
2479789a311fdec3a971e67b00b49f19

SHA1
2db078504e0c9c6a2c44a5f1f2e9ec1aaf0d3e8b

SHA256
fbb6eaa4b8effb1e47433b322946b0e763788f561ec1b15bac521334c16494a1

SHA512
16e94d6e0c6913dce96a8a3cf0bfa2a6342b24d3ce03b335d60fe50efb316d05a30522757a342a0d8194cb24b5aed6b60f3e4fa7da1ab6b515b4aa3af035c19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
299B

MD5
069c67007cf5cc6bf09721e6e91f5909

SHA1
bbaffc80bf3d532ea450d3566d27d29688caa69f

SHA256
79d5848b96b202975d4d1ed9238c2154e059f7cf474993054ce04cdcc121980a

SHA512
c5edd10ce2677fa447a1ecc1aaa4bda2a4fdf2bf15f72898a0e21e3b1e4bf7a71c4aeed517284fe8a334a1c81913b61368b854d9ca8be5498d0ca22d73a059d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
436B

MD5
6cd3b8021ee1859c5af7b1ddedfbbc34

SHA1
408b25c61dcc1f86486ea52aca0dbbad9d1016dc

SHA256
2024b518f7fcbf685958919f32e403690045cd5c7571d09c81baeac157ff8e43

SHA512
dba0a63288210d9f5430f8d4de91b04f85dab5e81d58edd31d914fc9d4befcf5c257d842d32b2eff76727e0a8c97389c5099430462f5d77e37c2625b91deae90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
434B

MD5
aa5dbe2d477057cae3da96badb517f6c

SHA1
f42c45e419cb446b50e8a0014f711a6f6d26feaf

SHA256
0e43f84588f9f0080fa7f90c4785fc68ed5365ea2baf79d902607755d0bae1d5

SHA512
aaf8ff48d84d65397dd64781ca95ca7635abd121c904176ca2ffb3b46fc23f573f4291b4d3f0dda60b86422c84cdfa4288f86ca2c592e9a298efa7033e1c794e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
370B

MD5
ead6e920e5c84308e34207adabd70414

SHA1
e220e2ce48dac87876c32cc43918f13d9f2994b2

SHA256
9bbdd8a6887f01ed237a38ba08431eaeb3795cd4932e68c58daf1130f6acd155

SHA512
625ef22290bec879ccfd6a20d3dff9a9f0a1a48a540f911b7e6f722720cc41743304dcc1e74c42690aea2c2bcb039bc4732077969ec26ce00e422008dc3b1905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
101B

MD5
247ca99925fad0306b4e6a25d195f8e2

SHA1
01e4996397ececa5716b6f36dd9b81738254391f

SHA256
fa2dd67d5c3b5d26e854dd56cb0b61b7cd95d0367de8c2a707d59e42003caa4f

SHA512
f0c08162433746b00a9d015b9fd6dac2a89480e2d7652ebb60f482a7dd8ea3d9f31856ae5a0e50cadea5ad12f5193a929ed2e699018df728940fb0fbeb7e50a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2cd97a63ed40912750b02b59ddac80637f281775\index.txt

Filesize
170B

MD5
da1e47eafada74fa7510c4ca4891f565

SHA1
5d7b57b5a49746b4b907257e26c588d4c8936460

SHA256
030d925f3b35d7ba8af848b213adfccdbbddd3a5fa458f9eb9513d480ef0c122

SHA512
e97d267c024a609e791fdd233883c6e4f2623aba09c3c7e5ff8d4327abd0ac3a3002305c2ac7b4e278aeb089fd81c4c151c17d667a67cb1e15be540df1c67875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
81bdf985c3b944008334e5cb98954746

SHA1
b73fc21b58d80433743c8aa1c6dde2057611c4aa

SHA256
a8f6f55bc9ffce5ea103fb931749d612fdd20a13294a1ede17f15814a39eebee

SHA512
3d830a23ad1485cb443d95d6548f0ab5fbd1fa7773355f6d2de1ea4ee260697ce93f27864ec1c32dee639089c21843858fd05ea8fd182bbd7282eb74be3e7e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58753b.TMP

Filesize
48B

MD5
d89081979d722cc53b93c6ad401d3b5b

SHA1
0b777700485d90db303123c372426b58b8eda317

SHA256
435616b6862690dc412c10f6fc0261db50a6ce2984a656fced67f24458821131

SHA512
6a2801f3ec810d4272ccc24b24d5651c7ec4857e5cfd469a00b39f073bef3cf27154b55dd4a64eb94d693ea1bf5878ae0021d958d1d3760f1723dcecd2553c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
068dd22ec2f2c4b6400d21ac2e8147ec

SHA1
a366b8b93ccb9f55026eb9c107920ee6d0dc5801

SHA256
3940d9652c9d7b2fc272ba31997eba892a03a32e7456aea14618b285180a2470

SHA512
2402e392b3f8cf7b2fb7104b7b641c8a364e90f43bc0dfeb4854826b9aa17d48bbf9b97f6f103b49f2ee63c6dd5128986878ca8e5e946c46dbfcdcaad4fbdd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
514727e5645370268b8e2614228d7cf7

SHA1
53797408f7dfaba527daae01b241e82ec11c0d17

SHA256
3f6b479336fd157ffd8f49620b5c57204f99524fc2ddf23896538b5b33d29898

SHA512
d17b3a07dd2c73625652d90aaee92467fb916a1a230784e57656fca85c95db249e886d723e2e1adafd9b869ced2d2fdfd9802bdbd1a3718ac1ae7f9db58dea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5810d4575ee49a68e960b39e496b86f7

SHA1
d191e808ac8180a25fa8faf0c5609ba57812c010

SHA256
bd6b74dbfe6d8a800db1937793c6b574fd883144816d44c819dbacda0054b21b

SHA512
f0cf0d39d2a2f20cfccd74d399bd86c2036ed4c3d4147555743cd87297de6fbc22f4ca2e2413089ebee760afc54565e0e80733703722a34fd2a9e97f237855fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5845ce.TMP

Filesize
538B

MD5
6174a3cd3f74dd04077941a604e48af4

SHA1
e8e33a5f0d7fc75bab3beaae2c151df3e530f6dc

SHA256
379303975d2a7379e7d887f45ce8e7982f88f5652b90bf99483f090593f58dea

SHA512
9b47bfc6d6a93538935f498a0c233408466f3433e30f67627304e66f9e9fb8a3e7e254ae48372ab07b0ace7b87cef3e0749c1f9ff098b0e3c8739174b378e0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80e953e9e4c6ffcdb756b6a33a38e2a8

SHA1
eda02d95e08c56ee3aad6a66b377ab54093cf0b6

SHA256
d02e2bf902829e9521c446f721b7c48ceaabcf583efc10096ff67713f763489f

SHA512
d131bc8a72d7a66fc2da9d824c47f7d7b6bcb585fb6f086b2056c3632cff42b8bb570864556895e59c4f33e988f60a429cf2068b76aa39cd1f2f854a8acdd530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91e9167f92ad23a58920906769b62e1b

SHA1
9693293483d6e6705b7595413ee56a03e1b3230d

SHA256
08bad1f067352b72063f815582bc692b6003eb1ea84026127d69df96645568e4

SHA512
dc2ac05f0666a3ee8e9859a9cffe6fecfe56d68e9e475de8f8ea70cc67388a2a40e0c6bcceaa28913b740fdecc4538b140dcb1690dba96afaa36116fd6e5e1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb300c17a6be06747b1491fb0a86e925

SHA1
badc08990e79566f575b8a9ce09d2b9d1c1f15d6

SHA256
7f3d2be7b82b5e7abfe3917eef95c24104d52cf400a45f3f411edbc41b85d5fa

SHA512
10eb292f1e70950aa9db03e64d1821b63ec527da219f7c05b896b93676ea7e9484cf72f307528802e2b9837e131555d59e9c36e8df5f6351d0a61926e58d7d9a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 46659.crdownload

Filesize
1.1MB

MD5
5d6229f175579637daeb2291a3da3b31

SHA1
f2b0354193543ec378e158da7236ed23e2e2af0d

SHA256
af506c42e5b4829f5230793b61dcb6d4bf4e309ce717d1ef08381f6747ba8dce

SHA512
05b6193b9b8d30a47c1713c2f9f4a936d1496bef9bd99eb834cffe6d6408fdf24bee88054753076fc28c1cd5e005c8d59897ce740813649f62ea8113f8eff47d

Download Submit
C:\Users\Admin\Downloads\eicar_com.zip

Filesize
184B

MD5
6ce6f415d8475545be5ba114f208b0ff

SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141

SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Download Submit