hxxps://www[.]theannoyingsite[.]com/

Resubmissions

21/09/2024, 17:09

240921-vpmjdatcqf 3

21/09/2024, 17:05

240921-vmbdbstbpd 3

21/09/2024, 17:01

240921-vjzlratamf 3

21/09/2024, 16:59

240921-vhtdcashrb 3

Analysis

max time kernel
55s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.theannoyingsite.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{E7E657CA-4D01-4C35-B134-3621FB8B084F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
4376	msedge.exe
4376	msedge.exe
4000	msedge.exe
4000	msedge.exe
1068	msedge.exe
1068	msedge.exe
5200	msedge.exe
5200	msedge.exe
5904	identity_helper.exe
5904	identity_helper.exe
5412	msedge.exe
5412	msedge.exe
5256	msedge.exe
5256	msedge.exe
6616	msedge.exe
6616	msedge.exe
6640	msedge.exe
6640	msedge.exe
6652	msedge.exe
6652	msedge.exe
6756	msedge.exe
6756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4984	AUDIODG.EXE
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe
Token: 33	448	msedge.exe
Token: SeIncBasePriorityPrivilege	448	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5468	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2508	4376	msedge.exe	82
PID 4376 wrote to memory of 2508	4376	msedge.exe	82
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 972	4376	msedge.exe	83
PID 4376 wrote to memory of 1236	4376	msedge.exe	84
PID 4376 wrote to memory of 1236	4376	msedge.exe	84
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85
PID 4376 wrote to memory of 3136	4376	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.theannoyingsite.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb6b846f8,0x7ffbb6b84708,0x7ffbb6b84718
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8280 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7704 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10552 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9148 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9584 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10388 /prefetch:8
  2⤵
  PID:6544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9936 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9332 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9808 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10476 /prefetch:8
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10440 /prefetch:8
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10712 /prefetch:8
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10748 /prefetch:8
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10760 /prefetch:8
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10804 /prefetch:8
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8748 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10624 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10352 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10808 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10860 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7504 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8
  2⤵
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9668 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,11047472016501589811,6036774899882735343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8440 /prefetch:8
  2⤵
  PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4984

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
678ecfcd0596ef697c112725d3a48415

SHA1
734a5f99fc10af4b8e05917c43ae723b5e84b8b4

SHA256
496173e17ea8708e88104a77b6e1d26dbd71eda1814a403904d64a8840b8e1c1

SHA512
436047d1b1a356dc3ddf01e7053522d346acbb71a1945243b5c09fd5c955de4833b881f5090e9bf3f97cead7381e55265aa1603d91ff972f33519321934b69ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
2323a7d59e0f20c88ad731a26b13d859

SHA1
9df29164b81f59b3eee15e8e4ff47598d730ab15

SHA256
a897346a0cd9e5387e6eed7bab71d35bb14b9df3acca4b6e20e8cda88b609d84

SHA512
b3415db0b28e038579e927b5d0787dc4a3d506f317e75500783b8b069e471588432a0278263b84cf6e56e9a5d76b0dec547b1745242829183f896eec43d6bd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\75c0a03b-7de3-46c9-ab69-6c523319dd04.tmp

Filesize
6KB

MD5
48c29d4d5507f800b6744efbfe24bc2d

SHA1
62d3f519745179a1a9f0125e769eac06746018ff

SHA256
60353d14e9310a56a4b3f406dd9f4525603c7e4a8d2a479947523caf05f44462

SHA512
2bbadbee97f946b4cfcabdd4105e9f1ae1a780dc3c1413e146587e0929943bbab7e9c62ecf3312cded0b6d59496af77531183614c613b8d113bd2ae0a5b8d3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
75KB

MD5
90fcd7ca224434b5afdac8f8feea9f04

SHA1
053b89c1e0ab0a76dd7af5b8f837d0b63a69aa12

SHA256
6ea9570861b87ddb5b3d3c31e36a5114971223f657eb8c59d053f573e4434c57

SHA512
2f8c2f5c7e07dd1ea6df66482d49a1d0b8bec515851c9e752538599278eaea1e10358ea91a8ea424f6831ac143b882c3a92b8a7ec58c16921f8b6b173c32ff30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
1024KB

MD5
2fe924eb16f814a9008dc97a104856c8

SHA1
f9d78de81408385bfa4f1184385e332135e1215b

SHA256
2eb791e0e334f9cab3d281b689785a0002b4f41ff76ad0f4c400179250d941d3

SHA512
58c24eeb11382ebd40211ce62de89c1cf0c7cd52e7d72734f13ccd0592c49ee7af2eaef5e376cfd59e72f00f86f819f1e248f1d69d34dc0654c5153398ac11ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
1024KB

MD5
370342ce51445e68ee677b56ac8992c2

SHA1
ae86b56902e668c27de4c1b2a1a197da17f89163

SHA256
61a2bba2783a9c376c47354fa148974aa36295fc60029c41d6252775e6e84310

SHA512
b47e765be3d54f94e67d75e1f0ced3404946cf193dfc5ad1e4db0c932df90bcfe9bdde7a3c9888a134d2601e38162eb38282dd401344a34c5dcde9ff893dec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
551KB

MD5
7a3657867732fe045ceb6a25f6bfbebb

SHA1
e1f8898064dd5bb137c223b02e3a7256698f3433

SHA256
364622669cacc34137967064729ce5ae0591e45c86c39bc960285a068cb6f789

SHA512
1e6b90f75833575fa0b3a30b89a28e7dbba66cf7a39187364a1b32a1a2f9bc9981aa271f6dafb8926b6541bf39efd04baa911660566012ae484f4516db2a7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f3bc6c2b75d98ef_0

Filesize
283KB

MD5
fcaafced4d4a6881fdc86a1ffd016c14

SHA1
9bb70428d7d89ec69ab7a2c9ac92e38546d08672

SHA256
74f17bb348143b91081ca16d4fd261f1cf5fa0af5d646f3db556fb885e215e26

SHA512
267bb647adbcc5d5a483be56627afd4d92ac8c1186f25b382981013f27ae42acde736b3afe0d077d369957401c6e57d9cd9cb950d4d5289a3eb14334b9e51bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ff50b8fdd3749ea0366ed60b43711f39

SHA1
da6b0f25fa25102a486ffb44d708117401559625

SHA256
425076a7c610760679f4aa98d035812a3cd80d86e2703e5d9992137cb1724b7d

SHA512
b26c19e965712805d4b3dda9e0efe48f4e07ea87ff47e5b866beb7c10f7f4868e559ffe03d0de20a5d30135c6903ce5e1ee5fd8aba726697299f90ed6728a9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d3fbaf5c9fbbfb76756e98e52e9cc1de

SHA1
656045fc6b891c886b9b90ef3dcf624f84249090

SHA256
a6a8447565d923576adf29af17f8ee198a09a89ec3f3d34ef2b08abaaaa5db74

SHA512
873d60a418f352cac87969e75317a8fa5e23ff3d6f10472a4bb168e33d1d6e817f007c67fba23cd73171779482ebeecebed08c201b11985b452a0c671d3cb8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
22c0c620962995846eea4ee8bbd95dc2

SHA1
0a57ce4e7f78e85715ae7cea188574608681f233

SHA256
1dfd62a6ad744e21292535552abb940da80bf9f533e1e6b5db4282d13f0a5696

SHA512
1895590a24ff25d10ca9ab7daa98b0f0ab26b58e4cdc5ab78b5427f14fb49b9d541b44360da98595f803ee07bce57d0b32a8028cfef7cc98aba795b4820d8b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
753d97dcda3e57d429511786da357557

SHA1
f1f6f41a9c3f904d6cb2405b483fd98ab068dfc5

SHA256
6746c011dcaf55f2b25be00907a62920d93bd428de262068427c19ae8d372f84

SHA512
213fa122723aec445dd7a783a6dc81cc684c9ca49a53dddc2f2dfc3f3f5db800e376e9f2ee7715be99507ebe40e4ffbbd3acb5c76f6d3b92053c9e2ac947aecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cee4aac474ee222084e5cba0b10e2b1

SHA1
8427c091a276eb806745bb50a3a9878dcee179d2

SHA256
d61e4b53325d6ebbf75dc20324a0375ba4f91a5897f327729f14697fcba0cfe7

SHA512
eedda14d76be657baf157e03fb3af6a40423f8af8109efc9c21c14f92685c4e5303986c840043a790fdf5af9000033f647d67a50e3a4f3b96c1616caa0cf36c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
34c45e1ba0770cce2c54d649437d34bd

SHA1
3435b9891b058b51e99fe2d130ab7be5eb785f17

SHA256
f7d7c493b69e44ddb30a49b14b3a5d870811ec6dc3098ad66448307f3970233c

SHA512
7567021a55bf62ac77d9bd98bb1f3ac2ba96d1829f5560efd1d9b614a3e0cc66bcee7f314cff1c3fba5bb29f7e5cca23d05bfa7c122272290a4ba403ae07ece2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b25c2c7c35b87d5e389e3a57b634b84e

SHA1
c4840e70aae2eb5875e83ae16a3bed0b1a72ac87

SHA256
90dae7805400e725426eef585b5fe6af4d535d289e31e0397c33e0a4af002c31

SHA512
e13ed0251b822496fcd7a3eb259dfaf9c05e4234ad6c2547444437f3be99e3009bbf9e7511c66203bf9da0db3b603a61d1185a62ebf87bbacacbf4006141bef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2d124396389f985d4c28a3ca67ec4d34

SHA1
e88251df5fed0fe155b4b79d9bd4444ac87edcb9

SHA256
c9adc3a251c5296e1b74caeef204e9d3086bbde635c722d193c247b93086d429

SHA512
0b30965c69a0263709a55c5633520dfebc09ff13c829d3b89613ed18fdb0129291eb83a93df4e88d5b39171b8e15d8c542f1f1f39ee341ef7037893c66818611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
402baf8971d94ecadf27f3067c4ad2a8

SHA1
55e4c169b146569aeaf0ae9eaf289abcc3a740e2

SHA256
ac264560833ee557dc53e0fc2f643d67f37db80d76937f01b884fe3d544c7df3

SHA512
de8455d9e958dfacf265edad20ded63f914c757c5e7da6c1b920c47f36b9487e768208b06a142316f043f7df8ac94673d503521f666457c905c1fc32e479d586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e9975b8dd10d1dc5aecb4462991c8805

SHA1
023645cafada6b074ddc7fdeed22e67186ca84ca

SHA256
3d9acb35bf96c51687433d887b67d692f510f656ac8b3b0c0d7a6f12496309c3

SHA512
fe38d518054fff9d7775eb533ed95846d89b7470356df4f5871f03a91b513b729e67d2222dee6bcadb0ba7c944218f4528f18012482c2b800ea1fa1f233a98b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
51bee99eb4e19a73b64658666d19640c

SHA1
7c688ff2ddc366799f5e0b47c907d01934c5140b

SHA256
7838b41d64ab0ff70a4961a4e0d49a26a8771a8f709bb29dc4402a3b60530a01

SHA512
b02034a8978c030ac5d16a9141293d3756a6ff18f3a2df6aca4e32df0af932e956e9acfc0712243548cc237140ee3779275d806cc3b98acf1735b9dde7a8cc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
6707267ef4b4ebecbe91957af423543e

SHA1
e4a32bfc74dbcaafcae76feb00eba6b394c7241c

SHA256
a523eda7b59621f27b154720247a11b1e18f111ff8e05c0ef87b4697ecd6a0a6

SHA512
e51faa5b18d7908ce026e89bea869cc5d61c3169d3c1ceba8f5cde51f4cbe3f75dad5dfe9ab892324fca7ab0a29a488d96b3ed322c0c460d3a8856249824cea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e262d379f803dd4238d5ec6742995d22

SHA1
2745e6d5db526f981e7330eb640ecd9d6e98739f

SHA256
adb67deca6507423bd9ae492f94f119437256c272540f3c255b4fd941087dc6e

SHA512
7afa6eb99c3893178a296f54bf434a3d0193b89e219ccbcf6a3205c8df3767cbf38eae9e27474877d7bd809782ccfab3cf63bfb45d8c55759efed945f42d09c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c80d27a6ac5cac9f1c15a316cf92ffc9

SHA1
61e2f30791a1f0d483468e04697d8bd03a47b2e0

SHA256
8a2263f244dd0719c34300e5f96aa2ace80ef285760ce1dad332f4307107d5f8

SHA512
c6eeecd755b0631ff5bed4a603451c6bb5b2d27257ef9fee3269781d932757c066a3fd64fabf5a10f32506403a3e8343bca3bc6ec85017d15c9cd42a436877ae

Download Submit
C:\Users\Admin\Downloads\7cff76ee-e17f-4109-b607-793810026404.tmp

Filesize
69KB

MD5
46baa7ddbe6b0fc24d9398cdae8abe96

SHA1
cbd076aaf0ada7813324e7ee617f59c6cd7553c7

SHA256
58c64c8eb076f75e220ea7e86fc8c150cf5303d4fd3a3ba68b94276851db148a

SHA512
1c747c8da6a22a1c9902e639db535df8395153bfe3dcddcd4ebda170fe023db46fb08c7e5301542416d292ca2fb13cd35f2f51f9fed33e49267e842a1f19d31c

Download Submit
C:\Users\Admin\Downloads\a2c3fb20-720b-4ed2-9c5f-a00375c130cb.tmp

Filesize
26KB

MD5
ebc880bbc38875853640cde5964f595b

SHA1
14267b4b280d9792795c9c8ec8ee6a0212a2ff38

SHA256
e3dbad3f3e815cf016672c4374361a9d68d5a77f2c89f26b62260795da6940c5

SHA512
0d0cc77e016bfc2076a437a32e42a19ce71c19191ce78a81f2164296491ce92156ffc25684ab6b2743693b7a16c55ca0c75fce8754d5a2c2aae071535ccbe93a

Download Submit
C:\Users\Admin\Downloads\b95e0a9e-844d-47b1-a58b-7450b31dff6f.tmp

Filesize
51KB

MD5
e38a04fccc918f99e4ee279f2a8bd165

SHA1
80d59f045bf9ea60c5e12a44998e3229786b3717

SHA256
a0a96707edfb3a31f96c90978e1fe7876b8c2f8491d776b0b6dbf2f628ff975c

SHA512
f24e487833454a5640e89e294e618349952c1ee785ec13a93f95ffc9809c4dd2bc312595afded5def0aa54781b623a43a703a134cbd4e182fd2f9dbfa64b8f9b

Download Submit
C:\Users\Admin\Downloads\cat-blue-eyes (1).jpg.crdownload

Filesize
16KB

MD5
9f3a694ad0a4d29fe22a21aaf11e2af8

SHA1
da915b01e2e339e9e2c5c83569ed815a0ba2fbe0

SHA256
0f39b0079a3157605c2db99f42ab692361db80671e033cfa6d8091ef08f797ad

SHA512
b6b5618e5f31fe0a4b6441b5397d07fe4333e70a3c296b0a4457072b9b65b2282082f528d578c4b9c6b7d468a9a45352dcf98d647cd0f668fb50d3c03567e111

Download Submit
C:\Users\Admin\Downloads\cat-ceiling (1).jpg.crdownload

Filesize
7KB

MD5
f488f8cfc743d4c85fdd2e568f61ce2f

SHA1
61c9978bfd4e6ca0462be878fbd04b427a0218f4

SHA256
03ec03f11548c1bae13af126e5f90fdfac51fae70b4749f80a76a433f0fef860

SHA512
9057bdba20d925b565f38e338241c25d8d505de41771bac33194920abba2c7bacbd5ce913a43e49ceb29f7888232363219e833e1eee8b7cde8d863de0e8419f1

Download Submit
C:\Users\Admin\Downloads\cat-marshmellows (1).jpg.crdownload

Filesize
69KB

MD5
145f7a8b5f1e31c7fbc31a37eebe2a32

SHA1
603f1ebe9bd143c05c2e0e5f645d9d2e0afed1c6

SHA256
639c449b9f0198ef53d54cd225260b77a5eedfa719408bea1bbdac5fb37d77e6

SHA512
12f5fa578fc47ea51b06dd6d0411b17c714946a3ccdefc47fbc881c5de6f7c38e3ab354691b9f27d90f7ed187da30a7a0c1a0674596be35da8f08794b48d5d7b

Download Submit
C:\Users\Admin\Downloads\cat-small-face.jpg.crdownload

Filesize
49KB

MD5
89095c8234738dd985d0b6605fc6d0e0

SHA1
90ca9298510b376a2af356d9a034536f1bcd95d9

SHA256
9614898e1401364b5dfd727965230477855d21cff4fd49b7f4f9510387659bcd

SHA512
442e607dcf36d5d4ad00aba2f302d53ff5c6d8386061fbce74a961db34614ff714955836afc64e1ebbc94d2518d72374bf881bebc3374299c70ec6e388062e7f

Download Submit
C:\Users\Admin\Downloads\cat-smirk (1).jpg

Filesize
92KB

MD5
7556d4000001faf4691fb2231c3759b4

SHA1
d2cb1c4a0b5a01521a8b19c8939a2694d7e3f105

SHA256
e53f7e60753ed99baaf3f08dd2f07d1d96fe43476059a1745f9b2f7ab81978b3

SHA512
40d5569fd6466a3b2396b4a3932ec6f31e01b21b5d8bf78b0a598439bf2e5579e60296702d0a98c251b443ab188d6b8cc62da358eab12309cb21051d27c3b653

Download Submit
C:\Users\Admin\Downloads\e55c4f95-b097-4bef-8b21-480ce13dbc8c.tmp

Filesize
87KB

MD5
b95f972b9b33ef69ca3b9fb1b0adef5a

SHA1
d8ad42fab3f36712b6205d6205ac0947615caec3

SHA256
b1d1005b14deca1ed1e078758d7fc0dd9917748b46f71b0be16b44c57bd0088c

SHA512
5448bcbca0acbc02b2cf12e81fadb1a0a1b5b27128a530a3620576b58a26926b8b07f814f2dbc60716321f883e75d08a3f606b14b8cae56e459065c7456b4def

Download Submit