e8e00ff8ef1252123ae320334d453553835c2afa9e6f872003644fe39b7c58c5

Resubmissions

30/09/2024, 15:50

240930-tadggstbnm 3

30/09/2024, 15:48

240930-s8rlbsxdpa 3

Analysis

max time kernel
145s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30/09/2024, 15:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pawg.html
Size

120KB
MD5

469b3bea20a6fe08a6c572d8494cc696
SHA1

3fb14bbea73314ccf4bd11a1d04b763541ade78c
SHA256

e8e00ff8ef1252123ae320334d453553835c2afa9e6f872003644fe39b7c58c5
SHA512

ac93ff7aefde0c3eb42d0f5b1016df158209e443382c175b4ea54b90bf5479327b2f81e378258d8df33759d38197ff35a2c5c9214d3d6f9b28266bf1e5b42509
SSDEEP

1536:SB/eEvukHx2XarrMIfvISUa/HvgN7tNSCwEaaFtx6X/7nPX:AupIfvprHvgN7tNSCwEaaFtxab

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{D0C2C3CD-B1E7-455D-8266-DA32AB2CCD56}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
5012	msedge.exe
5012	msedge.exe
3580	msedge.exe
3024	msedge.exe
3024	msedge.exe
1240	msedge.exe
1240	msedge.exe
4192	identity_helper.exe
4192	identity_helper.exe
1008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1088	5012	msedge.exe	79
PID 5012 wrote to memory of 1088	5012	msedge.exe	79
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 2472	5012	msedge.exe	80
PID 5012 wrote to memory of 892	5012	msedge.exe	81
PID 5012 wrote to memory of 892	5012	msedge.exe	81
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82
PID 5012 wrote to memory of 3356	5012	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\pawg.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa1113cb8,0x7fffa1113cc8,0x7fffa1113cd8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10326963553493743825,11514470548605498624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6860 /prefetch:2
  2⤵
  PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\016abb0b-f52e-4169-9e07-c1dbf607122b.tmp

Filesize
6KB

MD5
f2213c005e73c3cf082a55b9d7d7697c

SHA1
e6d15f4c747fb9ba2269de32bea16ee3780d7bff

SHA256
e288d2d00186f12ecbaacb187946158b3fae417127d35ae4f5123c0b0970f1f7

SHA512
f77f6c82538137d6b6f02923d589a36d2a5c349cedb913b3298f7037e178cef2705a6baab928e5d8e97c3994281286dbd13bc2234fe25a94c331466f2c79b0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
2bb63bc961589fa265d96c64959719f1

SHA1
342a2503343edc2693a193eb8cde67296d366c0b

SHA256
e01c8fbda53cd25b4bb153924b4076090139d390727517c60edd4e3b849103a4

SHA512
b2aa26a6cab3d90f5b65a7c617d7b8dcd2332934c38a432837765132fd4803415813d3643b91f008d3a0f855c2856dd8b745258ec6e65ca7153646b089f426e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
25KB

MD5
37337d123122e66f1aea0f7c03658843

SHA1
18ad1bb815581635f97a730bed29de8b912102ff

SHA256
ef89c11b15c6a91ade2e0d84dfecc3a61b11c361fb5b5de3d42a75cb4480209b

SHA512
770ff4ecb2923fd66c5a59194b2c3b63c09fa8a0a4a702e4607d477c8e2f1a73c4286c5be9ea179207705d75565091d0a8a58ea77309cdfdd50f881dd99a0c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
16KB

MD5
014d172f928daded97e50cc178322638

SHA1
108e379ef6a33a96d9941316b446836a42848036

SHA256
bdbc477f5c208cfb6d53c04ad1a93f5b4dac972d8a978519b4a78ffd3a9a7eb7

SHA512
e230d2a5cb80113907d530c1638445110f07343108d39bac032ca51046f867b203ace276b1b8609a6d5aa4ab39e413240f3b3ac5ff85cb89d02421f4a9a0eac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
17KB

MD5
e8e762d042667fb74fc9fdd6f7316713

SHA1
522cfb6147ed5eefab6e42276bbb282015428f04

SHA256
ad686ba14c0ba5b318f67ea8cf5041f3d234a7ab81ff440fb77f880ce6a1f0f3

SHA512
30aae971176f12c4f66044c0812e48888ae8d1ba2100b66152dac36b6961fe9e9b365c785efbfbe1dfe4b97acf8c63a0c3acd03a332502f5ef04e8b2714bbddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
5e4764d3c94d1a1db8c3d0890278b6d1

SHA1
e5171f2f46e16d32df5f634ba21e47256fa9689c

SHA256
5077e8927721a6a3ae5d78b456b7041230d627774a0a319beebacc88290b8328

SHA512
24648e47c395fd970fdb971b35e6c14cff1ad1808d84fc47cfc322db211960e6905dbde37e14912adb61eca3cf30b71d3b50a0f01f2091397eea51a1ec4437fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
17KB

MD5
1e655839907e9920a7dd9aa534905609

SHA1
569902a64ed9573663901f67c91c600d0fe54114

SHA256
f1a13859efe36dc56615b001e44e2a2281c6a4c58b3005b44efb4477af5c82e1

SHA512
6c6465cc3674ef532db47751b805dfe681123fdf446590dc4d5e4a4eb2ee3ac8e5903a1bc75e83d0a4455c3c0eaa7bb4790c682c4850b94f34c0d01b1e88ac91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
09596b6594114cc1b46292451c8f1b3b

SHA1
9f14ce68be0dd9765aff7f911710cb78e71dc76c

SHA256
588b9c81fad2950c68c9d9ac9f3db21b4ca190c80b66cb938421a87e4f4b1ae6

SHA512
fe7ded4bc0be857c8c7cee5c1e3d4e6f8db13ad2718b2d8202b9c0b9e509523b53806f3cc0e2fa128b4013987b5fddbdf9096780445d603a8c66cc856e72253a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
43KB

MD5
bf4f7ec9711f58fdddca6cddf755d0a5

SHA1
8defccf1c4c4f3600fb2dc2eb22baf47b8e640f4

SHA256
9b8844bbf0e0ca9e1f400d42a15d62ad5ac4bad61b9589b50b30e4058157c408

SHA512
60b146d0290eb081a535815b1db6186378c26d86c2db3ffbacb2be849aa2f6c0a148723b86d60df3bc37802ee5abd42b4014d27c15bedebb82edc43fe7344be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
29KB

MD5
307cc9c90b07960982452fd122fa89ca

SHA1
d3f42e1a37b7a5e959c39a58d2a0a0e052b49961

SHA256
c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718

SHA512
ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
61KB

MD5
8de77e6357ebac3f00ea539a1c4bda82

SHA1
91883134e154926c14634d49f3f899adb566a37d

SHA256
d8eb43aa5752e1cddb3add30ae0b81d46ceb32438c641b98e0f20f6c9abd96eb

SHA512
642ea1107f466584d3b919b07fa28c8f6c26147ab3f2f111f9c2ae3f7c4c129843a17b2c3033cf03ff7b4e22cd24fd33e994e79708c946b1cf622f36fb49efdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e878299b53167b5c64847f522c3005b

SHA1
9656023953ce277cab3b34dc0a51eff0e307a33b

SHA256
b008f115a303844a76260fac00ebcc3b1f867e799dd322fa345e9a59a4e95a08

SHA512
363ae5b520235c042d9d35081cca2f8c4b97d95bbd773799feb2ab0c3057ef38e73e6b60bcd785639448b0d82e1aa8eba73bf02d33d28c438f8e26a2e205c960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dad801ad453a5cbf066c2c6aabb91002

SHA1
187af91a74fbb43ff527ef34b559a0443e29efe2

SHA256
ebfaf8f5b0b4441443efbcf4dda6090cfb9e97992dae04f1d87bdb47ccd45649

SHA512
189c4e7588091db258c052fd8edf4da0090300407c7ba4c0dd2427c3a0b888ff4c6cb1e900846ea08c0ca811978099baec5177adbafb67524b4fd3ad3231e5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
debf217de5f05252c8a6f3e5117a7718

SHA1
70b807d700b0f42e143e4630d4e28d5a44b7a4a2

SHA256
564446dbbd2d519ada6046e46d29ed1708dfc2d5b73a8cd84bed56fee23838ae

SHA512
8e17aca4c7bfd3040b80e53859652fddd096b376621168bcbdc72e491b072daf278c16c9b55f19ab80a80a99183842210976e05bf43747d4e8273f49d1e3d660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RFe598fd2.TMP

Filesize
744B

MD5
246e4ce705c3d4a4f8db1c7c03d8f537

SHA1
470d733d574c0d3ecdf945b663d51384c81f915c

SHA256
7b50de3c3e2218135eae46e2643c79aeb419b9a816d86212b57c691e1c1b691b

SHA512
916b365ae4258b6aa8d338b7940471217fc5a1f47ca5c44ba3fdb5084ab4577af47d17cf331a8efbcea7f4080c57ea1f2c66652c0b601148d88872a4f8af7d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\http_www.pornbaba.co.in_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
04966d9f8a754941d5f2390e0e97b30e

SHA1
8be5c9133bfdba5e90be5a789fd253912604b630

SHA256
f6950c626b4d7bb2814ec393ceb00d18171e13f7dff01be29f2ad0745905be65

SHA512
487c0747f6b1b4113ed1d165f93ae8f00166eee94b653ff70f44e8ee879f2f786addd17dbe402fef86002d4dfa98b0c0ae5a671447be555c607005ed1e071793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
55bb6421d21b99c4246fac075428dc56

SHA1
9578f60d6915914beee98af1a7efd44334afda36

SHA256
e137490103f3d94f98dbeb322f9cf84b50e6c5eab50d9f2eafdb7d8d7951d18e

SHA512
4a389c8c53ddc6919b81b51be90712aa84a92323e681221b837155717175011e45c32ca4a7b6de3671032fef5ed49c62b0af6e504bde951e8aa542c5be33d20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf3b8ef4f08a08520b8413366322e398

SHA1
9cda5ee32b4d165d96e375fcf418d96198cb3351

SHA256
2cbafb80945a136ef0e2ea5a3521fc1d74b0d01f86ee4cf034d08fe29e55cb93

SHA512
c2eabe6e6c87b3df8691cb6c3f702aed24141493e95694740a4b2cd34c92586f0553e21de02e8e7e3a91c542c38dc832accbb64cdfc849e02055e0c94229f43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4b4a16fcb87e893fb2000f391c1b7c9

SHA1
2abfaa75d8f37de2b8634b94872976ba67ec02ab

SHA256
64bb3935a883b86acea2fb0a3153b26de1902e3552083e962975cfe921e1d154

SHA512
9273c77cc96780ac7c6a20a9d61157cbe52aa7ed35f238cec7e74080d0abf1f3be49e9865f630733a1c2d83e54fef531036a3935cd92f1c0cc3d312d5a6210c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86351e1e8e97c9f89fca697a738d4a6a

SHA1
7d6bb7875fcc0088b75fe9a6cfb1f4720d780081

SHA256
d92717ac3b72bde2665a86244e08dc332018517e282d86d83c8095cce4cd0537

SHA512
96bdd7899e8e025227b9d94c62561d18c4437a708acf5718e4b372b539fc69fe51f8f0eb55430b7efd253e4d9ad9c494fa27808e5fe745e8815e27472ef43407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70e143b545390fa46b13119764252c63

SHA1
70d197748c742e5442a2831655dcdd871e9fa584

SHA256
304303427331d6f2febb8a9ba91c1ee48439cb8037b0ee4f5aa00ec3cd11e3f2

SHA512
dc0e526785d864a5b9faf0f7e2a2fb1206e4e321dfa110001f2b7cf3f9602edb0ac1b8b1c1fb1da382dd811c1fba54d4f33c7f0deea2d3579b8b7ea1d5eb1fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3f9f4ef792cfc0a4813ae1fb41743e2

SHA1
bc7a2c1d62dfb95c67baf608894523bb552810c2

SHA256
143796a92beaecc0dbcdfc75aea1c284b54e7b8410af21bb12b400ec1c79c7f1

SHA512
6389abe1f91b968c943666d7101e44a5955d6678a42e0af27b7a875dd0df9d2e8755e32d00b802b88bb86005e9df5bbc10c76ddc6f1f11655c98434d8f207bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c84e90d781334198823f6e6baa44d6b

SHA1
336bd4c4c97abc59db826834cb7ab20b4f6878d9

SHA256
9a8d03b501a7276c5b3c2cf5617bc65522b881f34a29df4b41fe83d37f145f3e

SHA512
c34b3b2942118565582af0c15f3a57d0a5a27f25a649a2b5d3abd0fb1ad9d4e871429758b89d8c35f37ccb506847ff82f8cf1df51131c2ba19528a55805e6edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
98310315508cc4e2513771e0a458faab

SHA1
51f7bf29b00b905eca3c09407680ea93a6adc28b

SHA256
21d0c3a5fac3753a754b4a519804dc10301cfa3914b3d56a61d550cf99a0fb45

SHA512
098364a9aacf7441c63574104bdbf63bec34d0f12cccd682ab7c0d5897a2482fa90baec9b3566060eea6c7bb611a957fb583980036d0c871d6e365c8574c9e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
7d0f9a6745fd8464e641e3b6fca2dada

SHA1
7b1e033219dc66cf8b7ae4be65140bce5420c179

SHA256
c68c027b0f6313f0079d71ed81efa8c5aab56d072e29c1c52314a3748c3b7fd4

SHA512
7c3a5230ed5e85879cbb4ec4b7965800afd3ab7fe482a3354915df63d564ed5187bd0304ff4c766477712b20b1a37901391cbfe39989225b6db45799e4ee750a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589f77.TMP

Filesize
89B

MD5
bfdc093fb69f20fc12377f3d935faee1

SHA1
188d19c1b97bf71d580f57ecc90344d8c0677cac

SHA256
7dc9f97276a98e5c42cdb180d4fdef0af4042da1a5ef277d5e26f2c68fa4bd47

SHA512
4d49fc687be8f5a1c444da6253cb65a4722fd2cfae641b7d2701d25d48eb752f2d4834da7f82e6ce3909e9ecbb50f4d3c0e9e4ee768fee80590bc501c61eb51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f0a42240d09ac09e42972853426a99ca

SHA1
52db3f37c97ed86e1522340330928adee87c87f4

SHA256
60837c9bda6a365da50f182d150009a03b99004649cd0fde8d9a739e79372269

SHA512
51fa9cbb1778a47050cdb03cdc47c58d7fde5d6d25b1675cd32c68a0d14e5402519a321732009f1e2557fbda553722cb1d74cf2e689a2ea581e2a56f1f4a600c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ee24.TMP

Filesize
48B

MD5
2e2f7be521665ac226901596b8f77e91

SHA1
88a649de769e898513a1acc7a22c1475850b520c

SHA256
1495cb4f047d4fa3afb39ce3cf2376b7f1e8c37b5c877bf95af2321fbca00b8f

SHA512
14ec0b266200d19640e27aaba57392abb18c68bbe192326ec7888d810fe920c82aea141dd236ce50e1446e0ee089232222ec2e7d2828accac2f261d8f34cbef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e5f7d48f34c77278e6073d402c2916cd

SHA1
a1d0e6531c8454b29cedd6a1217893ca55662bd4

SHA256
f168c0ca02414b3912bf0734c1efa4d82986a65dcaccd6632ca9c3b017ee8d37

SHA512
cba54969fe04323b47d7dd7b7889f96c0e6aa2ea95b4cf279bb58f5901dfb352ef5d9003e967520e59782b9f3084ac517a7713f9ebd1693ebf820100829f64c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ed5fd5b41ebeba78a9785f3380a4edb

SHA1
5fa98d27c237c58c41f1c848c223a892c652d721

SHA256
2cf24492def13170ac2433645068f8e0680046888cb2b5abfa796c4cb999b6d3

SHA512
90e1ab0523917203fd9cb3c3925146798ea59ca185bdaaa075498dc6af9ffaa630aba8aaab5883daf94c02cf64e8afa9fecfff05c7cd12d2da1682fdae43b497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
78545e912c60a3e82069e13f76e91963

SHA1
7416447dd08be9d61b0de3e30097231b9f1bcddb

SHA256
e03d2d76786efe537d768c70bf732bce2d13d071f66bbe3749916052a6da45c7

SHA512
fecd06103035b97cb787d551b7de4bbb4428f5dd5ff1e88e20dd1fe7710d1b1a54de95644dd302d7ee1d9d43ad91b69cc88d6479a2cd6bbe4bb47b296edf0d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36257dcd2616c7ccf34eb60e8fbd41fd

SHA1
6bcfd53ff1fb84c21832ed48aae282179cef330d

SHA256
b9a85a32e91f4505c5944c79e56ff671a0a827c055664e9591a130432bfa9605

SHA512
ff3ebb9d370cc0bde895039f523bd75a6df1f70c773348cc840441c5067731fc91d633632af4a0df46c6a436ec8d3ceedcbf053a94b6bc9ccaf40684502aa915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9d5b41bea4b4c76c4f80495480b11ed

SHA1
3fa04f252e3ea2141ed2e9dfa71dcb45d2028922

SHA256
d06ce86c293a2997afbc13a0f81629e6b4389ee319dea8ad29baba006c04a186

SHA512
581f2ece92b999cfb91ba13769a5188f2b7527deb8ce26c686812e50525e5831803de5ba18cf36db13ee6886f6b60989b25bd551700497d1e08e47bc98056814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588393.TMP

Filesize
706B

MD5
07f0e1e1269ddf1a6a170b4d0024228a

SHA1
107029c92437d21e24b892bfb3d9a795ed05bc8a

SHA256
dcf267bcdcfec3d77855605f54f388392e107815b07e08982c7bf69018025e50

SHA512
7439a86e2148de97bfe307c949d7bedfdee9f1be7ae25c3bc8699bf7476d23179a94ec281aa4d07c959bceb3e44ef9e58fdf0fd1748bdc72464726bcf7f963a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5848d96504a62e09271a4c46babcdd20

SHA1
738fb483f4a2c5d6f51b816630cae420d44d056a

SHA256
bf1835dd62679dcb64e020578ebb6dd8a855d6951f378e06d631227a58388bef

SHA512
8885cb9d9509a3a8135d66fe081ee3eb2e9a912b3137eb4f66bf90e232be6177fc6114db1bdfc1ea59651a0edb343fe59a73d27850e0fdf6f9dee85efd2e0df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c7dcb7bad5e94c402f51668f447ab78

SHA1
206699c6495f3d88b92969df4c1c917380c77849

SHA256
de76d86d2382f503959bcf0067aa1123ca5107a40eb7a51a9befe669bd6a4fb7

SHA512
d8442f8edec92d9c67838f68d4c173e6e51bd2626796dee4e1b69740d068450e7ec94630a46c608bd8374c36c85a65dc458b2d112bcd3c24433cab8c3d2c92de

Download Submit