hxxps://search[.]yahoo[.]com/search?fr=mcafee&type=E210US105G0&p=Google

Analysis

max time kernel
468s
max time network
477s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 13:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://search.yahoo.com/search?fr=mcafee&type=E210US105G0&p=Google

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
188	camo.githubusercontent.com
189	camo.githubusercontent.com
26	camo.githubusercontent.com
43	drive.google.com
184	camo.githubusercontent.com
185	camo.githubusercontent.com
186	camo.githubusercontent.com
187	camo.githubusercontent.com

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\system32\NDF\{207598BA-1093-4446-8469-0F3BEDA78753}-temp-10042024-1345.etl	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{207598BA-1093-4446-8469-0F3BEDA78753}-temp-10042024-1345.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1992	ipconfig.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 835696.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 119768.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe
4968	msedge.exe
4968	msedge.exe
1512	identity_helper.exe
1512	identity_helper.exe
1800	msedge.exe
1800	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
5596	sdiagnhost.exe
5596	sdiagnhost.exe
6132	svchost.exe
6132	svchost.exe
6132	svchost.exe
6132	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3824	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	4784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4784	AUDIODG.EXE
Token: SeDebugPrivilege	5596	sdiagnhost.exe
Token: SeShutdownPrivilege	6132	svchost.exe
Token: SeCreatePagefilePrivilege	6132	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
3824	OpenWith.exe
1512	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 436	4968	msedge.exe	79
PID 4968 wrote to memory of 436	4968	msedge.exe	79
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 5068	4968	msedge.exe	80
PID 4968 wrote to memory of 2668	4968	msedge.exe	81
PID 4968 wrote to memory of 2668	4968	msedge.exe	81
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82
PID 4968 wrote to memory of 2432	4968	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://search.yahoo.com/search?fr=mcafee&type=E210US105G0&p=Google
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81cbf3cb8,0x7ff81cbf3cc8,0x7ff81cbf3cd8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1112
- C:\Windows\system32\msdt.exe
  -modal "328250" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFBE9F.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3179478583469157555,12511821193550890960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3824

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5596
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5816
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4956
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:1992
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:3756
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:5220

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6132

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:1632

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:4964
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:4356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5680

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4976

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024100413.000\NetworkDiagnostics.debugreport.xml

Filesize
138KB

MD5
add2d06bd99b7d4d16b965e1dae8cfa0

SHA1
817b2f6159395b94d6725dac1b2f22e682a1412c

SHA256
21c9b83ea8b5b943181c57aaccdd8a0dede391dc412071e686ff93bee7b2c3e1

SHA512
9d798f2bcd8a8f0ba9eb9af03f2532518378d4af14f4dea67f99ea1cc5c435bba76468e7f569e4549a0d53320ca17ecdc64aeaacede89c10826b6dbf64cfa01c

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024100413.000\ResultReport.xml

Filesize
37KB

MD5
7fbbc140cfa762474dc7ed46875a419a

SHA1
47e43b2ae453a9c111b9cb9bcd5cf6ae12eb996e

SHA256
30dcdd969f8d7938edad9e844d2657927757c1ea7352116706bf5526e725333b

SHA512
bbcef9afaa2014883e011449db65bee424a0ecf8140d9221531cf98dc9b8c0d00e0dac2da66fd6343243a4385b030b35186428fae097cbb6ab7db2be59967fb5

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024100413.000\results.xsl

Filesize
47KB

MD5
90df783c6d95859f3a420cb6af1bafe1

SHA1
3fe1e63ca5efc0822fc3a4ae862557238aa22f78

SHA256
06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

SHA512
e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\386ed157-a819-403c-8ee7-fc682503ad82.tmp

Filesize
1KB

MD5
0de1dbfaa11c9fb00be242f4071d3abd

SHA1
0a560039a074a0ea5438f55380798f282d94267c

SHA256
b5e0dc7f49691e3b616ef81d6d25dba96700c351546b48f207c3babe795f4d2f

SHA512
33d1ffcde8b787b61f3516b7dd8fea313d1bf307163538ad6f1602c094b5a36e545495a41e8c80f6238667e1147f635440e1faa80966eae5a2269808484cdc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ff31c13b5ed9e5f61a1924343403800e

SHA1
eef60cc03304d9335b5d74d7b6c4775fafb386d1

SHA256
8f0558e700a5dbec7d72d5c0aff822ad0a9f18331f4ac7ec3ebefc07044052fd

SHA512
a2798044a16f6aed1a42c99b094d4361dd31801fac1f5340438b0872fb36ac8f546647209cb9530584014557dee5836a998bca04a4ff86212b26c45eca840131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2d738a4dcedd95b121cdc60374e7c4b5

SHA1
63c796f47fc59c0e844b76ae58dbaa29b5c42177

SHA256
908bf69a629b5a5aea07dc69fa79f3ffea5a8dffd1bb0d59fb8fb22d3ccf3afc

SHA512
8191bbe7d246da2b58f900ca1d82f56517fc39184304fa6386b3151541710c9e6058874d69fa3a4a48332d6ddcb2306cf404bf31a8296d0d6da33ed8d1d56812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a36e664a514d9730401f9bccfb399461

SHA1
b05c124647ce39fbf73dbb0cebe6d4b3b9d14d1c

SHA256
68f49fd51d44c26bbbf1f42a90919f1f110948439b9aef3f0d29dcc94998c580

SHA512
f4a70bca4138187e669457fd606852a7542365cbeb791d0bf3a509d29ed002c7d0fafbfb40634b418a27ed079556986e3447ce7090a73520ff56b8b774d11c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
147396cd64bd6523ef3c630f8d6b8810

SHA1
abc5e3ac916764a40a9b0d9d9055dc1f3b164ff7

SHA256
0f58c07a9b30c1165ebe623faf26b8050e3d38a083c02b7d9842edba6a248d85

SHA512
1e8be1741cfb0bb7b3bc084aae15c94a534c4fb2f00fdea5aeabafc365dccde45b9ab1b29cda82fdd0cacd0d3be0d1a1dd581dbb40ef669dbb702d430c20bae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00f062bfcb926a5cc98c92ff95fe219d

SHA1
a91f18ed53962cddf65c581fbbb215216db25f36

SHA256
da4d15280ea39372d2322571ed2e57afe7c3de80d628fa511757a0fcbc50fac5

SHA512
c54383d8481a67ea54c39bd420021367e0ae8d688b9ddb4e7fd53813392ca19f4c1861927f6155b3799db27c31ee09076dc9907e7a11d2ab9cd827437b4f87d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
460B

MD5
4a1367646c9eb08710073f79f971d3ff

SHA1
8c75f145a08b3de966264267baee513b0dd5d47d

SHA256
c772676cfbab5ed3f4d1fcb27be664ca309979e90baf6eda8573e1dcc56199ca

SHA512
4db9614988f33ab3b41c427c1491c637d25da764d6f1fd5a1dc579547d31d944fe7ee7131f097d4db296fdcb84703db3f37872a1b47a1d760288989474350206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6d14de1076ce452a936c7ff81afbd3c1

SHA1
19c5568a49a9b45950e125ec70116de609e62458

SHA256
ec986084420ee71474de299eb255f857d6c2742e4a78622e994f87a6a4cf8647

SHA512
e6adbe197fed25b6d21bf8b01bd3e0405f95808d7ad1950afc1a9a20ea2a3d4cae331beac4aab8d95816560f475a76e5b44296049108ee5e676c8d4337c53a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
890B

MD5
22eee479e7a3609a13c32fa1798fd49e

SHA1
e17595c53136d51cbab684a687cb041d87ebe544

SHA256
41a514cfe9742f9a628cf8c1c6af6bac988117fe1f898e83cc24112fb358deda

SHA512
296949d8cc31d81a160b9639c1e4c2055fed56f0ca5877c40b063d628b45f99803b4d00f2224e9e2c952f8d2391bdfcf6dc0c8c8f89e5deaa9c482560c3e5e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2de2b2562ccd5c60f7fee9277ecd4fed

SHA1
2621bdede1245f49cf7ebbdd42b7acedd4723fea

SHA256
d815cc4e72cee7b8984932a1bc59e10cff0b2c1753f581dcbb2a763c0637384b

SHA512
5877dd4ee477eb6dae257bccc041d2970f009fe415a8e7b3f93d884e84802d06d29169773319efbb0bbf07f5af6ee4f994440992b5ebf1f9a2a4b3cee25915a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
381533497dbb1f9942348756a80f5876

SHA1
efdf03fb02619f334f7e68d5fa5b21a6da34fa20

SHA256
5ec56b48c71f8ff924a34a25e2927596b16dd1dd9dad3285a37ad05d21ab1215

SHA512
97b4ac14c108a48b469e21c9a2377d3a835c21f57c6b2b199ce06abd30384db0dba0152c6ef6c10bd646ab76105b1c9d4459945d7ace2e5a3e9486a407f65bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9078b918bf2c74b6c79052f8b38b1225

SHA1
fec30d27d7a63097beae898628e839309669b6bb

SHA256
9ba5e9a9487696d048adb693b856e576a19cd8376e3969833025afc65e31778f

SHA512
3cc0bf3a4d21d1687870c2b55175382911b7c2a64d97e70b7f6d469f7fdadf0f53a16d8416607865f0bb7e8ff3442d98a842fff48be09339b7691bb3c33a42c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e11e181d5a1b1ef559e807b7831a64ad

SHA1
b6edc0f4ca7a0165218a181c4472250b5a0b1a98

SHA256
fec56b5f9667e9d3598bbb1acb81d214b9594e2507a03d750f39dc1484badf86

SHA512
bedd438b5edec069506e47d56f165c28cd9bdaed6488a5f5f1540f959378b6e8faefa211f59c3bb63acc9036342d4ac06751f82870eb70cd60658be8dc68b0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c406d21bf5c9b0ff88058dbcae8f67a5

SHA1
e9027bc664971ca1846ca8f089e1e86c21fabf7a

SHA256
5142556162c3598f1d65b312c50eda47336c90c7efb1c1eded239819c6a47d3c

SHA512
1e3e2eb107c07a1909f8e0e991224d996ce77622fa095a1db7759ea2053919cce8bf347f288ebffad280c3b84ec951c6382e3a71789c6f187cf22bb94896f890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b8ce98644799cff443390e83c36e474

SHA1
954c15e6020ea63d8b3c31dc1661234a1c03b551

SHA256
7ecd4c50e20ad95f4c0b683f70fcbc903f82593d52f9c38734c4f5f74ee59143

SHA512
d60cba6f4e0c0b19c7d1f9a673c2e32cb514753c92abd6b6c87370a5df522e1629f12318d6172f52077e48267bb1f2d406007e8ac8f9954956a297d35131022c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb0c899dfce3e87da9addaed2676af98

SHA1
60a642bfe2b4537ebf99e9fef0565adad7afd15d

SHA256
8c31f144532d5696f891f070ef234916eadeec336a00f52f21cf04b73e2f6b27

SHA512
cf5eb2e2db1c15c9d1bcbf50612f902ce77c28976907d5ffe2e8ab9d06853927efe84e81a16c779f228b109f107165e60de14a6f6a42c6bca6aecc0aca490573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d51d212dd80da3d28225d43ab04ee99

SHA1
6c6215434c14415f0e19f1c734b9ef0762519f5c

SHA256
773354956bf0eeac950e766350bd4be2144a87a175e1d394be8e13dbb7ef11ee

SHA512
c1466e8523374559871b591a0ea8cff864e4a4c040d356f34f3c13baa2e1aa51ab39eb7152f9283887873ed7a6ad5a2200c481970c6b23390778216671471122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad23ffacd6579b258bfa4cb47ac25fae

SHA1
7233c862da6c04de5cbee5bd5530885398bced01

SHA256
4608587baeb2424028cddec391ff47a390190fbb64ba420bfd8db8e5140c48ce

SHA512
4c5f933e6f7c2db94cfef422fd27d8ff68fbc01097544429bb9e72f8a9b023357847c86e03eeda1e413ce259e8b08a9acd7719b9333f9c64554f7bd2f597c8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf48a9f2cdd238bd64a4d16335a99df9

SHA1
6017edc9a9a113440777215f1a02957a77d7ce94

SHA256
c1cc1302d2026f50f766f6fedc20c5596ec45a7a4ed95aa8fab09022c548687e

SHA512
8ff519f02b48017a6c78bfcdad54c432a6907c9ff65d2b8fdc9aea933030540114b9f8129f7fa0b5dc94150b07fe1c91ccd487a33c44fe97f7729676d19d8160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1858663b3a560f4e9fa8eccc9797c145

SHA1
4e06dc9c22c5c8ca499dac01848f41a287e244eb

SHA256
9d1b244d1a1f2bd5403962abe8649c16a1ff3dbbc29f873abdc3a0bf9fde1504

SHA512
bd7791e6e921ea96927793b32c54d83550bfb955e0ea8d245b487dc07308bca63ab37761725f48d02e83ea1cae40e93d9c7c072a3b19c64531bd04670953a997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad3730e0125e2428ed1d91587423a614

SHA1
b5bd0869efef465f77f753a448de90818a3ea4e3

SHA256
9780120988f2ac4ebe95b871b8a893d540481b18b5e571c8bfa38d2c83106007

SHA512
250aaf7d84489062f18d28bf138380889874d24cb9ac00d3c55266411a83eb9eda9b3c76de7badbf9763938ffa34c6810b3488213c837b8c3f006c039988704e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f51d7db7c5a1baae72a01176b6e0ff04

SHA1
86abf40ac9690b8922f528e7120e29cd687cf629

SHA256
a06917967cb905b16b44e69297f64a6faae5456acb6e20acc2ea3a6d807e4486

SHA512
105fb562e5059dc6e2da2de6f744bc117dca739e227076e49a1bda74ebf4f777168f33e9d11495920815dd67006da208b41b0c12fbc79a09cefcfd40008d5df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce05a104441bea56db822c356d5d5948

SHA1
d421335ecf1d707fd12b00da806fa7deb00d51dc

SHA256
3a42d990b9c5eda19628d859008a5368696998a0fd329f55f8d14378e8febd6a

SHA512
018eb2913374a70374e91f821932ee26ed551c9343141999daadd81a91813289ee69a4a8f948fd3225a52327abb42013e8f18260d47c448d5e51ab3c340edcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5fb30319bbf9f9f7f4b5cc5f19d6674

SHA1
7c04159863df2a007a12cae9e145c9100c8112cc

SHA256
340599d5c57eff706da1adb630b330e1645db8ad32a3503c8dcf59527316bea0

SHA512
5fcbed0f15e7a77e8f15c163e5389c18321497651055458d88c4f9587ff14416b8d0867ce9b2d8437d5348dcefc9a02f7eaaaa3146f91e19098c31cca571af3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cabff653864fd9de00ac233e9cbf24dd

SHA1
680b38314f2383bfe3472b55fa2b6d3adfe9798c

SHA256
37e369656e0d211d4886e47bfb9dd24e000af791bd88cc88ceff3e4bc675e1dc

SHA512
c7af719761f48f29ca9250f701e7618cf657737cb07b7e2c48fcf76adf25812ed29b53e32257f73c035a9ac0f2acc5cdcf81b07ed5640733aac3d80dc6646861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d085e64aa2ad6f22da33d4c09afabfb8

SHA1
f6e204dab7c630cdbabafb9c99b8010bda1e978e

SHA256
f6f245a774deb248e2d63f111f5b660cfbd82f5e0244e3fabaa5c630b8db61ee

SHA512
443fd610e61ce86e4f6e7e7594fcdbea7367c3a1f172cc8d4a52204691e51f10073b2b098efc15ade6d9960a89079c8cfa62a3e00c0325704b7d3d50fca5c72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d08ac244feca32d4891e43fd13b0ad9

SHA1
66f8a5e8a7b3ce503a780a9b66199e43664d8e10

SHA256
fef2b583832b8c5e375a006a02a9688374f1fa89ef3bbc18e0e5bd717e6af09b

SHA512
27abdd7cba21a4b3a67cedf9455f4fe309d05d3a10c309bb872d8cd8393f8c4ecf735d476dee58da4e1b5ad654b2017bc63c8760635febe3e3353f6150b589ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dde79ed073064d662f7de3ce437577bb

SHA1
d4b29197aa3d80af3966f5b040e6438fb184992a

SHA256
8d4c75eb0b0eb1a032129460aec8730a393965f04665500a80e1742867a87070

SHA512
638a5f5bc9fc133cc8ccb2783bb61049f9f0ac0d7d9a817e710e303831ab95787ab8072fbf0e519ff810ba1a4808312d4d05a1a32b2d3d10e2c788cc192a2cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0577a73204510cb716a9a5be8cade397

SHA1
907b69478579a48ed271325a434c2756cb066eb6

SHA256
c842ac8e2c95fb5543d6164019f801ec87399c5a0c133161f12d930f4f8ae92f

SHA512
7cd5ec79786465f6d9094cdbbcc9c874e2dc3e75ef00bdc9c08cdb02971980ff96c6ef1bcdef9871fe6daeca0b2e0020cd8ad50ea90db56ad43a6c2db7de47a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
627af94e83fad2c539cca178e7d26bc2

SHA1
39577cc9496f6fd0ec13c4e9f5c3fbe75da57ef4

SHA256
815542cb6f493d6309130ff96c88617e0ea2a227e8e8b3cd18d8f0b61467da17

SHA512
06b4ea1c1d264707b2a4dec39a8a41fe7be95c057ad8ba51f534bcc987c799aee0de1a562d5026901b8b1be6a39d8cd9820c04ebd7f3486e8b5fcb254a08b690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
06a1871474cca0a07914d3250ba93101

SHA1
fed76cf4b14418abaadd11c4e2a196845e7ab52d

SHA256
21aca004bcb0a9e4058ddd9048f302582640bd8dd78f318edc88aed7fd29a792

SHA512
8b5f1e792d108a10869c81ccffaba59c178c4a750772ff00ed941f61424544c027ade90217e6a55d62ee5d2b1beceffd4399106560041da4440369f798bffb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fbb4c4d8587173fd4b72f1a3073b9f0

SHA1
1d123a62ca4f3b0ab8b38684a970d6409cacbeae

SHA256
74e55f6a6e08b08323276d1aa7958292f1e1f374bbbcc1e0a70a2729f749531c

SHA512
fe997e707bac0e28b5688923b9683cfcc4170e780f09d130f53781d9270a87bb5d29c70edf96f2bed4b8f6d3c7d657f82ea2b5dba2147ddc2a11f071efbb6ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6a53a0357417581a210ea0dd9e3a5458

SHA1
ff1b29d57d98d4d76079583c4deba49410688440

SHA256
2f54848558ad487e12382c4bb31bbb8cf5ef599521a514ebec8e2c97f6a091c1

SHA512
4027b2b6a41faa5fb597429e6ce63ecbecefc8ca51602c02bd56afc2ff537fed3d1f44c13f6a786f36c8a3f8abdd266332041376f9c9fedcebf6b6c06b46766d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
893285b65cf0d1b45a04e6e0cc3790a9

SHA1
a92756ff2d62000c7a3776db51c3a699d14dd06d

SHA256
fe31407df0f84032a1a2f9af9236d61d1c6b6636cbf1b493a1a918d4ecb27a87

SHA512
0e2c44b5db1942019e6794e10c819a63d7e343de2fbedeb521bc150b34df28292cacd4cbcd33cc95d6ec430b1451a42694b7dc6b3d1e6d00d73e7394548910f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29b4680c62fa2d4b22443a2986174da1

SHA1
988db00f1b2710f18fb253b544e326501c965d7a

SHA256
d96f51625134210409a563b2f42a8593d5530f458bdf77b06bd5039292f36060

SHA512
e64dc160b6fa3d296543c3f4dad9a6d32898bfd65ac7da9f4ce5024fdeec3a7aaf4404cccc2d1434fc2eca7f5771381b43bbed2f44dc75be68fc9aa2164f8922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f632d2e9c9f552c7edd60f779a7274c

SHA1
9fa9ed5d74be4f008743b975f53b2f1388bd107c

SHA256
b489d1fd9b7b7c78d1e700592e09a8dfdafde704b7374bc63e93cdb4d67be4ef

SHA512
5f9cc1347d9d819d1bf05b61a2639da24fe758b8305fbe50d9460cc2a6e582f8256c528fddb98acd25f67a1386471523e343785fe8d484fbfa6646edaff7ca54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5847f1.TMP

Filesize
706B

MD5
3bb91244da9e01eed6910031c7f4fb37

SHA1
da0190fcb5b2a7a526cedc3c4552f2bd2969d672

SHA256
5af8a40efed3982d85a312bcb579062c1f1f8e0aa598b22fd06b9f9259bbac92

SHA512
9648105cc69a2069aa4dde94151c94092216f74e791cb2e05271e2c8e91f0a5d3b257b16835fd75b569ab455bab8f158abf8b89d3b8679191d7c29a73fbfc4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b2a655d92033cdaf305ab152f086823

SHA1
52fd32b557d2b913fb3048f428a9a1887652ea73

SHA256
d0e2aece31c84a8b5d51571afc787c3c5ad1516b5e7d302f640fbbd9d4f07fd2

SHA512
b9aa34d736dd4a512f454e0ec0c7f0457d9fadb39bab2848fcbbe18223598b2765a86b1754dac88d41edac4c1020fdd0ca65cb7c26a0961528572dcad8bbc385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7710b7bec3ea0debf01f437dcb772637

SHA1
749e2e344f566196076bb26ad2543ad5c6e54f5f

SHA256
002dc933a329d9735802b1b61540a3a263d08a72b2fcda00869141784bdc5d37

SHA512
3e48513ed9e5c9a66baf26a39bba75838c085ec3ecb42e9ffd8cd373b98cdad0960f087c3278ad7a051c2b469b977fbed5b6bd4fafcfc01b99350ea802d20957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc27a96b60df52e0b6ee371d7d9c5036

SHA1
d0f756d1ed37b5ab6553deb9571f33dd9e3c3488

SHA256
02981d2c50e9fcf77eab470d065ed0092a7d32ac05c07db39a2664df8a05d213

SHA512
0ff65df838b7c4f6bf35726a2031208e7b3d09975102924ee7b22f33fbbea7dfcc3fe1cf617ea9b89cfdc741a89b7a1aeb8315b9c9c038f7990a530f8fa6dab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01896532fe4a52e2f8c06974fa4f5e21

SHA1
f829702cba3b3b125aae30ec2ab339a12fd95aff

SHA256
c71300b53f2226aaa42a3928949f399a2b6bf8924ee3d4720aa905798c081e27

SHA512
c7026aa2292a94f6100bc63d28e3e2c5706b4bf682be9e38ea611c01452a9613b9d94e2c6fc5efed5fdfc0ccd4d54cdf9ed72e260478082ceaf51c76675d186b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b255dd4bd807bde0bd8d4fa00035c62d

SHA1
d640d374b9998aae549e9278c269b8f7cee6fa04

SHA256
8c305333efe4aec6d80dbdbd59f9c4d5bd8f0c74dc87abd559488a08a724a9a4

SHA512
5bbcae4b0177f72f39a8392b520a9f7a60b676955cf909a02d1ee26eb01433f83427ea3defecc7c3cebb48ac6d1c02f6a706cd4509f50ac16a2d44bcfd83b0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa812865eb122eb989da8ac87d5b9f4a

SHA1
8943f417d0aaa07bd4ab0e1555ee2ac9ae4c351d

SHA256
6fb56f4806b6254c41b35c12853b7a96d76ece70e16c2a4e13fca8bfa79c3d7c

SHA512
f81bbe329c08d1ab9fe1d15469449ca1274b9eb75fa209a61d8cfb0ede45fa5820aa92ca7a9e11925340457e9d77a27ebee1b5e34775cc662a6c029c001f154b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFBE9F.tmp

Filesize
3KB

MD5
8acd8c9a3652193866455cc75ba54c19

SHA1
503a20acf4a2e3c8775feacbcbdbc8bb5edbd2d7

SHA256
c6b3a79d42e9571500823fd52c09ae4b7cc08f720db49e83e08796df2f396d19

SHA512
1335a63cc8cf2ab6909c6eaa7c3e5010564f2e0219b6b9baf1ca3216f66590d67779bd3335e3b6ea437b501b1e29e016375fef88154acd3a249ee46a4ba677ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mmldw13x.tij.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
3f355452a44c4c463914b1b9a57f4fbd

SHA1
4091f21dfdc54acf39d0a8287c1c1ab0ace9ac0a

SHA256
c7ca6d6e4b583f9c622f7421634e245ffe5c49b67bd47c98483681c09fde1116

SHA512
75411eb852f0637bb5c54333ebf6484d3aca75a0236412d1f04832ad430f1145f69dc3010704c85e50943cbfc233a223e9bb0496e757d7780c3d503df745c0c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\ipconfig.all.txt

Filesize
1KB

MD5
74d3ff0098b78cf25f98db54060dc3dc

SHA1
5444d9ec158071f9d0009cbf875dee55efe3c491

SHA256
c325d1494b10bff9e1b3b9af99dd762c4187d40a9e85df67981546751dfa3ba1

SHA512
41776a2965d21b7a6c0cc38909d1d4c441fa81332861ea5088be7dc0375a7611f0e99b3ce0524cd9134bc710ddafd1ae746fd549403afdf286e8fcc2ef5cf27e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\route.print.txt

Filesize
4KB

MD5
0fe3a24c811fa865543b43598ec74fd2

SHA1
53c84400d3795e05cbff94afc1d89f6674d3f7b7

SHA256
49ba65980693809660be2bc03eb3cb5d4a0723ad7398a45f283dc7ddfa53f236

SHA512
b5f4ee5bacb05f15d3efceafd4c6d0e93d4582f6a6595050e7cbb8015b5bf5aa14a4ac5e4775ec92f8b66d977d2f22a32584bac826ad2d1288c49fb2ca96f14d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\setup.inf

Filesize
978B

MD5
cecdd609b099b95a906523d4ec4eea9c

SHA1
384df1114973f1bce1d730a6bc40036d4cfb81ee

SHA256
86e7fb3e64b9a886161799f6ed8754d076b76a42db5e3b05bbaf0e2c89a6b073

SHA512
a1e1fa33051f94b53827a3f13f0e6a7c0d4ec358ccd228ad40a0a31ea7ed51125040247141e5a08e517216cbfbabbfa91902ec2d0cec19a0edd13d0eefc4d64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEB3D.tmp\setup.rpt

Filesize
283B

MD5
6fb19154f3a4789c44811586acb725ba

SHA1
a02cace8620c6c561d8c9662bfce5114585e5443

SHA256
94693df7f088453d540d9c5481348bac934d4ce9ed25efebceaa8fa08d5a5629

SHA512
d6056878c3f3d598e59cca16006d55879967a6a22f1aa688775ad2328edf3848a0eca7b264b0918867c5146ab5adb15a2f9c9a9898ea733661235f4c8c363e84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\bcf23d77-020c-4bff-9db3-b3202f0debf4.tmp

Filesize
507KB

MD5
74cb113c031f036fad8841bf1cc7579f

SHA1
71ae04726c0260333e92f1d2e4d004576d91f3fb

SHA256
a9387153073fb3a9f1fd3858bc5e3a87088821b2a1ca1b705d39521319f81673

SHA512
144593d8f93394df872f405e4a28401778eefbc5b5f21adf121387892cf3360b5d874f3b6345af563542f63490a51532620d11c34b0a709ca14171d60881767e

Download Submit
C:\Windows\TEMP\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\en-US\LocalizationData.psd1

Filesize
5KB

MD5
91f545459be2ff513b8d98c7831b8e54

SHA1
499e4aa76fc21540796c75ba5a6a47980ff1bc21

SHA256
1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

SHA512
469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

Download Submit
C:\Windows\Temp\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\DiagPackage.dll

Filesize
488KB

MD5
ec287e627bf07521b8b443e5d7836c92

SHA1
02595dde2bd98326d8608ee3ddabc481ddc39c3d

SHA256
35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

SHA512
8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

Download Submit
C:\Windows\Temp\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44b3399345bc836153df1024fa0a81e1

SHA1
ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

SHA256
502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

SHA512
a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

Download Submit
C:\Windows\Temp\SDIAG_96a70bba-3235-4a83-a4e3-9e3df0b9727e\result\207598BA-1093-4446-8469-0F3BEDA78753.Diagnose.Admin.0.etl

Filesize
192KB

MD5
f1cff920a6296a35aeb434438ac2469b

SHA1
459594de96a83db70b8b8e4fbb5a7e2b25dc6b4e

SHA256
41d5d16f79ba24bd2bbafac27cfe3c733f4255c55136f6fdc3c9cf0eb1612d68

SHA512
e88206c42f4b5056d500f0a76831d88793006b7f86767a80a7e04e26699b02d29843bae96293561927f852161d705dca8f38c4199c4a8c33e0b77913dbc4d071

Download Submit
memory/5596-1439-0x00000156223E0000-0x0000015622402000-memory.dmp

Filesize
136KB

Download
memory/6132-1464-0x000001FF2B730000-0x000001FF2B731000-memory.dmp

Filesize
4KB

Download
memory/6132-1460-0x000001FF25B70000-0x000001FF25B80000-memory.dmp

Filesize
64KB

Download
memory/6132-1456-0x000001FF25B30000-0x000001FF25B40000-memory.dmp

Filesize
64KB

Download