hxxps://ytmp4[.]is

Resubmissions

09/10/2024, 14:04

241009-rdbqys1ane 3

09/10/2024, 14:01

241009-rbnmqs1akc 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ytmp4.is

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
2296	msedge.exe
2296	msedge.exe
544	identity_helper.exe
544	identity_helper.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
5364	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3228	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1648	2296	msedge.exe	83
PID 2296 wrote to memory of 1648	2296	msedge.exe	83
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 1444	2296	msedge.exe	84
PID 2296 wrote to memory of 3532	2296	msedge.exe	85
PID 2296 wrote to memory of 3532	2296	msedge.exe	85
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86
PID 2296 wrote to memory of 1048	2296	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ytmp4.is
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2076 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,11158877610089212418,13923681998540626779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
232KB

MD5
517ce706c238b0fad9c481310538edbd

SHA1
03a181e1841701f8f99b245e90440da16bb31898

SHA256
04f00bd730efafc7f97b74d5c12029329ef248ae5c505d6bd4b52107b5c92b01

SHA512
b7876859287b27aab6729ad1045eb5144e54f4c4e25459400dced675b459c92230ecf9a22240dca9513d658d74c7c3de67d7d928c09f4ab19d922cb3f0d36cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
47KB

MD5
56a44607861eed852e6334bab70443c3

SHA1
1fae354a2e2bfb95bb5f8b71901ed3bd5ebc7339

SHA256
4c28f57be6ecf8568c9d2c1509ecc2cc194a2961e2d2638a70842f0315e5a0fb

SHA512
b190d47b8cfd9c482f445afaa9e9e2e112a3ba83110a897da024de476ebf41e14801d29daaceed26f1be12a398d50f7ee9ef558f0f2e706daf894cf93a9c0f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
32KB

MD5
89cbcf66426a7fbbd1b609e78e2c5692

SHA1
0c1b87c3d8a68c3fdc3b0bd48b2fa9ae050647e7

SHA256
fa123a2e53b815ee85e5d5300f8d03224aa6df98ae17f6a3e9495e9b0c276301

SHA512
fbbee97c1c18cb62f41dc999cd6140e4d8b2e6018075668b9f4d25ad95c331ea212aac4abc2ee66d03989b55b2b0b6ec864ff606b8b046ae63c3a3057a6b1973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
32KB

MD5
72f7172a1a7ae03b9c68c41f73866eab

SHA1
741b72ab79366b250512ec7b0959ccc12dbf0d49

SHA256
a141870d293d4e47043e6cc748897915f3cd42a6edf0ddc2ff9275756b145e90

SHA512
5b1e8d27b5c310adc2bdb658a9391d6aa1286774fad1f09bf2c42e8be071727198c23c16a417369222275aa89cb38af34b8c7bafc19ba52ef46473b73018dd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ab3d17d0b40f9e1991e40d3f7f1fc0db

SHA1
7b8883a4a0903463c959985108d56dbe36f4e0d7

SHA256
46774f6f52228474e17de00b29263f691470ab51b6937c30af30220e6e5182bb

SHA512
53bf054cc2e5a4599d13cb93b1fbc4542ecba481b9a7a8a084d4c43371814aced57f21236502d9a6df1ed32aa91176094db130b339d1c16d982d35f59d817de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a271e766c7781d72e4fc59760fd2a08b

SHA1
acbbddd52bc4f1d97ad5e91244c76aa0445c1ec3

SHA256
c605d79f02e8d493d7de19636beddf43e241919265267771398bcdec01380442

SHA512
62acef165a0d5881e85d11e83d0f287ef10d26f20488a9288f8e6d53a0928850ee5a6db4a3f82ed32bb5657d6dcacd09f5fb09499410e45f8975647980a70da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3e9e5cd696ff4bdc325ef76a56e96f75

SHA1
cbc20421e562a50ecb99ffdc8ccf7cb442f9f9c3

SHA256
b72fb29afccca337e52f2c1d0e83f3163029c3a5926a690078afb66c5bd98807

SHA512
101230b371a3cfb1fe8b3962c605e69864e1ff26c5962a9e5af5d363c51e5eca6bf31899a039571d8c9596cd6d155ef111099fed5025c621694aad6f3e0dcc07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
d70828c0d198c20b7f415ef0c9cac5c8

SHA1
ef2119d48514ef70dbd0b56b3b61273a5c5e6e98

SHA256
27761ac1c99a43edf77100a99f0cc7a1a11f882f31d596cf5349d27727ed8dea

SHA512
b3bbd358598d9e5aadda7bc49bff2e8720ba2f6634321df28ea1a63a505f15c1be506b172067304792e31d4566c597d7f94ae4f240a83110f7d0dd4d6e0e48f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37a86f3e1d3780a9069d7a0ddadd98f8

SHA1
075a8ea58130dd17fc7591660ea9d20045f3da75

SHA256
8b8bd49c89a224f202eb5314757df0fff4df48f05f0493875193f6f522b93ed9

SHA512
6cad17cdfd2e56628d9e046474bae110e53be3c0d979184b43213471cf7da6fd50d7363ff43eb79c9a097f8d25ad13b492fe16e238722d11c9912ecd0b33af16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84305129c8bc33ce0d83851c61aa545a

SHA1
b4f02645745ff456915c016d7260e5dee47540c8

SHA256
24490144986ee0221fd2a9c1f97764177ed073abe499d3deacf9999006a040f0

SHA512
574fabcfa0d1dec3c07732623a59211c81a196b710e669477f77962053c3e592df1a8ce37b65a9408af6462208085b2d5a1a2de7049e1d7a24a2df285e9f75f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9b2cc2bc83a406e4dbab4ea5081d133c

SHA1
c29cd8b0f6dab3aee7cf27c1e774d89395c8089e

SHA256
1184b5274e2a45206febea21e840c218aefe91aeb28e5ffad89fa3342823ff9d

SHA512
44aad71a633d872b3a4739a0c3bcf1cee46fc20dd904a395ba5e1770e34f32bca36d6f4637cdaea282d2d09daa0f62dc0bac481b537771638e25cc7f345b7fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7370c64ce95e673c748a8f40dd7ecba1

SHA1
50dff0eca7e3fac3922a3394d1312a700a943ca9

SHA256
98e2f6fb68a2610d69415e5399b64fff9bbf44e826e2979d5f6cc5aa0236250b

SHA512
d824c6cb51c24f80ac8636a0ff6d9bbf9a815c8ddb26ccd0173303b3b5aa3a446a6f56c4b922770b788ef774a390a40d408ee423fe23d0f6c2478cb1b20f31bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ec5c572837df16adc43421102f65aaa0

SHA1
1ead79e8c1f9313d325b2d243627f5e13a427a09

SHA256
c14db5558d08e9cbae0cf4090e963b645053203256595276e79be9ba27fa311f

SHA512
f37fd79cdb77492dbf81f3dd07eed1a0149ddd648384d9def7adcca65104679b3c7084fd37d7bb61d3cebaa2559ee568a58b940810018349ed112b03e3d3c416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c355d62f8008d2945aae8afc6e633648

SHA1
cfc57dde51e77b3d23a01daffb256e780c9ba3dd

SHA256
e27ba08ba01b5771bc75fed42495d4fe29707e26eabffa6700c2b3924bf9069e

SHA512
b2173822af55d3cf3b1e4a45ee915dd1d9518b9a060ffa700bfec6b7a96fc4723bfe3dfc45c478d626c6139cbb4ea81c4f265132cbc31cd4141914852143ba65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0d7c974fc80ab80307370a1a6282b116

SHA1
57eeb52c3324e008d11135f95fcbee646ba3bdb2

SHA256
eabd9006ad08749a0da43493c56668576dd51936a8c6feceafe1033c5ba90c99

SHA512
80c39ac4ec8824f3307944c44610ec4282d0750fb93f013d582871923c51747dcf21ea4ec3797817d2d5dcc6224214c6ac40c7ee803a268a5f828609a18645cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5ab20da0286bed6010224c887dd842f

SHA1
5331b06a0c8d2ab9b9050e0f32277bef826a55aa

SHA256
4edca1ba585fa24c4e46cf04693d7870cb4411b5ec407b2c8edf9f601cb5ee85

SHA512
1cb61fbcded7ef4b47b940e227d05e0af12dd5444249b177f20cbf268dc8a15bece537d3f47f52f1eef8ccaba04567dda177fb553b92338db43e64d422a940bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e2dde49b-a994-4f32-8bd5-115bb058bc2a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8c9315e-a75b-4b2b-86cf-06f758c77f36\index-dir\the-real-index

Filesize
624B

MD5
94bbd19be122ad819145b02a1251902c

SHA1
6d4149afd524a17cf7cfadb7e9fccf4e405e46a9

SHA256
5ba26661a70c502b6216d96a07a7630748c67dbcce854884e85bb3b4fb5e3321

SHA512
8effbbbf5734a4bdfb35be15942a4ac63db0122e85acd115c73bc8c87990f11b953100dec745522dc41ed9cdedb6a33851e82b400ceb84eb8af1b5217d9303b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8c9315e-a75b-4b2b-86cf-06f758c77f36\index-dir\the-real-index~RFe584409.TMP

Filesize
48B

MD5
72961ebb3d924b873814dbfde3416b13

SHA1
57bc4dc08deceda3a9dcb99fd78b9ba3a2085644

SHA256
8eb60394f9f455e4dd5b0488fb89f84ed63a6c849370cfb08a379312ee8be8ed

SHA512
200854f7c0b0353bbc79b6419c125edb2cd562cefe6b44b3b2ef4445f1d74eb6e683f5f4c0a735eeb79bc0fe7b5f8c6b286c19c1b4488072f8ce29f24d8e9675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea296f6e-2331-40c2-bc46-fa1b969ad3ce\index-dir\the-real-index

Filesize
2KB

MD5
6909faabdd64d80ffe21d675142cadfd

SHA1
8ba2ca325c75fdadb48ecea86675b3e29abe69e1

SHA256
751ff5e954dfe9ae5e2b0e6cbaac14eb830cacb4042079e7a4072faf1f1ff35b

SHA512
fcfff2800aa80e78a275aae50c6f57fb6207285f412fcef47fe7986d830ed7c67f7375ffa2131f4e1d8a32203dddd5a7c0166d7fe96c3077d465e71cd4d60652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea296f6e-2331-40c2-bc46-fa1b969ad3ce\index-dir\the-real-index

Filesize
2KB

MD5
00ff90866960c95139e75e0b46a3bb48

SHA1
7c7cdbed9c4bdda9ced254a3a1b3e1a7ec25bc7c

SHA256
c3592cbd3d6159f6d95e776292e5ea43a0bbf670e09e3e27f85853fc1b126870

SHA512
522f3992fdbe804d208bd1f47c7e274ee65a63390aeb35ed33fbc0b22b20b46e560b8a74dbd95b6433a8cb74a9a2136a1c312eb3b8659a5e476e56106bafd851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea296f6e-2331-40c2-bc46-fa1b969ad3ce\index-dir\the-real-index~RFe57e9b4.TMP

Filesize
48B

MD5
af5f76ad89b906720d9ca0dff67d23fd

SHA1
09f87960598fa64302254087685c9069e931ac92

SHA256
cbea8e746ff86575364ec1c25861fcab4e17c3d08b960772bc5a64280257f753

SHA512
e56a87139117ba031b435d0471fc24fad46e9e21bcb4cbab9471d51fc20013513bac3e07633b439a83a0c08a9649d138608499c07dd2542fd8f443c646fc7f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
65f3a4eb3d40db48241017fb8681be33

SHA1
cc0b01cb7c7ba46701c5298ce19be11c9a49707c

SHA256
1e16c59fd22bc926ff036c19671496f647470a1af841b21c6178592a921fc712

SHA512
7be71f1553c181954f1266f771eaf7f1fc5d2c64145ca1d4b986c334b2c671998a32b0a43dfe22122a250cba7325ad8a6e9df05833d6df71a080514d5870d9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
12f68febcb3be395c5f246701acd2767

SHA1
bf759065d4d7aa9f19b0f2d1adc730cad7d03402

SHA256
1d1d76929cc9446ce3306b65381dfbcf16761952e963275e0779c0f09b7b5753

SHA512
82ab97270a3a6a2446d4e1de02d353dbb96c9d2f01d1a9baf2583607198992b497b4b863d10e2d67f22fce8a60dbb199da32713fc47f07170ab8ec88542407b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
8ab36f35687eef3f8acc4e82c92a58ca

SHA1
507bd25d155c027d2a846377acccb8c57c318d2d

SHA256
2aa279beb4f6e062718605a29172828cdc4f046c67e32a2d31af9fd057341fa8

SHA512
258b225b37c9ed1eaff3ef1d9cc863d667a8112ad626fc5cfc854a2cfa2207b7e63e22a78a919f2503f81569fced1707782e96f2edb646729c47bdc8b00a2f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
9b35c8313493c26662774ab005b15a49

SHA1
fde546a0f7c4ce26bfedcbb9b5fca80785ec3577

SHA256
4c77c2146948b4c68d7b113657ca42b6dc7785d5009db21acbc334932227255e

SHA512
8713dceb343d0c5c826be606ea76bc97286e5a8989662c021581abfb04ae0eae8f4681b904310930f50843b6676ae0d182bf0b36d23d5eb192809cb416250c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
25c53c09057ade9b82c3ad1de912fca6

SHA1
c1354f6e4fe790c4743fd1150ca75d5861ee8e09

SHA256
4faa2bbaa62e75811a7b914fce9e6e0072b861fd9dbcb97f8bf36671bd91d2ec

SHA512
a018e01896c760d2e33d138194c21c41a7c7da69c010e5da5123b7fa87139c6c27b6799f502d223b1bcc4a88712433a6296e557cfaf408478466abc2ee891a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
850433fdb90d879810be4284b57d1b8b

SHA1
c7f13ee5b646545bcfda5783f58d957e2f549529

SHA256
83358b5b6bee44665c3d6986a639b02680de17e0a099c43ed3b9565b468ae6a0

SHA512
f43a4c96f51f63f46f405ecce13f62eb0ca8c8a8105afc292a37a0895fbf90748e739ff17d307c6c254f58fa500d41bc958db0ccefd6cdeebbca154eb6b7e70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
fd7fff715b15ecca1acf03ac0c0ca48d

SHA1
4c92c9910a9b1337b4a20487b79cf5d77a2d2f36

SHA256
25797c084cfb1e72c6892bc1310a93dbc5e403157cc466b25d99912c8cf24932

SHA512
b466e6670aa7e024cdb7d2a538c93f4d263f34422cf62af4f2a17f295795f13d8f31304a3bc6d66ecd6b8a0caad02183c79dd4bf24a203535e994f37e2564368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7cc12a3e4aae1163649d42c70613fb7d

SHA1
6e94ffa4b39fe47a8751179498cf826791d56b0b

SHA256
d4c79b657087a391414ff44eb218bb07987bd1f70ed312892a7cd330cb0bc35d

SHA512
55c0d1bd7f10ef10bd592bc5f62d6783b307736b3442a0dd371fe465169348ea3f0c7684594dc0910843da91fd1923d5c70a559f6b697e89001d93ade30aa31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583c77.TMP

Filesize
48B

MD5
70cb5b199db975e96da0504b14a5d43b

SHA1
4d17f6d08dffef74e7a4c59ef6182ff392006a53

SHA256
0c56983eb3f1567eb40f474a88bb20543cbeb98bf2145ad28cac1cdecb173736

SHA512
2f729d3f824f2175654ffe06ebd5f10df0c5d6f992fdeeba94779b2a64fcfef6a17f8f60db49d3f41cb3abefd09ac35de846bc17412a468b3461f383e06a3d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
94d4f2057e6b533832097408601eed0c

SHA1
b931cf8b9041e9dce5306db8995c038527c67629

SHA256
b25360b73561981e38fa8197a63987268893213f2d6966f8a786b530d68109c2

SHA512
a26c2bc63e8509158800e1a125508968b97e0a81d0e422a317bcda4ee42b91369458a5e860e26a69c3aee6a3d09594aa7b8435ad707b3f0a0f8c4a4a573f43a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9655e33709411e755f1dfaf555c3fab

SHA1
485eaee85c0f46b21a6bc6410d36949e3a4c3cdb

SHA256
538edfefef6ae48f68c772093d3c957b0149d37ee96585aa02501c67bc658162

SHA512
430083bbb9eacd1218ce8111fa5822c89d8ef0ed1406c818da4f3ad37c2fb9b7d8af205bce213acb8fdc630f5ed66b5822e5e11141c4850a70555a770ce8ec30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9c7d90878c695a8fda73ec470ab694a

SHA1
e697041399fc9ce28b6750867bed99094ee0e277

SHA256
572e53e120e03f06f73798ac4d36775ab068e52fcb8566938814fe145f761d3b

SHA512
e46cedbbe5f0a56283ee7b8c75e845aa0174f99603b0a5645d2cb07c89350a7fccbc2601656b280057cd52d0f1c9c6064bd4acc59f42c45057e337d5fd3c1281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bc71444d2d0ec30200015db2abb00d8

SHA1
d59493507dbb4cc47276b7adad2d48f51eda94fe

SHA256
ae48bad9cba19f53eff2145fd0f5fed0cfb17ea8425b8efa39c7568732268845

SHA512
8844962b2d99e4f95215157794312f44612178faf904c2be032ad805c3ea87f4d64be32161cd2bc355698abca9bc58cff9a3be16943f0371e58000c790d2399c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed7d.TMP

Filesize
203B

MD5
cde02a01b6dc9359700718e89ca1dca6

SHA1
55be41129c0da5e856178c8bb051fdf0b080fdd2

SHA256
c2c9887bf876e706e153432ffbd72f5a29c8187ef39740a04c3506daf1d8f456

SHA512
2db67463213cb71875c160135db1bf9d92cccf8a90fe0eec30fc6629a66aac64518238f06d720f98c187c3ffbab79fe27f7638f6ea5570ab0f1f589af438cf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbe080b6a5ce49b3be0cdfdc7f48f95a

SHA1
d631113656ed83ed8684be933f373db67e1c7fb7

SHA256
607f5a6116b2e358c41b1a04d8f1aa6e39a867d1e9cb43d5b8f3cb012a6abce8

SHA512
36c9b73f3c7142ab5c6572281330971d58c7e8e41b8d509e94147d654e07e8b33f2829d4c80b61ec04e9667d18a6b25084772bd3a53888ad62adfbec0d423054

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
c734c5398219ae0a73334a1c3f963f29

SHA1
985d83eff541c051f7d44d3446f1feaff6965df0

SHA256
7ef252d9f4018f20e6eeb02c4511c8d7e2b548a79ba29c73ab15ed90bf99f894

SHA512
3565322c550ef0524cb63f680d5ce5383ecd102e25975251cd8431f181ab7607b2867b861eb0f2bccbae5042c756ee1555d7974ef9ecb7b57473585699aca246

Download Submit