hxxps://www[.]kingexploits[.]com/post/fluxteam-exploit

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.kingexploits.com/post/fluxteam-exploit

Score

8^/10

discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: httpswww.youtube.com@MIRKOKINGsubconfirmation1cbrd1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 933704.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 268128.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 192898.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
4856	msedge.exe
4856	msedge.exe
1248	identity_helper.exe
1248	identity_helper.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5424	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5424	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 3452	4856	msedge.exe	83
PID 4856 wrote to memory of 3452	4856	msedge.exe	83
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2932	4856	msedge.exe	84
PID 4856 wrote to memory of 2272	4856	msedge.exe	85
PID 4856 wrote to memory of 2272	4856	msedge.exe	85
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86
PID 4856 wrote to memory of 2324	4856	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.kingexploits.com/post/fluxteam-exploit
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeca3f46f8,0x7ffeca3f4708,0x7ffeca3f4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7092613301420148275,14122591694379670481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51461c74-10c6-4b2c-b5cf-45d6df2f1c66.tmp

Filesize
10KB

MD5
8c05d093bb2b436451af728545731fc6

SHA1
b7bef4fa45aec92850c3bd0c145cad0459486991

SHA256
391c50562a6a87b9b0dc210aae40b4c3df4a7863e27da2a802e930395874ea8f

SHA512
b2ec4067187c406f5a34656e4b018fd8cacf51003383b5bfeb4d071591442e2d8f77836a57f878e7368394f71541a1a82d36ea58afc6edc0c248669f7f7b727d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
22KB

MD5
ff0fb97579e6b83a487312e7c78bfb5b

SHA1
ab13e1bebfccbb15569dbde6376c8cfabae8e10e

SHA256
4861df60dc04bdd2a57037161335fa08368d337334cedbd035f5f24214fe3c85

SHA512
e1b1fc008f333fb69303c5a501e2ce64d3ceac4088fb69ea8ec041d6357f5a9db2bf4f434becd1898b89453bcb94b4ad353fdc05ed0139d0cd12806d7e10c58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
48KB

MD5
baa9f9df378773cb28884dedeb3808f6

SHA1
9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

SHA256
515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

SHA512
62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
615KB

MD5
c6ad183e459d1992f98f27eabceb25f1

SHA1
e06cd832076a6bbe6e8c9b0d97b4e7a3b4fa68f2

SHA256
7c168a803c59dc8e3332b29e0298e0c02ee17fd0f9ad52c0285547fc013213f9

SHA512
7ac54853e1b8c5e6789c7e663a6939c5dabf2fc9491475d5e88bacb8397aa55bf716e29601f831a5c748a6e75825fb568d0855efe6eb520d7f4eaf9f38fcaf04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
20KB

MD5
4eaf92371bee3a85f9538e67c78745ca

SHA1
47e6228d145ee33855b238ab871de9577e5246bb

SHA256
932ce7a05c3420676af1ae5a1fb29946e22d20a43a2e2e904feddbf7d8b6de2a

SHA512
6a6f2e32a03e5bb4b27cc08783b451696f4471c7fa6ad5659ee52a8a3180210fc5810c58c12c2c1e00910bd69223ec83d3053108e973fbfda6029efeb6a22079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a693b120caad8335599955d422d8355

SHA1
d2f61b04aee992e0f8ff04718dbb405e0c923954

SHA256
e0480d2d69faa2be38f198db2c6a480cc5b3f65b49550ed475955f76f2d3733a

SHA512
3d9552ea57b4b29e74a3af949f77bcea6783c4f3d28a675f1a751dbaac2c952700e91d22f137d5f327bf863a4efa93cc89a31b2e4fba0215c88fcc39ce677079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9d8e7cc685ee7351ff29cb24b967aea1

SHA1
2c10f6bc3a19bc4d1acad5a3cf1a451d320aa24a

SHA256
1ddcc4e9ccb2735056ec611426c61e7e504dafcecb53437990214eb59fa6cafd

SHA512
5bbd9acfe7652eed3fb400055f3a15958a30dde6e9f59334850d40aa26f1f0b7a48c2401e080c60d512ba3ea35070c0eb68ca2c331b9e902d0641fbed7feff32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
492810654ee0a2cd3e384d269a1c0c37

SHA1
7f1c98ed2aed5a5a22aa23217e77e63bc4312121

SHA256
36828240848332a86ca365bbc0c1b10f9cf8d6ce368b0676903c6b58d2c42adc

SHA512
e65f08b6fc5c227ee7334462cb12d963ddcc05c490f14116e57b9f0ade4f05bf52d230fa0ef33a846a1e43057c5b6025b855d2b02a4f971fe750c0e9414e8283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
bd8ec3e09e52be520f0ac1e8cf0d8ddb

SHA1
9fe12e7588913a3c486b2cb362a7746c1dd97e47

SHA256
dd2092468b1165b81922d83d9c2c103c3c0a731c5f5c0ac89708c69c77c7bd91

SHA512
90752e2300ccf786e6088d6b27922376c659cb835302acffc2bf229a0e0f7f18806a36cd1adc27cd7dd4029ee7530bae51f40a2156ac13f4651c0fccb1943882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
c58532e7d0d83eac9d705cde0e879bbe

SHA1
d7c63d72fabb7ffca91de906a6242e5fbfb80c82

SHA256
a97a3a08ada312e127923fd36b8273489ca564742162a2a9cd7350975f930056

SHA512
9a26916178fa04e60d1d053d0c7a1a103df9ed119d03c19c46dbb800ab826412832d2f9b776c43280f91bd71eae3921fc0f7b43d97319ced0a9ab93912d7a3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1d666cb5b5bbba08f49d6abf920e20d

SHA1
d12bf0fcbbecdaf3ff5e00c57de163f93db88fbd

SHA256
6bac175f17a19372a7b374412d85f87c2bb9ff73f2f935cbb539c07bc51b379f

SHA512
9dd8b9ef52a532461ea90f11c04cee3a6f3b2f1a1ce21f7e25e3f7e7276ddaa675620dbe002bd9b167d150ca4b2171134f3a2a665874aa3a43c1f51f0e3cefdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cdc1e95127dfc30f7f9ec26ca500a599

SHA1
e74f90d37af421248a7dcbbe4edefc9213b89f3c

SHA256
b2edc9bbbf28b6233bb8aa99a04ded17657dca3a567984b69a5c69b7d15718e8

SHA512
316c7f3ece754eb935ff662d39606e5d355b3ea5a7f494b52418bb5255797141a24719b2ebf34abe836e1b8d155a1e209e7a2a4d210525cb9cb7de9e0e0c10dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0af435ffeb03922375af11f4c2b635f

SHA1
68b5f30c355ea80584a6f9db2b3c1a782a9c9708

SHA256
06b31bd73b3af95094b511949a7cf15808a89df86607e2a8ac614675bf844f79

SHA512
3eff9bd27e9bc00df90ab26fb2d59dfcf0787dd856cf82f91e4cd4ceba9c282d25ac47eed862721989a912452b8c22fe88d0b6dc5123a12706c233f7692dd54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d07bb09ef23ca81e3b2a9127ae1c4743

SHA1
b47f374e06a6098c166a60a1456503c989a7a4a1

SHA256
0b5cbcec0fca6b215414694148b461f24d93f9b5c6a3c20f3f81cda86539ad47

SHA512
1d0e0d6655b91362c2f5b433d2982e0dae9f68fe62adfaf4f1e5a6f791eb80fc904f02583dadad64bf641627efbf0b13bfcd0399e2541f2c6e7baf1e28e571ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1e23576434d95d6a504c32932db9b02

SHA1
5e69382df80a98cfbc1b66589e5d55dc6abfdefc

SHA256
bdcb201f0b8a632aa1bf7ef44bfeadd910bbf3cc1cccf705c584e46acb02a99d

SHA512
8fd3c992943d904cde407d40e63b082a11d6e7fd4923ccfedd1347f91ae3eb4b6093b7beda6c2101904c5699d11efa6e56df420b02fea759d5713898cc04123a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5243adbc31b3b9b52a08a88032894163

SHA1
11f662aa2194348cf3910a7404fcc38daf19897c

SHA256
e92c5e31763927412a07ae2c441607c76f614220e55d2da3505997d23a958d7f

SHA512
ae8d6503be5628a6a08dce11db8641700030ad07e768bb30bad6c1f555b19c1cf522093c6615c4329a9da14b26c688502cf0021154adde35715672996b026ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fdc6e77f-c0ff-4e25-8809-c4b75ab11de9\index-dir\the-real-index

Filesize
2KB

MD5
44e7db5e1a6267c32fff98a46a99d369

SHA1
8524c7083906f0272e3e101213c5ce6c6ae27227

SHA256
0ffa4dbfec6a13840c30ae33dfc474dda681284908323eb6e7ca1cb81963faec

SHA512
90bf9c6247aa446217952891423e21c596e20812ac556512a9a54a25ed560d3993d08b0240b38da9a1a81b38bbef131c54f62a4a823e0b5ac2d243fa7e8db80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fdc6e77f-c0ff-4e25-8809-c4b75ab11de9\index-dir\the-real-index~RFe58ab20.TMP

Filesize
48B

MD5
0fbd5ac218abe76007dc4bcc92673701

SHA1
2c4f44c7ee43ba5439cb346884b0fcbae2bb6c4a

SHA256
ada3bcc79a6acd45ab0511daef1b85a3d6642ecf6d8ed4ccc13173526ea2c3e6

SHA512
f6e3da42d064ab097dabe8a0538c6ca07bf34b20fecbcc1cd03cc139f8d7021aa38d308ab59e82ec343013f7088e0a9e9cf2096951a7460caa11781c03e158b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0e68819776a5742711c05f6ea593ad6b

SHA1
1b9e26bd9835f1d104596f726173c01b3eec9592

SHA256
1aac4d1ad36317bd24c5d1a98ce4218e3af594e7135a477a46f0c80f8fb0a2a9

SHA512
27e269aa7bf3754ebe70fdd1fce54f9f10f9ed88ced36a553bd4304f95e3dba3270d3b6249bc763d33f667959e7a0c0276ebd93b22fb7b7527bd9a7f75c32a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
12f4abf75083ca2d6eee22bda4a6c515

SHA1
8527061786083ee46a1c6623ec255ca2826bd869

SHA256
5c29fcd8adeccdc1821b4cf308b3c442b7c4326d57e8659fef398603d2d4021a

SHA512
c577f7160acbba3000e70c8037bb90d52391382cdf075134cb39d76f838575d527f77027e7cc9d734cdf006dc9575580a7eea762dbdd60ad22c23a974de943e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e5cfdd2c3aa1771f29ad4d56b8b72e99

SHA1
ed02600e54fbdb8c0a157a0bd54d30097c122f82

SHA256
a195265d14f3132a6e659989befe61dc6e0ffeb4f927f2e1310e295c8a7e17a5

SHA512
cdabdfe166ee011da51b4464d712dcb63de8124bca8ef6f9dc67a739ac9993ca49cf054b6065d8effbaee4219f0f2113600572de425a2954849b0a0974a44b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f2531a6ec985f199594e478bb9fad981

SHA1
f99bf9b3798a38faedaa272c7d82a228eee541c0

SHA256
b70995a0700db659d4f51fbb33fc97252d517d1cc21908e5046e385f178e058a

SHA512
450c8fa57c7bd9c5ce907fd9d229f69985b48d3b77486069e066010bbfbeb76f7ef41b5910e9a4e5de0f29f1420b41645cf60bc53bde4d306773ef4dc1a2a53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58369b.TMP

Filesize
89B

MD5
428525fddd03d0561b42766b61967d6b

SHA1
0605a32da753a2f6e5a52e28f7a07ec7f0f59754

SHA256
f552ed7d537da2a7fa31a11f283a85afca59aa2393e568be685905ef8df72c05

SHA512
ff02a305034588df5270c82add012e8500141bba47bccc1a3744b5a702d1bdcd086d6776e25966bee7be4eb0c1488151d00578952d389e1dd17bb81e6aeaeb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1bee3bb5e49376c407f51acc00dfba4c

SHA1
91e941719fb12ca938e29cd1aa735babf70a228c

SHA256
b771045e7fa8c915b5853b30072038115753be900c796aa37cca7a4d5b55b5f7

SHA512
6708969d8d1c2bcbd8b71b3d21340904c44524b2de3a57f62fd62cae236aba639de427b4361956b0e3af8cbceefe8b00c8b5ae431372eeb8610f8c627c53e4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
1260036afc5ac9dcdf1affdd7a9ba7fd

SHA1
cf20b95ecdda062b77550187e0e5308ff80391de

SHA256
09c0324178e5697619250b7436d7900afe745bf91f06928ca6a82c71bc30ef85

SHA512
cad9597711efd3fefb195f33e312efc187b4f17f0afb1a68e425e80e975acc56db9acd6e8e796de9d8821338c89a1c549777aee4ebb5fd01ca96a224380974bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588604.TMP

Filesize
48B

MD5
90b286e4738ce3ae1d448c96fbbfa761

SHA1
96a0fd238da6aa077829101306ac23793362e3ff

SHA256
90ccd5eca0a2ea86a3290030d0427750fb1c66481651f032e6d5f784892c8539

SHA512
354d7c01765b16450830acd67396ca69aadbed00c14e87a163349b2959ddc0d70e4b90f2158d0074c55924c8496e228141d19277ef6b0f0e56cfbe7d27588d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd1ce072c787c9700a3b123b7f876a87

SHA1
54a4e965afe351c15f25bd71f509a37b289780bc

SHA256
d9d64a01c4326048ce967a39867bb8ea3147aa9ece4df1df072a7790f30d4426

SHA512
aa34f920de6701407f0a4f085c9aa7b9f90238d44f25f6314bd2f656e26590a34f562dcc9d88f990e3d211111e9cb3ced784dc8494b9dedc938394598034668f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f49b392a06da73e1966520476be859b

SHA1
149b8a328919ef4b66215380e38c32d62b6905d1

SHA256
3516750d15bb5aeaf51f07f4aaef82fad516a9a68948b9a4831eb11fb13def40

SHA512
592104ee9baf0a93d499c0ce135d3338a82fc0aa9744983af243fc9c8c183ab9853b308cdd599d2984dd6b2c4890d9db29f1add44118ace81ccb3d852c1f663f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fa36a4e9d2a9b40a3c237f5625788e2e

SHA1
e085b56931a98fb9cd06eead4cf387a18d3496f3

SHA256
b09bb24e9e0492d6346c6612cd3eea78318f311ba23f30f2c077eff106bc6245

SHA512
eaaba45bdca2321969c917bd755b91f7118b73535803332004fdcdbaac02d121a7d41861a131c4c7dc8fcdfc50400d70568b9c6f39a252658fb2609724f2aa7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a09df3fe866b0620046910425101347

SHA1
53f0bd09bbdaf85794c6b60076886d2dbc16da0b

SHA256
d96bdf260827c54a422b320877a10b89f02f5f5ee5952e81e0cfc28af5977ff6

SHA512
3ea7e93c278e93187e9d089645d8a31f43b714bb16b2b10d622d39f8a99a6fd98cdd2cd8862e06b62a0df88c9b7ebc1b711cb7abd474fbf7e73ce730bd5db4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
60ead4960c43fee4b3b254d14601c951

SHA1
edcb04c10a1c48951d5c4b897716ffc7b739342c

SHA256
6b19758c76fc7ae2d1adbad60921ab395db2df5ff06b21b5ce7d0ef804f411c1

SHA512
ea38e934de355e6a39b662c2002850fb653439eff78db35f3e97b5eae91642c3ac6aa3e9eb275aaae7d1b10d4900651e4270e6631ce467b75fe45c65bc8be233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90a40662e2b4e7e7a36d908eaef3e577

SHA1
18e7757c446b60a6dcd408d0ce3c7dd2f472719a

SHA256
f630f03ee14176d404f7d36877122a4adfa1a41a6d4895949afcb4032db71dd1

SHA512
ad1f41b2fa71fc71bc19cf314fa1721cceb1c25b0e0c22ac5bfd020f2e085438e28a7b928ae45172dac3533673c8c1f6681fa533d75c2a110adb5709f09c3a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f0c2386f0a579c30691e373e1ccb942

SHA1
33ce5115d93f91bc2d09c1bcc7e11fed50308a3f

SHA256
0710f5dcf89b76d00a42c711fa790356bd7ffbfb5089f856fb1f6be4cdd64c83

SHA512
c975d61c4337d07fb2e06497a8b577616cb70c9cb9224aaa382d228ecfd3758c08e85e1a8240e65acf90bd8ed9ebf2000410e23e58b02ace7ffc916d81928df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf85.TMP

Filesize
868B

MD5
82659b69ecddd500dd89c94243d417f6

SHA1
1e2f9b684122202b0559898279dc38d463d8cb9c

SHA256
8f161e3eb0a8225042f2bf86c910c131e90d177c6b19c959fdeded6d38b8ec89

SHA512
8ee8673662222b4aa3ff9ac39a0b2b8b2900e8f7262a1156227af3d488d34bb33d62a30aaa17712b241b25f3d439d16b48169a29dfd2b3839bca96f5f5ce3ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e69408fa-a580-4b17-8c08-b83179599350.tmp

Filesize
10KB

MD5
823a5a67ca44d69e597ec0860edb025d

SHA1
2b3ad50a05b2389c4f11bca5de2f501f29d98f59

SHA256
fbb762f2382cbcb084ce6acfa9e7ec880ad9bd8399cf668af72226e63e62baf5

SHA512
640d5893625562144611fd3b9eb6e22ce03461184cbd33bb269c43aca15687560708a093660b3ba3be50aaff988f2d26b4d1217158efd515a3bfb99ae141a9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02daf27d69547278cf442c10d4e8cd04

SHA1
81afe0bf6cdfdc06ef59165c8cfb4af383d92eb7

SHA256
d7c620aa8fc67c9fd2d957c0f2ea62d9e959cff72c79b96ff9eeebddb28292f5

SHA512
39ead9ec5c4f8ea7778ee1580dad3d6d38242c6c2bbb0d7f62bc7c8003d2c080114fe446a88fbecd5a489ba563458c49dd36c798917e2d86667fdd9475a73ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
62300394203d09ac2a9a9b9f78889c6e

SHA1
632a65bfc585d2482441d2bedf6801cbeb7d375a

SHA256
18e8c9327ab4a753fa16a71e8c490ed9f66c53077951b3942ac6e6c521cbdd77

SHA512
553fd3d351830e351c60dc84bb3e94cad5f0fef4a36307e13eda5c043624e4bddb48274233bd94b35e96a62283b95af1da4cacb6f82fc82bee372c4297f9840c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3fbcd60adbd3e5a0650699f49f708c77

SHA1
ec4dc1e67fd3ac3514a5183ac80d8388b0847836

SHA256
6a186baf9aad0d6c7753045257eaf23722d3bd869036fc6e46df051363e73a9f

SHA512
c1b154608997f112d51ec192329c5f88351b1617fb3d62fe4ed13894f9725da59e4796833ea4ac4857f3e2572186b19e1ea865d2075c07f73d66aae0234b2cd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
79e440993ed355c1d591068861756202

SHA1
4b945f004b9a761bcf33cfdb3aac29a5091f3cb4

SHA256
5dd51086e985d900d8a73f41d21d01e1a375f4e6b8dff102ec96609f3fb3f18e

SHA512
ef53f71b904033913f801c7b32d98baa3c5fc3073615fc910ca5ebf53469914f34500d121b31154d7884c7b29994630155603cfb721c5d6b050e5d13b59d5c33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6872b0faf2b98e88555a6c8b82d1a401

SHA1
5bea4d52298e6d6a52922ade4c332a1d93527cb0

SHA256
b5972e9b729fc4dfcf4afb64279765d626b4f5246785658f4ee6772c1066bd08

SHA512
2a1c9fdecba77fb7db09b527f230f7652d31283aa1fdf1ad84155a6c6694c5790c30779728174f0590d22e952e9cb87468b43bba242d5594461644f2c5c1b408

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7a6dc11da8d04bb8aae4952be3c5ce3b

SHA1
cd907a1c9e4db2580b2b389035058dbea1071c34

SHA256
9ba8b78d15c1186517c8be628f61c40c81c2ee8277ea01ab37bf49f8ef981be7

SHA512
5420018059a15cd3e4a49b13a6d6d7bead3d4a4c38c0da2997bfcdafbd91ff9402b86216fc0a93fc8ef66e0738a30c51136e238c50bef4640f1f52d3d3b633ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
25f52b74304a091c66a359dcd75c5bcb

SHA1
1e3235358cffa56c4c70e6e379536808c29fe869

SHA256
24ebebabfe80bbc9e209e8c5fc5158c7618f95a82eab61df79817785c53a08b0

SHA512
ede5a855db3299e903cbde8fdf63d144dd4d1e19e54b8a61e00f5dd0e489d0445e7963969df4a1e187a3e8de5e8568bfa57ca6fe51658d9860e6fec669582274

Download Submit