hxxps://www[.]roblox[.]com/home

Analysis

max time kernel
121s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/home

Score

7^/10

discovery motw phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 5E34123F5245B2CD0A490D45@AdobeOrg
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
382	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
4956	msedge.exe
4956	msedge.exe
4724	identity_helper.exe
4724	identity_helper.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 548	4956	msedge.exe	81
PID 4956 wrote to memory of 548	4956	msedge.exe	81
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3112	4956	msedge.exe	82
PID 4956 wrote to memory of 3120	4956	msedge.exe	83
PID 4956 wrote to memory of 3120	4956	msedge.exe	83
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84
PID 4956 wrote to memory of 4948	4956	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.com/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5c5846f8,0x7ffe5c584708,0x7ffe5c584718
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4144 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8427931609297953615,4241322618626933115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x2fc
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
30KB

MD5
eb4178954ca96039958a1df0e61674a6

SHA1
a134977f8426cc8bf3230f7d9146d9a1e93cd71e

SHA256
c80e5961af91741ded81d1b59b2e800bfe7f662ff2da24efe46b040591703416

SHA512
1914509c4458a0da35c1df44d6558b8a338514b81dec50a28dd77b64175bce5271d5361c4d3d0bd47a39748abe9e1b1327b9b6af88bf9c06b630a302a1ab1c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
24KB

MD5
0059a4ce76f3c2a91ac5f8c04499eddc

SHA1
80f8e42919e84dda826c2a3b7dcd2e0aa1628f3a

SHA256
3e1f56afff5fa32eeee4e6d3a3ed77d209a7adc7f229bda093c825ad9be07460

SHA512
5b18d492edb61bea112da155bb0598e9bccd140e7b52c29b49754469289d768500b334986a1dd3b736bad5ebbaad323d2fc24c3f464a2403669b955a54527949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
17KB

MD5
4fe9721d0fb3dadccd04f70d668eef05

SHA1
14d7c5ee99dd0a7167ff93e392eaa1b66484b036

SHA256
ab3a8447ce0daac7733ec7e3d85ed5012dd9fd7f1cfb832ad0cb1883e55424b2

SHA512
1716bb5e7b7e10d5dbfd06c458daec02a49349facaccd8974550199233e727ed0211550da73af781e95655120c84e205dc12cb115d8310a747eb8de2ea26888a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
55KB

MD5
d5820c75f3e5005d233a66c3a27d6b96

SHA1
858a9104d419fc6391878ce4aa0a7028c219e418

SHA256
8535ba87e7d054453dfd21fb46aa7362828375d51d6a9726816bb94115ffb23b

SHA512
069d834371077e11f7fcb8b528bf1d98c0d1cf8a638031ff1e3d05cfe3a6a9df1a914ee9f6988b6c05b7d43ee07e8f71ef1d1afdb824cff4ebe9d4e08b7c92c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
73KB

MD5
001245adb7f984495b6d61092f4ce373

SHA1
979e675375d9a51250775634a8a5312a8676fb29

SHA256
82940c6087d9e8c0579ee0c01a2092ca5f4796d0391db841306881247b5ffa84

SHA512
d4f24f8bb98cfa1f46b283109dfd1a0a4bc97b79eeb385d6948aaecd4b26b80455f640bdd3347ff63b87a57eee0768633fac92206fa713a37acfb81826a0eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
79KB

MD5
115fe68a6b5c34e8f0a17dc7dd11b782

SHA1
bfef67a8709b4be7e17a89d093b0c76f20b548a4

SHA256
23a3bbfd6d4d53b328e21124ff7266be36cd4a34927c58401c47966ffc5e1c85

SHA512
4e2b1eb547e0c5dfbf715c8750dc5f3c1790a376e77fd94f23f47b107aaaa8d8bbbf606dfe2c39110d83fa91149832f0e6667f104784586189ef21d4895a2145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
96KB

MD5
85dde1049e397a8836b0636fe9955397

SHA1
d857bc424f75374dd0909aaaf43d95bab9089931

SHA256
010f835443c91d767b091bd45e63e50d2be8ad1e65d81fa7c623b7ca83af835c

SHA512
81732edd485bd4af6d7ff7c8edf38943bbf4567db875423a559b294f0085e502b64eec6c6b9525cfb190ee41cdb0059b817103f5d95241e68f7be06762a3f6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
130KB

MD5
4302a6cb1890e25d6e9a50a8854fe8ea

SHA1
ea9d1413681123cef4358a85caad3883c400e909

SHA256
e5c15a84da0633ae97899d5086b289400e0b15af9e060d81ab5c41ec9b7221ad

SHA512
b8056abf7d1713ca7f5bbf1d2724ba56e8bbc279aaaa5e116c03ac0a57172909301b6635cd6ef6c93d7f86dc5e813d0604f66f07e6b03e14ad1ed6a3b9fe4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
42KB

MD5
b7fc1ad84f9610d31fc41b421a138f96

SHA1
36c427cdf8115f33ce27988b1db900b2321ba341

SHA256
cf55bb0242a964648ec22dcd2cef9fa0974ea31db38f5f41b5019690f22dc6d0

SHA512
efdbe05fd5d403213866caa50e6ba1610825fcd1e0ac76b221e2bcc67702e3c774bcc172069895c5536d3fb932dcae8bc2a9663c845198dddf5b39349766cef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
86KB

MD5
2cf23c0d2751227cd01521bc6b0c6e3e

SHA1
7efdec3e56199c8e7e1b37184ce994de64fca193

SHA256
08957a63e5f153cb286fec2b098abac3c1491ce1eb63bdae196cbbd43e725aaa

SHA512
6783ac0d3954c249c87777632f4802a9effbb4fe799605a22909f0fb680bded6ed83194c67f5c74999bb740f26d48011130935c3775c3a456102aa925ca511cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
109KB

MD5
6eda9c4c61b12b37c9d4aa16cce03dbd

SHA1
61bf85d92987df7a639d9acacd94cb6a36a7c515

SHA256
65aa52bcac42500ccd2048b39588f0190a18d5df77b36370fd7fbdbb1ea3e8e1

SHA512
58cf49b44fa819f502b93eac1ff1bc2d6465653a82d0a413e9f08e609b48cc762e70cc987366fec52bf8afa0e6afb6287d0cf5f4a5b82efc5d482e6d3ecd9a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
31KB

MD5
93a02f738fabdfcb69a896e8d6174c1d

SHA1
ef219fc271211bc01cbb9a21d5e5bc2cbdd1e331

SHA256
26aaf37a953a5dbf97ec3326a17435b49a3da008bc0597342a2595fe369bad0e

SHA512
d7eebddec009fa3f59c7f45493b2cd713a9753bb0c5255b6aedff60e02fd547df20aea182617038c718bff281177897f38589d3928636dd26fca02b55076c049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
34KB

MD5
0a695abbc6b3bc05f833901775736eae

SHA1
6c378b3f66b588bf9fb01f105bc1845be2406f6b

SHA256
5eda3db71a3abf4442fe870f81e4483afc776cf230091dafa2bc15a5388c61ba

SHA512
c3843beef03172afae9ce51aeec5a0111e3ad6b13b0742f98136b2c270e6c967f83170c2a4355882ff2061145b839bf90d608c79724b30fd0a892b7dfc554777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
21KB

MD5
04222255ac26aada1695c31b5ae7539d

SHA1
e83df74e78b72ac0eb3ac1e12ef771e5c3dbd893

SHA256
014d04858a86aad374fb5908222510f446606cb6e2f38504666ca0a95f44ca14

SHA512
520428676a61781aeb39169d26250eacd86f59bf15bf08339a8b26a2c91dce4089a57e7d792f9729a9e675501317a7bab774dcd57f1129ce28d92e708f21ba61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
29KB

MD5
0c29109476adb2df2458b703c7f2ed3b

SHA1
eff0f8cca6363563eefe3b329b52d756572718e3

SHA256
477ff79d440a52362d0b9eb7ce2e3381ab45490ce2f9053df3b3e9cfe1928787

SHA512
9590e75d0b94284bb867abcef8ad1edb85b41106f2fc3db93770c3c291612fe97bce18a9d88483e45766ecb3cd567052c96c80a958017b008fedd14d347888ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
28KB

MD5
2765bbe0d462335f9ceda0043fa1e055

SHA1
33466f963f369b5cf5c38468f83b0c5050955301

SHA256
51303deb20ef9f5fb435130fce14c46d944037bcfd05770d7359f96aad036217

SHA512
ca75b827c6aeb5a4547efdfe3c8c45f1d1c539b3e89b44d964fa5218b9bdaae849549ecf06b5a8f850a16d5b3b95418620cc18d59ea3430ee6db76d14b036de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
75KB

MD5
7bc8522b81b7585c9d05999b12be1f97

SHA1
1db4956d45cc94cef7d384ba726f2045f656d129

SHA256
a4df12de2db2ed840390790ba6f08444a44fdba8495db974bc0e234221ceb801

SHA512
13cc11b1e5538889e9ae173d7fbca725028c1dd3aa183dd1080ba7001a3e2acf22d971fd1913da5e0a48c13f9a5f233f63c4dc6f8b365569e7c738de7ada6c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
883cdf8886ebd5b7563be3de5941f659

SHA1
966efa3f86a8e219e510cbc8f7c01619f9de4405

SHA256
d372616d41066d88e1f8f8a82f15bbfe42e3a68f1dbc4b8865ecf707ff78ab95

SHA512
bea0e7fd053e669b9a25a446d76b95cab1d78d0e57e1c2c5ab77c8b4f581d94c583bb3c19e75f4d81465fc1ba4266a02d67d8c98175626abf049b3633c7b613f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ae6b3c6b3e538d5f9d503bd9965ba174

SHA1
0b5cb825966d1d241c5eb4fcb45a98634ecac4d1

SHA256
f61ffc550ecd0f96b08cf01f5da6f96d84ab2e3ad199ecbffcb1df2a1506c498

SHA512
76c74c65b4530ccd8a129182027e3476d05fa7ca44b5e2de593ca1a3c839e11905fe3e80d703151f1d457799ed2fd15d6990f2e352342110d89df63e7b786cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d870753c005f484e3d474d94ebedcfcb

SHA1
ba5568de5748edf5cd2aa7bc9ddd0c65d68f197d

SHA256
8eccbad002bb7db64523ea6736d49ea7a99229b040429ea6f1dc534cdc5f67f2

SHA512
bca0ecd94f84b07f90dd040bf4542ae4c7cb4e18a8c1b067d8c49b49c37c9940b8456aee824760c2e30c1795e991144ff800d6fcda2e9b8e0c13c6dc434d1c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
5cdce24105a8fdc94d9f0d12df1c79f6

SHA1
4280d2b06c596732db4c301914ad141c76f5dc2d

SHA256
8824b3420e4ad54ac213e6e6099f8faed1b7ddc50a349b80bafe996aba1d4047

SHA512
0e2ee615a9bdd0cf515c37b1b35439216d90c0a7e33101d1dac3bfc44f87f1207cc97fbb3747d63d78da18f6db522c4d77921056c336994adde06322e8b99bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f49e3af543e83b3375796354cf0483c2

SHA1
003d32a0bed21690d86f245bb7ec0416adda7866

SHA256
90dba467a47b0592eb804fc213cc6026c2d84a10329f9e26a7a8a340804d24a1

SHA512
1125d3bf328c14215be1baca3c3f999959994efd57150bf71e9416544373dd697240ae35d42dd4ddd7b50f16095852e532bea3b02427091a4fecf84181e86249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ae60d27ed572157be65ed2e96bba5680

SHA1
9223fb1f4c7a87e3fbd61e9033740e646e7be7ee

SHA256
f6930b1c2146a54a977249049abd04940e9b20c73debf7f35156cf3a5de574f3

SHA512
0931e3c0117e887d6759391dfef8454a92ddd2dc8da048eecd5e8ef935c03f50a41932374656baa532c239cf3a78b92d499de3cc9322f75101f394f3aa5b6a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
49822a2f169477b1ed76eddd298e99e8

SHA1
6260892180eb78e938a34bf9c03477891f595060

SHA256
8f7b6f4dca646f0451dc6c5fe733406b88a0290e72af9f8ef1c299ae18f1399f

SHA512
2e209e8afa0dbe5e2466b0c02328f5a0658a253e70f9c9b29142f7bf6bb5c8714c4980365692ad6c10ee552fa3a96f60a1e1df25686fcbc95443acdb3567dc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
28beb98b1dead8b4467d7ce495b2bacb

SHA1
3e5c3a611bcbf92be4929f280c9684ae8fba8bdf

SHA256
e4291955122c93bafa464d8bdaea30d5e0428ddae821a0998962ddbf5efb0e8e

SHA512
1a1c6c588c9a7da2f4d9ad31b2b41d7fe0331f9112cbe2c892c7b803cdc9e6e00cb3c4da843190ca2f0fedd1a80e5b65f1d5e8945c797b33c229e35ae4167333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba8cbc95f6b0de0e6568aafccc183484

SHA1
bd267c49284d600129cf08e7ffaef9b9b6e9f54d

SHA256
3190a5ce50c0ccf8b3d76d714d9ce51a44e43bf8c745f556460289a6b5137d98

SHA512
5594fa241b50091d7e5fff3b27c722727b02c25111ba345b60972b4b3102ce7930a2f42bf3d7940417064a8a31a532d8480ba0c78a73fe052b22fb77e406fcca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
823d2e5fa565374fae78ac8e0bd59c2f

SHA1
aeb6674066910d457427fd20d2ebd7aa672a5fd9

SHA256
0aee814b3c65d30c82be84a03cf63a6d9c9823e31cb2db6124e1ab8bd19d2f72

SHA512
841d6e67112763c231edde658dbc174d634908b3971ac9490cb36d3b8c23b8fb9a21de57eb0b0d6b8b676f55b8ccc9cf58a2f1d80060257aeabaa0f9fad17a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f7525cd17d5273e1fe9816fc2eea1e18

SHA1
6b8b1db1642915df1a26df831b5b43a54ca5b90e

SHA256
d0fb0a3a01b7db800f53eb69f1cc31caf439fa2a166e6b6ce0c2227435c30cbd

SHA512
d83f07a1695e1b4759a98d75b2c4c241f57de8d347f4fb6bc2d9a9742985b4e55fb849c3ccb56e64271b57c50b36af099a52f5a949447957a56b2aa1cf1c81f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cbc3c52803a023a481a35b13d3baa2d

SHA1
840a1991dbdf441a9488705327d1fd742b602023

SHA256
532621775ddd0c42521c3a828ceb37e021c56d352c4e37cbf160ab2fbf97f6ad

SHA512
50e635c97de7606b0564f3c6ae9d9284e3668dbb543ecaffb87b6b059b9aaa9499f3068555b32f41d6fec9da5281bd6ad614f864c284f9e8c6a4a541987e6dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2838419096088a753467c424c98bee03

SHA1
a0fb4a7ad3a26fc9b4aa6bfada637e97590e9ef2

SHA256
540c4039db4f9fd53e380c2d3ae2cf6eb060b9d028b9a519507d5b601d07fc12

SHA512
ff3831cfa101409a5f948182b698b3dfedc952804d7e72360195eee40f881eb7ccb72bfae8acdbaf922d1d06e082edb53d0b088a349a859b31c1744d50b6ea9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c7ac5.TMP

Filesize
48B

MD5
157b07359b1dd5af771874179c96d51c

SHA1
e520c7e8c1918da75abf911bde52780524e419fe

SHA256
61c77d08ade67ea882b537db4611164825aa175ce04c640c0c6d4bf86b8e6547

SHA512
6b8947f703c46e2de9be4a9cc54b11622008baac28907a90e01c32fef5dc5cd27ab7a80d017fd766cac3787657ea89a18b2dbbcfe8ca083c35b97bef90295f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
441bbb3c02707aa2af56949667b36630

SHA1
458bbe01d2b040e0fa4c669c9b2f4cd1d29bdfe2

SHA256
56c03d10d2f2ac660cb7380633292998c0776a573149be73852c6a11063ea011

SHA512
1de8a79efbdcc312efb92b5f73206af6438ec0ea04faa7cb7c4860fd50334bdc1c76c226669b18ff65a2771f1a624d83c64d4a284c6937e93df390949b593ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8dfd47d0f53a1edf6f8cc9f751e7a03c

SHA1
baa59c496c29197270214fb81d35dc2ce86a236f

SHA256
ba91fafd5648fb72d88998942f122423c3d85ddfd8a8bb3489fe62fdd8a64676

SHA512
ed17281aa7f98257a7582b232f2c86df96c53a5f803533642ef1b383c7aba2bc245a0e539bbff02969559b95fe8f0e638d025f21075eef185880f22b5567f85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
41ec0efdecf59ae64fae2d537bec95f0

SHA1
b713d95409173ee2bd491dae2e34c7e3b009f34a

SHA256
c2fbc98cc189ecf9bfa3be9a4705d8deb8cee8aa600ee73b85c189ae322cd8f1

SHA512
71a8f1fef331924a113a3f69f96d91dcc03aa939ad81321988e678b8e3e17ba32332ada7c603cdc3db4bb458e2e4c3c84eda9f2a7e4bcb9d0dc648d4bddbcf4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
3e55429cba416efee80707309263987d

SHA1
07391e9d72baea160ce5b20fcbb5a0ce0cec87c3

SHA256
f262b6719b315b2dc910993536250859f4d8247e86d7cd900254533d95a363a4

SHA512
1946f126fc44504b5de1a0f93348c577adc001141ab5743667ca0900bd7e6b86ce34758601a9bd27c17d18dd2b630321f6a2fe73634e7ca55e62604d501b3de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
1cebd5a07287265444de0495123e9c44

SHA1
ef3c94f1e8e8fad5a0e07d1fb3ece7b8e6eb4517

SHA256
0408d4f93976964e19e35265a8d695a32b27d6448bea2642037dbd930a57c33d

SHA512
fd2686f92532cb69d35885af83d43739a47b4244676dc1942035894356e18da7f3357d63edcbf45f50e449567848672dea8c4a9c4c367a1fbd2116d8c45bdba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a41fc6d0970aa7bd4a56577fec4e0fe4

SHA1
62a3bfa88e4651c2e73718a8901ab82ff98a3d92

SHA256
23ed5e8c14a982800380d0903275258c42bb8d67d98b7bd0995a2a54f6b19e9f

SHA512
e5169da0722284b433acf722414ad88168857a95e7e4315cbb3a1e13a0702ef0816e3992351fccabf94a7afb65fd9054bb5cf4fd5f396dec9d0c2c125fe59517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
8a812e60988402ff80cd6e556852e1b6

SHA1
fb6df481b320f1eb78f0147551b5f2a0fbabb681

SHA256
05a71ed33777963d212aa592c206e92299ca5170d3bb84a892247c206ff631e6

SHA512
d7fc00c0963bae55e5e52a8d4630616d6d005f1c210c29bf3418465faec73a4d2717b637c2c99ffe240295b3e6c85b5cc35e7d6eaf56e9c99bfa4307cf2653ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b6394a356c7a25c688b93f4aa1273b04

SHA1
184b56cbc787cd9fd59c4a7f71c7d4e4426509c5

SHA256
4898740462998f5cf8fd434d9741c3be532af917bf277f9064c422b815a8a4fc

SHA512
0333c7f82b435b2b7aea569b4970e5d256d35c7d322560d75183e2b46223be9009aca604b1456c589fc23549a61e0c4de2a14e20cd9be4f86b333902e471757e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bc64a.TMP

Filesize
372B

MD5
ff92446e9a61bb2cf722feb0435759c5

SHA1
e8593e532ea31ced5975cf35ab54b3f581d52715

SHA256
b0e147a0fb8517e33b96089d6b10f2b671444931a7e24732e38ed89ff083ede1

SHA512
f3c9a69fdfda104b6a15ea92d3e1b24ff9ba3362f6b8d9eaf2f79bd37732676b628174b381f89dc73d46718e95cbf6bfe1e0eafa573b1320c364ca798bbda6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97e755fcafc1ffda3086aa1e0ce5f06f

SHA1
bc6dfd707947f63511aeed67a614416da70cb794

SHA256
401cfc0fb5f81cacf0de47e942860d433b1b20f2626bab1a4ea36236bb554e0b

SHA512
6221ea4cb0eb6290f426729067275c2c5c6cb0e9f06943518cd5175891c502f2ce9d6678f82f376dcaa37b54c5e44e7f04d64c32abd4e30f379b338c76ce2f1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c3cf07bb830aef81808dcddf04605c8a

SHA1
298680764dce70aa527cf90953061f9f7a30efd2

SHA256
abdee0bd98130208be93c0ae5eee34b2be29142ab0b445b591e12dbe4e9ec4fd

SHA512
8ebaaaa2d1afd3d0fb644aaffa952baf26e96f0780eac073b3e91f7f17275928f8a05e71b6addc7b7005a03e07b3c72857c4c6f42f2a6ef75579da1f26a7e205

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
13d1fd28ab0008e12145cc14650c24e3

SHA1
722d3813e2b23b5cbb1b784c0a3248be507ad80e

SHA256
504010ca9b6b49b850941f0b9d157bc741bd66b525afe167c979dff0b3c1dc1c

SHA512
8ce6d434ee241e017345865ae2ac6b152c7f573079dea834efe036795336eb240227e67ab282c5e54e4e6cdce83d53727de9c8d0d388bb6a1fb34ab1d77740e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
217fac88465cb075de70917ed8adf353

SHA1
7c0709a1e5c5e0ac1b743284119a413af73ad29d

SHA256
71902671e7a5450b5acb087db46200db096c4d94b60106a37452348f27122b5d

SHA512
139a74019aa2f0eb3e14493aaf5046e208969e105501833d442c0b0841352325241293e2b3920bcd087025a1e248c5dd73fc400c76106524cee1bb43aef24694

Download Submit