hxxps://is[.]gd/KNSLZJ

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/KNSLZJ

Score

7^/10

steam defense_evasion discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

System Binary Proxy Execution: wuauclt 1 TTPs 1 IoCs

Abuse Wuauclt to proxy execution of malicious code.

defense_evasion

System Binary Proxy Execution

T1218

Processes:

wuauclt.exe

pid	Process
4736	wuauclt.exe

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exetaskmgr.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f59c2d6185d8bf0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f59c2d610000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900f59c2d61000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1df59c2d61000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f59c2d6100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 17 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exeMusNotifyIcon.exefirefox.exefirefox.exeEXCEL.EXEMusNotificationUx.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotifyIcon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotificationUx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotificationUx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotifyIcon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEmsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
4676	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exe

pid	Process
1548	msedge.exe
1548	msedge.exe
2764	msedge.exe
2764	msedge.exe
764	identity_helper.exe
764	identity_helper.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

msedge.exe

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

taskmgr.exevssvc.exesrtasks.exefirefox.exe

description	pid	Process
Token: SeDebugPrivilege	2516	taskmgr.exe
Token: SeSystemProfilePrivilege	2516	taskmgr.exe
Token: SeCreateGlobalPrivilege	2516	taskmgr.exe
Token: SeBackupPrivilege	1272	vssvc.exe
Token: SeRestorePrivilege	1272	vssvc.exe
Token: SeAuditPrivilege	1272	vssvc.exe
Token: SeBackupPrivilege	5232	srtasks.exe
Token: SeRestorePrivilege	5232	srtasks.exe
Token: SeSecurityPrivilege	5232	srtasks.exe
Token: SeTakeOwnershipPrivilege	5232	srtasks.exe
Token: SeBackupPrivilege	5232	srtasks.exe
Token: SeRestorePrivilege	5232	srtasks.exe
Token: SeSecurityPrivilege	5232	srtasks.exe
Token: SeTakeOwnershipPrivilege	5232	srtasks.exe
Token: 33	2516	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2516	taskmgr.exe
Token: SeDebugPrivilege	5780	firefox.exe
Token: SeDebugPrivilege	5780	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe
2516	taskmgr.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

EXCEL.EXEfirefox.exe

pid	Process
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
4676	EXCEL.EXE
5780	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 2764 wrote to memory of 1128	2764	msedge.exe	84
PID 2764 wrote to memory of 1128	2764	msedge.exe	84
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 3300	2764	msedge.exe	85
PID 2764 wrote to memory of 1548	2764	msedge.exe	86
PID 2764 wrote to memory of 1548	2764	msedge.exe	86
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87
PID 2764 wrote to memory of 940	2764	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/KNSLZJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3264446131545231382,11456407618377842891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultacf97b46h2b82h4068h90cehb3e3494134b0
1⤵
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,10316170797638402145,5389922304849292536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,10316170797638402145,5389922304849292536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,10316170797638402145,5389922304849292536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:4812

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2516

C:\Windows\system32\wuauclt.exe
"C:\Windows\system32\wuauclt.exe" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 8d4d89ed-6957-476e-b6e3-aa254d7f98b2 /RunHandlerComServer
1⤵
- System Binary Proxy Execution: wuauclt
PID:4736

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5232

C:\Windows\system32\MusNotificationUx.exe
%systemroot%\system32\MusNotificationUx.exe QueryNotificationState
1⤵
- Checks processor information in registry
PID:5880

C:\Windows\system32\MusNotifyIcon.exe
%systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 19
1⤵
- Checks processor information in registry
PID:5912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea4b5286-d649-4eb5-80ad-14b178463eb5} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" gpu
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41b8cd63-1f52-484a-8d92-279c8977e3ad} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" socket
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3236 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89de900a-77a8-4550-9c72-a457f1403ebb} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 2 -isForBrowser -prefsHandle 2728 -prefMapHandle 3636 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0f7618e-2263-4fac-9104-407588064998} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4864 -prefMapHandle 4872 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b948f67f-5b35-46a5-88f4-31780b9804c3} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" utility
    3⤵
    - Checks processor information in registry
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5232 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6eae0d8-1dd0-4601-8d89-db26b0f02fe5} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5384 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c908ce87-e31f-43f1-aedf-8427af7ad090} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5640 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d022ee41-30fa-4313-815e-df941033fd0c} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6072 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 4736 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80a4275a-b34d-4a56-ab66-9f7dfe580b17} 5780 "\\.\pipe\gecko-crash-server-pipe.5780" tab
    3⤵
    PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

T1218

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
a26262ce6f7b321b6ec5e83241fd26e5

SHA1
144980af834a1f51a62f6c03b54845d3297fb917

SHA256
f00c082281e5f4f4099bc36ca117817cf0e4f7444ddb4c040ce103818c08a196

SHA512
d5c90ca7393f3f8b524f468ad8fc4349c5629cb369411991cb3a2120c452a87357009818d4f5a4373c173e496f43e0247dbf027fa204309fff8d0f96a98550f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f847835f14aa96ac4c182fa8472a523e

SHA1
4c4dcda6aaedd535b5ffea64df201aea6cd0148c

SHA256
e62a4813140b8648ad5966d42d16b694ac371e3cf897873063f66b3821903f5f

SHA512
6080291a9c3a380fb9b22e2e6eae561e5dca21744b506fdd4e6e97d99d9fd944d0fee13338d76b4a4b5f6444583907a9d7af8f134fd0618ad24577387a77ea61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
47KB

MD5
2bbb6e1cbade9a534747c3b0ddf11e21

SHA1
a0a1190787109ae5b6f97907584ee64183ac7dd5

SHA256
5694ef0044eb39fe4f79055ec5cab35c6a36a45b0f044d7e60f892e9e36430c9

SHA512
3cb1c25a43156199d632f87569d30a4b6db9827906a2312e07aa6f79bb8475a115481aa0ff6d8e68199d035c437163c7e876d76db8c317d8bdf07f6a770668f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
623d2b9c55b6faf8f1d423d518a301e7

SHA1
16b57f48347a78e7af1889293dac7b94cc9baf6c

SHA256
a0b98c56b3814396d8416c12c8c8b983007403b65fd6ecaf966f94c125ff12ac

SHA512
1443df79b90210de308ea7977497741f9717fd3f8f47f143f120a16a4af88dad7d7a47f62ca6cc3845caa777fd8212c8e5606bd8c56695311fbdb6f5eb48ea5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a7af627509e8b9e2b2b0a46c58b7b36a

SHA1
bbfcd6da29b8f9e768093dfa24900337b4459c53

SHA256
7b9f6cf7cf3f627da96ef733502c02ca68d69431b94e506e22228d37a806ad53

SHA512
4d0ca0dbb7dc7f330d063522023fd6edeeedb011cc47e54f7def6fd7fc57527269ae2ed15519a39a2faa9cfef09d3eac15732c6ebb4120fabfd371d5098eccb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5bb34ddc9661d3eeab671696be2e8370

SHA1
ff736486e85788198d4700ed8731fa044285f025

SHA256
8d12d1aa6d8977569381474f323c7bab2a6c7682287d98c5afbfe0f962584a0c

SHA512
7270be12f90bbd00c99895c1945be5f12ca1a227ed0dd86b77759673a22cd706b151c47b144584c8c32075d6d8d0f6938a943b9325715ad20f11072a1217d86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
44KB

MD5
8fb771ea5beee4a3d3387e995028dfe6

SHA1
88b797d915688360facd4f10a0f50caac27f80a5

SHA256
8182e0dff6d52d515e9dbf49830f55edecf47be8c46990f2ce1394de1b5c0c31

SHA512
fe90af64a2badac866d067fb643f3626d036c7b33889b68d7db5a76e5c0aad68f63af63437cb3188c0fc9fe92a4c010b789ac6ee305266a8de2d125035127314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d9e847bbea7ef34ee1649c3dcc195dc7

SHA1
3c44507a109c24fdaadd287b8a67159ec0dcebc5

SHA256
e9da2bd81c974b7e2d53e82c2f1e1a9c98404734bad95bf25f4150235cf229fd

SHA512
dc7118cfa2142ab160cc6fb5f0d003028f77f02e29446106fe3c6b932e03cfaf9dffc4919ba6e4f56405aecff86a82b1bbf516552b6f155d21370026d27e9c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7fb3acc7fb77564176990bccc509381a

SHA1
fc95135db0f74495f12016876c0a392f96ea90f1

SHA256
db68a68660d6267458739272410eda1866254bc72e1cc3465e6b7023b9e0b4d6

SHA512
8d8a6d07bbb647592612458a433cbcdb5f0659ef918958f9eacd02962c7dcb2f4b3bb50d45c3b23d949d357cbb1c224471c66c42d28ccb1bbf7a1410a9842fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f1f6b9d9e9c6eda5b2fa0c435e9761fb

SHA1
5624182dfa399b5b6d61b9cfa15b0b4d8d763d0e

SHA256
0ee2cbbe53a53e0da00641436894568cb84c838e44a1e7b34596da4e70b9fbb4

SHA512
ef30dd2021f1c286a47adaf86fcce071e42c142dc5542e2876d11c0d6605a6a545423d9e72823b6191e076c5cfdaafd0be567e5b642195d8945c90591b65ce4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dec0ee2a5e671bd356aa9becbab20b8c

SHA1
d716ca96d2dcd2832deade5b0ea430761443ecc3

SHA256
8fa9684c838b4d8e509c2b4d1bbc4c1552725dc5099783e0939e97a8494061c3

SHA512
719176e126fd74c71862ef784e6550d36e8e645004744cd343364872733d45ac47c32dde21e20264558be90fbad4c748b528c83e76f41156167545cd4e3b811e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1f1088d150dbf0778b42a342e7980f6e

SHA1
f361426250447a24e3b1d13b96244ed854182563

SHA256
3f47f6c3587ef4541274611c5f8046b77c508112865ad9753bd3dd2ec43aadc1

SHA512
9bd45e0f2e0600c16d2ab77892cff0355d49fea431bf54fad11132c781e2c7033c6a4c689c83f8222dde81cd2fda8a6543a22e55692226ca90292aaa2831fcd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6e33caf1e806556b93da91a69bf5a2be

SHA1
9a401f71e18251262e87d0f840a6776a7ec42617

SHA256
528231754a17cae4bdb7e7431763ac3e6a76f650a33283ddac0535ccbd8af06e

SHA512
0923480ed095e0d9b06055cd048e018575863bd3f8916828886fc4d1c27374de8301a33e5e6b10c5b110b3796ffd6c9c552727136a680820bcf40adbb2e3ae4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
358cbe6d1aab813efeeeb0ee5d4ad3e4

SHA1
3b44eda63119773508204405ea9aa0ec6f98c256

SHA256
fc210787d6e3c1d988a7c2bac48da65bdd80ff029d2e11277cd1af2b798b13bf

SHA512
e1c4062ca8ddefd875eb5a71a6ebdbae5f2c2b90980994391259a1325ff688a11b3ea8fef38cbe632395dc60f332ee7caf2ffb67d44c444424d7bf18a38da1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8bf47860081c8c5d6c0828c21f638e9e

SHA1
6c169a7d2e403db47d3de4808f2abbe1ef5fc4ea

SHA256
18e2c9da969d8f5724325558c19de6e5112c32344412dba03e1db26c90bd795d

SHA512
52d5f14597e2d8cb126f1937bf4e5cfe6c8852937206b5df4394a1c20e2a8df6e26992dd8042ba318843971418d6f59eaf133f6883263a608885219e958402a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b73bb9f59fce1500dd147f0793f136d

SHA1
d00080b4e474b9a6eb15f675c20b988e5dbdeaab

SHA256
fc422d20d9d2b5904e0cb12c85d339220f619150c23e3cadd11e07ea4de1ffe0

SHA512
3b5ff80dc14471f5aee31db4ee34d1812df1803dfd0576683bbe81f40e913b6585dc12de26b48988c5670cb457971c98137ea9de1d086ec51a27d365e19c9e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b957c755295b7fc6c5d6c97777a2bcf9

SHA1
17b7daa40197e34b725a3fecd885718d2b8bef4d

SHA256
cec452af735f5a5a9f90eddb25e188d155e90df0e8508e55effc35ce74d1e321

SHA512
89169e86ac0a8a883f0231aa1b2f9131f5a91f63f0a35470d7e171b4baa7442c11233b6fc6bafdb5d7c95a568056a83b7fc95c052afd0518e23613ceb82b4b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c0d1c10c80eb9c00a55563473e47f440

SHA1
1c6ddb3a35b6d0900e32337262b6c32f7f3794c2

SHA256
1ebfb3dd5005a120f5601f9840c2580612bbaf4101d7426d8636fa3fb71224ba

SHA512
4683a35168025ea5f7679b629d84996ab5a6fec304b513f9fbd8b24725f2aec2d2a0cdb98e3a7000dfdbf57748a91b769ee3c8a6cd61787094bee79520cf3c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb96b0c6b0e00777c0774fd4559fa9f7

SHA1
c371252d0566ad4129a1f4647a260bab4dc22b48

SHA256
092550506d0a921837d4faca8590e23dfd7090acb0f71ab878bcabc3cb16bf4f

SHA512
54d1157c845443ec5b9a99fd479e13613712ced3c6c77d6e88a61c2ad928dc810a8f6eb7640f6e4e286fb00fe83187f024442c65db472d0e70d7cebec3935c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dea45d144c91e24c56b671e370a394b6

SHA1
237aa989e4057168b701bb1b5031f6135128ce15

SHA256
602e4a80a788549750dfecc864e645c94207fd62a9d2d175e2eb7f75c5bb4645

SHA512
eb9576b9dd32b4868adfd6a50bd1440452de252061699af24f848b11800ef73a2f88619748659de097246b3350c220b2b6f0fbf7ef8a51cb45a7a0b898cda77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8d612f6868ad92615e9fc8cadc20f23e

SHA1
cd05171a4d2e9fbb859676ac87312b4ca78a1598

SHA256
b5c3aa1cfe6f212f3693de24d30d2cdacde92f3750c93639a0b0ed97ece253c8

SHA512
b65e139895beb41cab7512fb521076eccce6cd13affeeeb70b2a9d73c00132142145e7055fd2dc6244acdc525652c10d60e32aeb62e8f34497f6a86d8efa77f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\43289cc9-e99b-4659-9b8e-9f6558e48479\index-dir\the-real-index

Filesize
144B

MD5
d8e796e0495c6ebd2bef667485976a8a

SHA1
37a914c6e687c1e9df69a7b9c8ce307ec3b16ec9

SHA256
627e10c4ca879b7223fad42a5f36267c782093f368707e23d3947808f1ba5b73

SHA512
28845071f9b02db4bd50a021e8f6ad23889847aa5977a2d8ca56c2901ef7d1b9261a453ab4706d1002f3671f44953c2f29caabcf6fa95cc5a04f8897c603b765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\43289cc9-e99b-4659-9b8e-9f6558e48479\index-dir\the-real-index~RFe58ee53.TMP

Filesize
48B

MD5
95f809cd6397dc06df82045ef05a2674

SHA1
4f153dd50d333c36c56aa05999b687e3145a8343

SHA256
b3befe69c27459937bcf0fcca9876682675f285d6ea648cd3c7ad96482432b19

SHA512
6129e64bd4ec1b2d04868ef6d09f8e64866f67d4c4b618e1bab4e372b928afe9bf40465e4cb50bbc0dd114e07883086f07d90ef5b0cc8220c4f4281de441963f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\58e820c9-6e23-4152-a974-418d7d14696f\index-dir\the-real-index

Filesize
2KB

MD5
ba71f7951380e9ccfa9941e5478684c2

SHA1
4469a35ffd013de76463b170fb56bc7728427b26

SHA256
6270b6e08fcbe10daedb3f4eb6a5f6906b6f6eb4a52c2278cf75446803415286

SHA512
f6e57ba66e230533cccb9801044dc2b6d364467b19836e72c978c41a7ea2828508e2f103f96c19b12ec7748ea14ba161788d904cb3c12e1d5a35806d8ae1f05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\58e820c9-6e23-4152-a974-418d7d14696f\index-dir\the-real-index~RFe58d4ef.TMP

Filesize
48B

MD5
da4b78d5d5609d8edf8a973c168cf2e8

SHA1
6010e9d400f39f3d1573ec48ff1c57093fc549c0

SHA256
dfa306237bcbb760aecf9b0beca8c1189de7ca1dead9a903a242326c2b2f0b99

SHA512
864cf788ba89b3ce5ed697af568da3cba4f5b944e30d4b53116bc9ef7613631e69d7654a66fdbdab800b82f4163269fe788f22aea66ac3c26bbdfbc374688a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\6ef4670f-b66e-498c-9836-69918747b68c\index-dir\the-real-index

Filesize
96B

MD5
8372e020fb4bcdfe1cfe0d2832ef34be

SHA1
1f560237c5352a59795f67181415cbf079a27a36

SHA256
0f1dc836ed719eac740b5c0f3cff2de89bfa69be596418179cbd2e6997afcc0c

SHA512
4d80bac43197244729d60b0534cd281ec8f47b14475d95cc3c3fca0bf1c1f2027fb872dafda00721abfdadbeaf17938cf56f6bfadc5c8af5eea7ed638f1d5606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\6ef4670f-b66e-498c-9836-69918747b68c\index-dir\the-real-index~RFe58efba.TMP

Filesize
48B

MD5
4c230e4b792336d5b7a5d0752db12b8d

SHA1
69cf52e0ad04e08d87e548a35584353170b0bd9f

SHA256
a34858c66166ebd63f2fded74176817f8b25bcef874dbca318c9ab7f763adf0c

SHA512
bcc6bcbeb0edbe88e92299e40a4ebfed87577d09236b83dcb058567884080bc4c78947a8ba2f33304eb22931dc4af50dce685c1a74331b4061b6ee346212f335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\bcd87765-5d3d-4379-80d2-0eac0fc3599b\794519bee72d7ca3_0

Filesize
9KB

MD5
f99cb8d25907305bbfc94cce7a8aa2d2

SHA1
9b1abba355733596e0bd3b2637a029d8b31fffaa

SHA256
17f6e65381abee9aa8d50163e92a4fa7e64e643c618a959359c747ced86ddde7

SHA512
8f91ae0dd366c3b0ef0c9af0baf4a7e396bb962c249f1258f9a750645a72340ada6ae38358a5d06dbfa919d5e7c12881e692a628a187939406a9a83620dfc02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\bcd87765-5d3d-4379-80d2-0eac0fc3599b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\bcd87765-5d3d-4379-80d2-0eac0fc3599b\index-dir\the-real-index

Filesize
120B

MD5
696c97eb04aa78cdb3edd829aa8c94a6

SHA1
9b3e5fc0b6ad355ac9dd137e7c59f4071312f878

SHA256
3dc3b4c67cdb9e9efd1d50ea25b55129c0ec5535881bfe51d05acc9ce4fc47dc

SHA512
a6c6666827c7479424e4105c7b47a76f4241ab32b4893e0c0c4cb742b1e5f690210f5a489a44960a9aaed385f395dc55569204b0ea5d6ff7745c9e615d975eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\bcd87765-5d3d-4379-80d2-0eac0fc3599b\index-dir\the-real-index~RFe58f0b4.TMP

Filesize
48B

MD5
205f7846a610058625254b37d2bde5f0

SHA1
58abe5bc67ef5698f69307f8278e79b97d451eb3

SHA256
beb5bfdda715d8ecc60ea27a822b5d0a5af056598f83ea65b44d5a27fa1e6d49

SHA512
6e4297ebc508181e8f6f919819abedaabff732bf5b93ec47e51a9d786475713c251d8c92f45c325a9d3576af27e2a7e1afb3379f6702ee6aaf4c1ec6b34b8eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\index.txt

Filesize
125B

MD5
66fbd27e44c919b3b287e08e5a64e99d

SHA1
c3b5873b7dd5082a2dff8907615203470e93f8f6

SHA256
9bb3b4f9a4ca5fad18143cd0b2d0bd5ffe7985a87b55f359cc1ee9ca95481939

SHA512
cb3b44d57c5402b2fe1a6f9fbda6b1bcd1db7761f11817910cdf693951908c3eaec1f0284c4525bdb58af3246da3ba0ae690968b649ca86c7c55ec97118b2b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\index.txt

Filesize
237B

MD5
6edc04e4fd10f55e0bad6d882f03713c

SHA1
fd6def9c5826b5e102feded3ce8bceba031d11ee

SHA256
62d329ff58af22aa841e695a5a88b89a5e4a0899378da748919e598d9d3e0a59

SHA512
071199a22ca5d238a7c2ceb22fba88cd82ef3e95d8f5f7777bb905db2e642539bb7db509304aac7f6e645bc3235f6051593683e8f8e9bb3ff3ba451aa4d4e206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\index.txt

Filesize
292B

MD5
76bff381c26b8e4d8f9c812cfae86031

SHA1
dca83a3fe1880ebd9272d5d3fd356b94980b0f46

SHA256
bb1ad061b79f05b5fa6b578a97ab3b1f5903a92416ca1313b7df4e110ea36c6f

SHA512
9f07edeca51b13ffc1bf83767e8fb32fe590637556f7b437933bd644fb9e58078fd2f234b5721a21d30f1318e47fc46d73623f234021a705ae4b3ddb0b24d58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\index.txt

Filesize
287B

MD5
57cbefacb7f96738f017ad73bd0f0f4f

SHA1
f527c5c3ea70ab18d757f1c62b9e786eb7ca8a06

SHA256
59993bd643587d73b1fb94fa79e109b2b71fcef416fdf0a5da68a9208a04608b

SHA512
2c6d324f8e0a3c1df0a4226d310331e0e9129c5f5a99ef16117f3730bd2c04579baa7960a5b569e637a87486cef0d588683f24a4c030b8ba9b9f633297d1d693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\aed90de038af2c47b84a64b7b3b44acafb8d826a\index.txt

Filesize
181B

MD5
0a0edbf986783a2263ee0ee0b26e56e9

SHA1
3635bf33ef41478fdd2b97afd51b9c75a1bdb1cb

SHA256
6c9b55d368ff8dc394158f5e44b6d527b677fd5522c6a646846b4bc77161b432

SHA512
6dbb7395fcdb9f672fcd06be77dfd83bc79fecec08223553b070c3370c9cbfaed8f736551a9c72982b6e8d1c73568b9eaa22afa339357212e5d1f0210e7fa41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
1KB

MD5
f12e33ec3237298271bd81bdde875cf5

SHA1
119e453cf9ccaa9e096078b568906dce4fcfa146

SHA256
da759b700b51d952ad2d054d94dfefc42a90adceaf70fa274575032db8be7e6b

SHA512
bd7faea3f1be1c9c259d58798fbd67b743c5d5bf74c7d6fea05240711e44030086ab4bfe784959c8ab2432d4721ef86d4c868d1700a6a376af583d8854a250dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
78431f9e134e7b7986373d3474fed502

SHA1
52a80da2112e8509f37a54ca11efaddbf18cdb17

SHA256
be21ed7a63358263ca8e21c4416700a365a2154eb06b372fcb4b6b4b92c85b34

SHA512
685f604ad9ecebd3ad4ac1ca2e6379395e93f12041ee206b3c80eb6005d39dba1fb2532d0c0d912dc9821908058a1fac63687d20e3ada9ac9fb014297f61e54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c8c1ce3cd6ad6710166227cfdd0a20ad

SHA1
045d791d10aea109ccac725471af9185cd45d5bd

SHA256
6b36bb44e6420450f6100fc678b37dbbec16eeee63ead19a204127c1d8eab029

SHA512
9a6859c40baab576f4d9a446f6ff2d1f7eefcd1844467cb9c7bb4bbba6131ef17ae77139389f4c0c0e273b65cfa11c1d850474fe6dc3a28af465d1a4d7ebb3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b0bd.TMP

Filesize
48B

MD5
c2a83055e585de19c67d90dc97660194

SHA1
d1708a8b8a73acc05ea6c797bd636671aed12063

SHA256
37856379854e19ff08e9c8b2643b6c1786a8ee33217976ebf0458f4a61516416

SHA512
feb41142d7863d9429588b699a1ea7e003626b26e0978b1c27e8aa593c8a9366ef140643bb6028a60006e1953b89afa46b0cc11c47912d38a6f3fc16d4b8e857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
544B

MD5
6f2a47c564a26f4fbdb9e2a7f18cb38e

SHA1
14dc2bb895ec47e033d3a9fe1e387132d40d7c39

SHA256
ac4fab5d6db0555df253288cc679ef10920870d80d1972438d1669fb7cdb7012

SHA512
ab63ebfc37203e31109910d745ad6c870707069217c797ebc8f747c584696b2c754933a79e23f043f57920b6cba8c86e8a0f85b87d146716ae3759d72df45e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
2e0815df5f24972615e0852ac5b9186e

SHA1
42259647728d354c9613b1c5d1539f11597b7bc4

SHA256
867deabecd968e035c8ac85198c1543ba0c4f73f0cfd3b228d42f9ea83aac9b0

SHA512
0ad216b8f5de168bb763cc3425538a63e977ab8d1c38c81db0b2647f1b12b1dfa23cc4407cbf8a42f87d6864fc1d5791d4c234fc271ae3ee6365b3eebecf33c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9429c660315ec71b51a149257f945d1a

SHA1
6b0171e126face345f36b7f38b8720fa565c50e7

SHA256
6e8df397d9a9b892d6afba2f0db0def7455e84b50bc706bd4f0df46b60fcb4df

SHA512
880f46014921e929eb27160dd75fd435837940843ab80156a97c3dd3de601cabb7b77c4f178cfdabb76aee6e3b9d37983b9bd82cc879e209ebc08113f3997efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
afc95d3f096b3b4a1ef42a3aa3a29d49

SHA1
f23aafd10a4ad29627c5bd6b08c2d89914bf23ee

SHA256
a88f68890143c045aa7f8e137dfc89c618c558d3735e0d116693b3501532ab60

SHA512
325aa1e373507150de9ec94f1079db27b502e0d72158242484b009d59a98ca83ad4facce31320b5877b13aef204a8926609850cec789666ffdb0d6f0b0002a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1bd37788e10c5ee9806e8adfbec60b31

SHA1
d0b2b7244e7bbeabd3d59d968583d6c04d11bd72

SHA256
253e6dd5d5e992a79e7bf5ebafe811d8d2b832b96b8a5ceafb100b4c19efecf5

SHA512
a5f342b8dd5e94502d08e6ba2b5707a5b56c69b4995caf0cae7f9e38b251392ce5d965b6d3eebe44b724e98a6a265ec029dbb9bce9553f37d473a095b940dcc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9486960ebdae0bece7aacf313042012

SHA1
933b56d1a98167e1e73fadac6e6d32c7eb7e4750

SHA256
0fdde9c802ac3ab89e7a2c74888aff1df92de8b20daedecde64271f220a0e2c8

SHA512
9786a00527f8f875e41b38cbf8c20e65aeaa8bb322b9cdb0be9dd49d22ba1f70be324bb4f44fc707c6e217a9750852830aedbe9b657276ad1e0b20675df56f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f85f9ff251c08163cdf555e3c590d1e5

SHA1
e496a95592495a8274d9d75f9f5a60b3724c3298

SHA256
ff5e5605bef0947cd97cbe01e7f9c8ab21960e52dd5b2bc6b97f16b10eca7589

SHA512
6300211e27ac81d3d179c022732a9cf05a91a78c2adb13ad63f48a76c445b252ddddb147a3188c7ec30593cce5be5dd0bb2425bc33015b8e2b4065813a72456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
55d93eaa4cfdfb528b7ef657aa0a1f02

SHA1
351d28a27f0cadae18ff21d8460650945de85173

SHA256
a442a4c78b74583d70e06776ef5ce15032490d4ee169e89ccf5fd7701379db0f

SHA512
771d94c6936aedb6f889f247f74f9734ed2f0172d04af8cfec24300e4624b0d20ab2b7abf8c2d355438c510c9f6f7f5446458c66af0df946e90ad055cca8907f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3bbae54ce860455dbfc7b09c9f32f0fb

SHA1
ab6f138d301b1797257d4e7d3c09142a60de8ceb

SHA256
3cead4ac8734ef58c98efb68e9825859c4855b8a8653d36a8f4a7f2de3509d13

SHA512
9f7f816fcc4b2115ad441d02b6fb906ec1462967ce44b216f575f5aff7a32a15da75513e5d29bf3b93fe00725d9c34d38597fa53a7217430722993d0a21d3192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5513ab3de7a96938f547460a006f3317

SHA1
4cfbe12fb1af06b1cb95ee2bfd9c8c750dc1802a

SHA256
c0c22dd5617fe34fdf2008b6d66223b736887d0d20b52f630d7de00edfecf15e

SHA512
07d738a33f9d120a4bd96d45e8a049c0b4b0743277936088438ff94ec50b73547da588ec9f821315066d6d926ff0cc09d5d89ff0ea1456d3794e1d93c9209820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc98d244c181017169786d38cefb6d40

SHA1
c703760d637d7b83cfb78cab60038283b525c7e5

SHA256
c82ba6305aafbcf4427ab814c9bf9d9de76f8ee4f75585b22db153cf724c7fa8

SHA512
aecc5e313eacfa564885682712a8fd2a6d4c520cf58f7504db2d374b96e3239479e816016d41c825f30bd57b0b0ce2988464e00341524a2c7fc71d4f71ddf8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580328.TMP

Filesize
707B

MD5
be475309a94c653d8d6e391b010d83d3

SHA1
27871e570bf17629ac32064d63af6bdf86d2b642

SHA256
8dc6cd4fe58cd274d30308af0eefca32c38bc5aa4dffa662e108cadaaaad3053

SHA512
18b477a57363e1d005a31ceb0222d5cccfac0e4238a32dff5be9b72fcc806d1597971b96abc8a36b13bfada4b427b7ebeef5523ec87ec15c7b38e49eae190cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ef01588aaa7375eb18eafe702a646e1e

SHA1
a13df56a8953e3bdc2163644530dedfb445fe259

SHA256
66d94396a73c0c51a1d61e7de56fe8b21c6c82f5c5bab6063d7d95b1a0022794

SHA512
06c6d7efae466929c4ddd567e835ced5db0bd4a39ee445c1d5ec06a45adea17cf445f271b16de04361a9c0c4e7bbb1f387db05fea5b82c71117608a7ef928400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
b7a752f34a0317a8fb279c2e00b5ff99

SHA1
536c8f13f3220ede35437d28f69e922a88a6e73c

SHA256
ea120594b64e75355ed153476ee348b39fc61d0e3ca875205a36aace4b383702

SHA512
bb4dd7955665c7b8c93b51c2f36968d9c5a3f670736bde745a76a83318aa627a013250db61f485ce066fb782823c606c664badba98086f93f8aa25084a424b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b902b793-4543-45a6-af11-09426ead5829.tmp

Filesize
1KB

MD5
2b96fff10d78b1034160d12aea9c9de2

SHA1
d0d59b6ad0f25c3c8ed2eb8b9863e0c77b57cbf7

SHA256
c2e9b85ab45ff99f4f7c0670ec098d6ac6496f93452570f8b674e1109bb40d00

SHA512
4b710ad00b03b2c2801c205cb13ea1bb6f720fc3ce876afd8cdd3fe1ae9dc0001b407c5c15fd9e5524f22c96614ab8c4bad31ff52b2589001367e35c840ae2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52b8e618eb155d95acf50d6c073eda82

SHA1
4f1c6b52aa1ce4e7a36868b908e10bdf1b2a23a5

SHA256
44341434a4f408c81f5f766a9666888c10502af2fb925c66233d673a5b08221f

SHA512
a9a63125ebbf2a8dc04782a1311cd4bb88a187f86109ff7e90ea364efc7eab6292478d9bb3fe1fe4f05c2c0d1f63aae2e38c757c991a6a7f445fbcb01622a469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae7e383ad7047d2901ef8e20a9f9c312

SHA1
1809d840e62f6cec2420b40ab68af88d87dd54fd

SHA256
ba05b8f8df1682de0d7526b31a3d4cc5f65137518384989cc7b74b7a8d9db8c7

SHA512
49e216f9e66ad09ba52595e7e32625465361f10ecf0330b907b39d4ed3500e4c22fab13db50fba3b041da05d0748e48ee7538a3e651aa46d2618ace8854767c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e2de1857cd09bd1df45513a6df7f7ea3

SHA1
59c3d7f222d17db9d4ad6120c3cd6fda3ea5ba32

SHA256
184092ebd30cffef2e26827a8e428478f5f573ed9f751d53a431c9189e24043c

SHA512
9ec4a6b2518c22da7f657df61647f96a8ee7367ea49d9b01dfd19ae57a819abba963b77d1f4f0e053f4e2e7a03ac5fb5cb43213d8148747d5f8385c30960eb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
7313f9ec684e8665439af5302de9108e

SHA1
e3d6c40dd4ee94a738f79ccd578026dd35672ca9

SHA256
b195a16c0be45a0e02dcf14785ca41a88d0f0e8d406664dd4f0afd68efc2e3de

SHA512
771b3980adef3d6002c941de076c9b515bf1a9326e89c9c282fa9881b25ea7e55b4d9c2453d9b77d1d8f80df6b585c1797d81a4936e1056aabdc20c39170db4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
6a58ae6f6c2dae813ff6ffe127cb7eba

SHA1
0e13f1b915f36858455efc8f5bea9c64787100bb

SHA256
e4d689d4674b99a3dcc75ae0b30737d36f7e86b78ea86998fc69b495c4c138de

SHA512
1a3af2ffd2307e5eb7cac814d462ffa6c578895763d320004e1feceb92e5f4f3c563afbba2f1af913d89069e204e0b422b30497702469dd6ddde7a5267ab6eec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
85bbae8d5b102b6e8fc26f1a878b2d40

SHA1
74aafc2e712543fe1648d06a72218e4d094849ab

SHA256
9e212ad8a76b740f9aaa8773a95b8cd18d39f13a8620ddd9af23c1905ab63a44

SHA512
46ce7f1f9a35c11f462fd3b4e1767c30d1ba1c5e7182041b13d3672e19af7d9f1db986cd7fd2d9364252bab2def07dd02b025992fdc8b70a51d3bd961ec85b74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c3cd393eefb4f8a50d92d83ab52b3692

SHA1
26f14e6b5d43ef35e20a78c97e5c6c43b1a9ad1b

SHA256
82aaaeedc99acdd26e0aba8dbcf51ee2a71837a094d8d74f1f0c0328882fea63

SHA512
d8c9e3003c38e5da3d2b457bf87aab1fbdbe1fcd0f24347dcdda54adbba0193fb05fd5918852f54db68b4dbe01f5b82f387d060880f92cf494a773dc3e56536b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5e63a2e5cb5b59abb0df18d42091cf68

SHA1
b07488e73b46355199604f4e80f61f5f996a8662

SHA256
25a08cda8b050d91390355e061e558002a88034bfccf0ef448871b9cd0b50252

SHA512
7149b9dd64710ab17541acfae1c3305181a4bb104930e959abfafb21427f1ebfb72b2d798dd96a596e43bc9b012e11f9cdb1daca2c59755fcc6eed02b562faa5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ca7ee6d17081d831aec7f2b3659e9dc6

SHA1
86e16cae82acab2a7e5484a1a38daaf46690360d

SHA256
bbbc4f9b15d565d3edea8ada04d71eabb586a3d0efd610aee666a7bab3aba349

SHA512
7d3312121f95ede733304b7068135e433d14e66f16753db48323df9382c4bda6989f592b31ad2178464cd418f4ae1228d293afd2d940ea3366674da43c4f92a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
682d4704e20eaf491c93a8c596eec5cf

SHA1
824c67ab63f1b86dedc2405d6a00a8edf966e333

SHA256
6abc4e38896b4a060888cfd5627887ccf674807a6382565880ff745a295a44a6

SHA512
f452c62dc90e0e1f40f59c6762776a5602ad4c15b41ade7d528e9ece150f58209037e58384565fdbc6ad5280710508aed172885d93f98fdf585baa6eda0b904a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
6KB

MD5
a09eee2fa1ef9b4432ba677460bcd65e

SHA1
f49a5aeb1e8cab987f113938af6e3e13f7ffafe7

SHA256
01ff9023960214b8f43fad823af98ef0f8e930beaab49d3da496637ae7e9e38c

SHA512
2ad4c39f9ce16a7d45d6635c87b803d299e73b84771fb37ed7c871c8d76ce092cb2b2f797c1585c1832acc318ae21a5f834f38cf7dc70b85d4f082d389afdc5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a9cab1f22f83b6b722c6bc051dc86dd4

SHA1
b8e53d1d717273b5a08ba8560b37d55b0fe03716

SHA256
a6e066727a020930bd5cef138bb78f3e643165a402e9182d6520e87955d09e46

SHA512
98324782965c626b7a8a203a191afa454739c5b70e8a6e5aad72ef21e978b3debb8d0883f95e15f9a2f6dbf7f8a3cee64e7e9bb2ee615105f26ba545f2e1e383

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\2615b3f9-75dd-402a-8cb4-f42cdf1e0205

Filesize
26KB

MD5
0a20e095b35ddd47f258be601d448cdb

SHA1
52a3f5765cde1f6f7ce128e3d297b07df91e44bb

SHA256
059b0df5ae50cb482231a30d2417a52a6a7ed919f55a267cb4f1db128f866ecd

SHA512
c009338150bf48cab64f2d4ba44a59f177e6795ae8e4231af0dea14bc1bd0c0da182db638a105cfbd42abc34f31cb85857c10d7d523381800298887841cd086e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\82d25b38-ce7b-4ff2-b4cd-8b06fd04e0de

Filesize
982B

MD5
4040f01cd5141dc407da134b922634a8

SHA1
8a41d017b9deda352e1554afb219c773f7559218

SHA256
2299794e4cc622b9423f06918c7815a45277a0d32c5e5a734537a2680844939d

SHA512
2528141eb85c72039e444bbc8055471f65ab5644589a5ab1419290ee2e2e8c9a6f51abc58390f9da6dbda88644a5ba2e4e1c6697b14693861cde224e1f199f57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\cc6243f4-1189-4452-b93d-bf62f50e7364

Filesize
671B

MD5
5d2981b1fb6373a5e8c329396e23dcdd

SHA1
0e6a6138bf176d7022ccdd3b524fcd48b1390bc7

SHA256
5ee609ae017df1f65cc91bac652d647788ace28840cd71dca0f2a4fa39526817

SHA512
0cb5eb38a6b064cea1b66ad8a3293613a8528b8ccd0ebfd4917e81c9a270c763bd4ec2618115f4bbfe51c0245c864cb3359b15a5884c025fa990a0bd5fe9d20b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
10KB

MD5
466922a33ba9ce2750281f9968519135

SHA1
5886f7af4d5b8cf00b0ae6e6fbbcbfcbbfe41c6a

SHA256
ebc960a3cf636d18846c00dee0fe2bece991676f28cfa2ca2460b8655035f999

SHA512
69b87abd2c71d30b3d5fb9a032edccc1e4ee2a64a142ab734c9055d2a4c748bb31edd076a148c240538096992b3b1ca4c37eb0b656f76e4559b70c248ed78486

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
675d6c9cb92ce9840509c6093a18075c

SHA1
446d1b6b91e62d9716b7338dfa3d04b774f96f6f

SHA256
76e610059b160e05dd81b770c62264830aeee7912c23bdc024253d042a0faa08

SHA512
7ce18a6bd2054b406740130ad330803c6d6de16ce9cd4591e297ed690dd60a1528a1b0f756b87ab4ae780ccc372ca665b174343b916e73251e78a76018b53688

Download Submit
\??\pipe\LOCAL\crashpad_2764_EUUWQHIETUIPUAQL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2516-1665-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1663-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1662-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1658-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1657-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1656-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1664-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1668-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1667-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/2516-1666-0x0000017A3CB30000-0x0000017A3CB31000-memory.dmp

Filesize
4KB

Download
memory/4676-1556-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1554-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1555-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1587-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1588-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1590-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1589-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1560-0x00007FFE49A50000-0x00007FFE49A60000-memory.dmp

Filesize
64KB

Download
memory/4676-1559-0x00007FFE49A50000-0x00007FFE49A60000-memory.dmp

Filesize
64KB

Download
memory/4676-1557-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download
memory/4676-1558-0x00007FFE4BCB0000-0x00007FFE4BCC0000-memory.dmp

Filesize
64KB

Download