hxxps://steamrip[.]com/

Resubmissions

20-12-2024 03:02

241220-djg82ayjgn 5

20-12-2024 02:59

241220-dgwzeaxmhy 5

19-12-2024 23:41

241219-3plwvatkft 3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamrip.com/

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	248	https://megadb.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f4c62fdeeb3ef3b	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{91B03B6B-F32A-4CBF-8313-83AF885C9E79}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
704	msedge.exe
704	msedge.exe
3180	identity_helper.exe
3180	identity_helper.exe
1540	msedge.exe
1540	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe
704	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
704	msedge.exe
704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 2796	704	msedge.exe	83
PID 704 wrote to memory of 2796	704	msedge.exe	83
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 3840	704	msedge.exe	84
PID 704 wrote to memory of 1416	704	msedge.exe	85
PID 704 wrote to memory of 1416	704	msedge.exe	85
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86
PID 704 wrote to memory of 3656	704	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamrip.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbe0046f8,0x7ffcbe004708,0x7ffcbe004718
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9766067733222518879,13230853735306354282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
26KB

MD5
d944ff8fe668dd09051b1385fdf6e8bb

SHA1
9b70ecdd5ddab7ebbab12f4f9ed09e021149b903

SHA256
dd38c8841c39f10092231d7656b086cb699f8f2c711e8c46c9eb807420d9cdb3

SHA512
350a189861184419f8f9d8b14110e3b0e19aea0b23514c2a5475e4858a092e2d618a126038b8ac4cff67a144e556ae8c62807185c09f21229eb6de96785416f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
f7241c23ca46bbf176bf222d505e2f83

SHA1
015bb745796f38f9fa2d9d67ce0800109c9a473b

SHA256
57e640560e0ba0387365160c799f2cd4857390450df4ed7ea8071e50e6c7f6c5

SHA512
fcc8b7cf1687687e24fb7436d47b7474c4ac27bc3eae53f3f2c1da9a31c7cc2f191ee6a72b8ad533c23adff4c5ac2627b10dba39a9b0ef86ca9a4ac2acb56f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
30KB

MD5
8fc04f0a1a15bc42f5a832fd31f447a6

SHA1
1fdc1cbefb2a9bc601fb299241022d695b3013be

SHA256
8e5e82e50f588067cd159c159fc88735d4123d3ce180b0708d6e2535b048add8

SHA512
2e3d44c486d41ee24ae02e0dd8fd206b3f797885ca304d40777327d61ee494b3fa77ed1c7b8fae1a2df34120efab31fe63e2053ae44b8faa7b2976adeeb094a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
101KB

MD5
ce521b5cc234c749cd5cdc58797ce90a

SHA1
80996a7fc6dbfed391711c52b87d352fdbfc144b

SHA256
766c2e54c938c598a008f02df83b46959f7cd5747d4c9d4612574e91b8cdac50

SHA512
9818cb938fec640dce801b9de912bbf30dffde4afda9b4cc08e12aaa957ec5bc3b17f53db35fe55b25ac34792f1195cecc9072330a18de74741d06bb7d61641e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
165KB

MD5
f27a4ca3dddc8bfbda70c4763d5d63f4

SHA1
c0a6f74c2d715ca624a9af2ee919d0b647793ad8

SHA256
5d0d38e02666eec5e009a54d4db149cc0e84bb5ca11b2cdcfffe188ef09c5663

SHA512
e1b8cc01452024a37ecde0c6229770178a0a52882bce03eebf56e0a084be0b90d470c2d999ef0b04e3b0f4513d0659d346214540c968741b970826f45d23173f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
42KB

MD5
164be23d7264175ad016a13a0bcaf957

SHA1
c35ce3510b46a12a5ad3f73edc9ac18eb1e8018c

SHA256
4bb1ef87d7b93cb72976e936bca7f607d5dee5517dfa739fcf403a2cd130f6d7

SHA512
7dcfeb8007467dec38af535e1240cbd15e951735720e66e5887d7c69404edc2b2737fce054a369726b46b5a2038bc296b136615dc981d56cad7a8d674cb88aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cad861f2f46a805be9c26e3d05b572b9

SHA1
cc4f85b679f8939ec0cac1852b041db4102df4c6

SHA256
624da96a656af83e6cf84eca10a8c79311abefc055ddee1d41e3842986c4ad64

SHA512
73f9d2c2541c0341d816aa4f229901aaa66c130bab1f23b1c9715b6406306585a2885e45b43e602a53ce27cc64956043dc838cafaaeae590e9b81ee3650e50e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f88b6883eed34e9afaa944a00d93e9c4

SHA1
4f0afd53549b6c0489babcd90649ff7aadfb05a7

SHA256
da71c4ed8f6f57e81e2e9ac7c24857966d6126507b43106b828dd6d9fa4c7968

SHA512
e69b460c95b60f306657a87c9e7dc035fb76ea7beaf2d474452b2e7abad07c09d7276686dda700f80ff978e513cbda2e8eefb5a798b59dff10a41578399dcce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d5a877b2a3155ca5fd71f4c87c23bd52

SHA1
610fdfb1409421b8c8b0ed8266a2790f696eeef8

SHA256
cdf60352b457625b9b6d3e68f0ec138e29c7c2379b18de2560a6cac025c78c38

SHA512
5d7b51c1fb06654607f382641ddee08e9796e3a847cf70c83b72a77cd1271effd360c6f49e55434db681df073bf224caf59237903bc0c991f9b15478aada0e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4aff0502478289d8e3a466501d5d45ed

SHA1
6b25b3f3b8b60b0e5e9a75263a20b9ef73292553

SHA256
bb1ab27a7d7584eb7b48d9f7ef79b199f7504a2de137d208e7e4bc00aebef093

SHA512
cbc91af29d37bd6b64771cae5e20072242719b356eb1405a97a48cee0ecf5d278200a63f15f1de349409694f46a64b36d9ee0f8467fc18331c394f52e42df19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a6e794419a83b35a5ca058bd8b6c975

SHA1
a54707402d7832a6bce1dd163051312164576c7e

SHA256
5aa4364f2c60053c975bc9762e238d25828c3a2ed2a87a7241ed987a56c90cbb

SHA512
6707fd1839fd2234ad06b3ece6602c9e4e865421d12e11b1e67f2655ee67722b1e7749566877db0a3d1fa5f55d2e10f50a9d694ee249a1beb470f8a987cbefa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4ca6fb47139ed47a3ff01bb600008ee

SHA1
3eb09df0aa59ca37665ca2ea1d4dfe8c59d40954

SHA256
6b3f40faf237a38eecf358a8eaa87c76fb6d1d89c2fd5c33f95f7e20dda324ca

SHA512
e87a90bc61d6b707cac1fe6b9354e6682e24c3f8da4f01fd2ce1fefe50446d6a7af512a23536b40917a513aa470c0ea0c4fdd436498dcd16c345de099e84a107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0efc0740ffd11f216a469a8a2df03412

SHA1
0ca5a9f4fb75db98bb988b62d2077201e0e3b07d

SHA256
1a7da38015e54ec8555c4f0c27c9757a511b1c6c51de88dd716d932a32ccc406

SHA512
3d8113ca3c42a5d9e3b93df2150620f0caf29cae71cb07f870498b5a5902a91f3946637fba03b3cb48ab119f24181fbaaccdcbc6ab7fc7f3b90213dc4030aec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
09a3cab11f0a81e6c34e86c985d1da5e

SHA1
936fcc3981f899aa3df1ea2a0d39de7c78b91726

SHA256
4966a8a423cd3657840c44d93bcf9ab3cb1f54dc53825179a66bac90aad5753a

SHA512
2ecb45676d826d8220cdef71e49ad5639c69dfa9ee3ed8dc11f3907ae0844b4f238a57f59cdfccfdbe5e7670a1da809e821a45917d484557b37be9ee00639e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02253922b8ab379dda7b1f22e04e48e6

SHA1
fd09b27c9580238bf6e0d21407c38afdc0d194a7

SHA256
f61d48f6665354ac410bf9ce50f71e167ed26b8a107dbd3c4e77fed138d99dba

SHA512
e47e96c5a27fa2da8169ccee012a23b4551dee261aad9886c3e5927446cdfb94077636639749b7ba8eaa94fb9bbe5fcbeac91706028187d0e3fa88814a8b0250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54734f018f2250dbff4fc4993b60ad58

SHA1
0f74a967b58edc0bb36c77de9402dc8d1c7e95de

SHA256
b3deec7915bfcb217057e7a2314315d9f4bafa46a76be4deae03d9f12292274e

SHA512
716cd499f63790c4de7aac9d56c741ea17298b1f9cca948717a1f2b702004fe3d72d1602f771779cf948b87e389b83088c0ad6754500944fc114f3f0ec8e9e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c1d2797ab7be289a6783e4605ba8b82f

SHA1
4785d4f97bd94e47c5556d49e0fcc34da6359883

SHA256
eda7a7fedd33eff7615613f70a18ed7b80c6eac3f7b70e15d90589a23e5375ca

SHA512
4ee64c73355f2a842c578741fbd20a122ae3e10a9cf972bcd3709dda39a56d6bac4edcf036d035ca548f9d96941a235a3924ebb9b1b5e321610e66a809a5a6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fc138bc76b82fca1f292f8238e44aaae

SHA1
044cae9ba35e66ffbf59fc48c28c2dcb34c6d1d9

SHA256
10a22998c24e61c950e80458db1f9a67181b6fec1e5ea1bb6eff4e0787308b81

SHA512
57f73fe184ada608dc36790b33fddf2e73c42ef5a303fc33fa40bbe8900cce5e5e75294fdaf6fdca33fb599e41477813182151dc0b8fe513ab960d9c54669e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6aa197de7d11c2a3f299f85e704dcea

SHA1
3ec0fe261c7a4c71b98424585cf495f29354fb15

SHA256
c02e7daa8378859931c2e30578b54adb315175904ceeb367d1e2e887172432fa

SHA512
afbbecde1b59a5535dc6dd0a4d5b0407e06aca412bd1b54758a92aa1be73f6261baa56317cbd9040a0fb8ac374195922a2c67ab72e15784e1c6abaf20393ea19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df52b79d8a76dff3b6f947dc3a494533

SHA1
3eeab3c73e412ca1a3ca7651d7dd2f0b1e3f1bd7

SHA256
20557c43529958737e6bed81fde1d25bbce80e4a80c9c0ca7816e854426a7612

SHA512
df1dda373edeac547f8b6fe179aaaaf238e3302e5e5d8a74a4d1e9696ac3ebf758c22597f68debbe87eb1bf22854de7d3551dfe2ba7c4f5a8a47888f7f7a7d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
6KB

MD5
fbe4f911701acbf6039b6789b8a5a9da

SHA1
fe336bef37f7855203fb371f11c294e1e48e5f24

SHA256
43dfcbcf29d0ce08386481763154bf97d9e0370d648301394fd8174d8ef44f2b

SHA512
59fa1566b516cea954f0e9913537f797d325a2e965455c066d47c1f8c777b59d531269c617462e4c907d79bd2a6ae88adc38af28b046bea92e4a430ae86eeef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
15KB

MD5
a292f63a3400be94ffdb58fbb5987be6

SHA1
e1c7d1a207d7fad5e73ed04208f9f7b87e57dac8

SHA256
ba7ed23f624bea6dfe1db696726bf427888229d1d0eec9981aebcedabbc65068

SHA512
addd7b43aeefd59dfb4d628e542e4bb05af61d6d0928c9be56826e2bfb9bf69d268d4f9a886d1cec2d075463c0d8377f9f286da2124f2936cc451598bd30d89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
32KB

MD5
169b868ad3fba2a5043f8b220f0ba09c

SHA1
8f882dd2508dabf4f374cc8c23102b53b5daed5a

SHA256
c1b807532b1014d75998586bdab82e73999b9c33352936e22924624b23218304

SHA512
c7f06e73e1a3dd23a9d1ace1afb3af492f1ea6397cc3a7134b68cb063ec9976c2e3b53c34c395ac27347da45a9f61268d47bf772502984a342f15e2a357d29da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
6KB

MD5
d642225909506c2db2afb437203f321d

SHA1
74961524e5f37d30c789b546893496de9e7423c8

SHA256
9cca0f9663bf3e53a4a8805b9cd564c8a7408459d28427f8a81e73994fed440a

SHA512
a6ff6575ee220781f8a4743de45bbc8db62e461e3bbf6204a7b004465c97b044450868aa4264aa02929ef2d511b7d553069dc4d96f2e481d5d1314f0c095ae68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1

Filesize
22KB

MD5
37aee53462e41ec4fba7a1062eade8c9

SHA1
d183827044ced37a7c289b6afd54ccb8feb6ebda

SHA256
fb2a651f1a45fd55913caa07c5532c17026b01dacec9e2b0f221e895a4d4687e

SHA512
727750047937cff2a2d729605ae8c5fb734b5139d9e8c666785ebd2c6c9e424307f751a6f9cef75495e1b5da51b7710f54c704323401b665beb9faea3fca4911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0

Filesize
1KB

MD5
190432adb6ae2441977862f24f375225

SHA1
31263410cfe67ca3018f6eae4cee65ac6b286d15

SHA256
2e73d0668e3f99f6780918c23e32ff33aabcb0fb6676d001ba8502047490af44

SHA512
41fa46bf67f9385bce637e35ab17535b9146918b5ee84b54aac5c0f52d2b6b5d0b5f5418a42aa9f054933db0ab0011c1c1b3e677e62f227f466e96c80a6ccc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
5KB

MD5
c4ed82c73094cad10bab03d53a3af003

SHA1
1f95d4bf7c7a15717e1c2b3d825dcabb43e96762

SHA256
0f6407957cec6086868cb8229a26d9d94ae32cb6f95939142371d1fbd3f643cc

SHA512
91ef30031423483ac22e48663d32d1a45cd0685a9c1538ab270468c9ea5af32d6cbad4e61bc509158800041cff593f73cc9c8816bfb74c146cc4286af42eb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
13KB

MD5
71f4dce7b01c35a8bd30eb4fded08dfe

SHA1
8e5285b7416b85e21eaa7efb1ba032969c5bf104

SHA256
9da852c1cec460fad13083cb3b5f1b93fa2943b54bb5c8376a3ea5e1ad8b2340

SHA512
867b1ec0c7b02b5e67ae0bb5e14b5c90a3669bc193c3a9d545d0fdda5a3478203c7f9125da4977e2daaaa161c1bbd69258aae0f6c9f0a0bbc2a2e5cb982938f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
2KB

MD5
98ab69bbb8a331afb51f819401fbb9dc

SHA1
e72a081ac0c8bd7de1cb22be443790789c6eca3f

SHA256
16dc811bd86b224d7b3324b289641f3acd04d0bd4f6f8ff9d6bbbf3da4e7dbb4

SHA512
58ff36868bec641f75db851b7c82918089501a02ddf2b2873eb71e567e528772bbcfd732cd6b5077fd75b554f27fa2fe95223db712ddf1723327b71799ae608f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
3KB

MD5
16161fa952c3a564d2f1edcd1f363a45

SHA1
49e3054fe0e58eb0286c38121999791457c06c0c

SHA256
7d900d2dba9060dc3e35596c214101c7706cd31ec393d985611e605753431ef2

SHA512
dfed84108be2aee9db4279d3632cb332f2e40ccfbcd6b9f9be4f02ed4fedca44a30c2033edbfcd567eaa17b3d7d615f109e1042f598ee6105885c09e6f1a8cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
3KB

MD5
54575b5a709d6d3b3f33300ee5c1bb2a

SHA1
f9ac3999c828a3d517aada4218441a8f989d4f8b

SHA256
10b752a1107ff5df156573cff942e9e4416db33d3f7b41e39b2bffa26ed2ad27

SHA512
5b654946deed558ea5f53cb2b79c5fe5007bb11e921e9572e8042451b6c97ba14926f03e81da55d6186b7a5e68c0251b49b652448a345f37c219bfa17cc7e423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_1

Filesize
10KB

MD5
00a38e5a963f2cc00267f4821f2da777

SHA1
c248f5442071751e0fa23650e46b4e1bd57a9f9e

SHA256
754ec371a293b31ad8d6368749d6fcad19942d42649afb1a0dbd2f87f31aa30e

SHA512
36100098ebd0b812541c64edb1955f37fd7a723d9c25399c54edd317f2ca42882c38a3d7b5d09041f47a4bd9968b3ce7182899a498210272e05f11de6af8e849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
bf154808f630992e598000f48ebdaf8e

SHA1
296b3d87b6665c5d9f686488261f59a08efc2d53

SHA256
a4403453152d13c190111d13c78a1d76b3cdfdbbb34bb04b16b14c98d26cc69f

SHA512
3e09a1e6169e92230c2bf9e3c8bdba1fbef333d6bf8ef057c461384494daa11d0805515bae07bbafffe147ca2dd2929c6158e8a8858bca3d6d094018a65c90da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ee67.TMP

Filesize
48B

MD5
55ae5bd103383e953946e92effe9b513

SHA1
cddf2b5dac82deaa357fff34ab802ac7d2287abd

SHA256
6567f22c0af3f5083a819f3c1585698712bc1ae137d4350045ba0092073bebb3

SHA512
e678323535ddb960af6968e58f3d0a5c699aeebf143e9f010ab0963fc80111d0aab0986654f8b8e46bc240ca88008e8895d11f0a98fa1212623b95a7714e2343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5d81580a3a4da4965c1aa220a9e6d9e0

SHA1
f065a957546628690de020780d7ba17da2fc8342

SHA256
984c0e22cc911777fd3725dd509d3c136479181a2d71aaa4893d2d9fc9e99201

SHA512
73a856e8c1540df6307a9ebe7a63533bf8442a8cce0a91939134bb9ff68594446e4f35e7b881293c95bf8d1654b222da4a9be6c247a7188f6fbb36a87c6ccda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9220c4f5eb3a10e1d969a2cf2455cc25

SHA1
05dc696c37f35078f9eb651bb343639b03ef9ff3

SHA256
13264180ce5c717de1a2b0cc485cab7f1ac8b12857b0d7ca1f6e58ac7d052046

SHA512
f6669b259697962b0989a082a2a1294686242b6acb003c1ee15d81458964db1e3a77dbb3e3d8bd7237f5fefb39005d6c1402b3d70a614cf580d0b746b0df0b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eac41de089f1daf63c0ffed7462f52a2

SHA1
16d537e75900002817191004f7cc5436666a1ba5

SHA256
e39e98f85f9335703cd834175ed894eba569726eaa4a2afed3eb9397316c068b

SHA512
98d7aab74d4aa95187088cc520b344e8443c0ffda11fe2cdd39e4ad9b3d979fdf96c92719e3900f610bf3ef46a1fe10cf56d25bd375999841e52acec5fb28df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6a6b247313a4df4a562cbb1eb2cecb44

SHA1
686e67795a9ac20f34f82f27a258bebb8cca9f2a

SHA256
19798bbb100cb991ebc47d107d544cf1579916673d66f210ccf6fd6edc90f648

SHA512
875f217732d30275e4599b8dfa6635539b3ffacf6b05c4a457d8d181245b5e36a4d9d71215fde251919dd0fee64bb562d6dda035acf57504062db8269baf5a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b16fb9e7417d8270fd8bfaa1e9b8f188

SHA1
222800c201ae0ca9fef427086972026d07d10e60

SHA256
d45bcd2c5896797152bf3bdfca53fd45b416d945d97d68e5cdab8d53b65f5d4f

SHA512
5253b22a1e2dee05ac328bf1110f2769e7a319b67f847eacc5bd68f562fa2491f3134493586a6cfae10eab80f88f977f4fef447588fe8d4fb6301153c00893ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b668e2f9342ba19d50750415d7083fd

SHA1
1914585ece093e55c9db943e1be299437acb4f60

SHA256
93cc29ab5dddebfed3859fc0c9e3d970fba53a5a71edaf1aed22189d166eb566

SHA512
c0ce27839c232f721bd6f52db6b28d2ad8b2c7278b5b6a3d965cbcf687a67a269e7cf732a448ecb49173d4e4246edcc1219b7ace67d4a3e58a209710efdf07c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6a46a63c7629d31c1565204a37194b43

SHA1
a314b60f5de7113f079c443e0c062ccb76b5fc55

SHA256
fee018fe1c1cdb1b619ba579c7fc11c325e1b18117a587d7224478f47b4c7c72

SHA512
83b9b9c2fe6968bcc9c28703c96c07b7d7b0a5e9994a12b8c12c1b1186608ecc8aead15764360a7f96078d1a6db457ea8234f1b4d17bac53b947ad826f8a2f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ba349712c4f4346018da69eb0916dd5

SHA1
37f95186a571b70414149a46b71bfe10d4e36431

SHA256
59a2a8089aa388f1e3dc07443be867fbdf0bc00a5a38b8edb42dcc95faa20541

SHA512
b41d7a044387a07f2709a6f3c3ccc50b7ca55dbc5d561efb36632459be6084ec16665aa9793e9ff25fc8533ea0ccc340e217be593bea88e3e6b0de67b8c20954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c15c.TMP

Filesize
1KB

MD5
6b42d432ab8a22cb5b94c6fc1594cb0c

SHA1
622cd3346a69d6e5bae6f831917a27650b6b727d

SHA256
3d8abebfd50785d2fbc5ae2171dbf2e27dc18317f90b9a0bf72ca99f84b0feda

SHA512
cecacda0533cc436b562c4101730b942a13bf63b673fcbb30f4fb78a2d612226ae9b5df6c910c75ad0d2c6a055802271146b537c9a7d698ea1b22c33b5efff5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5df047a433c249bf5a2af2b7062a5709

SHA1
501af1b30b7219ae0f71281c6c21d32c0fbe8dae

SHA256
6e2b798391bbe4cf7587c94a2bfe7c1252d751e0e8c6fe05da38ed0cef10106e

SHA512
64e6a1b728c89bb5944801d74b1d3c6dd8ed184afa5da1b72671f141d697211db56e874f11f4cb92941fadef23b09ed0beb8c484af8b6d804c2f8e711ff5b05e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit