d85c39e9de837871cc385785a08282e8fc3f4a84e8f66b17cda5776b7d9b8d0e

Resubmissions

18/01/2025, 17:35

250118-v583bayqev 8

18/01/2025, 17:32

250118-v4knbszqdn 5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2025, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cs2-free-cheat-tutorial-download.html
Size

29KB
MD5

12110ca12b30ade16d4b48b372b4bc37
SHA1

9001411405190a7dd2f88a46973699c93342b951
SHA256

d85c39e9de837871cc385785a08282e8fc3f4a84e8f66b17cda5776b7d9b8d0e
SHA512

2e93cbbe3948a37f1459ccc18fdf885d43ec8b270f24c3af8a392f7ba6d56172e5b29d87c66c7740e148c71aebf0c079bb6ae00ea7434fb6e95ffb7745c37c13
SSDEEP

384:c0+6GOwNvmMc84Kt+6H+X3KoGJoTgzCEgA+ay1YSYKsK6vnLGDwMK2xBMG3jtOhq:nVGHdQ6H+D++ay9wMDYcdnMsMm

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{B9EEB36A-504A-401D-AC9A-0978DBA05A3D}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
4384	msedge.exe
4384	msedge.exe
1604	identity_helper.exe
1604	identity_helper.exe
2436	msedge.exe
5044	msedge.exe
5044	msedge.exe
5004	msedge.exe
5004	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1648	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 4964	4384	msedge.exe	83
PID 4384 wrote to memory of 4964	4384	msedge.exe	83
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2136	4384	msedge.exe	84
PID 4384 wrote to memory of 2212	4384	msedge.exe	85
PID 4384 wrote to memory of 2212	4384	msedge.exe	85
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86
PID 4384 wrote to memory of 4280	4384	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\cs2-free-cheat-tutorial-download.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa470446f8,0x7ffa47044708,0x7ffa47044718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1272 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5420294479302304993,14642530095266781518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4 0x3bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2888

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\undetek-v8.9.1\undetek-v8.9.1\Install Guide.txt
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
29KB

MD5
6389b56bdd5e3784bd09a4947fa96b2c

SHA1
7df066a6b01f6fb6d64fee0a71c6d9e11e989def

SHA256
f288560e9f8aa612aaf634ad0884d9d66484d7359cf13c14d0cc51d983f7ace0

SHA512
7f877bef7eccbad0e217f1924dc694e0e254e47dc3c2b6d66c53d7bbdf09161aaa572cc9d5de276dc22bd5d1df9f8ab78e0e32f1c128b2d751267c57dc18266f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d15a5a60327977c4e455c1e7681333fa

SHA1
5c534090e009cf4a7fb4b7ff8b264673143daa15

SHA256
96d58c7df93fbce8af2cb725185446cac2a117b94c65dd671e42428566c7a5ff

SHA512
8f6f27c2645b19102a0e8a398557d2dfcf417d86e6d09051b89d3904732db3bf2a37195970f9ecc5b989984e222f191c1d91adc568790b55ce9e9a6f406ae57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cea0b922f5f3f9e02dc00c9247bfd5d8

SHA1
04d06e7690b870a4a702741fa67a4ae93c7dc7ed

SHA256
6712fef24e997eacc9ed6b2b5bce81547504d34946d65d53916a35fe4828cb87

SHA512
c036765666b95d53265917ee7be57f18f65b196c698c035535baa9dee024b18988985a64ccd044a816564428c7e78c3a372367c118fe071fdc6c6f55daef92d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
984b33297ad74e47f1776e3550b8191f

SHA1
6f80373f306870d35beeffe823d50c7a68c51bf4

SHA256
37a47c4b57f417bfd21a45ebebe3b8ff88ed19d6f8a85fe197e66329c2a22d4a

SHA512
419f341d72ab2fa09c6fe5cbea901673cc4118ba1d4c5841a230611926d37114df129ce2d06708b0fc64b33c901e47b6d21db5320ed57f925d5b169296385809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b47824a1e3d14efe1c81ce51b5e74553

SHA1
93e05b637758c08fbfa657cad586a04a341032cb

SHA256
a265f677c5a68cbd8f64363fb034ac2c00c8cfda9f5365e2411cc63d3fb40520

SHA512
fedd3ab9607ac311c138cdba0e207023e7bba48acba3668f86722e58daaa1fe0ddf6d56145e893b36a1926afc080e1b14ed3f7afb5cdd37b083cf7f3e6a76ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a8c239e1440da03b6248d1859cbff0e1

SHA1
be52c01d10963b320b536f14de72ba94665ca3da

SHA256
bd4f29031ab177c22d749345f0e6677ac194d92a1c0bcf987e64d5899355a752

SHA512
b2b67c8dfb8359d0ad473e3dd482e90b47a92abaaa2815fd9bbfd63887823c9bf0dc5f6c1f15d28e60ee36c78b4fb25501dc441eacb9b43a0fb2e189c1328d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9daeb5c8664b4639539531c31cf68451

SHA1
f921576d927dd69c65ead277234bc1643c533bdc

SHA256
b357aae182fac850bb8f52223d49ee533fcb35247da2d03e61953579b274f20b

SHA512
b7d2db75681fe072c6af9ada485dcd81b2131c5917aec8cbadc4d53e221fb078caf780b9a32c70104c58899af23ee8a22e6f7e674081b1019feef30b1560028c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc32c44569d8ae55ef45ce8a94e9a731

SHA1
afcc0d5a30e6ca89b3ad0247af83e578e891c9a4

SHA256
de81677905dac5609acfaa9a51e8ac3cb3a0ef187c6ed0c7516c8faef18a901c

SHA512
f0d2d8aac75e220aae261ae92ef5a6c3d6c060c7559310c7ebb4e2a646bbc2644ba5a47be1b13c995487bdd69726f75c3468dfe7ebfbf8186daf5be5c5b45284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8c45d42d4ef79c86c3119e9dcc7c6d5

SHA1
a7929bffc8e233549b7a300e90a3ef18bd6c16e5

SHA256
e6d77f5b2693aa395a24b1f075485d9538ad9c763b99fbcdcbffcbd526d0764e

SHA512
ea1bb58460f4c289b25a631d8bd5e627e7e99301137371688627b5ee84c01b3e4dbd1cd86ee2de8eb499f9016a1cc084f0b2adac6f1b7308f26b675b3e064db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6b206301afec5aa6d6f218876d6ab0c

SHA1
cfbda47a1e6cdba61ef02ebfe087608db2fec595

SHA256
f1122aef3d0c07f99414bf1d3a0a0489d0222b27c6315c1b8c4689d9df1316c8

SHA512
f698449ca360f43e9d4045e173590991d5ecd520f0b7cdff3d61fffd2c30690a59fc096c5d9e7822905b780377489550720496ed4fd6dd9a84e956a01a3d33d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d711fe8187c2e33ea62c01095a0a99ba

SHA1
3b7cf663418d04a3cac7020ee344d587099ff399

SHA256
6bffcc4831e4cad8bc98001a1940a57d673cb05d23c2738ae3e1ce16a0e807c0

SHA512
6a633bcb4731381428ecd3ad5bc18f680393da85605713465aa671cfed647ee4ddcd6cf594ef73cf9a014c047d5cb64450da977deb31fd79fda121bdd170f02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da15af8b9f5c6d8bd55895545c7c588f

SHA1
90471f9fa1f9fc38aac3c7028eac6291b2079f8b

SHA256
e0363e39d0e25ef906bb65e6e9ed276deed5cdba4fb114c78cb23c5378e33d4d

SHA512
c7631ba69127f8cdff7ae12dd5c1c8bc167a0c957bb30e919d1e94f93db33a09317e969b9ff4d9275e377f2b8937095f256daac8445f0c6b28d2019d8d567963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8455000823fa2aaaf5511336dcfe5f4

SHA1
f9ba1e3fb7ae792a71129026b908971583a6567b

SHA256
8ee10dc75dfd507bb6ad13cdf08aa051ae8840efc339c306e1fef3fc96e735b0

SHA512
bc04464762773ab63bb5934b292c1c7027545157c2e2a9f134033d9b603518f207d1b6109ea802d9e47653c1607bc0691f979a466163a5cfad86e58da6954c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1744b8b594e9b940e5d0f7c2329b0ea8

SHA1
d2ba0efbf5156b819511650d7d31fd5af11ef191

SHA256
f8c5f794c2d057b76dd9c14c09b8a81a2f533a1dd662ff03233d0961d6dab6df

SHA512
5c7ca0aeb40fbc7e721305a78227e1ff04a5c727370c6349642ffdb613549b4d9a76e0119a638c47de64ce9951a482919305e872a8cda4ad7b7e6cc958187b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e663.TMP

Filesize
48B

MD5
66f93825eb34ecc93908e420b29fe575

SHA1
48a6558fe333c27565387decb033256ff5f24436

SHA256
b60959055d2b023d33a2317a5dde06d4299f61ee2cb640332b2fdd5258510d2b

SHA512
d48c97f7285ebb182b96972c3685658a38fc18acc463b12d9c9c9e29b45ea4c69f12f9e7ff65f580576e86c62d67179963d9e475246f3b8cb7e5c94318185a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
20af14bfc2cd2c0fe43cf1fe3d74e039

SHA1
5f3605fcf01ea50eba35424510e2c50e180016ac

SHA256
a369426db4358b6d205f10c55c04c6fe6824cf8a44d5dba857a8a3fce9bef2bc

SHA512
b0e0cdf937bf12da84279a59596e236d87db422d5c7dce08ada47a0e1a9e643219f17715c9c8312195b81b22e60a149efc07b5a14bab77e60ad3b9eb32831450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aacd8529b6039d5cb982ef15b5bde138

SHA1
8189c3613012a71d10f0528900e30a74d73c620f

SHA256
9ffd67b594b70e26511af7d9692fcb7e57b43bdd21f718715b6007efaa4c7b1c

SHA512
105c504f0e10b14ae3d7335d16685cbe5dae3d9be8e7177b54caa7e44acecd0ad7cd395361db14fe61935a089d76153baf370583b15efe083f5215366931d164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
693d6942920a6839cc1701f32a5c9b81

SHA1
be85e33f43bd56f411a9ef53839d27ec23b905cb

SHA256
23efb46812ebdacab61ff1f8efbf5ab2407e9fb5e39f0a69a1b403696ab5d0fe

SHA512
4d3095754d0110943e460a69aa25d48a7e45bd091342b376dd1f698cc2d9563678c55ea8e6c69652c0f4de204a10207f35ae28daa361d1531421c597f6b6abce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
050d353f516c551477a9b0484e44efe5

SHA1
04834e39121c61c96be462f854f54eb91435d062

SHA256
f2253ad6006ac136afe014ed552c616531260e1a71df068ea216898beb9d5623

SHA512
84509ee042c509daabc00defd190b9a7747b90babcc6f241c769c0f9ab561a29f411e89576e0ef593de3f7e4efc9aa79aae48fa0cb41b483b4757b528bf0da72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dff0.TMP

Filesize
204B

MD5
1ca068f8115cf7c6be1dd9c84856065f

SHA1
2d32a44c5274f40997afc4cd17a3a7dede155379

SHA256
8a6208832d71f2ada77171378786c2c8b43f52313cbc904c3373cc1e2647cb8c

SHA512
102ff4af2a3cf4194f84602f548b9152d084567365f959333a752c368d0332313da74ff56be36306b03e604c6b55476fcd792a0a7f8ab83c31fb2e27ba4d9560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
703eeb4d4a6a16a72c5f0b517da5da5b

SHA1
3ace288946535e65b3e16cf98f6fdc071d6464ec

SHA256
0810c1da5a441eb727b7c5cccf12a1d12798cde2e7091100aa8e0b6ff7ea0f9d

SHA512
aa3bd72554b4c1fa713e0cedda48905bc996048328ebcf86cff6ee92acf6f579199fe3fb2887d85ce5ab446bcf8d9e5d18d5053b6dc8236023058c6198f5fd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
450468bc4fe6c42e77c917177f6c5bab

SHA1
e9da7a4192202415c58f5da730fb0b869a5020a4

SHA256
f70e0395ea84525cb21637b941f4d175cbdbb0af8609aa6b36ff27acdf1d6c81

SHA512
87efbcf7d815ef66558283feb26ea9d600277ae439fc7f12b9fb650bdf597eb707aeeb3667a1e8f2a13d0eabc985339872b56e07bee287ba93e550ea4d265e5b

Download Submit