104d0facdcfe410bae7a9fd835c8f7324782316fa74f9c01059eff13d9834df7

Resubmissions

24-01-2025 14:59

250124-scx38stnfs 8

24-01-2025 14:56

24-01-2025 14:53

24-01-2025 14:50

24-01-2025 14:47

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

README.txt
Size

124B
MD5

3b4bb14e17a60137e3e93c7adac41bcb
SHA1

de09ed28df13d9325e816d0c656582a929077876
SHA256

bde691c014e6a2527d5ef783d065edf14bcfe83b20c1ff97c22d280633b5287e
SHA512

ec76f39b6ab4c6f822a1777c78212d659d86760458da9f050fba48bef12cba054573f25fc96278b49cdb163bed41a157123c01d3897226584cd1b57a653dfb50

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
412	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2716	msedge.exe
2716	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2468	2716	msedge.exe	95
PID 2716 wrote to memory of 2468	2716	msedge.exe	95
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 4448	2716	msedge.exe	96
PID 2716 wrote to memory of 2508	2716	msedge.exe	97
PID 2716 wrote to memory of 2508	2716	msedge.exe	97
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98
PID 2716 wrote to memory of 3764	2716	msedge.exe	98

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9da0b46f8,0x7ff9da0b4708,0x7ff9da0b4718
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,589852225019958305,9346425486910525068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ba1c73d-3a59-41b4-99a8-1eb07ee4f873.tmp

Filesize
5KB

MD5
d9957cfb0e1bf2a44757b03a65193b9c

SHA1
14c75f2747d05cccbde79d992ba65e6d2eb121c7

SHA256
af691de915087d73174b3f3ad97f004560e4209a7c9ff8515111d860360dfbe7

SHA512
f6bc65e4876f47686bf4a8b4c7b295e30ba9a5fad25c5287adf72cb8c5b99e8fa0cc9e645dfda432b4990cf407ffaca4d2e2c9367b2dd0c631b8ed832f4bd115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
4c0e50267e16196f98c0817785a8c125

SHA1
23064de7af9d53d06a82fcfb4cb107731127c437

SHA256
5e5dd8d3d067b5a50d9284de24e90b9538b96938d56b024074ef602ae7d83584

SHA512
86ca6e9de22af6d21ac57a3775cdb4a287ee39c1cf656d9dffca64ed09f13dd54c30f324e2ee322014272d504e5a4c09297ba8b75a742f4ee67e314c80021e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
0289d2ca2b93affa4e38424e137799d3

SHA1
82a4775b9fb386f9705cf1f917149afe690623e5

SHA256
2049fbaf83f6baea7539ba2b3693240013269c4b8d4926e727b8464a8f9d953f

SHA512
9b5021df6ad1a73ae42a31a01aba7bbabffc56acab4e96e480fdec126ed19b148406b41c09c67ac9a165d6d25ed70bfff279f23f1d21c01a8afa8e7e63ea4645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
d8ff006363de5d28efc4bc41cddd6c7a

SHA1
b4950449bfcfde423c8fecc368257dcf2a346258

SHA256
0f2f2c4216f85517ab2f608010108f32416a23607fbaaf4e2294379073fae161

SHA512
11ad965b3eb86c073d96c808eb4b4fae5f6eafcf9ff0bccb74cf1aec7fc47154bdc16b2cd436a3c8ae069502b37ee24af78176344af0b6aa7b8de4e8896aa045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
59KB

MD5
016c4662de6088a5cd701abe94707c4b

SHA1
ee023a261f36b368e67f9cdb3e5bda9544158f2b

SHA256
df5d712cd535e288fb0e974c2e8dadb1c0b5922305383d2413bf40381f71a5cf

SHA512
9caab122edd5dbf2c4e55b4ff8af54be1960fdfa84cfe8b80b594e59faad57fd9d4523451289822af165e11538b66ece7c4d2315f231b563412e1919b7b0af44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
66KB

MD5
f53b6d474350dce73f4fdc90c7b04899

SHA1
b06ca246301a6aea038956d48b48e842d893c05a

SHA256
28442a56b016bfade0e368929138aaaadfc36156734e8ec7a6325b3e58fddc25

SHA512
7f275614052ebae8876ad28fc5d48e4f63ed9ebc610ed981f81377ea3ba4c49a2031ff771deb12adabcf33d4789ba35354c1e52524c067a9e7ce078703683f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
30KB

MD5
59a788e3c1796eadc86c68fe59cfbee0

SHA1
3e832fc928e20af7cbb4070046deacd5f704dd8e

SHA256
3731e1b8bc2c409c745d20666e3ed1c7a039ff7313cbd16db9e5d6e8816ad1b8

SHA512
c5a40752837cd7521f822936953cc9743528c35b033f023a69faedeb163cc9487a7b2b42bdf67c26a1ad6496f4900201a539c3fb4e7749d4b0ed9181e43282ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
109KB

MD5
0a8dc1e685ec140b378dae717a5e6ac3

SHA1
79a3b759571d7bc5aac54ad4f428c471ea7ba8af

SHA256
eefa22223daf6248d010a53e103dafe4b84642e70be8a72354ffce48e7976c2c

SHA512
3861f5fdbe95a731332700350bfa44c33b6d4a59161fbbe9500ca3b7bce48b82eb0a2013f455b91194d472af79a7a160f60c492b2c32c38f68e1053edf8f2b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
62KB

MD5
d4e42b59d388425d5fc2dffbd7f3d3b3

SHA1
9221c53a571b0b970b09ff4ff9255367cf0ea3ab

SHA256
a9c3b65da4ad8905dd851748964d21c1ed5354a2a033cb975a011fce08124db4

SHA512
ab9795c89683567762d6516a48f6d5d9ed4f047128bf9635f9fd2d192e0259a17818234ee09d37d26b8822fc47e9765580a5faf92f78b4d48b5223b27eb31b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
52KB

MD5
8ecb399b04285c22c223e2159e66485d

SHA1
28b12137fe2d294a951352be23c959af961b93ad

SHA256
2f869473f36ac628d1b304cd3bf4209384dcb074315c622406995eed4ca76b97

SHA512
18406915003998ae245bc69065e91e4239a02289aebc2c88eeb1b0728f05a45cfbccde6b721111391b188bda1d591cb48d91b890a27c7b49062769cd3c16942b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
109KB

MD5
d8c8acc598f6951ccdb778a3e9f0c978

SHA1
f6278df7f127f7884075c5056d83e2c6563a85a8

SHA256
f28ba30624d379e20ac185d1ae132b234f15d833a2636927b77dc34a72785425

SHA512
7869987d07d05ecbfc76e3dd0cdb1520bc34b50ca980c7d4aa3255d974de5837711e3dd5a5312d0d5fe3e1ef6c8e149fb9d0ed43918d8e92f8513c7de08fa6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
145KB

MD5
c406c2311bbc12188af72bef1533084e

SHA1
94a0aea7b07236a2a50a8d4937be685ccfe619df

SHA256
9eb599e2aeb8dd76da989c0a24eb6ba30d48fba9f1af3396a3cd9245ee9c8818

SHA512
1fe92b5fe6e6b69d71fb66732b21772728a607a2c6191380e192c3db6be95c2a0bb4801823d26f3476c0911b942618ddebcffb3449d2f8220fba6f6322708c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\068bab494f2eefea_0

Filesize
3KB

MD5
9823a338cb0f03b29b6039e6b70d6d1a

SHA1
32fea0b4ad4c34973a026d484f9c4e3456a67b42

SHA256
6236cf43d495439c5da0de0e4f2cda3cc4b4ab1e373acc4eb52ea0537b2e7bd1

SHA512
b86805e0588fdb8503d9332aa65fd598ead4102dfc50868089a5b68e565da3292c29ee3c8f0b92014209932635e04a04ca920796aaee3291dfadd8d31429a8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23d32eeab63ba129_0

Filesize
244B

MD5
085adfd1b3dadf12aa1294f440464cad

SHA1
e8c6a39ebc6a67d953efde0ca3bacecc8cbe575d

SHA256
0bc839c9e961d1d5790078491ddbc285298556dce49e39dd83dca6d0f5421858

SHA512
7ba8ff76cbef4bfa1b62342f5fa69ad1e786f7537b43a0ab2b1dc394205657eac4c972616611dd15c769578a6dfb5690f8a20ee6b3c3fa39b2e660ce7d1649f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23d32eeab63ba129_0

Filesize
32KB

MD5
e61c240728d2fa4fd02355ab8576cc42

SHA1
2f2355c48c7b588ee7b90d646ae28eb1ca079957

SHA256
a0883e10ba2dc9f7ce61d046b34536e05e01d75b873e98ba6b6a7bd6c92c3d3e

SHA512
9d3498c43e605f45747665812c7a0a90f7039b9fd06fb7cf1acc7d16e28ab606261941b8b42c7674ebd0d15c9fc5c3eaaf0746fd7924905bb821b7f2a5d853fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d2a6f2273e71382_0

Filesize
67KB

MD5
84da4de60c49d42ad25af75a2e4665a7

SHA1
fa8760e4822db2c22a52c8b9d80c6c80c8c063d5

SHA256
eee554871fdb63e695e8dec22a2bc6ce58a7b95b08eb4e6f2a64243a1e69ca67

SHA512
12c8e729f40663f89b90a05b234c76fe3492fc79c048867bc5b1008d07aee5b051f25187982f6b465a420e3a190cf7eaddbfdffa0ed66fb164179e2a76783065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69aaac857dbac947_0

Filesize
274B

MD5
5187c682a8d8cf6bd0f3a8feef11d04e

SHA1
9fbbbb5dd5c1b8577dce66dcea6dc8727a103a13

SHA256
6dd3522832059510bfb540238f4571e0cb010e9449a298a5f4a2c5a2caedbb4a

SHA512
2027ed50d3cb48ba0a634b3ccd4e696340cd5d7edb91a90e1b715adc1ab274757cdda14311478b9c27e6242d935a6e5acadd0186976633e699dd66ffa74130d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69aaac857dbac947_0

Filesize
322B

MD5
2f2092eb3f418eaaa0be0ec4ffa1e582

SHA1
b729fef9d13a1dbd936de1a09fb17d9c0708937a

SHA256
0ea963fba3630bc34d5973da7d743a71aad53f621f0556fb324b34c2221a5595

SHA512
0d5af618d40985c7353f126ad0f8a3e79458d5a905cbccef95f67e816fbb822d448bc42c4a619c93affabfc11beacb531bca7dafa7f4e3554e7e45ef29190601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd1ca8a8e942ba4d_0

Filesize
55KB

MD5
babc3e4e725cc62b453e19fab85f686a

SHA1
3e911ac230df17bccc1d6c83e53f9cf92b6090ba

SHA256
abb99e9d1062049d4d02562eaaff9753cd5623fe9af5effd16b5963def46dba4

SHA512
6fd4ffa5c1a726a71ede99030b8a3f96c344c439e44268c588286fd4087927d0ca5ef4718f6738075c8d0a008e43938e2aea150ace63afa7d5f2111ccb215b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
23e823653df4f5e0553e41ca25e628b3

SHA1
66c9657f32a6cffcb6de6e1b631bd809bb51ba9f

SHA256
e09fedb4c77b74521142f4dfd4d46913dd3c6b7af959fa3b470ce7c3d5e3f25a

SHA512
f6a791638a5279be1c76d3c2fe00ed4bb26a9554a1bdc0d72737f7a3945b53f4f85fa829073ac1898ae8238347d789605c51ac7482dd1e3a1449b197f2d87238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91dba9a512b61f740d7c4ec19c5de5cc

SHA1
82aca335af4735addfd4996158ec7d74cba8107e

SHA256
79d496bbbecafeb406cb2b44e88e44d94765f5f61b9fac37e064fadc5282cac4

SHA512
d9b575c2995eb42b3bbee7901e82f6c62b890ae1eac8364818e71b688bd2131b0ba654ae85620382f0420a8857c83b85b4646af1a1ca6ee9212dcac23f7224ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc2e86c0f2ce81ddeb2d0f516dae6d00

SHA1
b1161c3edd1dadff95e490ff496c8cfd82f8c690

SHA256
547471878b88d81bc8a301200fab81941b1d1586a9517d70ca034d14576b063b

SHA512
6e2c6d9f00b7de8cb978df51c30812aa9ec05c0a62548737ba348162a72f6ae0950dca5a63ef0e8db787f740381904861af5959fc6366e458067873088462713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
90de51345147fe17a271e9fb0e6a43bc

SHA1
030d2061263b5419695e0321ba62b52a1c4624e8

SHA256
53797310e8cf00426c56bc705f139d68c53fe0056c0ab5023be38e729a985070

SHA512
e4fb8daafbc159514829ed7929e74b4e8f95d19e3cfc1ec96913de27611b008be62c259fbd4c75c5a1e49cb2c33e015842bf44798c2787d9c242bb0fb306f2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85b11338838562b25a5dfe83b35c3bb7

SHA1
29078f33c731378a3704e1e5d0cd2e15752d1840

SHA256
d94d20c5de3ffa8314e111850e9da952acb8505f5691db6402fa9b7d90d7a2df

SHA512
c950951b282c176e9b7290afc07c8bd8b172e49de482510e6eee94510c1e3e4a16fe82a859e8c239d7d21d650f868341a37c3964d90788317dd4b2168507969e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
010111771cb7e8c7d80eaaeedeba6464

SHA1
ca8678c2293dbf6830c0228ac65073e8222d9a04

SHA256
90ec5ab61c31cc71fe224702b3aee30680c336d74215caa7a42e496a6556091e

SHA512
ab4384656a40322aa34db021754643c6721255c4d6ff9530bbafd258ab7e11dc988b658a924ea4104be2346288bffc92a7945e86244cdcb70731d64879cde948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb9ef2ad413dff793137667dce568977

SHA1
0bfc4e95231e7e98d1c7d34f622963946456c603

SHA256
8b0eae5c30df23585f9bfe107a1f766dde71533c396fae201f126011cb1bf830

SHA512
386a8f4940910d1c43257ad70ef309e5ce0f7437120a3762f58e04fef5e4d5ecc77773481401f1feb2e39d46e10745493c10ecd8152434b944ec54c8728028c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62aef8e9c2dd63a451890f7e923c3d07

SHA1
1444c76cc6515c139f2d06a06e1b05745bab3a5f

SHA256
4f25978b440269a02f1675fb10eb8a42671d279b0850ea1c7061f57bd81ba5c4

SHA512
9a1c0e4caeffa2167ef6278b0c2ce574b5af9c7c3b550305be3704165ba240b0b1742be42edbde3e36a40eca5f2be416070ab4d715cf3599d4c448b9b193fb86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b79f16d798fae303b892e75adefe8f85

SHA1
873ef35f26f771272a6bbab402c601ae2669551f

SHA256
c677a35b3f95d198d4901a67180145ee32c5c47ad316877ef241f2227d79d403

SHA512
3b6f060d53c3addc484b5caf34a11740e35d5117f58fcd6f307774e0861d749cbc3f983e60be8f70ab75ea0be7302060644816c9ab6906bb0af001c7108e896c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2662a641bc0d7d2af63e79e0ef890d09

SHA1
f5f6c82cb7f91177d7290bddba5da6ecb50c0d89

SHA256
e23b01dfd787057d791367bdfd7d1ed9137d9755bbd2bf80eb554c9b5a85dbb0

SHA512
dac1febdbcf44ffdfc56f085b00e0e73e7ed2aa695d9db7c617ef62270452028fcb1c222c78651e9af3bafc0f90a34c565670595173e07268af99f0f40f659c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0dfe6cf56362576962dd13956c19e11

SHA1
f2e1b9991a16f9a40769b3a1b4d368098673f611

SHA256
ff6edb4f69dab0ddfb90f0a9c5d6ad2ff17cdd14ca7e7745b13aad63e55a6bfb

SHA512
e13e0aeb50269c1256f46d020f472f81557d5ce7388c937ad833537906a013d42721bb056fa9415db12393a9b0c56c3bab0c2008f4430ae7e74cbd07d7be4137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87d45813f0aa1c21b3bed19b3ff58266

SHA1
78388751269dbc5fc1d27c7ebc46ddd50f561575

SHA256
be2fadfb905dce8d6eee6db6144abb1a819bbfebffeba9c038792fcf277b0f9b

SHA512
fb8f2ab86a9340bc52d12c8189eb2a7fa4bcacc14b4d7dee0d943f7548e59756a414410de4e6c967fd0772b266a479a01ff923770259cfec3cc47ad1285a1ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
045c6fcec68893f248423a1b3fdcaa34

SHA1
5932eff8d463003f26ac81e5b9f711be6ce88f35

SHA256
0c1d32d0b28220241b25e887aff5f05b4236251913d1f747ea317bd34ae4954b

SHA512
9183ce2d663b1098b5c7e84c458f77ba14be64f24ca68505f9663815750150f447f4893df2a7398dfcf7c86b9e9e3f87a2be2f03711f77403654b55f1096cb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
489b4893d727eee70c13a061cbc20168

SHA1
6db752354c43df409b676274d3c89d792027ceda

SHA256
32912c53de294bb2e3c7d011635bd73b4ce708ab4cd5d6c89e9a901cf4efb08c

SHA512
aca1704ae8e857f4490906fc8a16db5c23d97047b91e57e7e8bea189d8108b775e9a6e9f9592cdb8cf43ea69c81cc9caa64add0af9919cd9a81a49cc24d3c818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8d09c12488c016d6ccec9bb6213396a1

SHA1
58f7959ca85ecee4f1e67b88a97ed8b1347c27ea

SHA256
4af0fbdfd122888f05cadfefb54764a2326989b7164b55c1a40dc49f433fdcc1

SHA512
457a0f54429d94e129cecdd6f2a1d6142d0573550ce0364f533a6f0201a335b13b6460f1fdfba38efcb52b3c04ee7196261a436ac963a7627caae35b4a070357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8639bd86979b834d08c3c9e272836d58

SHA1
1316b12e7d09b1857bcf39033854d72574e377c5

SHA256
b9d9e83ea78ad1c80354b2407a2363f929555e38c6fdd86ad08f3247e5005e92

SHA512
5e4e9c63b97a3509580d93361f14ef58186d28fc21330ce95863b18e6657f64b092f1513636fcf5b5c3c113b816913179778ad00c43210aa511bb4c8ac9ecdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583757.TMP

Filesize
873B

MD5
ec530980b26ca2aad689c555ae68c9be

SHA1
b54a926bd05f468dd029b86c9a48e93831932735

SHA256
a74bb381aa7e6d2db907134f2e8a79c70fc9d47881a34cfed32e777900cffbbc

SHA512
a34b71e63f3d2a428a572721551b55e3a04a3894f90915f7a2c5b78e72888bf58eaed211b4f229f1828b48c4138bc35ead035229aa331515a3bc35b29373e04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66cd799fc38132eb7f1867530b7a13eb

SHA1
e0c0fc2b798531a4b51be01f9f37b8048e30b637

SHA256
c0522461c25728a3b3dd0b6632e69b4355a8a3abb5b5c747e38b2ad4b4052db5

SHA512
14848908032ea73391e78a7506173dcca416655c3e159781ae8836009aaa35feb31e1d8715be12e08263ec7599bd507813d16ad2663e355082ad81cb47dcb05f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9c4f70786dbf8fec19a63059a2f7823e

SHA1
ebfbdc72ccb3d50f93a9d4c549ae694f07af356c

SHA256
8c0b163353e966f092f50f90c629794c55de9ac997b48b980555a67e85706b64

SHA512
6b80617f7ac5244d42ec2f98b04416b872a2ca62682e17f426593f6ce1bbe57b408c7a79525cb341c63d51a1ddb0ac63eab007e75a3cf2e4cdccacffa6e6d121

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cc877a2b666d9ba6dce835159b0c55df

SHA1
98e7078776b60dd5317c9084ad406ce3e125a09f

SHA256
0bcc64a075517b6f23e377f71950c0d6e6402cef545010aaba8d002c4620f089

SHA512
e99c65132d08c14cb5611c69cdc56467cdf77f360550dab23f723e729229915fec5cb1c18c0e622afc916de1e14330632153721369dcdc9da0617bf1e499c420

Download Submit