hxxps://github[.]com

max time kernel
130s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

4164 msedge.exe
4164 msedge.exe
2148 msedge.exe
2148 msedge.exe
2700 identity_helper.exe
2700 identity_helper.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe

pid	process
4164	msedge.exe
4164	msedge.exe
2148	msedge.exe
2148	msedge.exe
2700	identity_helper.exe
2700	identity_helper.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1748 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1748 AUDIODG.EXE

description	pid	process
Token: 33	1748	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1748	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2148 wrote to memory of 4136	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 4136	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 5060	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 4164	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 4164	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe
PID 2148 wrote to memory of 2988	2148	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0ef46f8,0x7ffed0ef4708,0x7ffed0ef4718
2⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
2⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1388 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10082952993382042235,17888360072538169558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
2⤵
PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\77039776-8eee-4ceb-9091-053ca44d7431.tmp
Filesize
11KB

MD5
2fa66525a9c094c476e882bfee1cdc8e

SHA1
8c9f223fcf930c204e52c6bfe6bf281e7e716fbe

SHA256
ea094cdefc0ffb30e1787ae8c06431a77572cd09bbcaddfa54fdf435b6613fdd

SHA512
81af2f22a7767689d2486ebc6cdc4ced15d0de8e194b585eb684b9ac9097ba4d28f3c5b7ffba392457248d8da7ae0b69cbd7de5c7c723c5f9ba3b02297d6cacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
94KB

MD5
bad14138a6c711efd1c0e8a879aed8b4

SHA1
ce3a55bd519fc0c626f1d4b9b6586d1ce45f85bb

SHA256
5950694c80a04cb7cd6db2d15b64276ab5e7f67fc075dcf6c871543445e39f99

SHA512
1b989110e6df847d50432b9ae4f82556ae9d7363d616ba091686fda7a6b90e11c06af99b89960e28e95c53277958c285e64f8379d7de5c7dee99ac0e5e611c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
19KB

MD5
0e598b4e0838f1540edaaa0ebf6d1e68

SHA1
a69cc56bc59a19d8e0da1b74db64b0f6c319e095

SHA256
4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17

SHA512
4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
55KB

MD5
294b6428492677b51c74b23853264036

SHA1
7283d5a7071aa41cb9c37c4c60196c17f0ceabdb

SHA256
c2dc178c9f783e2486b5ffb1b1d7cf9b04893af92ad04b1b7d6be01336dadf4f

SHA512
a4f41f9bebbcaf9273ad671c0af59a258687b5e6583ac6fa62a8d28f8f372ff26096b39aa68e462a566788461228193fa7db671a99fd52c039087dd124839e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
99b14ad7c8c89ba3dfd037a7a291a77a

SHA1
94e13a594df1bc57283ffe90fa495a782ddff98f

SHA256
73f2ca304263bce444a53b2de186d735c7fe42cd7b4ec638ab8a810ad6487fa3

SHA512
cc7fdebe9002eab77db25f5243bdc1d21d6af8c4c166a395eb78e58274ece7dbd8d8f0f5dd907791e22d3d2ea972434618678592e62d5162c1af2e4e5e768501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7065078992c48cc5685100faaa6338a3

SHA1
3cf24336fbdef3cb070e214549507f9d9c254d86

SHA256
4c80735818c8e439ff5e2dac5afb1f6cdb60d9afa2cee32c6085f2a93e5aeb1c

SHA512
9145d4fdbdc6698b2c64b75146d92a1f5267fbb5fd67cab765dff0b35dd41221094ed11a4d73a0f0293df22ce9da310909331428ae3ef44861ae2f6d354a684a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c41c55ae0eb9cee084c81107f7107775

SHA1
56e2c819f809aa475033ad596f7fa347f685ae3c

SHA256
6889ea2b2cbed67588ac0d387e5b4e4276f23020fb4acb857c4a505987819f29

SHA512
ee4b30c54b68ca52b9127b4f35642351e6b0dec8cdc6a14b294ff8d05dc9b7eb2bb07aed5b5820632eeec662130fc5f9ad3e98b7ecab9d0b88d2398b89c03ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
51e559fd678f6676fbafa3a5c43af7bd

SHA1
b469543ca810ee8848cb6d4a42ade622f746d177

SHA256
66a2ba546bdd57d2624129fcf202aa7e8871a4fe1e01e568c8355b4985248ca7

SHA512
c8437caa6f24769de0acd26e80124fd3f847f2331597f56ef1324e814fd66545babc056dc43f04ad20e83f0947556645adc7a0d78478f56281c1b308a11e4127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
814b6c42f1b15340c20e8d6655e72b60

SHA1
3e4e7ca4d7155458d211c7af882db24143ca2f48

SHA256
549a5249e484f128ffe26457f8babc618272657973336d0d0537b38710af3347

SHA512
91d13416654bebb996fd8fe3d2c531125a68bf39c33f59ad359f6630a8b63f2f8fc88c3ce1955b5a8e736031a94fe66d365c6a5010e16cad7da34ce2b47b8155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5d7f478d45bc64868a88c6774c82eab8

SHA1
7dd7a12be74be2efb2e98a4eb3bf07a56865c3ca

SHA256
e1441f5c467d99d7acf8318bf8711b7b8280e3e2bcdd41b8a5042d57f382c4e9

SHA512
4d421c2e3a6c38264c757ebd1ca4592da05f52f9716fbc3792c748085d42355e5774fb4f3d0f97bb3d809d729505faf3fc56d029e61bb79f381fed640cf6014c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
388cfd48ba3a72492c089aca409d1b05

SHA1
f9e7544afac136a8405d6abd234bb1644f054406

SHA256
3c85aa82a1bfb9a47f6d16daf63624875dd9e7dff9522e67f6ffd8ebfed0880c

SHA512
6b411effc6a2df3755ea9239a7b081fafe7c1a989c9afc5dd213ab659977ad10ce93dd66b5b99952641d32d676dd50efdd9a2e7f29aa81eab9e157a48140a566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bd9379d05dfbb7c703ed3eef1e62a4d9

SHA1
6e2a1e69cf600ddbb5cb0b64f1393ce4e31b6978

SHA256
33cf09b11a388af0c09bff70ae0b2145c3196da61e5cf2605b54135d09ea8b81

SHA512
69317e2d0f62dfd2c3e05375418a6cbc5d0c03c0e1a0c0678327355ebebe4744db66e22cf73b1dbf8f0849b8554d9215578a50286f1b2a2d5f22b4484a4f4248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1cff25713938f9ecb51d80f1af8ce1be

SHA1
fe97c6e01b15b5e163e0e376d42768b677f9455c

SHA256
4cfa91559525cb38a591e9069dbc9d61e0d41e889756f0f0e48fd959d2995cfe

SHA512
80853f92513cac37e098b48b3b2941c35ef50b4ebf89a63ea665c93a972d137c97563c36ccba5c3598263824bc5ff47bcfa6c1d18f32ea206439a13298155e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
226942094de70fd183e28ea2003b3786

SHA1
9bc2651e645a5223f385499c5763b098232ea3cd

SHA256
d2b21789a87140e84cbf81e7a47576c5a122ccedf1c287912e7b24d7f35b0b3c

SHA512
5558d1409618117c7fa759a1506ea5250efe1011f7b12c1250e6e6e3f35e3b19b494c424ff09d10fa8b60cc46510e045eb996b5b5e5a96b551d306d7fc6b7bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2da74f4f-bc29-4b52-859f-f879d5ba482e\b9ed6afd3d0638f9_0
Filesize
2KB

MD5
5f720ce20ccf3d3fcbdb1732ab2e457e

SHA1
104eaca9b1f7ddf5193742adf5e9647cd7f03644

SHA256
f5bf150942f6c2438c332ae4909f5d138e3eb6bc72637478b565f704a4dee02c

SHA512
dd38fd405c9920cab95b06f6c43e4ff79c8d215621d3ebe0e29beaa51b86b7e3780c8463d2ed30b1ca15a5741abccc24b608f93daf40ca0f625f0aa9beec2bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2da74f4f-bc29-4b52-859f-f879d5ba482e\index-dir\the-real-index
Filesize
624B

MD5
6b9e8a3a095d7d6eeba65a0cea64abe2

SHA1
4990a5bee4b2d156f5e9361536611146b22bacba

SHA256
9941b7b8e498fb90aaf24f794aa0c2d7151cbeab7521c03c1dde309872d6129c

SHA512
291b539f36d1a29b56161ba31ece2e20c29600952da76d4938d10097c38edb4024981bb2b1f5fcb9e0656addbbfee68f4e9b109d778c4faacace4c96e749bb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2da74f4f-bc29-4b52-859f-f879d5ba482e\index-dir\the-real-index~RFe57c4d6.TMP
Filesize
48B

MD5
4702fd8be1a639d370b4d3ec806fb654

SHA1
5c73ca48f3256cd6c89353d508997c43f2faea09

SHA256
9cd07fee68ae8b7d572df232745c42ae2bfabb4568d8423df4ad080a28003bab

SHA512
fdd558a508a1799e9b97643ab18cf71f6fd08c74a0eb5476077671fcb5462c6c9d7496d044c39222d54290f2c2e48344f026698066febb35769776d6a71a6203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8571e7cc-01cb-4e5f-ad88-e5d667895669\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d1ec54d2-2cf9-4179-a0d2-e5115a327a42\index-dir\the-real-index
Filesize
2KB

MD5
ddd984a2ea4c50b97e5d222269435249

SHA1
11f3e9750dcf6d2a06c66ad6999f287a6ec7b39e

SHA256
a6f6202122bd2ac0fb20bbcc23ace74ee33effa6e251934e7a36d07f9d1a2dbc

SHA512
68bb1eedc5d7b34824d54834b6fe95482521e4a6cb344b23855a7951a570c719b0677340cde7a37c968e6fa0b6ad5f8b47ff83ca5121f5e739fe49612bea517f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d1ec54d2-2cf9-4179-a0d2-e5115a327a42\index-dir\the-real-index
Filesize
2KB

MD5
66d23523f728a92ce41a7a1d7eb8e1a8

SHA1
34a1bbf5197ea9c022d0995f5fc072c715f0199e

SHA256
8f6175ac777cbb9c4260f29242889a59a85825782ef7b20adb7134ebf1d2bc72

SHA512
fa4fad931440f68c8e14a4f16240ec17c4cd7c52c4f6ade5c1348fc4f20fea41d6cdfed37c9acbd8262ae603c0729e3b5b689c8638c6d24edfb2c642c4eee85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d1ec54d2-2cf9-4179-a0d2-e5115a327a42\index-dir\the-real-index
Filesize
2KB

MD5
ea9e9bbd1d8ae098c2009164e2717562

SHA1
5f0bb8f9baa443bea2f697f820a69a12f9bb9139

SHA256
0a05efeba179aeb5ad24d658617618bca6496078c3dfc9ea29e0e4b8792373d4

SHA512
73cb196c60b6f2ef3a3cdf1f8c907b3f687d442c910a3b882d162d018e09c1f84c7edfbaa4c11ebf792f17db00b51aeadaf88fe36a012d39e4356dc3b0ee67b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d1ec54d2-2cf9-4179-a0d2-e5115a327a42\index-dir\the-real-index~RFe576a53.TMP
Filesize
48B

MD5
93ce6eb9648920b654220a002e6d3776

SHA1
678bba6d1a4a7cafc759081227723e21a6432b7d

SHA256
b1a0e141e94cecd2845d32081cdde17025b61b8f8b730fc0bddd46fab3ed4bd8

SHA512
dfb24d22e5e5e25506aadf487cae5690394ab1cefca5df07f7ec74346a2e782a457311792a0fe11b0f13f482ce9fb111890694d6aa910a376953e049f47e85c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
bee29266071ff51b95a27e06d96dcd47

SHA1
7f77499ead6383d76b9bff7f7fe654fad647ab25

SHA256
f6ce8b3b4c48bc6fb7ea9806cb38707ac627f0810fbc22620fbdea58a49cdf24

SHA512
17df84d81ddb967b1058ecfee971d1e3d59b9037335e18f4cf8aad3f6f59b7efe1aa3215d670a5dcf1dc061072e436e59879b48954bdf29e6a0e08822ef78b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
1899d30afd284356896bd1bc404b420f

SHA1
d10dc75d11fa6baa224b9412aa0c5d011d227f89

SHA256
802b0765c1ef6f51a0dfcdb2dc3da28ac3aee6434fc2b0c27446b5f57537524e

SHA512
f6fc5dd8ad08efe557bda34a0cd54cffecc896e46e192cb8c8d783e61a1305faa6fae14d606dd76fad1970c78a92e0aa078298d2382c5f303c6f4edc9a27a4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
157B

MD5
f77d5a8dca81fbbbb6440ce95361303c

SHA1
02ffcc9c231e6f5a37b63f5f1dd6fed55d3f7f37

SHA256
c516f84d3774d2914a7953f4d114ce6869eab407a36f80fda1177f8ccc2ae102

SHA512
a85c3302e315266d8b415ad956eba95d1b15ec30804e98a4730d0d1463a33dae5ebacef52688341bc4ed23d0c1d0693a8a68511e68aea6ca27e8d3fd73687ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
217B

MD5
bd9e8acefb25bc49d9d14754cd56ab24

SHA1
175785d844f504e5afd713eced649c497ad1f1d1

SHA256
312b895052ee458f183dfa15ffc6a88b8e1a36bcf23c9ba1645543a70b797ef1

SHA512
ac72bdf014167dedf9dc9c5f4a50404f57e0caeb10ea91db41be65cf351a5f86f56d5b29483257c26f9adf782055fdd56db4c40faa5ee798cfac80fee27800ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
e028b1261f7f8b741837be71a7051040

SHA1
b68b6dbb03e2f52bbd38c1d21ca79d1c392c8611

SHA256
84af857341851bc9feca20f2e7b5bc51e2e009dcfebba1e18ce8eb0cf80b5c44

SHA512
defe42eb1b736927dd09acd141f7f75b091b5d62561173139ac9653de95d545b86474cf675537bf763dfc7b3b21a3674e473a240ded44f7fa8e125e94744ce08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
061c81d28063f7f99fa33795d3ccc007

SHA1
b1c013d258e74b36da2c9ded01da1079bf9733fa

SHA256
4bd7ea0c5bd5b2431789ad9a390cb38c7d3964128461ad4cd2715c9e94594ed9

SHA512
045946e8d7f9e1cc0560c1c9c0d29f92f24714e6f3ff97a84925a4ff6da06bb10a094e5a594be20561bebe71810f033441a91fb6e9d6354e8aa05ff148664de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
0c035d439bd9cfa35b8030ee87c2124e

SHA1
89f876ca574a41697627614cadd50797edcdfff2

SHA256
1710e9220a0b0c05b1a304949f733b7e4278e664a8d8881ccfe7dcae39752690

SHA512
f9abe5ff214304ecdc83fd28826d6be12f9301b985fed4c1683beb5f8c7d8181ff541d5be132696504e1a485c111a3ef68866ad4ec6a0e4ea665bcd49d349beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
148B

MD5
7aefd23fafc4c1d697d3124544414c16

SHA1
f9b6773d6caf72ce97c8a0ad701200bdea1966bb

SHA256
cf02e8cf24b59f893d7c60ccc90a216702fae37bb0de51e4715698f515cdd710

SHA512
bd8c88525aea5690b0050e4845d27146ab95ef67f593bfad604fd52497ee3d70e77c148467d8bb4df9c4151087b87eaff7f25a35d0728a0d7b359d5b536e701e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
19076c430f958c41e33dd48bbc5c98e5

SHA1
bd2425c4c761c0165e2460875c64993e1f75739a

SHA256
b7009a53b5f8e354b84a2e247eb9479d73e1be9246e03ffcb78fdeca7874498b

SHA512
2e27d32c1f893a9f851e6b2f8f71d2cdcc7563b182e58b30a2f9d87e3323dd72ab938885901e26342b884ff4b976489fbe54721e92978b13a6cc8b8e6651be54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
2a9ed8227b25c1f7c08a00b4fa99d160

SHA1
8dc758c7146924751b1360fad6f5a2abe4484d83

SHA256
59311dadd16922f76b00d9a783ebd87d736b97d15c0e8b66f09f44fcc190c09f

SHA512
9bb7771d5a1b60d20f98f52fd105cf0faacfaf440b10c1d5d40e5dc78745fcb441ab88baeeee8280da267022bd18c39f6b65151bc3e063ceca464748acf4a13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
0dbd672663cf1bfbd548e92de80da07e

SHA1
3bc8960d443d0dc59119c69de3e8516409622bb5

SHA256
84a99f31a86271884f980626f410ada3eaef1b29d31d10c8bb751f36f845b96f

SHA512
b9a23b71312bf5ac28d1909e0f94be9c60ba3c8bed3a0893091390c15879d71ec3bee792914600e28f58ab5ee981eacdf991334fad8fefc06ad7cba937c2c9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bd83.TMP
Filesize
48B

MD5
fba92894fa4826019a351c22beabeb1c

SHA1
74e103cd2bfb7721ec2fbc267e14ded6f1b4e797

SHA256
245a7dfdf2046944165ced848bca85451bc97dcc114ac428a1cffe3dc73c9a5e

SHA512
b55a8ba8aa798c92135e38cfcb4076a01c2c9dd500b94a387797f1f3d9197d25e853c2bdc75ce4123938405f03a6ff5ead64df6afe6ca79fd84dbb1e9145af7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e089c6568daa816af7dfe9452cbe6296

SHA1
43b757fe47d377550073a54a34d70d281e5e74a7

SHA256
f6698713bc32b910eeb39df2c37e9a092cfa29befe65dc00b7439bae5cb43e0e

SHA512
03438a7800cf73dc844447abb19bced6a7751fdd525fbced5c78c8950e50019a70932cf42ba55bec5a4eb39071694fc5aef2e914e63a41807211355525e134f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c40c58f94e6d2df95525acfc319c18e0

SHA1
c3d273b0c885c66a552f8eaaa3a179a764c74bb7

SHA256
fe24845cef7cc6c71f0373ae8f4a4c3298f7ff05b8102146b1405f4daf9f7c41

SHA512
3daebf9e4651d3dd671d6d3b17ae6d4eb921a7dba04b5f520586b95f285ea984bf70ff7bef8702541043e5d18fbcd8a618e5a237076f028f5ae4209ce9fe5c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
cef628533f3b4b4fda0d4590590f4dea

SHA1
46d5563a61ab7a04bfc85e53333a61af8c51f5f9

SHA256
4eb5f354d6cf48a92f9060e9010df2d93ada8f2cf644c5b0d5cc40eecda3e9bf

SHA512
3d1798f51ec2823eb8857c9fb1fbe12940e5afa5a5563cbabd3938d5d3de25fce527e58a6ebe4cfa54b02b3406086ab05176a16f4a56bd7e861b16162ece8cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5793a5.TMP
Filesize
1KB

MD5
ffecb84d5a86c5ce1d223f5dffe7e7a0

SHA1
0d09504c766374ced6fb8d5d117bc07657be1504

SHA256
b3c45694af3b960343e6dc140af96a51f4a99f907af8d34646dfe5222f5b32ab

SHA512
ed277480fd7d5db4ccd1d4fc08564d1c5cea4b4645468ba4dc6bf10afd0eddd28cbfaf29271648e204199335cb093563608e547d2984c04a2375922b7ba41885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_2148_WLURTXDAPVHWYVVL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit