8345a96013bf21362bf2521d4e8612a8f129731e67dcc7dd820176e960efd3b5

Analysis

max time kernel
1794s
max time network
1689s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 00:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

17KB
MD5

232af4c7b401f01be3578584a40689bd
SHA1

f7f258014ad299fef692aeac267e51fe3816530e
SHA256

8345a96013bf21362bf2521d4e8612a8f129731e67dcc7dd820176e960efd3b5
SHA512

7eaf113e384ee9846c6865cfe5330d702f0a0272ec99ca0e6a662e6cb06812636f632148b978d5b0c7f5f3a21abe866c1248cece60738468eb642e7a280c26e8
SSDEEP

384:rSddrDpmReVoOs4WgN9ylKeGMtPU8HhhbAemsMi7r9J92N2weUPoVJCBXQL:rcBVoOs4tryI1MVBhbEaT3bJQQL

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	camo.githubusercontent.com
6	raw.githubusercontent.com
40	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\.py	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\py_auto_file\shell\Read\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\嘯ᘀ谀痄	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2924404578-3852090450-4074565938-1000\{94077FDF-0979-47B9-B256-F8CF4AE928C6}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\py_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\嘯ᘀ谀痄\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000_Classes\py_auto_file\shell\Read	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\generator.py:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
2556	msedge.exe
2556	msedge.exe
2808	msedge.exe
2808	msedge.exe
4856	identity_helper.exe
4856	identity_helper.exe
3392	msedge.exe
3392	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
1752	msedge.exe
1752	msedge.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1612	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3512	OpenWith.exe
4628	OpenWith.exe
4188	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe
3292	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1244	2556	msedge.exe	77
PID 2556 wrote to memory of 1244	2556	msedge.exe	77
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 1088	2556	msedge.exe	79
PID 2556 wrote to memory of 3528	2556	msedge.exe	78
PID 2556 wrote to memory of 3528	2556	msedge.exe	78
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80
PID 2556 wrote to memory of 1780	2556	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff955ee3cb8,0x7ff955ee3cc8,0x7ff955ee3cd8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3776 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15156772234738144155,10068989919251279133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
1⤵
PID:3364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1612
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\generator.py"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3292
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:3720
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A1F8081B75D96C808B3C05ED8EEA8DC --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=805DC260129D2E7D9D45CC003E620435 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=805DC260129D2E7D9D45CC003E620435 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:4672
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B5D5D47108A3FC80A2072123D472DD3 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1328
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D28EC685974DE5B2A84389F32D7EF38 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4660
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6741BE8E682B40ADFD4A8DD7F019DA8 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
96b2e39c1750d2e5c3dc86fd313b56d2

SHA1
3234de993ce2fa35970f25e5886237d420b14385

SHA256
63aabda0091467f9e21df05becb5117edfa41dcc3cce39f43e283d54dacdc336

SHA512
ef42803e1853e02228124239f8fc51e8ae6c5f8e366dd28d4714d7f662fce070b283395fd99c1e202ac2e6545236ca1250761de60c0aa4d54808f361129b99ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4a7484ba6d457556ace4c311458fce2

SHA1
fd8ef690a7b356300e024699478ea1f4193ef660

SHA256
ed5f71ca09455340e6a3a9b196b276e2880f482ba20c959248af412fbf993a50

SHA512
e35626dce77f642e060d3e54a84a4ad62af74576581f68ea1e041977dcf61d679c7b546102b99a221963d1d754566661b46eff2b3d6d751d300200d17e69ccad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
1KB

MD5
9a0f88aeb299baaf0f8a2d91644fb5af

SHA1
4ac94a576a3b7ea8ad9af835af9f56766f3440c3

SHA256
a285a6676ca246a68433f91a9a1cced4671179c8033a21f4f193c79d307fc9e0

SHA512
451ba22c74c2f03ccf939a1d0acabb42ba53863cb403318907ac059db4d9a3ba029134b5ec1c22796e8095e2e1a030319319ea5c90c373a6c9567abed2b055e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
719KB

MD5
991478262bc727994b4f15fda24fdbd4

SHA1
e544e0535c7813c35fb84eeec6c3c2afd9a98ac4

SHA256
0489a069bfe9b33519708e25f0b6292618769d9cd096ededae0f2b3e18906e2e

SHA512
5c022bba9a08ddf513e0cfde990367e80bcdc01b74b93b0b46a3e287a0a30b562b9ed67fc17fc07f037c169c806547d85db1f97e7705097e2b51c90d36a620cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5469b18c1a3824b2535c1fb3d47dc5fe

SHA1
5a5e395f5505248e094573e26b2a30a06c0b970d

SHA256
311bb92c8c81e831c2db839bb7b7a23a1e387179ef976eef2a2c4ec5d7562257

SHA512
1fe00bd289ffa32aaf0225ff50e3501ad8bc5e969c5200cad986d7eaed015c35e976b522606a187ff38029392bd93d2a75117c924ae48fe9d23df3f8b2541b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7125ba5ed67c7f07c36ede2c563ba0a5

SHA1
fcbedb3afdf7cdcae182f1466604826c3b4c5fc9

SHA256
e51ab36fc2e8510666ed3183ee38123ee3aee406939e6b2e4a890a21bc76ace3

SHA512
204de0d4ce6d5c64dd06afc558774af42d6518cd44ab0ec55f7945c7518c5fbf124581dfa344bd8ce41aaa4399f3cc083d24eb67317b91026922348f22e73dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
12a331951e036bf803825754eea49762

SHA1
67ec5d5ad2655d5a98bf97f8476f2c60e9aa1d23

SHA256
0fbca2c4ddb6f2df6d30c98a08901bf4ef8d6779e86e38169dd80c8793e654bc

SHA512
f9295e7c36696aa0b36e666afcf228d9358c2bd2399607cc4d559482636fd8d6ebf97ca34c544ab8c62f97ecfc5fceabbc1fe874c97e5b4e08b1d5d9f9920d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0df6c89794fd681093747ba7dd1a6441

SHA1
8453c80d32d919732b1fa89a2815221bd7ea5884

SHA256
409d4a3c0fe8616fc336af43cb91601bccb633bd0f1f2371442b1b89ea2c1535

SHA512
32bbb2b6a3ffc4193d0b17205aa9bed66dcc1139f50f430c7f60bd0bcc3528b104f585157e7a4ac2c4f26d604ae981c5b8683fa0ba636d4bcc741efcd54b892e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
881B

MD5
94be877a8508efaa3abeee7c15be83c8

SHA1
09388e9fcc297bffa3abc16659975f6781789c68

SHA256
91c914d98882b3dd20ad8fb7ae7e2d76af0367f011be54515b37ecddfbed7a4d

SHA512
30eaae3478c79e2afa5e874b9f0ebd38a232c879b3bf972dc10a1a198514e614df495c7a75cbeda2d071ba661dbcbd03b0810b286edee8feb9e79fd18486433f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
964B

MD5
7cfacff87ba86f3bdb6f509fe0446a6a

SHA1
9cfb73c2c6fde1c90ee6f49bee19f0073debd6aa

SHA256
1de8a790d707c2af110834d84269fe50b18ee382ea0952d57345dd8beecf32ea

SHA512
e3ee8a4697917c279a892627532b9461f2560bea9165cbe7b7e837c2c02fc901af43c1d8fe1186714bb9912d3e55ba12db46f839af4afea896d1918fff28507d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4dd4c8dfb4ad09e9c23fa7fb9e17886a

SHA1
cf420893004e2504acec28c063aff89fb2e7e601

SHA256
b5e9fccf16ee2a1802cd1d6cd2471873f5f57f96db95408760ddf63afb4e8df4

SHA512
4fd67a9a09bffad76d0d0add2f3188add21dd9c32d33f88d501a6b5e47830ba497737cd5d65e3ec6808c988067c7ffbe1774bc2821c9394650d8fa4a8354f69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73b7b2ae81cc6029f8f27950d120abd3

SHA1
c8d566cf0b09b96e37a37e28e43af5ccfb8e5ace

SHA256
bfd8ec0fa94d4cf7765062de820eda413f7c732e536e5b12eb0b3ba0cf509117

SHA512
e03cd84ee1a37ca8ad48c61718c093207d4e21e0b2816ee374a262f2d2dd900d1ea9529eb5b0c9323a3b95d62c6dfe175a0c69e881e17e7deb49656b17b931bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
443506ffe23cca42e8d036446bf94a75

SHA1
34f1ee1436bb254b22ca5fbae003cffcef56be43

SHA256
e2ae998d6da42792dfce1f28789897eeac6ec3112c01d690adeca8b898fbeda6

SHA512
90cf245b5fe47e415a5c79ba9b78f1fa25d777dda609db285eda1b670bbc32887f0890816f11570ea01402249d9620b5a969bb7f6fc1162169f71f61537fa694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b674a02b7ed61874cb7a42b2a76b068

SHA1
c58e695e520494ea270c81694776bd0eeb50c08d

SHA256
0dc5c9a512d91df223787c032d80e17132d6753c270936a3daff9607aec21599

SHA512
180aa9c43ed0d3f5801f56f457bc37bf6951108b7613228403a449ab764a3a0d6b5d4f8c2402285759ecd59ca63cf69b9a306ef6ee02c522dd5066f288134783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a968dfe2c75d73df06c815fda09df8d6

SHA1
6e802681256a9ce20ba9323d7cb48fff255c16fb

SHA256
a716ff32c0d6d4c49a22142a27ef93c02f06f7f3f31508c961de3c366572dcdb

SHA512
085d4fae072d73c7e130f9e11b173c17f3fb8958e029486732b92f1c8211bf7f487dc280ed20b0fd4434a95624f0da4f1facbab0d2e521abf981db960ae5a9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
907e987dc6a79c52d44bcc1ee8bf866d

SHA1
599996de28e229573f2d260b1e747cbfbf6e8363

SHA256
804ecdbfc44464cd7d94068d42f29a543ec37265e18c272fe791b548c2ab478f

SHA512
ffb475b1ace955f374b5f74b90f8fec5b7fafc4c0feacde70c81d08089e290cf051c01251028de689e086ce6063eebd7b731d10706705c463735f63b25b7a5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb11e80e65d72345ea19f2824e52f02e

SHA1
c945679a6f9de016908f66752b5bdef76e793f76

SHA256
cb50cdb0e3759dd53d6d04f036280e03c70a0e969e603e652700382248ea05a0

SHA512
3970cd9fa05bed96a676596a5e409c790ff567316ce88dc9978f7fac19077069918581ce79aba6473f536f8183e9b6d9fc51a96a11adce9ae96c977045e2fde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ecee0ae8b7b88a708123b4d7b2254de

SHA1
0dabbbc28c4c9cbf21346a6f652c13e190fc996e

SHA256
864e7db46ca43a2a2ed55e6846e15b91284a924cc767aba2401b763c1a6f2345

SHA512
5e4faef114798e2dc3fd460478417a4e5372b2c624c3adb8a4db4299057b8dfb56c9845645ea27bd5211d1e0fe940e4a570d1bdaadbe0d2602020555989d4264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a794e164a837fc59f4c20395da933ec

SHA1
c7a5e70df3704b689db652e7c052e34a79a76749

SHA256
83ce759550083f5b3f9e2ed53615bbfdd1376f6fd33f8a4636bfcb8c93816172

SHA512
486c9dc740426cf6080176909c3fc082468061ef140408e2e12461a30ef6926da7327bd09b9ea57a6db616f3d8f47788cc92de66b7b94d1666b795e206c90a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
67c5b5de2d96b3aba17eeeb157772dd1

SHA1
f663f64b78cf495b61c7e7a72ffa73552d8cdacd

SHA256
c475b30757887c335be79c087620eeaa31749cb1f82cefb2ea48640e377739f0

SHA512
0f892384278f868f6e986d31ec787720de25d261688551058110b3e4961390876d053c73dd156aebe1ba49364675e19669aed2842c4c38dd9c4820625f4c22a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aba5d6459813293b5c6fb150312541ba

SHA1
ae3eed171adcb673f48ab38010be0e639f98df4f

SHA256
c67d3fb452dee37f37050363d4be0c10703733ba67a12d13b1ac1fb4129c83a8

SHA512
8def4d7f5a38a9d7469397c9cca9e58c4b8443ae2ad77dbcec660f51e6d2613938e44c58d204c1410d425905840787fb6a952194555f14b86b50be8691ae12ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
597765de20030de93d4353d16ac62115

SHA1
fd3e55367acc1dd08c9e378c14945f2a0904c158

SHA256
4465a5e8f6fa1751652aa5fe0b3ecb8cbc80c8bdaf053f712bfbf5d34c5ac5ca

SHA512
0745d2b031dc89cb756e2ff76f4988836a492f07d9d0140a663ceb9a60d9ac3f8fe25b1c82ea7f4214bd270af729e825830088335b8408e875a30f26d70420c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
106f202b50cb637e4d4bfb40705765fe

SHA1
a21beb6692ff26cdf2304863f89c9f9b9e176165

SHA256
392f57f59c4d377797bd7f0f017edb8e5a46a56bcfbc4070daa12c91758f196b

SHA512
2b7e69891bdad4844c655a167e7fff84a471ff6da0fb179a83ec8702b0aa69066ed1bf105783ba3ef2a256e6387bc3408267ab388a76a5b28aa17bd6880b00ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
123d5405c1d8a4b6c2594eecbd7d1d68

SHA1
c0c75c558ccd5ae167c6a50c745ed2cea1da06b2

SHA256
f697a2be72bcb8b081b551d1a6fafc6fa7d1441b46699680e9cd2e417ac8875d

SHA512
448ad6c8a88b2aa2bbe6303986d7e41e80bcbfef2e5200137d2734cb99585edd35b417d4c02a7419822fe035718807fb16f8adc7983bf04d7c122516a3cfa775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fce3befb271c4a1bef04f4a1230d0ed0

SHA1
1302c57eece4e33e58194ee8383790f7c30fbde3

SHA256
2fab143fab4ce9e2e7981673283f275f931a38122f96dbdbd4e5ffdfc1a83a60

SHA512
cdd0dec624c7c6f72e161c16815af6da5d1fd8b332f587cd1fc2d4bf64ce68906cc7ff6103b9bafbe95c205aa1ca8fbae0527642ee5b8401f4057d769f7c81cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e29f5cb9c1a63135cd6c94619c81fcb8

SHA1
a26f05c29a32d6b97a1f1db2c1e0ba390dfae04c

SHA256
f6aa8cdb5c844a09db93286df3aa6fe2b68a7c07b2796d2f39bee9aef7036022

SHA512
477eeb90bccfac248b7b3a7a440c02877d3382f7d391df61e4ae5ff121f29900e55fb5d4ba7cea93ed24cdebf872e4435c572887c61c0c3aedab56054ce55b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6aaa6ca76e53dfb89bfbed09a2becdb8

SHA1
473098b13e78c41488d713917d4ea3ab8fe3b312

SHA256
629a8e61c0161410710f1b11958705b9d191766451809fc2e909b4289a1621eb

SHA512
e438fa0d218483fe8faf5c4b81cc54612d33b78c311e1b08c3b7882b9e666d309164b6998ad11a07d304e0c531a67c0868bf1d47f037ea595abe4b1964a658b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0b49bf969e344b04c59d84dfd463616

SHA1
1af7a04cef9e2b4e776274ceca26c46dfa5a1959

SHA256
9ba613e83443aa813fd95701870be1cbcb3b569e3c94511da6f490465cf2791b

SHA512
40062c452de80332c66b5e8fdc0578dfab53cd17c7f3611330dc0967d13c2098e3e9ba56355a7b89f250022475587971cf51d76d941bb2dedf7b238a5946d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b050.TMP

Filesize
536B

MD5
95e766ec952a89319e7a378f67ec75e9

SHA1
160d02d3310e7825640bc92430b3d01d1e27276e

SHA256
3835c58c44f949c0307cf1270c7c5b664d2e1b0717261cba896417d8e657aafd

SHA512
e126810908159dd12dcc9c3287ee443b337ae4b5d404dac5aa6616076dc5ae2d842661313659bcfcbd642e07a345c04e9b4ad8b98697650238ad70e7873d5c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0f7b51b5621ca176a5c67efa01f008b

SHA1
70c981f7f4b5f48ce06a075d29bc755233c580a3

SHA256
6da6fb2b2232342d29e9fa291e9363896e1d9d02f4e8b374567b1b83f05e7e6f

SHA512
b4577f676a301e2fe623cc3848e8ef423465103dc975c56824637245f19050bcf033b5299a02eb911838ac07b5d3c005701fccee93cd9d007c4bfdc15fd84831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcaed3d3b4a58c4e0437067725835e11

SHA1
86fa704e5e2de7eea3c7a619af97aeef7536c8be

SHA256
3dc00949ba44b25bd6cd171984bb4e45ae7edca31b15fba8467cd684ad7eb32c

SHA512
4eccf98abc41d8c82643aa98db379238a049985b743504735de6969f187461c0e0d1ca71bf96f84901805e72f9da6e72edcd7db4a3243dbea469de2dfd800088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a2eb35f1f2f73a6f852c7ac85ffe1de

SHA1
d2c6da0e413d418d0211a865b8422f423219f947

SHA256
3a7dc124729267b910abca0c2237abc958d4a44782b412b9eb188f2a2bb9403a

SHA512
8abe0494319de50431ec509520c1fe90c00d5d6e1d489a39fb6d30ac7c6674f81a3acc56909fff5e7ef9bd3ee3fcf3373e96a2ceee3b7b5bfc903119c6c76687

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\generator.py

Filesize
7KB

MD5
0c20185850768be03d79d8985ad66f36

SHA1
78a751bb2cb0b5737d31849158a160fb5f609e2a

SHA256
889b072237688b7e9d4b93d077174b5f44f4f456ceb502b5d2c67a5ea0a486e8

SHA512
fb7491a85e7b1c8e277e43a470566f70d2947900f78b30aafcb75cca4dd6e21a072c702c6ad88ea7a993f3728228358569ccbe5859d1e94532a873d48c9114bd

Download Submit
C:\Users\Admin\Downloads\generator.py:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit