hxxps://adstructor[.]com/share/file?AGp56GWQQwUAi2UCAFRSFwAGAAAAAADi[.]Undetected_____________________________________[.][.][.]

Resubmissions

06-03-2024 14:13

240306-rjwnbadg58 7

06-03-2024 14:11

240306-rg93xsdg29 1

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://adstructor.com/share/file?AGp56GWQQwUAi2UCAFRSFwAGAAAAAADi.Undetected_____________________________________...

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{811BF8A1-97F5-44EB-93FB-3D9D5DC9A982}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
1908	msedge.exe
1908	msedge.exe
3688	identity_helper.exe
3688	identity_helper.exe
5788	msedge.exe
5788	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 3216	1908	msedge.exe	88
PID 1908 wrote to memory of 3216	1908	msedge.exe	88
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 1288	1908	msedge.exe	89
PID 1908 wrote to memory of 4876	1908	msedge.exe	90
PID 1908 wrote to memory of 4876	1908	msedge.exe	90
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91
PID 1908 wrote to memory of 4396	1908	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://adstructor.com/share/file?AGp56GWQQwUAi2UCAFRSFwAGAAAAAADi.Undetected_____________________________________...
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fff7dd746f8,0x7fff7dd74708,0x7fff7dd74718
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12136632881672985517,11055733522762488474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
b338779fe22cb7610235427cd289efdb

SHA1
8fc55269772080a862668ea15f343d9eb6a84631

SHA256
48ed615463c65add9a91fcd1f2ef8d99eeccee1b57614ef402854fa80fc3db8f

SHA512
35b381643a05d51eb3d2319772daae8ba4f21f022f16d8b97549f2e22879e1eb4fcbabab56c8454812077497498a301e6187520bdb5ebda93ccb09936b546d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
31KB

MD5
f112cd6e39b953adde3e5b348e10b0ea

SHA1
f25a08985722ebecc8cd4f0d0f1a7169cf3ff218

SHA256
3788bcff7edeeb5afa650a82ff0e59f85fc4bdf71625755a14924dbcd465d381

SHA512
823113fd3d5400817c797a4968997f1b4f951516e8481df21bf27cd07502809fbbf050748200f2de509415ebab0d0865da2c32b74f3c1faddbc109cf3fb97b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
62KB

MD5
e1b1b180e0ac6fa588cc6a536e379f84

SHA1
e850ccdf4ca521e614e6c1bf31e4a2dfe08ae462

SHA256
72d84e0126277ef39e8ac647c57330904b3aa34f238ae51b671472db6bfcea0c

SHA512
2031f73585c9d6c8966ddd65e4534c391dadeccb875b659054f96dd7a6114fa9b2ca99593b0f74cba8b90b358b141404db12d4dafd3d347d248b5034e54cfa01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
eb3c894e0bb7a9c114fcd48cf050b4bf

SHA1
33f22370275ebe16fad66b98ad0fe98fb478d2ee

SHA256
1f45e843af629be46eb3e761bc0a70d32fbaa860ea14ca4536d5dea191a006d0

SHA512
e6eb5bb6cb9c935c6efd4cabe7a83711daf76eaf9153363fe2b7b043c5439d2ada0fa3d5487739806bb90d354e18d70de8f19115ca150056b1deaedeb13b0aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
31KB

MD5
f380840151c2b9ea779b5298b64632cd

SHA1
1819c0766dcccc5a393ffb9673cf82339f73351c

SHA256
503e28d9dbb5637cfb3208578e8172372d5980622d9964aa74fe15a793205376

SHA512
710481c7d3543c5c58206c9ac98f42c182fb8538c1fdcc075671a33c25c24197e29644128ce78c652484155b70fa128a2517eae40226de27018e3c242509c0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
19KB

MD5
48d1c18e85fcfea27ea3cc03af096856

SHA1
8ef1ad9c6117ca85f4c6fade480b7a046a26cf65

SHA256
d197821560bb140fad520ef7939c2210ab062fbdc78890c52be2b90412b033a3

SHA512
5b900d8eb0f0a185cd637ee16bea8e3458a53f5b300e1133d8274962f596036d90546aedac9044fd4ed9a646db5ff4fb6e255d328998b3c4cc9f32ed5b475848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d1870f5604276df_0

Filesize
368KB

MD5
9c5bd758bb89ee1d97c7f1e288205189

SHA1
93b382eb187012783fa847f98c08be79b6bbb692

SHA256
11c502efa7050a6178de786b234759210cc16e15db56a30a267a3e6ea309deba

SHA512
775ade017baa81e67d924bbda50631860bab56e1c6c375a26d5be2309ccddd1facf0b9de50d1f5c88f64e97a2a5480cb0d265444df9ba346e722c1de1558b5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f73c74b3152fa6f_0

Filesize
3KB

MD5
cc4198f6ef1109375f6344b392d694e2

SHA1
3596f7e4ba25a0e90fba9e24c6ebe5360d7fc476

SHA256
12e6ee02d9c2377353d3dc0e10a881e6b11b68d1c3f93f75492f5b829b6742fd

SHA512
a1c5eaa830bc34e5adff9e896fcc126e2bfde727267c9892eb84ae3ba66765602579829ad42f9dc05cf532db85b7ace1b1bbeda769e7f112dffc12aa29fc391c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
303B

MD5
144968f62dafcb481c0799e40eb158c0

SHA1
41b14a781f2dc019c399b7ab94f4e8a7f61e98a2

SHA256
83547f712e06fa644fe207567c925a065efda281f0c096a7632e7c1e7b022bac

SHA512
d29efbf015af5762149640de4175837891f9b2cedca48f282beb51dab3331eafc83bd019624bed9d528d20854181e0d27986fa662ed538cd520b6eb20fd6743f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ede7b854742d8af5_0

Filesize
28KB

MD5
3914b75fd3e65fa4cb64b25f945f4582

SHA1
4ebe3ab59ddd57fb1d647d21c371f83f936dd36c

SHA256
19506c0d565524562daead8ca270c3451f466d0e92dd56256a9d8f41b3ad0cb6

SHA512
dbb9af8f243c447936823e54ae396898b664f82568b5eaea938da5dcd51bff589ddd885fef0952c1dc9e3616d2c4de2ddcb9c7a19b5de2ec675434ad6cf0ef43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a12f148ea0c475c7b1015372028845d7

SHA1
efa16533b8a4b17548020f73f268a7f46f620d98

SHA256
4a7bb14074f743a3a0c912c3b0852266ad1e2d428f2ee4ce535e4aae77521dfa

SHA512
4868dc37645683ae15461eade164710699d9889967aefde045e3d54bbd926c038bfdd30040374ad2e80e474ab382438d8982853201558fa936da0dc0791bfaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
73a4cf7a173db0ded520e08321f14abb

SHA1
1038cd152b997283d2c9284cac9686cb28dd1b59

SHA256
a6ee1614da3ad40f411cbe19f0df2cd848d3a783b3532aec53b28fbf9c3fefd5

SHA512
2ba3b66e3b235c5619dd7d3af47ada5c252a629a76191c23b725a2cff03d384e8c15a303574fbcc08254168335fcfd2b488fa8f76a563f8f4c703f9664b0bcf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cec5bb5257ae8a73aa4aad792693c95d

SHA1
2804d1171cdf039acea55fbce9119bacf16dcf48

SHA256
8258332051c9c76f592d7d5fb5eabfe1461c80ef91a00fd4018c3b5fa3ea4b24

SHA512
8a9c7f746ed6933321efe98b15671cbb88736b507302ffbe484f4f59871ac03cda10ca1eb6a3d3ec901106d0892b6f003824860d738c5b0e45512444a75040c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63a9e860f8ffc2d8011823ccb7dd0a35

SHA1
7234538c816b498060705b0b0275e54b65c32541

SHA256
94c5017b824f4f533b65d9976b4394c7d9cdb75fe1411af04d752e1bd94c78eb

SHA512
1ba08fb67619704006daeefdff07ea0d8c4510aba9da7bbc9feae48d26b2fa38c845e398e1f3b7ba497bc41be6eaf64389db65765c9e1c42b5462a3db499d2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dcc1d8030f5b578dbb99ae2ecf7853bd

SHA1
efc507ad14eef9f3846b1b5a634cde9e2d9e291d

SHA256
a321d702f9b4c94cdc247d4e408e794408f27cad2d20f215856c414d8d9d98e5

SHA512
03778b2ec86db808a7089a135a6ef0591a6e51c15e38760b4ad0a8cd2544ec11aebeb6c5c27530b3cfc793a82f199a203175fe9b7f8720b36f1b35b63290476b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
efadd10184cb1b38894a754e670253cd

SHA1
4d30eeef9bb6e47ea3cfdb2365b5997fba6e939b

SHA256
2d4955cc032052ddc5e67648d5d33e22d19851d8e230747dcb3e0b077c78563b

SHA512
820006c916e6d3bdd2b8bf59ad80bcbff6526edc31da34f817d14e26f3a8633c932064fa22dbeac953d523fd277b286117cd0b95cab767bc06fc920e6a7ff778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
51b30d3fa7988a7c8f85d07b830c0ea3

SHA1
821266e7607ee7465df412e78b64fafaf2b73053

SHA256
fa2f2b519af2bdab743cd9a4a96f6e178d7603572f8f41334027c1db019cde42

SHA512
6ae97f109ba1b45947de5a0fd47d03b1727db6a694b263c4a2969ae3a80fc4c162aa59d145e5a63d8e91f0e0c68d77e40cf6fd95453439b99358b040316f3392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9db8d3d8d3e5ed7b3af8d0451dd8a024

SHA1
4532f17412145fa5231ffe40f89f9ba93c43e444

SHA256
0d68753d5273bf155e29145c179bc35ce4028fcfe0520be10135604db4def046

SHA512
2b32a41d6d6c68982af1c517dda0d9e708a341ecb8bd592f2105e574e7995980cc165c471467dc4bb0bfa3021a2056890c7a4be48d25434a83c5c8f260acab75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
09fb8d63763509a085cb85b91bdcc685

SHA1
8adc0e69ffcfdc4e0a8133178bdd0622d60fb435

SHA256
65f3d6e5710deadb5c3eb05a0ee200642001dc807a05ee8bdf85d394f2cf5aee

SHA512
806f109f6ded6089ea2ab4a763e10fa34a71a26d117f8d0009067e1b2213e8d3fb461dbcb81753384367cbd2be5ad40cfa3f3fba453580eef2f9b0ef07f53497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46578ec05c27f9a31af864c252ed6a65

SHA1
f2bc3f5831cabcce3450ae18d5f3adac0e6f88c0

SHA256
784235c44b0b4bae7584f241516c174a2e0be5c656a1a6e7a0b88e192d6580a4

SHA512
4a29b6490612ed74b87b4a8de6d403a6addad76ff049af7c9548b39a28cd98fd08720c914b4dc0bdfab4adc3e220178114bf438a8208ac70f826ed550f1204f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
12afed662fddbf3f3b9023654c7940d7

SHA1
2a19e49bc867384a16371f340cdce5e038089693

SHA256
58eeaa41a96323512aa8aa52e1bf9a06fbc42b98ac0219ebf4712ad63aca19e9

SHA512
29e4e11f06af326dbcbd5bf606f4ec7366240975ffe8d8fd766a7e41ea51280cbf954e84f56ee214dd03446d912113b6401fe03dd51ed37858e4a4a297635afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2196ec5beb64765e58f3f82294f6f660

SHA1
09020cc27d122f941aed21d5f52462eaa3c082e0

SHA256
864da3527a41971bd81203a20861fd669d97b1c7becbfb8b3654206784c57989

SHA512
d2eb17c5fb1e2cbf4b673d3e32a046343e7df4f40c388ec9222015320fc82403ad91814ba86627f1bd3acdfa78ec791a76d4b92f288775c7265e2784ec2d3f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
9d724bc45d1f0e32420d0b0ac03f16f6

SHA1
aa556d8f36344162f8e0fdaed0935815c6b41149

SHA256
828ad320047d0b5a935f62a90336161845993ec6b44b9a91198ae601f7c73761

SHA512
a5bcfbac631eb610a929161fe4297d17643a71f82e1549b935a4f01da8391a1d03e706fb6c00767a3ff7383d380fc82358a01bbc2452f56934efa48ad50fed84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
af6784f6dbd19b18df761a1b6f2f98d5

SHA1
8eb0d04a6fc9312f73807e1be1d10c318b527104

SHA256
633c9dddec24c0451daa3f4746143f43dbce42a9a64c4556fa3f6b8aed908fbe

SHA512
f1b3b649bd74880dd8e48e4fecb1e210fedace8383ee7d73ccb3921e91b25c9c18e65ba9f1e4fa1f6dfcd8d7bb286a1c754d70616c7da58602ba8a1d86562824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cd617cd860b2ecbf223bf34df771167b

SHA1
4704a49084c299576d602b4f4f6e59d298426070

SHA256
2db2b5fc2cfe4f56afb49cda006b3c23d578b002282130a56d1d7e6fde94b6f9

SHA512
807a25adc2bdb4dda8b3580644fa3346cb3e2f25f6f8ee9267a68230c04fa4ae151923d5849b306c8ea09a66600d3724a01c259122578a502bfab89a29385efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55671528423c3fdcb3ba254b8adf01b8

SHA1
50400df4df12a04ee2154abe14246ffc651de75f

SHA256
095a79d22df7f4083f351a3d6563fb93f7549e8f95d0bb255b6b02118014b547

SHA512
ba61b9f99099b63af9439b3bcc50fb04709397125b1da913c1a429aba91932471db0a3ca11e35b22a690e4593fa1c81472a4ee69b831963e17200e20558d7869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
59c247e679fa576505e9e1c60ec6208d

SHA1
b0d35edfaeb16b284cbdf2f68de67214ff8c26b0

SHA256
5ee8621ff7850ccd2b376625159c19e25e0c200a870a7ed884633e3e4706833e

SHA512
7fc76fcba3a884bfc3ce2a140105bda0400c11b5d38f2a2d33755cbe04b31d857fb3652205c63b90e669d1b37b035c62be0f702911c646cde60075d1f300fde3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6848b60609d5d11b2a91bcbbf54331b1

SHA1
3659dd975061367fb406e239035475444ea6741f

SHA256
42a887ac6b6c04fae3a7da3c2f6b0a41517fda5ba97e16db120f448c959c8901

SHA512
58ae2613ab6b0c883bc7dc1571b349ec23db70274f6e8de23ea2e4b414b8f3fed6c9482c954814190577f4b9cf70ddb7f5932beb1f4c4ea8f7486fcb788c5ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7d61573d20bbb023fb80540eb00a2526

SHA1
822943fe85d9019a2c5b76de649b0c5b53b95477

SHA256
2af364034b3c14508baaf9053ab2e5f75149affde262cc9175ff35657ef20de2

SHA512
ed4286ccd3aa966a513be535b1644dc46727a9db8ccd28e1794c2271716cf8754389c955475654be5c18cf5fae5a6889fd5752aa8c9526b6f584414bee81c5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9e5.TMP

Filesize
366B

MD5
d7f4e63b22de6d47c1f7eb65a4627f77

SHA1
77f23db9c5ab0e4b650087609f74b003b689f26a

SHA256
c6a38600c50d11506ba279d667d5f3afd7ab14ec21b4c3b4ed6c7188d9d2477e

SHA512
e333ebb5234e64e4f8568bece49155e812e17b00a35c900fe04a4790b3e14c474ab3ef3ca4b184b6910b06c063a861d5984a982ea8b5080a57b63608c0a1c1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
264afc39def096ce16f1eb8abd2719e8

SHA1
97df6098ba3f59dbc38c0493485051cc05a94f32

SHA256
8988aefbf5a50c396a2a8975e1307e142b708eba55fc2fcb1bdbeafa67e4528d

SHA512
a2f7cc83a1f2096764fdebbe49537a1656128ec25b13699d869286600739a451c883350229bd869357379694eb62d31dc519578b32cc68614442f1e2a937ce02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S4WZTTPHSCTU4YHPL0UJ.temp

Filesize
11KB

MD5
7f8377cb68677f64553c888d1fb7089d

SHA1
00242b454ef18cfb602d932d5356e49c647a8afc

SHA256
806c856c3a42ca8025a17d370c1b7e96028a0986bc17dc4d23d5657784b5b286

SHA512
c6c55f1c60027cae5e121e24ef6bf79b295861480ab2a6be02338a8bc9b9a511b25d6aff8944d86853c25d24923b97f95047fb02b3abd934167f7eef94dfa84a

Download Submit