5e9abe7c0a9ee33a8597c5a923af28f91e90e706741c3e3191d9c261ebac78f7

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MICROWAVE.webp
Size

59KB
MD5

8c9beb192d4d9b3b8f605ce2f730a1d7
SHA1

810a8fd46963e2cde9bc714177b893a633016e82
SHA256

5e9abe7c0a9ee33a8597c5a923af28f91e90e706741c3e3191d9c261ebac78f7
SHA512

25bcd758eba766fb2dbe89630ccf4a80c3913715452f46990e31d7edced41359e99a142ded140ab8106a5e1b89b8a2fca8815b64caa1aafeed86648c0fcc2f11
SSDEEP

1536:ynOnmqlCB6c9CIdgYABxXIV3wYA3kKSG+VOe2asU8aaowh:OOKBf8agjlozYe2ya9h

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{68E06CDC-073B-4CED-90F3-93603F710502}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
424	msedge.exe
424	msedge.exe
3432	msedge.exe
3432	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3648	msedge.exe
3648	msedge.exe
748	msedge.exe
748	msedge.exe
536	msedge.exe
536	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2668	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe
2668	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 3432	32	cmd.exe	84
PID 32 wrote to memory of 3432	32	cmd.exe	84
PID 3432 wrote to memory of 212	3432	msedge.exe	86
PID 3432 wrote to memory of 212	3432	msedge.exe	86
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 4156	3432	msedge.exe	87
PID 3432 wrote to memory of 424	3432	msedge.exe	88
PID 3432 wrote to memory of 424	3432	msedge.exe	88
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89
PID 3432 wrote to memory of 1240	3432	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MICROWAVE.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MICROWAVE.webp
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7dd046f8,0x7ffd7dd04708,0x7ffd7dd04718
    3⤵
    PID:212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
    3⤵
    PID:348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:4000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:4192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:8
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5280 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
    3⤵
    PID:4104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
    3⤵
    PID:524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6736 /prefetch:8
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
    3⤵
    PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
    3⤵
    PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
    3⤵
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
    3⤵
    PID:1620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
    3⤵
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
    3⤵
    PID:4560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
    3⤵
    PID:3120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
    3⤵
    PID:2856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,2011247797449055007,11179441665604154564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2668
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Arc (1).appinstaller
  2⤵
  PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
546a930636527f5356401bf758467256

SHA1
dd0b91838b627cb966c3ac627c1143aa2f516417

SHA256
870bf85856d6ad02b1303cf775c7849e7a6656c9ddd7734e5a39d4d0b4afec7b

SHA512
1d7d762e92bdbc5ce638c260c6d26c2c286f7e36fdb08798bfb25b957f2cd5562b760785dbf3c7b04fbfe19c9014a86562e470f8335a3c887b3d4b5482123f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
25a7f8dea0207366b4b9d77569ff6f78

SHA1
57a20ac66704e6b2766c6946fafdec22f47ee79d

SHA256
502a9f82d39ef6fca4b4fc1bfd046b9736d8e232c8b1562eed0ca62d149bbfed

SHA512
db300662a1a49ae8417fb013462fc62ab20351c9c458cb60b0b22ec89c1cba410ae03301cefa6464dc58ed332ceb8a2d67eb6b8078c7f2127729594126133024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
27KB

MD5
527caf646477d33696867ce152d0e279

SHA1
81512a0b18a5d38792a2d3c32724b3cd98e0c59b

SHA256
bc4bc199fe01ae7235650a68b2efe8e03a27cbf0f2d7986c574e5728b25d86ef

SHA512
21535cf790e56aa6cd3a62734040d9805fe44803db8910f258b781f281c98cd63b8fdfe9611ae8853df084a1686f5dc9191fb3ab037b67e872fcf170ec17a993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
32KB

MD5
0cbc22197feed9b2fa3056109d9fd5ca

SHA1
eb5937db63fb2834ff3b61318ceddb2449409a78

SHA256
dc4fba08bccc9324b35e0cc3163388996dfa8ecaaba70b3d5d7337ba8e93a766

SHA512
b1b776a79ab3638bfd42913edfe2913fba999f5c9dc376b8a1c980809a9beac7a84f7332eb92bd539021c0c6f60959551e24adfa28bc0c0f6b479c05a26fc7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3b580c8685c5229744e48ca023377851

SHA1
d573dba61286025f788f6e582a190343a6a8dffb

SHA256
ed7fff92a66891201afc32ba048e81be55d2a9b56f035caade0a3f1442afe748

SHA512
5fb8141ce7694694b74a995efe85e99bbabfb86853ea65bda0ac55de0e5aa6f84b51ff1523949888946baa8f8f092e45629d22b0616960f93efd7b5732211cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
80409a1c042e556881bc8c201f171294

SHA1
26ec04ea162b0b95c37d3768265b645c3530505b

SHA256
b43bc59363ccad5505412e60035ff0edd49a712b1bcb2e943b7bc8530263bfe6

SHA512
ad87a639bfee6cc05288f0851617b9446aace6747b8ac1afb2d099c508461ae5fa05696545d072f4a59ae0dafbad0d4fc628222601eaec346ee81c23a4c09fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e0ac600c2ad3b2ad6713dc48b3e0ca3

SHA1
0613f6886607767ffa413460ee53fcd15deeeba2

SHA256
e1b5d03e1f7e391ef21545ac383fd40159294069633e456d95b84fa4552837a2

SHA512
3fdd93f38574893696a663313c845f3f24aeb11ce0d76dc6207c83d1cf386f7ae4c7bded058c62ff9f1bb5344e01cb1ab92d8713bdeb7cf93f996cd580742653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
945B

MD5
fd0d1f164448b638c10f5c1550703a1b

SHA1
0f8fbd0ea514c9ebe9768ada39f7bffb14fd0df1

SHA256
8b3af0399fa8a4969b9a96758dbc207c0628c48402e59a212b69166cc3e2fd1b

SHA512
5aa82fe7b14bc66527cd5178dca6018dfe20fbc449af1c46b55592845e6161f46b47980322251affa092e6fd5b11de291b325529d2ddbf5f6550cbc651db4192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
555067caf49f07cfa814a121fa778b1e

SHA1
3fb9767561f74eb8129e2a5055a72e5d4e516b1a

SHA256
bd7f6adeb0229d7e0519289104f667e910ea6223f5fe76fb6781389eae36b62b

SHA512
796800e0d364f1de4f4e41c04c804fc5c44f9d9fdaecbfa9185f9fa15e3a4e34a567fb6bc19ee129424034ac3e59f919b21150649de2b28a8f4cf6ef9874557f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ef6283080ec5674702bc2285b1e390b

SHA1
bb126d6fe34da83a5d4a4a6f80110d81049a5648

SHA256
0e8d30050c27699424e01b96722b6b0ea917fa2083e5aa0b89420ad27add01e9

SHA512
c98456e7a5144ebb61942ce42e6cb51021ad0e4164bd22c4976cd73760902217f6f4d1db6a8ee9e9dd56d4d48fff2708436aa0d6a861888dc43fb64cea693af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e7416e5a1490d6e4868691abba09ceb

SHA1
0fcbb91ad52a4f5d3c784266c168a57bdedbb600

SHA256
8e207e0d271976ca8d1b8707bf1efb17b06f72cbc605bcf6257f520487f566b1

SHA512
b7429e6a98b32ed177407e25a0abd9c99b80da93da8b285a6e1f7d243fcb10308aa186fab4ed931f5d31fd476c36c75ab9748a97a3a7f0cacd8c7e5ddc560017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7269f4c20a6b19d3601560085eaf51ba

SHA1
1e206086442dc94dbf9527d4c889ae018b8e346d

SHA256
d47e73d77a8bcdacdbcc42bf2b7996f563b3ee1c04650c8a6aa64db53111f058

SHA512
fe038746963aeb725202e65cf94301b28946b8fffad01efcd369db94d9fddf4d2c6d369cc825e07a11612263a9cb97ee45e4917c143b6795b70a103a3340c531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
596d97589957c1512c512be1843a72d8

SHA1
6646adb534adfec3e7f902ca62d9d4023eaf4cd6

SHA256
80907c50dfa1a3766759b2055a8c7075e2096daabb2e4ab8b5c8fa690653d960

SHA512
64ade446c68b56ba89cfae6645136b541425575d11d6f1096dfa789357da1fff7ee74d0a5ac6b3b978a2c5bb612747e97d972ae4829ddf90755a96b92538cb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2117a85012ae385a72464479a9433453

SHA1
4c569efac3927f6183ad014107cf1f8b164fd254

SHA256
832fbdcf7fd95be18d3fd6bf106178ad848853d8b27f6e2e99262f0a92b97e0d

SHA512
49fc829bbcb4191d74199464335517f6f97eca7be18b8db25089bf97f1a848f27ef615644d3145ba230a810da4a8347bd69b19da2734d6435f542c5d6f22739b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f41fe873311fa6cf832fa4fe902c6a

SHA1
cee6c7375db911184391c2d0c653e366cf0888cb

SHA256
e44a3b6558a8342d2df134e9d6a09ceb37d9f563b750503b55f55a6daf359828

SHA512
7f07b04ff22ba1e12709a54166dd088017e9ffeb50ab9f586302a48bf62d8b21476440f02706fe47c92fc002b9c9314bf6794bd43e0327860c2f845e3ceedc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3e0cf61c64bec433885c9e79fa4a4568

SHA1
73a1acad22a9cc4ed92829693e1525d243de18d7

SHA256
6de4e9b0bc42cfec1c786d6ad03020c860b73f360c90107ac1ae7b63190e9629

SHA512
8b5147336ff5272853bb633d0cd5402780f5369134e3644bfe828b2bd88ba9e7d6a4da382893f435deb9c8db70ba30e3deb8ec237319fb0e9be49283cecbfd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2116d09792d7df3c0ce68586767e955

SHA1
8093011fa78a21bd6ad6bac27e686dc19eae437d

SHA256
0899bfe60a9fbc482815accf976340a5a1984dc210961cf43b52894b6caf3f8f

SHA512
b9dc026225b31fc464ddcfa72cf13822f6da0d0c2d1244f51768dd391435f8b8f0a6f818418bcc91e4078eca9220dbda38a5fef7b91dd672c1cd8759f22bbd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8430e769b032d5ed610de37994fe0071

SHA1
617a95d7dc77bb5b1023d8bac76d2dafa8067768

SHA256
fd2277f0394afc4ea1c95c3772727114407dcda2124f4550cbcc483805964e96

SHA512
9bf2f1966c10e680433cf5a1dd43bc75543cd2ead3b9fea568d8e7e4efcd63f2ccce28009642c98c3a1fef6ee552164493d4c2d7a0fea4a049a3058f0e814b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
243b66ba2468bbfc29f418c99feb1134

SHA1
3596c6df5c53779c3956649a32eaf1518eafac7f

SHA256
5d9a64f70caa2efc318eea12cb0abeb3dc8ef6c602adbc39f0185a945cb53e92

SHA512
37c427f26ed53611fb41c016eee987a96a19dc929e10282d03a689cef1fc3ac08c061949b45b4da279c0b87b0dc71e2835c935650c99647cf4a590cde6200bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c8e0d8de62ba2f777133cd0d19aeff7

SHA1
97c90995751f0b9e5e65a2ec29b80131eebf671d

SHA256
52fe1d21989d00a7a39722d7cca2a7afa3e99634d8a11f5a457e3703f4b41613

SHA512
ecd956e957e45277e9e2e248d3b415be354f90e3091621524a8e5903388aee29cfdf5a7fe7a7e058dfd21756770789d20b1dfb8cc47b80c71a642f0d6d6b870a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27c169281691936273657d4d625a0b27

SHA1
008fcdf59e66ceebd6a36b0a5307b62ac15b0c93

SHA256
6beb839c41b0bd9d790f666c40983ef2d2a26fa95375c9fd37a189e7dc010bd5

SHA512
28fc57f6efae95968dc4f49c55f75f736554857cc9960ccc83b2d483a09bbba199c352873456a014d07ab605cf16ea17dee8b41c6822385cd73b7ab1b8d1fe24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3861413be01a2aa924bc59c1ff52bb1b

SHA1
452615e2cb6d42b5d25420493ec744387e139349

SHA256
cdb2276f12f4963d0d9be6892559ccf8c9211cd8043a6c95aee9a931a2c290ab

SHA512
da8b877b1a2a848923b0725a7aa97df8ba8bb74edbaf4ecd0bf8c4c27fd9f8ea390cdd80ee9bab3617afc872ccf6198eb89214f18b18816b58ec95761ad8cbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bb67f260befedec740dcda22907f0865

SHA1
fa53ff202da346cfcd30aa32b800bbf42e51c18a

SHA256
e5176a71c2c04ee6e59c8781e156685562dbd68eb1c4befe9afc1470295aced0

SHA512
3858bf860b98cefd0edd9105395c9a539d687e35d3cb94e6c8109509505448c1faddc6c46207e59207871ecefea8131f35de74c52b0729b9ef240455959c8f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2d88594a30c448b0c13d8559c8851e48

SHA1
d6321061ca30702feabd76980698cce50d5a07e8

SHA256
8a4e80a9064edb092cdfad32e4fcd042e195127760004c9cef7369b8ce2329f6

SHA512
417482ef2025d264103f68e7a543496063360609d94b9eb954f32a94337c709d8853ca4fc95d39d364050bf95b69c9fefe89abc3ac77209f85846901e963bec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6b24c8c0a75c25618fde3eaed806fb4a

SHA1
b5001af20991f0ac791c7495fd0bee8965ead5f4

SHA256
c8e7332664474da55a0b5ea1e43486f6f856ef6919f8f396402d50442c61fbf5

SHA512
23c90e569d68213aa8d94113c51ea5e65382b9f2417975f8559ada4749b017446d4a1aaf3420cb4ae810cfbdd55178df4915fb2538988abd138ca2c53ed669b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c7343d6f167ab218662cd1034d6127b

SHA1
3cd7825116c30b50499cba71496d34f63df34c5e

SHA256
86d2d5a2c69328e88f08d2245e51427c79231d896989c0a4184fa5eb718bf0c2

SHA512
e5a5584784375fdf254706b5dd52c905dabf488af2bb26daebd1b83fc474fec62c63dd9efa4e1db254f08498b3a055535c9310a0a8d635ac12069ac2d169d18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b44e4e7469ae6fac52fd8a9f621f7589

SHA1
8c0bf2a48bd9d7b1bc4020f3e5523d379e501b23

SHA256
9ea1cc3e2f7c216f7d6933255b76c3a552132bbc020dd860f35205cea145133d

SHA512
5220d630ecf706350e58d346889ccd6e22d3e83a00dc24d6ef38ad96392d58cac6e166536d4b05e582c0e1804cc74beefe0df062df1b7b17f702f1f885c10fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c191.TMP

Filesize
536B

MD5
1246a2389c42e88cba0b8a7418b93259

SHA1
3437883cc6574e8b866c62663fa733d5930ce3cd

SHA256
cb42420ca9fdb4e53d251a06d5ffc29e56a8c4fd7de51b0f60b17ef11ebf1181

SHA512
3227e0c6345087b1488d4d9ce258bab2e3e8315adf9e3a54dce2686ea1572255b423fbf1afb7d2093498baa76a734fd2a7b51777580dff0c9c7c3f1a43f00d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5c82195f7d4f4fd0159b921e88d758a9

SHA1
1eae21f05d2c01f4925a021f72e0f45b0e0e3650

SHA256
c4f8617faac542537c1224e75f92ffa79f59a9685b16d7642453436d4cdb8b9d

SHA512
3d6984276f0e8812f49caf938eef9f5afe84bee9ad9614a6b63f44def154e6d7ec01f0d42e32ef10e9d8665f867d5e170ae7a68980674c7f57cb5e7a81bba20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e24a9e4f964df833754bf0c122a3997

SHA1
bcb992b99408fabb9edaf1338706a3dc75b4ce34

SHA256
7b732b406f43fe421d17e34d959def998ecd451347c8e02a8a2bb58d13124eb2

SHA512
536adda53f7224487711c8e4c9a0719c730438ffef217f25a25e32618d4f1b069bda21bee87b31efc8286ce04fba4e26d1b19a327c40ec6f85a9e790188ff342

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3014cc9b4e540561eb8a0a84c957e657

SHA1
c3b90c053de011b537de4f798ff9e708eca44e29

SHA256
726f990faa17d2dc2981d9099fe9ca8f7bce4a6677a3e6585811e932771ceeba

SHA512
01e04acfa36962205b1658fc2b445cf1ce045c6796ec8fb9cce4f52cf1b6d3487e0275529bd5fa537b4e30f77e2eebe015bcef47f69e0be38d864e8704bbc89f

Download Submit
C:\Users\Admin\Downloads\8f290783-851c-4e83-866d-30dd15639305.tmp

Filesize
1KB

MD5
d953396411b3b3eaf40f0303e0327db9

SHA1
8c4094e21bf4123214b51aad9450eaee3840f731

SHA256
eea212b1db8b696bef80ce9bf7ff60a7bce9274abad695088a916fbba110a539

SHA512
f5fe4d71e0f4d5a881c5eabf72630e3e55b957ef82d8442fea060b64bf60b6cc93d539bd7c9ff1dd7b00ab4ced725d1e7fc364fa5fec0537a5e7e371957ae93a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 768386.crdownload

Filesize
448KB

MD5
e3752617a4176f7ea71cb12004613e32

SHA1
61dea9b9f9c46adb950601c46f4c69b532759ea3

SHA256
81bd022089d65e6d8ab498ea707e8698e2155d1bb55f8ff6f52b4754a36ef28c

SHA512
974e540418dfb812e757825d8f1107ff97f39f0b8373ceae32a6be89c3ecd1fdff9fe71c76119db7940fab40282935d3d55dffc49bf1ea72f55b3b2b1b0f0d9b

Download Submit