hxxp://github[.]com

Resubmissions

02/08/2024, 22:55

240802-2v6b1aydja 6

02/08/2024, 22:32

02/08/2024, 22:31

02/08/2024, 22:20

02/08/2024, 22:13

Analysis

max time kernel
1185s
max time network
1185s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

Payload decoded via CertUtil.

defense_evasion

Deobfuscate/Decode Files or Information

T1140

pid	Process
3664	certutil.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{40079E44-0884-4163-B346-E9DD1CFCFF54}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000071beae6cd7e4da015bf503fadbe4da0171f587e22de5da0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
780	msedge.exe
780	msedge.exe
2980	identity_helper.exe
2980	identity_helper.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
2404	msedge.exe
2404	msedge.exe
2536	msedge.exe
2536	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2624	780	msedge.exe	81
PID 780 wrote to memory of 2624	780	msedge.exe	81
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 5056	780	msedge.exe	82
PID 780 wrote to memory of 4792	780	msedge.exe	83
PID 780 wrote to memory of 4792	780	msedge.exe	83
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84
PID 780 wrote to memory of 3580	780	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8d7746f8,0x7ffe8d774708,0x7ffe8d774718
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7856 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13241020328415678564,4472339212733915398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw.2.bat" C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw.bat"
1⤵
PID:3960
- C:\Windows\system32\certutil.exe
  certutil.exe -f -decode "temp.~b64" "dw___.bat"
  2⤵
  - Deobfuscate/Decode Files or Information
  PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
017975d305729c957b42440bb7cec4be

SHA1
4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

SHA256
6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

SHA512
216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
37KB

MD5
6e13703b4b9b3fee9c9679caa6444f08

SHA1
eebd698908234ddf27a333105f645667e2eb7bf4

SHA256
e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6

SHA512
873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
42KB

MD5
c18ac29cb1e1afeda67dcee7b8fa497f

SHA1
2e2fca9619705de092131991d0129594aea866e2

SHA256
f5f3e3e947878d45fefe0b0a2f895a13010d3121eba5e9d07bd1d79e01ddc3a0

SHA512
5dcae0c20e115715b382792e9b6293e644d44b644dad8a2960a9815beca0ba1ff2697118d282580c473643f97442b61380bd59a5ff92eb50bad11e96dc81a48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
51KB

MD5
5a7091bb1c4982bde3f9d3901587c11a

SHA1
2c990a8d38797d5dbcb8322219fc9d828aeeff29

SHA256
41c8fb1312e45d8c38f20cce6e9b922f39ad22728366566aa135bfca41e8e725

SHA512
1a8628e84210a47deb5d626d0f3c3ae39113e72a71df7ef90c6bcf857cff336248bc2a07a3b9be4cc66bf90587636dd34213eab52ac27d273c74c6005b3f7e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
70KB

MD5
89e125e44db3e9bb757a3b9db433f60d

SHA1
754748b400dba070ee0c5844325e669177d3698b

SHA256
73c33daaef82fba5dce5553f6101a76e64ce7f0d67f13c713e102b987035b696

SHA512
3e51187da1d6a4f1d1ff975088edb47c5748b35b3d6325a11bc3221046eee28dc2f06ac5abe5fab86f201b36190316a3e8df40291697e1c72ba28c3cf41717fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
82KB

MD5
2981956952b10f3369e37a7b9ddf30f6

SHA1
feb028d6d7dcd4c7d09913b3eca5e0406b621114

SHA256
d12e93c153c3af14b107a7a26ce03d011a23e3d1da6de878157db3be9e1c0547

SHA512
89a901d6ebb799bc8015b6a6ad43440cd366c64c98395974bb441212fd69ff8742a3a861e73fa175e81ef5d81da260d88dd63a93c4a98e3788778aa8f6cf4c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
107KB

MD5
4500f20fb471723d4c16109adec5aa3f

SHA1
5f0f06268d374f036527b54c35277c1312120fd1

SHA256
07e20ac6430e61c3f103e3518ec868f2ac033243653137b9a8ba64d517152ce0

SHA512
eede15d6ca0d3211f2706ff7620ed0b9ab05c9b146f7b4ea39577259df86cd9c0032beb3632f009e01d456ffdf4c382ae69174c58bf24ce74a2a105cbca2bc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
55KB

MD5
0728625a147ca79276a1790b9cf3175d

SHA1
60d4d776f49c7e1627a935314230dce18fb3b382

SHA256
a9a1ce7d77f651dd85dbbbda3c151024e47c5c85569801c994cca98c52e3da71

SHA512
647fa86e7a24bad9b8e4664dfdde280fb2df9c0b58cda936a1671d4bc3a4cc314f0ae231bd26fcacffad0a428b9891cd04df63c6631e2aa6d18d8cbde5b654b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
64KB

MD5
13a80fc42f2684e525a692deed114a30

SHA1
08cf53c984247a1c68dbc72de6943ff1400c9b08

SHA256
b4f839fe6d6983f14772176c062debb05f236832f2e5597f2cedd4b94cb76038

SHA512
2cf70ecf256667368c46cdc1a23ac8c6325f34992830ccba25859dcf28630bfb402f4ec9c282c9e1139b6016cea6be4841ddeb34a01112d8a1905ce475f1661f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
71KB

MD5
15484f9dec6cddff6e339499d6f2f3c0

SHA1
566925a31e2b61b209bcf6792b26f59f4f15611e

SHA256
e4b63c956dea058e574789831096f55c4fde924553a1195c0a70f79edb3dc967

SHA512
198db97408f8991f590cd15994ee26da9b12b9bf24aff12c2520d34f3845c720b008ba417ef9c8de245ede089fe4c1a39c0363534f06c687b222f87babd9c1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
83KB

MD5
0a71259e7455d10e4949972cc8861476

SHA1
e0a5a39309a7f72696eec1678f2c2633fb2e54cb

SHA256
a8460698913026a1b12d91e2c85d78496152a088d400fe52f85fde2705bc318b

SHA512
5c3800b46ecfd060c4416e9f6a59f743a85eff5c0aebcc8207d92afa5c0366b2245da6339b74b274e9940373bce0fb82e317789626aac3526be80fcd61783962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
100KB

MD5
eb291bc5d41ae604a5355f363a3202a1

SHA1
ab4dde46316a645b5eaa2ea2c6ff3785ef2cb68b

SHA256
546de67e0e1b05cd742955c8b0d2eb5d7257879bf474b4c6d62bc70dc7601460

SHA512
4df3792a968116e0bda077bebd094ac40ab8f23430cebcfc8e00c18c167820170d3167ba782abd5042dfa52afe792610411ecf924d8c0184428342f3dfd76442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
71KB

MD5
d295afd682acc1893277bfde2cc65be5

SHA1
5ff2747bf85c79ed5b4f3f1bd5a8de099b78c7f5

SHA256
faf678ecca6ee8fb17596e9e29c66de815cf240ac1e50ec3c23e03a9bef626b6

SHA512
b475b06cb7cc015b6a88ac60cad0f93daa1e294519cee7b7c5b914961331a3896f178d5bf4d03cac4d81b31a426435d3b064f7a8ce6db3b60990f068d5a6cf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0707e9e3705bd99a_0

Filesize
281B

MD5
26d6d2be7dd115ec6639d3d340459313

SHA1
2d54967311d66ce7c6a8f3b957479545d9c5caad

SHA256
0052c9f813dcd28fd26fe81a977a42386eb01b0d37aaa9fac01141c36e43427f

SHA512
cfe426bb29df083f1162789843581902330b6374298560f15e200fc054bd814d282f27a50375b20104313f478ac3424a67c7e5cb9d3aee8b894cf3817d5464c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\156ad47f57cff53a_0

Filesize
29KB

MD5
2cf28445461f99fdbcbf3df44ebdb7ba

SHA1
64e813f45a97b17d920c5a097f5e96da89a6a480

SHA256
89afc4ab594da4ba1ec48261651498f17135f9cff0e6aea02684e1dc427170cd

SHA512
36fe9f1314b33b7e161c06bbae7c443593ef66c0905841c6b3fd8afaccc20936d9c4371357029fdcc9a0b289f22c25ca41edc7557812467ca755e9e6f8718a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\194d55b2d99ed1e7_0

Filesize
126KB

MD5
775b7a6340256fa8cd93f82fe01db316

SHA1
aa0891a7d6e3af78551ed26fadc922d0edf9a81a

SHA256
bb58f5906608667c9b79119d75b130c9aaa7ff20104b96398415603c6cc87144

SHA512
1f54c624e3c7f13a190ffb167f1947e6268b43f3e9a14ef69f30d9c7c492afe22bba98150e169b21a6a307ebe7ca43eb0ef870bbd992f481b48a31a9549cc157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\38cf7a7f1d59364c_0

Filesize
85KB

MD5
0bc5c5bf24e7537e708b390d2bc56a02

SHA1
4c697001b7b70abb35e6337ad69637c0bd5f83c3

SHA256
f56fc1c8331677c33a06fdf01ad35e3464af59132dbc3ce866e9287054c04362

SHA512
8fe3821e970a65a153db1bb825ea1e5548550e338be8f181dc61d6608510327b0eda0e5ac093f3c22bf67c6a4831902b63df49a519cc60e1b73355014b1836db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64223413fcd8d885_0

Filesize
261B

MD5
0069a98a98687661dfda1aee4d91a290

SHA1
f0a2a8ec8c79868e8d1ef55a8cd808e1840a8094

SHA256
cc2e740cb16a2e54974cced4745a1114b01087b2b3cbe22d159fdb0abdebc084

SHA512
a4b6c7409fa759a960969bd3fde491d0b201ed7162a15500995dcd0604a88496d0d689dad7374df2738b78653b0023a138a292a644721a7e8560b4304377fb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

Filesize
19KB

MD5
cf88dda1519f3dfb4e0dd8a66efcf7f2

SHA1
1de80af569fc4a69510eca5e6ed9ccb0b49faab1

SHA256
2323cbb1a85fc0d84ff7c4303ec7851ff16b6261fea794fc733d47d7964516af

SHA512
3780c0713bf7ca85608287f0d525744da34a369a5799f90e3114f1f07bc7dbd2cf38d2e094dd1217f21aef5098dcc034d6a42cc38661e92bb9d37e26406eb294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6943900f9ae2a5b6_0

Filesize
257KB

MD5
871bd13bc453458a2431a81913d1aae0

SHA1
91eca5c3179370d1d833bb79baf32adce13a6281

SHA256
b1e00064cd7660ae28c722c931e0ae310e4fa1f7d4a428fa3acf166c3d396272

SHA512
f54b23ed13dc98bb89f43846052833cafd4cc9c1c5455ad5d6c05a414a3f0cabad0915637425f095dbe2befae85d5bfdd037c51b34bec10ae27a31b86a6e1180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8da788ed8d3cf1ff_0

Filesize
264B

MD5
c42f28cd7d118a66c88854a48828a705

SHA1
d7db17d9a92f71c5ac9c97b11dba45aaf27eb766

SHA256
344edae39ddbaf9920eda5059723b8d3e529d666277cfdab06ad33c48bf17270

SHA512
65eab149aafa6492f58e83d2dce2912c60ea9f24d26b1bc8e10c34bc708da84f4dfc7f6761318b9e538a3fd39a1a296162a163a60f9cd66a225add3b05dfc895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b41c96b8ec769b65_0

Filesize
263B

MD5
747b2279b8c4361306478e3153d559dd

SHA1
430168618a081b9d3dfec4660f8cb96d880aa211

SHA256
261ed5f645ca676156d924c479b8a3cb77dc46930a4c4d66d6a94a7ac67b6d6c

SHA512
4c3e5b17fc8fbb1f23c385d15123d9a8239c633e0ace6ef05ab14b4267533106bd38dea1b1983e383f6240b9f533af964aac7523270a1f16f378132b75b1a3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2dd64a649140650_0

Filesize
253B

MD5
046c4544f71431089a4d48023faa8a22

SHA1
8529eae11678a6e1746a2cd56eea067897e38f6b

SHA256
f0cc04b94f2dd6aca7b6c08ca220218e23c7f90b6061efdc14612475ecba10a3

SHA512
4223d84845ac9106c97ddfdfb24f61f48d36eb95878349cacf04f0701d38306d9cd62555fb8238b894380b608bf94745271467ac235df5b7d535b0c282fc97c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6000eee1fb7a97d_0

Filesize
314KB

MD5
fef01280aa69a1251949f5d4c2a51960

SHA1
2c7b9f05dae28b2eefc4650b543dbbfca6157682

SHA256
104ad2c2909c76f5a56797e2e9b2eaf18f4add4439a2085b7783e00d1bb8ccf5

SHA512
5e79ca78ca65b687a85d9c359850a758250d044f6c22fe8b13a16d483282d38aa2439de0a0a6fa838366b6e26ad9502b5cfaf765c7aa5a30906619b426f5b23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9a22b2c41cee0df_0

Filesize
510KB

MD5
6782b7d8cc289d22c261fda73f2136d7

SHA1
74158a2556ff62b880dd60c371d387b068de0abd

SHA256
d6f9d390a6dc50d9a72413d8f30ff382a5f1616a62c479a1aa188e96b54a76ad

SHA512
e1024feb23036ce842ea506301af908d0db33e8f44881e5c319af7c8a6cda14251f61711ec7c02e35edcf1b6d6cf19b944161f4f17c7e4560b437efe42368782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
31375163a4576f9c211936956b56a291

SHA1
62b62704614fd3102869a576e7c0c5ebeefe2549

SHA256
3eaca680f90e7cea931ac85c6561e2aa61a1a4a8fe98741b96adbe7e5b68aa31

SHA512
e2dece92103238dc9cc9eca340d3e716e4c8229976398317dc7942436476ebecf037f6edb335698605178fb8816307f4e603b2051b837cf08e523cab73b42a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e01e063a5e3f90fa2d8df5d2698b2aa

SHA1
33ebb49c1cefc9df472bb8664b0b4f8c5331a405

SHA256
0ce577121fbcc6c80bf194089ce7009070332745e148377179b4d3953251dbd0

SHA512
4cc6dc2bcc2bb04905577cf30d81dedb8c19edf64e63da5d043e8bbcd47f02e86da6824563be490cd1c2eeb57f9b7f13305491c3603680c74ad8df32c7e75cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
356527343826c705476f05308549f38c

SHA1
998a24798582d25a1d3cca67eade5b4e7040ab5f

SHA256
8680cfbd36699d88d57f2269a04de2583bfb2b38f9976adb26101a4ecbf6b64f

SHA512
fe50df5275755f020cf60f8db8b23ed8f9775de7f5db2b43c9a492b986c95896075327549bedc4774625cbe28bf143b4badef2ab55260ae3da6beac249677b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6e016bccaed5ca12781d68eef44a7778

SHA1
cbf8a71d23c2f6c92b6ef1eb5242f8f2d3106656

SHA256
c200933669b2767ead034c5d371126f18024622503fdb66f426c940ecc978cfe

SHA512
244337c6fef90ade2cae600ecd3131d783d65040dc9f2e45336426e46f03772bf8b3900afe3a7ad1b2014b18d81619f9f231a0acc27faf5b5b097bfd45cb5bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
db048a9894a0915a0d2f34a34775aeb3

SHA1
8cdf499cf39c92e73fd04217ffee4192cc742867

SHA256
8cf635d60037258418f7c346b22b99b09bc4f94736248bbb78b1456cd7c5c8e2

SHA512
5f6329f98896ffc6b722e40df7b6e7611063dbb92f35bd494f96831c6f53babd9d4dba4611d8666bb125071832a30dfbfb406ad6de9283aee78a6b0534b8130a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b773a00dd15f5b8f7eb87f05b5ff652f

SHA1
70d7d1195f81e3777f66886fe3fea7ad281d816d

SHA256
e924d0bfa35de107e243b8a9ac5b2f0df16ddbceb9b19c8cbf7024445f922901

SHA512
1decd23b2c266d4a3a49a50236c01c838ae4ec9ebc26798ea5ead7d2d35477e1d5a67166b5691d12782a00ca5b932baf8dd6594b89b5c856c38a720fda2a5aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7cecd93d0fb8774e678ae8a83eaf4beb

SHA1
7403e065a98b4c075b450415b952fc088d992b65

SHA256
56938a62eeffefbe66e4d5fa331bbba63aca8ff26b54871656b819dce823bed9

SHA512
e6595939ebc6dd5b7b2c74404c003e36bcaf5530293e00ce96ed61d17cbf702a64d1857ef1ae1d471baa2e5fc1bbbc7f9d3931267589e16d9df6e0a6884d94c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3159150b03b610004bce0f786c07b651

SHA1
23d460828d823b4ba26cabb3273d065c199c961e

SHA256
f85e5af526db75813a6f6540cef6539727dbdac807b82c908f621f78a37e7fe6

SHA512
fdb7f04150973dec8f25cb09d11fac89e7c69086ba716e5eb3d321b0a35d3117e079c7a55b906035747d931ed3fee21b6bf059c75a497d705d7713e70be32cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6e9938304367012454401b5b40cd4613

SHA1
ba64b3f4449dfda4185d2fd47bde2735473da3da

SHA256
eab377026f9ef8768186eaf60a6d87a857a228f6471c4e3e305d237d8f6114bf

SHA512
a733f7043079d9a0421e0503c9fcdfd2cff2f98c93a92f528eb75d49929d49f49a655db196dac4e4a62c3974de50769528168b040bc1f253bcb790548fd151b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\LOG.old

Filesize
395B

MD5
fcd1e1e6ddc75f0ce07a3ac2555ae9d2

SHA1
dca61f4e281bfc991e4cd3f57b65bde337c681f7

SHA256
52099d06ba59b0cb0d894f35bfc99d8c98963b21f776b1b1ea1db226c5cb1971

SHA512
8293bbcb94217d0d8b418c9140497db3d78edaa2bf3af88ea68170f912dcf449dc692f9ced85f29f63c0f22fdd9775708a78cd829328bd199f2a0442ee803a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\LOG.old~RFe699756.TMP

Filesize
355B

MD5
058776cf85adbe438ad2e0d2956bae99

SHA1
42f826d991f6532dc6cf3558bff96f175adfaa6a

SHA256
949fa2de2871285f584976f29c7b42333e05c584b0470cc281713c2950202061

SHA512
927f434abb29bf6e48bd1e7d6d2e95fbe0a87e759ca020aed05d21aa23e7df81336d6ab0a8b0522f241650abd7008d44ebcda21dd1cb0cddeb267e7695b1371b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
904a09eda09b01aeec6bd6dad563a8da

SHA1
2068c84c1db6afea251aaa5e6443c17ffbe34ba1

SHA256
d173a41cff740420ea0087932970407885aacfa4b9683f2451d65ba8a8699630

SHA512
8c8856f2d9262a9e5f520404813883d5d05aa8ec8ee056998ac8895a8c27e642d52a71a65cbe35f7f4d537593811f7900d5319e6995b8de3bc62c0dd0321ba3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aaad278d53365ce35590e1e0c6fcafe5

SHA1
d2e2e6bece168b7f856cd3a559628e885a2aa454

SHA256
e774b6aecc06c4a6a1a80094a0b02a0cce2128b62fd8886b7dad3b6310a35791

SHA512
baefc506a248eeff066ded1ef4a632c582f21652ceee91e8fee324b9f44cee3a566b57f76d89e45cb236c8b9a9aab1c024256b4dfdb03180d2423bc8d7be302b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0b2b6daf6029c2592d5ceccb7f93c939

SHA1
778ba36816dcfadc6ad9bf517bce8e8460dd7a00

SHA256
b6432dcca7a294a497240f289cdc6d02d099349cd080256d8de810671343231b

SHA512
ccd4518224aa69ab21339ff1e82981c1e121afec06e3639310a71140cb6e159fed62842c8d3161cc906457598cecfc633575dc02ddbf51b2d2faa6aa1ca03d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
479B

MD5
5baa8e7e7ba5f2953c6d98a5d4dee839

SHA1
fef0210ec40818ac480d277af64fde7fb572242e

SHA256
d5e198d8cd2f6a28805628e13b6390f3324905ef0096f3a8a51e22aedd334e11

SHA512
62eb0881e122f5760834385ab45da74692c6538c0438aee9623dd486969807cb6ee052290ae9668397b036307d8b53f7be0aa982fd8e49c1b7880fa4a3dec0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
82146fe4790899f134c4f4c32bbd1dae

SHA1
8aa53afaaeaf103fd9acadb3eafccc77abd80e2f

SHA256
d8774ca0f6e36559577bd70267800b4000a42936cbe9a61c53837dc4f3cc4e84

SHA512
a5140fcbd8a0dc14d40bbc2f4b88e7f908bcf81a6c6b414d500e1cbae6497093e0314d6bebb43799caf162f55048883b24cd4dd0c273baecea4c9156ce9a87ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
026c09979d681eebd133ed43378fc441

SHA1
67abe859df9cdd783781aa97061a828e3db04965

SHA256
dccd6e100fa53432e80979325bb3b7e63c59a1a84a43ba6e64d72f4c9ba50ee2

SHA512
15445097afa814150544aef706101aa037a8615751c47ae9dbe4a6e8ea1969cc2b8a58aec07734798ed917d8f57a0185bf2741dab930e5511b379862675affa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c182f947f233b7f5bf2e6f3a10f3834b

SHA1
e269cec9513786ce3dd4d516eac023577014deb4

SHA256
94e0d967edcfbcd9bbf9d1779c0012f38eaf3d278eb9b5963c31809ed1fbb087

SHA512
4864533aea69e7d47f4ef4b77682023e0d6a1e5747cf835e52cf93e3cb8c3889a21ccca17f50e51da822f3ca36f883134e433d7e265d6ce5b13d3291325f22a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42f1439eb77af3fbd65dc6681e0e6676

SHA1
72c11c3cc9e5ab07d4072215c07d435de9c5a249

SHA256
79f9959b0e12f15301dadbd60dbae0709077238e8436b51099e5b730352f46ec

SHA512
fb51a59622fde748157d8d432b8d38c484311639543426ef4877f8f847c168487e5bf7686b574e406844a36b4d2e8664f7d74014fb72dd5427ac4680fdca31d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1f7b354c3af704b995fecc62ab6b6680

SHA1
d732a5ddd3db710781b88bf6c38cebdeccbeaeaf

SHA256
8faf7efff5d28a758d0df7714f0032be22a6a93d022fa4cd82c8e04fe6210c20

SHA512
95cb4e045f02bf92ead8d1812e52d53a6d83fc2f8e268ffeaed8e226c449f93d01b64f1e283a99de4dfe774a5053539a57ef3a5496e789aaa60fd908387a3c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ea7df2e648283de945c7ffc3a37ad2e

SHA1
13edb30f8ca20b2974d7147b24b28e0f110ab467

SHA256
e934378dd14c5f49620031db16d0ff268cbab7fc4e2a8fe7fbc37a4596b178da

SHA512
cecb33ab4e5178100c32c0ddd2a593128b5cc751bb6dcb92870ba5e5a0b29b27fecaca991d39f434660f05f19625dd19010f6b43f4015443fed1a4d49ef0c240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da527acf4494947963be27810416baad

SHA1
410e5863bc0698778f8c02e03ed12665cf97513c

SHA256
47494bed15215f8a59b2ea6754311bdfe7542b438a27449f66ec56b65a38c6ba

SHA512
087f6831052f3d8f0a022001c501b0d80b3a9d809293fe3c97a6bcd5f354a45c1e88a47f7afd7b9213706451ecfd665e8bec6c3db211807c25993729183ccc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6076f7fcb228222e1d205898f764b0a

SHA1
2723243ef5d42fbe6888980dce3475c5483ca6c0

SHA256
6fd7d112838682e869c3951a6c008882b33118cd129b4b7c1e6109c6f0f739c6

SHA512
c35e8faa45f13e941faf40667d4d02d492fb1a1fab7cc70f38c8715a89302e512f722dc9b24a92f7dcf55b8f52f2828572c28e5d13f1d4060c9ad0fe1c8539cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
35e7f8c14dc7ca4ae6e00bf1cc7a8ea2

SHA1
5d594140074c4f17966c877cde234a85a019c31f

SHA256
97e26df006a46a83b05ae0ea0d531a25d3084864214d55e32435308f51435c50

SHA512
f32dc170f8c739522ac974a9a6c01ff2af8d58c47750df41a1c6c37ca179dc20133e74a751b6c68dd0f9eb470c0e132693594821709d8cc12afcba55d199d1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd5d507225bab68cb397c19ed6c008b9

SHA1
dd035e2116fb3d9f7141e22420f93d34dc4201e9

SHA256
c8c67bf1513e99b5649a07f2c63f4710b363c4f94c6e472060e1212a82cf1063

SHA512
4bda0fa5785af9ae0ba4b545b250738b9cab58ed81ebb8f601e4d5e8ea91d7b3c8edda58fa36a483b17da73d4ace54a2557b16db85136190fd1c605e97e5e4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f9d04753286a14321d2474ec258183f8

SHA1
58fc9e164a5723921692b1018eae648d785e6380

SHA256
157186c3c8f8a1f6c1dc1840134a23fdd79b0693703e5971396b4c4e46ca221d

SHA512
69c4e76887679d0798dd0f24fc2d6d86110dca0e740a53b5c77ae6e8e48ce83941f8d81bac5f1e2e383ea7107d47259491f7ed23ff9ee4c1db2671f164020e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7401232e0aee9535df71b76b17c4d6c5

SHA1
16c15a28ce8db44e468ff287d40df17e09114f85

SHA256
8907e2b7e7db88e592ae3af88145be8d99db293c16a49d3dc6c350d4361ab319

SHA512
9f6fdedb2cbe512613595eb41761a7ad83403ec42f127fedd8235421f730a7840597f7c8fa44c79dab21a31be7895d88430ef89e36e5b3b252a4d4147bbca8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
db0c17813ebf2ceea8a6e164c2e61bbd

SHA1
52644cd71dde1cde8bd607a0f20fdc129bb58e28

SHA256
fd11af9a7ab7c939aea97c4525154078a0036d5241a3322d6d5ab7e4d33043d0

SHA512
fc389d0f4dcd210cbb7808e3ea0885fa6b25330ad98e56d1c9b336ea3f13284c07a3e85ede86e5d29856fe047f628faaa557948c2e30eff92c969719d7d897e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
48be98cac3c126babe3ba51132d2bf43

SHA1
6bba0cc0cb78146154085a8fee67076ba6106eb1

SHA256
02a84ebbd9dab308bc1b4e019ed44e26fd59a0e3e768d5999b069b0f2aa415e8

SHA512
5ae8f239d2c8ae5c4d15ffa2d74e251859160052c010342216684849cb01aced4884e6e2e271dfc253c0746615d6c080cead7a84f279a0ce7d48f334d869f472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef756dd34b27eedafdba6165fec83e40

SHA1
300697c135b71e3e84a8a5834370c93f94c997fa

SHA256
ca096984838c674a7f8db4d07aebb37568274131a4e8f9f02703161d8eee4205

SHA512
0c804ee8e194d1f0cf72dd1c12570101dfa5953bb25181adc07b508e017ca205c8c0878d78147466104d93618ad56dcb43bd2c1dcb748f9eddd534f2330b74d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ff1c8a6aff94d1695c9f49db1870a95

SHA1
b899c1419db540d0b88a4364221e638b15c793c2

SHA256
269fff30effdaf5eb0387834e76b5533650c5377e13a51f01c36e3af173fb311

SHA512
d4a14c571da480df5bd624b696d50ac5d5bafdeb9b10cb32b4647456fa258eae554dd8db267af4c1e2c62932a6f6ec4f1e82072c48e47e6a4dbe15b2677beafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
42dd49add27642c0bd352e396256d668

SHA1
2d5b6bd1665a3cae2135b05d81134b711d426ecd

SHA256
214e0fc20d54e7115aa21dd24497a09e38af0bf342aba3669857878395a96e61

SHA512
22464ab66c6dfc4b8c7e3cca4088a26d3d091e645680855073b4d8536939e5ebbfa3f4753a84b1406249305720de0b61b944485ea1f988c675570ebe0e32670a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11e26d43e944f0e9ff0f0e2cba3f793b

SHA1
8c6a9e279e14b72a02a61ecafd988621f1459002

SHA256
1f4562c5c7df2b068cdd5cfedc2abc41042c595618f2889426542debbcc7370c

SHA512
00df545ac55b27b4a68659214b298680c113ea970a4f3b105020e68b4698dbd0e302a1706edbb754ea9e4058e798eef9706bcbb8e34a325e37847d6174a15e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7237c3208b117938bc601d6acb33dbb

SHA1
246216b6531bc30ed077b196a48ac6544d1ab4ea

SHA256
9d928420a6bfa66ae981d930a7bea31be3027aeb34f44b58341da32378e8ed2b

SHA512
613b7d51e1f0062a3029db1783d021eacf2502b611417fea4d334e5c84f92680b8b0c7fdaa551e88a4144b0dcd395fd0db39834b55aa524bd0f13eda654e5a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
030334fdc19ecb5182c9968d4c76328c

SHA1
e56d5ce14a6c725f6c690d0c3a39b7d07536f809

SHA256
588744b2ba293738475caa2d122361e63bbc61b24fe17569dd83ee0a515b00e8

SHA512
9f23eb27d5b5f4846da19f5a052fec049da7d31042fbdf90d94286b709ac59e466c5618a2aef659fc67113019e656280b3ac84fe8b809814f311c97223b8282c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d9038d980745e8a6c870834e1470d6e7

SHA1
6b7f338723781c3efaf6f85dc2eb99a21806b18c

SHA256
966f3fa998fc1f40883a172d85aaed2470faedc98eb5585d6c5b49510cec8f45

SHA512
deb853df5b51bab2a1acbd84de168bfe51b03c5a88be3ac2683985f8e6f2421b193b4a4aa1431e2b0a370c79eb0d9d1b4342acfa35b41ccaea34fabc5913d012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ab433164a6aea8a6e731ccdcf88f6a0d

SHA1
13a9cb72ae2261b412015e43d5baef0bdc9fc575

SHA256
38f2bd43b145df2762aa91457aa5407de636dbff00948a5d06b11f06df896fa7

SHA512
48b583b796c496d5aa78696712a8de79601e6bd9d75c0f80937027303aecc966b9dc33e1cee11142e2c4df56af48ee50672019ecc6d1f1779d86cce7afbf978b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5361effab028acc6a33f31d4425d5fc

SHA1
9342ec2197cba2eec5199ce00bc24758bce13f1b

SHA256
c139fc295a76486ccd780946adc32ea7ef3ed9096bbf70f75354fa98fb7024bc

SHA512
e53a7c3cbc3ed848a9b6d157e546435c82f9f852eca7964f594acc43b1c2e455be4f394b0fe2ff665aaeed058e3c12ead029109177f4de44c7cdb45d0707cc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
06391084edd642c18237bb2c2a35ff6f

SHA1
2c271a83feb37100f25c67b3b31d47a42aea785c

SHA256
66105b294bf6bb52896d5d46792aa7576919ceeb79bc2ee4163daeee863fc8c2

SHA512
ae52c77988c42eb341b15467c90441c7a06bb5908ac8eb199d5a237319ab7f30da53886ca0e2d4a345ac5fde1b1d6a9c2855011ac07dfa87325c999fbee9bd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
91810be66d150d4ea781cd74727bb0d6

SHA1
a432d0aab2fa2df25044187f7fe1861572bd6e22

SHA256
287abcc03e6fd22ae996d7c245077b501540027888d5502c27c30a3f95badb49

SHA512
1b92a3ffbb0469fae26c2b18a5a3cb7a009b50cc3d153fcfbea4ead947c610ec147e15395e805ef14a36f9499af4019a62f64022f285ed94bd690a219c134a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
179d27caf823eb7f01db68313fa7aaa3

SHA1
e8f4c89d6fe27af7e4d7a4dfbd7cbc2851e33c79

SHA256
150c890988a5d72b0d301fd9bc40ad3cd9b30b9d94fdd00d749bfff43b15dd28

SHA512
a74697c513509079470449a58c0a9f12cb54d03e9a21cc6c1005fafa849659e77644598848eb3eb56c2ba13040f7e188f377cf4a4a30a6370cec83499cdcf8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
10483fb410253a4a778338f6f99e522f

SHA1
dbdc9dafc83464fb7c67069313f19e23f46786df

SHA256
dd3ef11bdfa41415abe90af5a9e790960e6e4875f2dd6fbcbdad9b33d207dd2a

SHA512
86996b188fbcdd26474061b9f439b97fdc1dca391f7d5d5999d5fd1299ee135adfb3d273759f9a658b8644bc03212bf1097eaaee0207d041714480225d72dc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe616188.TMP

Filesize
706B

MD5
cda775665cbc3617108f5b1f2d0b452d

SHA1
f68f1191bb3c7716c9b0e567c4f65b05565989b8

SHA256
942fba581a217fd82f340470e64e9480d37f47d9c665a45a31680ceba6838aa4

SHA512
84c849f03f1273b6b82cbb180ad8c93da727a662d9ef600c43026daf32a2f440fa937583c2faf4274b3a766812f06b773e25ec0352305166395ac593b174086f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6146346cc38b3dd1ef27db1029a48db6

SHA1
321f25f4fe365cff3951d4bc6c3d86fd125a4a14

SHA256
b08a171f2891a062a46b28816ac15358bc694d90b285bffcca2dbb69f227c16b

SHA512
a626006b766b31faf13a62edb77bc16d0243cadc89191a78425484d24d2f0ecfe6e47b875263b6030b68de4092947d83afc29af0835ef26b5d31ef7ec02dc93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
661cdeffc7480c5e43d5662623c9bd27

SHA1
f12a1d0f99e179232f46b701cf25f3f244dcbef8

SHA256
a30bd828beced4b681db1c586ea05e7944608be276a7abb33f9b256b129e9e00

SHA512
7dda6b97633e5c95beb5a7ecfd9debebe6239e29dc1c6d7ae270680dd216734356dd51ee9984630b6ea49e84f1148bb23aca0488250749133193a8ff659c76a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
51d13fc3c543715e6b927d2041f3a456

SHA1
483366b618937577b1ba2cf1c76134b1e17d8924

SHA256
644b6feeba8fd38bad6b4cff0b69a21f9bed2522966159c11a7166e978df0584

SHA512
46af37de7c06c8b34f6558fa560f9ef7bba0d747d9fa643c169b719ec714953c328b840ece7c15eee93ec285c652e558aac51b33f83844e5930768f6fb3ee7d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main.zip

Filesize
834B

MD5
d546bd02a5fea1825b01d1cca0dbf78e

SHA1
a51231dac890bb1b23612410f666773d481a5dff

SHA256
aa42dadf06eeea697b4a5aef30cd71ba2ec18c776c19f7da4820e84394ec9907

SHA512
cb03192e2c1c706c6e91ce5dff178faf7eb8c0137ab99da4423df172fa04b379599459b4d8fff7ba50b668454e2868ea141975dd6e41c05e454e4b0e044bb35c

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw.2.bat

Filesize
330B

MD5
8e12765b70d3c038a48302793cce8329

SHA1
a90d4b96b3f250ade21627a401eb66763fac0135

SHA256
939cecf539eb89f0d63101e99c5bbdfc4cb6fd2aec13e7799955650ac67e63a2

SHA512
31e62054c930bba125c1ddd96b1ae1504e94f93e131ef6d43f0718de1c7479a022c606753b67fc7692dde20703f4ecc121911621f0a626987202f0337c4e826b

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw.bat

Filesize
296B

MD5
2bef33a50313586b83cf8e1faa129688

SHA1
7863081c9933a44af5d2f1bbba726d5b5be31acb

SHA256
233dc6ad74a21661920117903a86d1b9688634de0c80ac75425baf228acb4478

SHA512
ee5cd1616f344f93cebc12c6324368d29b3dfd833a11af6999754a910ddd0a9b6fd5b7445395dbf8fd3703bf2d8a5ef363924b10a2f4594d8f3dd259e4fb021e

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw___.bat

Filesize
304B

MD5
d76885370e55b8f2520463a847b98bdf

SHA1
305199a1d5394ed827cb802038a38aede5843437

SHA256
5417b43d7ab307436715cd300087137159d43ddba98e24848c6552febd7e0d48

SHA512
36a64e18be55095c17edc8fb873080eb057a7edd869077081590760d8cbe2bbbe5595761b081c90b22b4a413846c249b94ea9390fac82715a3dc7b4b55b43e06

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\dw___.bat

Filesize
8B

MD5
0d7dbd96fe6d0a5f0efb4f55e8561e8f

SHA1
839182cee3df6d5b2c989b4881b37d0a9c42f168

SHA256
996a89fd6bfbaeaa1136b801d32ba387187a89862f7f00b1d5a6777da372f4ac

SHA512
8fb3900ee7dd9d0196fe446426aa89997e4899ddb74f615b522b75100cd9970c73250126e6a1be83099be9bb1e9402149301ccd8e64bb2987a3a92cbe0f6ee6d

Download Submit
C:\Users\Admin\Downloads\dw-about-it-main\dw-about-it-main\temp.~b64

Filesize
14B

MD5
816cae6f87c10747e73011e19198f2c8

SHA1
01d9f01b57367c29fc2f9ede2ec625187773cf2c

SHA256
82c8bdce355c14c90b32f8f4ad6def0cfd0b648e0e89b1657ce9436268c879a8

SHA512
1a56a58c7bfab0f358d079da4135d162417abdadf8a023c55753ab43cd7518136b9b10624f750c8a4b3f94ba41cbd65d348fb4573a441402f653b7e4cc09b537

Download Submit