hxxps://www[.]mediafire[.]com/file/nufg62s4rw9v80u/accounts+(3)[.]json/file

Analysis

max time kernel
1706s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/nufg62s4rw9v80u/accounts+(3).json/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 25 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\瑭敲e憬ⷙ윀踀Segoe UI	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\潬灯s	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\憮⷟였耀D3D10Ref	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\憮⷟였耀D3D10Ref\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\욭ꕰ좭	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\憨ⷝ씀耀뻀㲯ǝ\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\뻀㲯ǝ	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\뻀㲯ǝ\ = "json_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.json	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\욭ꕰ좭\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\瑭敲e憬ⷙ윀踀Segoe UI\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\憨ⷝ씀耀뻀㲯ǝ	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.json\ = "json_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\潬灯s\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4964	msedge.exe
4964	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
180	msedge.exe
180	msedge.exe
1996	msedge.exe
1996	msedge.exe
1856	msedge.exe
1856	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
264	OpenWith.exe
3976	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
264	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe
3976	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 3416	4964	msedge.exe	84
PID 4964 wrote to memory of 3416	4964	msedge.exe	84
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 3540	4964	msedge.exe	85
PID 4964 wrote to memory of 4936	4964	msedge.exe	86
PID 4964 wrote to memory of 4936	4964	msedge.exe	86
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87
PID 4964 wrote to memory of 3988	4964	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/nufg62s4rw9v80u/accounts+(3).json/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9346f8,0x7ff9cc934708,0x7ff9cc934718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7396 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1256 /prefetch:8
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7784 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6023238641359974050,12037780313218677894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3976

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\accounts (3).json
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
7c917d32de8261242042c6556a2e60e1

SHA1
4b68edc08b3d11515e1d34bf5010f8515f5b9609

SHA256
b3acce9c72c397abc8fcaa7841f3879e7c26c839f2b408469942a68b15d7272d

SHA512
d577357a14534e375ffd921c76452bc7b9d0ea1238c0f1668d05d4df00d4146d90546443b455c16bf04a3dc2b4edb8b246682a3767e91020a8977065ca2edd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56492f8b20d64fb7_0

Filesize
141KB

MD5
459aacbbddc5484a2681e2c618f537cd

SHA1
1b4ff05d3a8c9f15b0969d13f54f6a853c3788e3

SHA256
347c4f81e4337b98f115457f3bcac78fae311cad3fa62ea8b1efd701a4be251c

SHA512
00a42ae4056911df36c78917d9c2fc85f40c7c69cf3b06258cde664cce942e1aecb85bd35907a3ce328b6a5bcf42af3778f6379bf919fc324779a8f0cf88deac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
5e820b20b12cc892eab2a7cc5e1880a0

SHA1
b9b621d6acd1978b272b07b60bc8b03b6df96593

SHA256
883975dcf23dbe5e701ef7b7bf306df63506e28cd1e0f9e76ec38404005f4922

SHA512
f88362345648e4b12260c34e23ee6d6f3256d7b6d5cf88bf1b482aa09d0cc716e71be9fc350a53859315dc68420359bbe98b948054611d7ca0f76d3cb4724272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
23KB

MD5
eec3bd2e9ea1b06841450c229712e3be

SHA1
0d33f864680d07dcfcffa7e48a85d8ded22be48c

SHA256
861a6c1f2db137dd550afabde59a0283ef0764c9c2c69506b81a509cb3f22c3d

SHA512
e66b6efe931f31ca5c69da8d64569a75c6e45f90012f1ca2048b757cef84bd5ef10b1df9c7ac3487a95ad2571dbb9f599e1be1985197629d2896670e346caaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
54KB

MD5
21688c498dcb669946d7ea1f06f22d6d

SHA1
95192ad42414dd04708d0aad23f97d55657f4f5d

SHA256
3efa5479d54063549ec9667fedf3b282eec36baa41fe027d232b71ea6e7f2fb2

SHA512
9239317e382478f1ecd1fb55d4f2fbb864dc72c85d5de3d0164dff43043393cdc9f911705437d694bbc5e7358aeaa8bb936e03eacbc601dcf027a998dfcab911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
b7cd9e71f090406a43a4c62a4ae29a40

SHA1
7d49edcb55b6a6629c17e7d52a7b7041ca1120f5

SHA256
73c1f98ee343a235579081a6577944b92f9999704902835190068ba1d8604101

SHA512
2ed0620c6eb302d7ddffaad0179d4d9d787377c4ece93881b64c7d64031357eeacb3ba3de94942a3d89264d0e1e8e6ddebaa5457d249f8d788409f49e2fde5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf7900052b00a5e8_0

Filesize
330KB

MD5
4d4bdaaa72590849fe9afb850ee7805e

SHA1
a1821d233fccf4843b238c20441c230f274590c2

SHA256
7eb53c48166f3b12c7410dc3ffcc061a563b97c71d076da491fd7d519ae50330

SHA512
b040bd4a0f5bcaf2515557e89a9e56da4706a4f31b2aacf0f822cedf6ecfc814a3e4d051de6fd880056d6db197bf5d782bf3c29bb753bf665fb597c95e1620df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
10KB

MD5
89b62b4e0ec430c0ec4354adb221e1eb

SHA1
9737b4e1e34b7176361272c4c60658b5929ac02b

SHA256
81231db39ae4b78b25721e61d9e4b7085665d190aa01257667ae116b8aab23ff

SHA512
28912379d843e7bf8769d511f31889ba13cd9a2c191fead6a25b4ccde0f9809bbb9a6a6588d31fc2a41d5bc1b423944a5392978601c202497c10248672955c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
383c6ee2131c0c5b5db71f8c3b8eb558

SHA1
b92ed70a3afd3befc27f0cce37c6d14f82071576

SHA256
1803d373daae412086491d86dd5d668f534411b175b5d391955cfbcea6c99864

SHA512
a2af2f48ddd8c8b7377a9da79cb05cd32910cc10a1019245dacf1241234c4348b8fe88513e11f987c2703f6f36c6d5bcd1ebb834ff7817a52b2c4cabe35cc32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9f1fe43f5b11a687758f7fc9e06d674a

SHA1
c85bc2973c7648a6e7f153b9a02fadf59eea3522

SHA256
839aaad05b5aabaa1c6d343b93004b899ff9927b74c98bfd1fe8af513b379a8c

SHA512
a3d38bcf353f1a61d36870ca6cb22df0430f67ea7bc3a4987ccfe88acfa0fffdcbc22be9836c93b897d77020efeb123bacc732e16e090dd69e90654c37d77ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1871483de80c7ec9a0ebe975a0b35625

SHA1
e333fa70166f2be787c1dedabece5b054d8c11df

SHA256
1cf63df621ba53c7e30f757426cdb6ec27df2ac9babb7b849d5262320f472f38

SHA512
b029481432822da31f9a2d59cff860099e4e81d73a8257026d44f1f02d09c03c306d68480297d5f49daff5fccff9b66877fd3d26f38a116532ada2f13e3cded4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5da03b24ca53ba8c4510fd9969af59c4

SHA1
7dd313b8366b724cef0f22d5e6a6afe27033aafc

SHA256
38dc7469a9161461783fbf058c85204e38bc0a63b568c4e78afddeaef1c69158

SHA512
d17bce57fe1b5682c140d2de801c3a468aa8c04aaebc86acbd2aa7543c67c381107da84d98509d54ed206a8c5bf9ec2832c10de1bcd031ff60f50deec23d2dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee8d70059fe89bb117ab48f0aa6b03d9

SHA1
65d7f12a7e0963a361c9b7b22f514d492f02ce38

SHA256
f91ab12b0da4dce58058097f612ec211002aa9238181d6068c70b77130085b90

SHA512
cdb8909caf4103f82ce93c9a931a736489e98d172a235759b8fd2a865f0efad2f32ba3e2b23aa68ebbda88581ad0ef919195e93b1b4483961af88517585028ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e87c3f67b62ac0eaed0fcec1cd1b83f4

SHA1
e53f7b774e2c0d47601d178e6086a89c45f708d7

SHA256
37bd3a9b6e717255cddaa12970b4e4210ead4ac6149d43c6d38494fd26ffd146

SHA512
4369751bb2285036449a4d5bb4bd639d2d919030135eac85708c7ed16e92edc6e6eadb2fc4ec8097667beb29c52191f8dcac259812d1752f5531c6d6654d4860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d790ecd5063bfdd38e4d3bab66d457c7

SHA1
dba5b130bb411d0767f1571824b5d369961a574a

SHA256
28ea3fe2fd09ba0254a3e87df326c3ed7de8c398a35c5a541d27187c34a4010f

SHA512
69441799a2773e0e1038b0686ce28ac3c8189f54e0fafb28f1829cf0b4886b897ea078acd7f2759a2c65bca49ad295604f3ca07018436d55f92db3803cea8be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e43eb8490dce237448536cad85bd4abc

SHA1
52aaad05a65d4515b35c971d08afb7b487d7ff3b

SHA256
a3df0dd85e82e8eccee95111db2eb00b80deddac3a7bf0184dcda577f9caa0b3

SHA512
ff6fcae1aeee6210c1f16d2b2c68de71b88172794fc636cbccafc45308c9b83457736c524a35e4936671c20657d1ad2ae23ce6acf15938de4bd98191e94638ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c2552df37c24c23cc36f48eaeca21f44

SHA1
c35af54987e86ce85234ee14565c0fba88d5d285

SHA256
9aefb2b4bf857e03e493c4ddc84c6c1f02ab1c33f22ed4b59f23c6728c4aefd6

SHA512
03ad83f48bf5ac89cdb7e511309c687b179e3651ca8787407afe2fc833c34661b470385c3a106578ebf07e928cde53f7625b87700499e618c3cfb18313dbb0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5edc8c8e3eca549921b33881eda9433

SHA1
8b1db6c722a2377d5a70d8f71eef511bc9b45ece

SHA256
9801a339d82adf1d871ae0a6513aa70669af22baf0c6bd9f13e636675dd27b76

SHA512
bdeecd29f188feafa5eb210133515c5eb779d5f03e3a3e5a2ffbeac13d309cadb5e44f3bea8d6c097544d0f44c07657b17751d53e368da20c0413477768f4474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
26fd2b8bc0ffb512c0ae043adf3faa6d

SHA1
4f67f9fc8890f452fcffd297f04d145a33171a60

SHA256
af6e60380d7685e441aa4a67eec3c4120fed27a489a281ffd9fc455ceff0c6bd

SHA512
6b480735db053c2aa3b1d2f16151ec37d5e79c652823b36cdb3f9b8cd773a199d24aa24d26a5a44af8bc946b9105945c92b2a61d42b8d71a028ff64e0faac6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
c0b893f10156e3a2549f00e81bf1d75f

SHA1
bc901cd988fc35d8fc559120844352a14843c201

SHA256
5e489a303331ab72873acb91d7ecc138e7eb2f29f55ff331f98d836bc8d539b2

SHA512
b5a9da5526d60d246b1ade24f72a302a4ec183f21633bae4b9d63b16c6c218c70cc9fa48edf98514e359e4b2bb84663070a79968345f3ca8019f61abcf2901c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91f7125a2c6bca912ee473f435c45722

SHA1
bf92c3dc177cfe7ac4f6b97a831a2bdb61717e75

SHA256
04844079d1291cd7e064240731b8eb9caa0b6a9553e7624a3ad8dd136b98fdbb

SHA512
c3691f0fcb8201ce6c1f36a34a683cc3e5ae4a622abec4fa44b98bfc20b008acf8d3d2b67252d500fc1f63c81876b2efdcf334ae9ac9c64c81e6a4cfa2b7dbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2f4d5a74db57a1afcf4041f4ad08b81b

SHA1
b9127916888d3d8613f0fb7b540e15a201f7e7d2

SHA256
0fc9de700c3f48c2d35394ff4e40590b6cb46bc4840d7ec054fdd148114607ae

SHA512
b4d650d1ebbac41a7c1de171e88c0f0bab4465b0a9a297c91bb1348e57f10ae03b46762ac59d990dac9c84b9df67bb26e392544f9d9214a5f7888e7e4323de6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b4931d0e8e3ae2d2d57f485145db275c

SHA1
6625f58335b304b15af06149b10b97670060460b

SHA256
562b9c2a4c0f9cc134aa1a5894e1a6d10666efdc5cf337d702247b070a2b1b84

SHA512
dac372ba151f198c92199fb087ecf4a20b63a458d17711c0d419a57a22f730476d470e55aa850d3e39e9ee4c957ecf7a5d079e309e21e44645eeade377549592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4b0b5dad3a45bcf3c617494c22c22486

SHA1
f9216b50f96c82cb01b05b1267179a8983acdf1b

SHA256
438ce648a69bc94d460b9449419a7b87351a6a869dba55c9eddd4af93bda9476

SHA512
0f5cdc1b0aa86066d6be3610b506f87275d504a33b877e03df6fc05f39b33696461b8b3751469d37ec7ee134f2c2751d9f2a1ba8e12d2a9ef2efedc35abb1068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4be08d1680f54215c99e38b0ae093f85

SHA1
722ff539345308885822750a0d255e366643a80e

SHA256
2b21009c4ed61d85ded82d72b39bae8feaa069d0770bfe66d8a837b9021a7038

SHA512
d77826e22a78d978ff0abacea396d1a0567c0d6850f094ab3d4c9d15e8f27ec6bf0396604aacf2e9024e237b4050fd96d5aa6472ee86b8c7454f4840822ac115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
91a355c4db470758686c3365f2ceef0a

SHA1
08d54471ab630474344b5bccf4fd513069c6e80e

SHA256
061552cd8bb6905fd57ded7854b240a4573780346dbcb6aa90b40a3fc1952887

SHA512
8e029de7ef92b804ceff4d00a1c645831183d678b5373ccc5c367de2e52bb1240e52c8208c35d70afb9a4ccb8ae7d6efd0aab3d3e0d792f6fc346b9b14dac21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ee87a4d89e462f39c06981c6176181a8

SHA1
46e717a5a268bbf460e016f8bab53568951e9948

SHA256
d75a11b4b066de55b2cff0d7650aad28e3d6613824838cfbff751e59cbc008cb

SHA512
8d6d4fc4df7d00a6c8d508d594c06e8d5d6dfe6e967665a3582b326d114dd6b9a257cd6d457fe8e8f42321fe96a3bbfa7b8bcf79972c3a186de155b98eb4ac8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b2d3c18d2db8e10f0ce66e7134167146

SHA1
9c3f94c3b726e6f94792561f256d9ee6a8b72969

SHA256
58e60696724c749958e3ec22db2c4d9c3e6600f3039a9376f45fcbc3331e2bb4

SHA512
37fa389f1d531aa35ac4b782df299c228d3e9d43d912a106f80ee51aa096fb07f5555796e4a13214ed7b707175ad9686dae2c3109bb939cb7fc3f48b62540c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58397a.TMP

Filesize
2KB

MD5
367cc859e787e20e89effb4bbde0fe27

SHA1
63dc2f0744cc1d87c71d70c95b3b8fe6983bab77

SHA256
dd031e3040d8d4f6b631458db48b648272eaaa9e2007c510263ba2e088835774

SHA512
613b6d3a83bf21e119b415a246681955b4f76c3e6ff44c3803e7deadbb201678b450749b46823701f2c4be61688d838225a9e54d41a6fb815c85c1d56919491e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3bd7c1e1d98a3a321d11527cd4714052

SHA1
f7a8de26b7a9b79a0cc0b450d898c2039388ea0a

SHA256
9df388665c37742faeff95500550f21108e0b203b180a879aa46c03b6652e394

SHA512
dca0e737471305fdfebafd8259b08238f7cc40acd36f745d10e0ea94cb5a8d5778397384ddd85a40be75184f0b4009f8b720dd31cf0fc75d440768f101461c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
74e0d8c8b3e7a2c83eab110fdb2c7b82

SHA1
8ae3f3eb21c96a582c6c9cc591756666f2a5d6a0

SHA256
29b15c2425500fb24bdeedeff4855c004b2da5031b553a239e7056bb728fa605

SHA512
2cc21f03252f73000b9930e8f911f44b44305baaa47abf2852807749e3d9d21b3a43d214c4eb6087a086abfd1b2607eff9f39c9ccf87c9b9533df29c9ea48b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
654bdf07e10f8f45926575fb6ee0350c

SHA1
f9b9f1bac5e2c83119dbae14de3ec8999831c8b0

SHA256
19b4d4f0507368d02833d5973d5a973b1af3082f6bec05f903ccde8321759faa

SHA512
ad843b1bc038e0657043b8f103faa75b354273980d4df5698d626177a4c38e8bcbb5a226caecbaf17348edb652346fdf8bc062d3d3edb884dfec3466b44d42e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
022dfaabb2286fa04cbf05e1052363a2

SHA1
491bc22898c10dfa0a1c61b53d4a8df8a489ab10

SHA256
bea743a10a115dd52bc5550ce84899f4ce41120b9bd6387e33c8971cb915f920

SHA512
db3c97ee748e33486048b207c5874217a612c3f6cfd47931eab748880084a581e264cd2d0f396ef19414ecd57d1fb01cef23aee3eb59864cf581263ed8f9e78e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 16289.crdownload

Filesize
17KB

MD5
afd36565b68c41bc3929478875fd8814

SHA1
13fe056814d3e49a8ff9d48f54ae9888ee82d0eb

SHA256
d7042e7524ce9b9f8979a02d5d6a14543d4d9d9073e5f6da31aa9cb1148d7de7

SHA512
3db8dac85b374d0968503440b04250dbaab5d7eda663e61a2210fb7dc29f4c883dc6d9fdca2873564194575a9a0c5ab457359a546705b17d85f7fe35ec927de3

Download Submit