hxxp://python[.]org

Analysis

max time kernel
2670s
max time network
2644s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/08/2024, 14:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://python.org

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{ACC86DD8-CB02-47F3-AFEA-D3FCE7F6622F}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 27454.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
4928	msedge.exe
4928	msedge.exe
876	identity_helper.exe
876	identity_helper.exe
5352	msedge.exe
5352	msedge.exe
2528	msedge.exe
2528	msedge.exe
1196	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
3908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 5776	4928	msedge.exe	81
PID 4928 wrote to memory of 5776	4928	msedge.exe	81
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 2796	4928	msedge.exe	83
PID 4928 wrote to memory of 704	4928	msedge.exe	84
PID 4928 wrote to memory of 704	4928	msedge.exe	84
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85
PID 4928 wrote to memory of 4788	4928	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://python.org
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1780,7586148389332596272,15891977493806710990,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ea26cf0-f8d7-4d71-ab17-f048653f3373.tmp

Filesize
3KB

MD5
838041a502a1983a3f81f7a2c7d7e5d2

SHA1
5dc2a9c60baf2ff843c28485d85a0389c1b77e5c

SHA256
34cbc30fd90632e047cc5d83bd0322869f8ec5d91bf5e01887bea2bfaab91216

SHA512
268322b64ada7c2ab8306eeedbb7585b90d3e64bf5cf1f1c4ee18b1ad875b8c99fa183bbeb3403550d68da9dc1ef2b5727bdd9e386b3cc7cb40a8efd45585c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
43KB

MD5
c41e96c9d0eeb9f3347ff2c3b1d756d5

SHA1
302bda0e268ed6fd83389452b21d9373233ebf04

SHA256
9b8f0a2ce840f9956e9d5476703503a25d9fb53f161785d45f085454e1e00293

SHA512
744822ea944af6367c713b17d88c8d16be5eaca02179a41a2d92569008ea31d31f9986bcaf7d276a100bb86d922ee9db685826a221db7075c22a56021fd1dea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
3f06d90f781a40e2014b2b3a97c48b41

SHA1
660682729eda776fef2b49c1e4be9860a032bed2

SHA256
c051c48247b58ba107b7ded31e6a3913c8e0c890e547047080132f4ad81545e2

SHA512
ebaca5aa11d984601460b0def00e974411397a00efa251b221145eab261a8180c8e35347693e1ec3a1528b8dc206259593f21fc1618fa79840f588286c7e6224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
1024KB

MD5
88fe36a4c8c354a96440e81a2bbede25

SHA1
5786fcee00190bc94af81e688fa5835001bbdc5d

SHA256
b97a510c26542a01986199a3ba2f96302560ddb831bff54b031c0c340da0351e

SHA512
5eff6ec3cbdcaef5b62bba31e62b3987755c4e5c9ff15acfa0a77b7ad919a5f075c468a9aa25175145ee28545825f5f9cd958910f07eaa9a2d4f765ce3cfa5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
37KB

MD5
7f046f97722888264688eed9b73fea65

SHA1
d3fde8c820ef3f5499788f5d1d7aedb40ed74042

SHA256
05d7d3cf94a0213d747c5f3cc06354954c9b9a37ce579a5720570126a15e3418

SHA512
6ca1101e70f3262efb24e211f223e18a866f9ea6ea828487db9b493b076882abf4572ceafc304e38b72a3db1fbc9bede9ba9af38aba93443ebffcd6bd3f024f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
32KB

MD5
617384ba88ea7fd6de0a9d4820adcf63

SHA1
bc6aa462d355fa3aec22cbd1913e96b595631ef2

SHA256
e14e1bd226e89eec255571fd49ebb33dbdfbffbcf375c06eac6972b8a082a09d

SHA512
c98a7a32567f8e58361f9bdc23a2e5eccb6b766b0323a436c1f5dd1a50b5842f9239bfb6826b62ce6d73a81a04f69e9d88dbae6469b94ef2a48003d76bddad1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5a7562b98d794c85688defadce7811e8

SHA1
8dc6e659e479ead04abff52912dcab1b3daddb05

SHA256
a1dd5ac273e6507b149c4ae0d27f9aee045b5b4601752a4b269bc967bd21ba08

SHA512
89db47c36b5d544a1173aa6061325643b81381d5946767fb404db9e15a6cb3a63776430e69dbd5943676eb2f0605c0d40002776557ef9fe2cf57c09bf2d8f520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f671453aa2f7ba27d290cea866fceff5

SHA1
cbd91fbd0fe3361ba47955c9e69bb803daa70d3d

SHA256
5b2e8325af2bd2873e77b12608e32efaed47f5f88ca3525d7c769accc1771f8c

SHA512
0a6078d6e907e781fcf3a246c325c58cca2e6cfeeacfd78bfbe1ef5ca1c273ac46d48f628906a752dfa13f73cf85aa37a241655cd047348fd9a8e8717fd60e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a8fbd0482c69aede808bfa3c8b3b7f36

SHA1
24ebc6ba9091057380db9111b0ea026571e50686

SHA256
4208f5d01d43f0cb12586db3fa8ec9e9d5c1e0a0d0c2e44a297ffa25d5996254

SHA512
2bb67011e6b0bf196b6be730d27dbda6cda7d0d9fb7eca31ad33ab1940e7d1ecb94d33cfafe921f31116a9ed01b5524c166baf397ff500089436f729a66d2936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6e726abf59c1e9f728a5d0e71147082e

SHA1
7f3af19401511942a64c2bc5642fd369c455bfae

SHA256
7e290b0492b5aa2497c078176c693fd99fa7e012cd333c67bb8d2e409cbf31a9

SHA512
4dfccbf2729ff4d7342252e3775d4555b6bc776566432266a4094d70b1aa6429ade0a1d60de6c19a1f47581d3cafd6a4542d4fa765c4640d5559c14672c90af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9b1cc2204ad2c15d051fc841ee7692f6

SHA1
334b507f9f41ab2217c6bba43b2f934f148d4b9c

SHA256
f0dd86c6808804abd9d71e9851e822b3a34688352fe34c2723d49be1291fe60c

SHA512
501bbd32d606807c003c6b7c9fc1463904ab8c260597dfbb78905c00592cb3455e00a10d15c6f8115c934b709e48cd730f7c395daad0bd4857f4c283b62ff95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ab9a100f5b91f76cb18f0b16687174e

SHA1
01a930f6ef8869c15b0fc1f5d9544d4d89019943

SHA256
3a5f67dad81756c37fbdd0a76a3a1a3fbfe4e6dc3e5c5588f27700acfca18312

SHA512
738434c24fad8bcb5260381f13f76e748883f1e8189c984966f28e756b2cb31d62de761f447cf1dee0e11cbc013bad278e92390212a106d1abc3b5d3c4136cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44ff643a8086c408f4895ee1f79335fb

SHA1
37606a43b3b8cca06cf0fc566f3592e64e0f5e8a

SHA256
fb348d37932c3901e95ee53e76666e922d39f15221f60502289d1e3b509ddb03

SHA512
7c19ad47423ccaf35efda4e5559517c0294326227a3803a1c9257092d97572309d9b2b26e9a8f200164b83e499fa05823a19b6243cb10f24cc09f29c98c679dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d2305d23241c0cb4395fbdf566df499

SHA1
581109f8a5cd83bc67f05854975ee4d72057e0ab

SHA256
5b144146df0d146b2e2168a23c7a8b778664d216509e18318545d04d7ed8005d

SHA512
3ae9e8a8dc9d5b3c848b4bfc52ab806711b3723068c4db218498194e180385972dcf8ec803161bcf239e63bc53334dbfb3f7bcab39ddc6bf5b25a39006e1f85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26d737e3c5302a0c89d81bdba425615b

SHA1
1aa515297ff75e6aec83065e412bad69c6576b3b

SHA256
eecfc8583be7ee67a57f2ff937f6fa9e0776601a1b279b60eba1b938223fec72

SHA512
d74fb337a17b2f3a10649f007c782289b70e73387ea071b8d07158a8b21ed3da262899305b8ea0eca84560f0765f6ba97833d5ec996243c330208b4c8b87526f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cf33b66a3a6ccd441e3a5b02555e879

SHA1
d7d91cdbdbcef2d9449c76814c4626d4079a1265

SHA256
bef99b6fddfca843abbc638125a174d04bd3e5f69af4ecf464959a56813335aa

SHA512
04ede7b69f39010bba06da784591b42a7f2f06ef5b97ee9dac3f54c1678c6d1bb12d3f5557bea11d83b9cad07d01eaf9485dfe14168d36964572177cf13b3dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3885d9bec0bca07313af4ec2676741a1

SHA1
9a7c68b4899f320aa798bbb3a6ee9c0422c389ff

SHA256
d363b04e4e8c8a2a1f1fc77c0c765a5c1149b7a0b79e064cbbb6a239292e1d8c

SHA512
75bd3f1e6770256b213270b50610af1cd90d8736b0f9d72b4212b827fe6ba1e32fd2cd0ea410c6ea791d0c8811711dfa807e59a2f24477b82b0a3ed8d7f6cc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a6a1adbdafe8ae498f438284933a9bc

SHA1
2493dd03667e61a8895a09a51bed77ea7f84d27d

SHA256
634d1cb32c451773952ef56b37bcee919441b7370f589958d12591e2d0999d0c

SHA512
cab7fcc3f0ee55ba32fd12a264976364c9a7cb68cbd3489c65956edac0ad032a39b780ea380d6d12341019acf5e8bfad0676528853f4634b322d15c98b341697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec02126a928d494c2f57ebb9c1ba8040

SHA1
a3ce8e67e9cc9e0be97cb68a294b56e3c11b495b

SHA256
00a1a3f51c082e3b8ed621afcc62ceea2d1e0b9fa27e5e58e70d1f10f35bb587

SHA512
4d192925e4babc9162a9f9c4cc69070242da89886974aede734f345a64b904e48f2f7fc09d0ee400743cb35b22b5b4430e088e14d0cbe930759944687603e83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
232fad90d13838e2a3dedde2ac8b4dc6

SHA1
4de03cac3c83522fed71da5c7eeac72ba4fbcdfe

SHA256
cbcda4e505a86e428e6167f1f7ed640a937258dd88cfbf74be5def6fee4dfc0f

SHA512
7504a5c3c915c83a6d402b9309b99708751cbb275234d92dc8723f438380af22f42411b946ec0254e620c9ef2ad2e64e0acbbd5bf1fdf255a903a8bc1fcc8855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ad01046478d4b96873cd0ef40ff64af

SHA1
b51462dac1537795e01bf21f83fd7249481fa452

SHA256
92eee83fef400dd96a35ff7138a406e10e919816212e4b24bbaa5eb38e5fdf20

SHA512
692140435c247948d79a8a3ab691dcf4e3c95ec3b078e18a9eb991a757eb3f729714c97d880463f7711674d38c6b844482f49f3142cc7dfc5efbee1c1745892b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7da93b1b3a08ee46783bb9d012590ba1

SHA1
99eb26b77cd81c689ce9cfa6e5b470a4003d960a

SHA256
2064f85e205019f5aad9b89917bb1653cbe848de3bc553045b8716563a22d752

SHA512
ee6bc00a2dc6140da3f0f5d320fcc4bf9592ddfc4de4b72fe43ca9371ed365403c2a2730398bad425caadb022aec3c6c47db0f54e363c9a1119ce5696ea7be3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e2ea60b7b0c00609988b89e9f1ef2898

SHA1
1dc1aedea92a037522207e83410d03279f2f2918

SHA256
c51a2f1b28a72ed3449e89c9ee751dd964eee182ca01097a5648f67cadc06d6f

SHA512
f3e3e18b8f4519c80ba0f6e5e83168241eb9afc53fca6dc6108ea293bc25e43bb06c84bd5ae19070b9da9b9585995c7714210bc5665d41952b4ce5d3d05c3078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dedd71803a531f4462721d480b21b1a8

SHA1
f329092e285edf63aff543ebf5696a5085e77450

SHA256
26c130fda8a6bd135045775660b32a37abeb9fdae548dab04973d804695b9fc7

SHA512
708480d3134e9b4b5751bd2c1cfb3897f631603a8f50459a8cb97b745260f4ff0b3f2736a38212c60c260425465c58b2e1582dd4c680729156384d0d67e8a27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9546efb86c36f07bb025eea51f0a8ff6

SHA1
cfecbec8be8427c55374d1364ae2ef4472b7034f

SHA256
2497d287c1c150b49c5c272a8db7e950c352b6c4d7e18d245cbdd7cd871856e9

SHA512
d55377c601240e8105e8df396cff70062b933e69c4731a147b485b4480d8fac3ec5f57bb498b716c052e00db04e7b3e04215218d203a71f6c9ad0783fba21db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13a5cd7677a05a92a91da81f1a565469

SHA1
54aad77ad1b1191fb1ce6a32d9d1d1cefc6b35c2

SHA256
fe45e1d386e0dbfaa94f566e511e393a3ddda834b8b0a34e4f616b8acc2b2a44

SHA512
782ec917b3abe525c396314667be9c2a23686278dfdf7e0a536228fd7062198ada9fedbb075bce8d28f4bd31a534e81616b03320957b7770a19ed1ee621adb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1e6cc9158b7c99b161c51d61d9d690c6

SHA1
b7fa6a14056f52f42f7a365184991543e809660d

SHA256
d52df6b0b0e7cbc269620320dfa311f68ae1b0b5a9a1a15c2b2dd8467a4ff37f

SHA512
6c42a900e8c6be62194e962791dc0a94be3ebdf215a92812534c72a37cc0526b95b84cdf56413dae26d4500cf39aca955b5e7024d47872726a354e8d45ae67c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5a856e84208c2e763aa8a1d265f3f105

SHA1
947aef2f590ee6553e2832d563a5a82cbf93cf18

SHA256
afe8e643edccf0f1457216d1aa1027defc6645647c1fdb479a564f0249b7aa74

SHA512
e34c44b54d8d7b5013d23e699b7d1b10ecd6d313a25e95e6503b924de126afda94bc8eee8ace9c719a75a6d0de9fbe715d5e9243316f2d6f80b5bb879a7cc37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585464.TMP

Filesize
1KB

MD5
b79c1dbff32c9e77752f4faa6b372d23

SHA1
94862460411baa242c2a3e33968f93e1dc762cb7

SHA256
0f55eadf872c3c13220097244de4f4e113e91027ff3f01b47a6edee18d34c4f1

SHA512
b1133e29cd1e7d18c67cea95d9cc317d55fcf94b7e2392d6dc5796f5a3f56e386061a3386345b8424b8db358cabff0acc17bee88e059ed15352c3796db90456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae6b043a27b0fbf669ef3db30e3544b1

SHA1
e12dd4160a52c179d10724c2b50f3a9ce0354de5

SHA256
d95177f4e26f8cde1ca9ae831a789e88566351a6aadcdcf7acf2b1fdcd80075e

SHA512
cc36d5a840106a335910d19c2070bee251438e2c3c1b67b61944b322e5680c52e2a3da4bfedc983ad0518b1e43301ce06f8c755d1ec2f2375dba9134821f588d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9d1e97fde8abca7f50a335478212648

SHA1
08725d4c06f9fa2fb8c352b25570ded883817502

SHA256
5ce289531b34937a76fef6256e8dc7fa0de000285e508ba280caf826e0ceb239

SHA512
3fb25d82bef5583792fd28ce390daa0d59edf7acba520b912375ce87e236b3785e23b0566f91fc193575f59bd10ecead51ff304107a37c96dafceabc151fec99

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 27454.crdownload

Filesize
25.3MB

MD5
bbcb2fcf9d739f776fb6414afc12c80d

SHA1
2d78877db5a8da134ab54ed952b961a7e750ec7d

SHA256
44810512af577ca70b3269b8570b10825ec2ace2b86e4297e767a0f4c0ee8bfd

SHA512
0572c6345f6a4f7f3e5c2ff858e3ca7ca54ae4478f3d59d8e18cb0f596e61dcf12aef579db229e83d63b30f15d6684ee6bb3feaea9413e5e636a503933057678

Download Submit