hxxps://github[.]com/

Analysis

max time kernel
2663s
max time network
2701s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5352	Virus Maker.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
67	raw.githubusercontent.com
68	raw.githubusercontent.com
137	discord.com
140	discord.com
282	raw.githubusercontent.com
283	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Virus Maker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	Virus Maker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 405422.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 613404.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
5080	msedge.exe
5080	msedge.exe
4564	identity_helper.exe
4564	identity_helper.exe
464	msedge.exe
464	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1812	msedge.exe
1812	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5352	Virus Maker.exe
2932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeTcbPrivilege	560	svchost.exe
Token: SeRestorePrivilege	560	svchost.exe
Token: 33	3852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3852	AUDIODG.EXE
Token: 33	1612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1612	AUDIODG.EXE
Token: 33	996	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	996	AUDIODG.EXE
Token: 33	400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	400	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
5352	Virus Maker.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 4020	5080	msedge.exe	85
PID 5080 wrote to memory of 4020	5080	msedge.exe	85
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 3124	5080	msedge.exe	87
PID 5080 wrote to memory of 2808	5080	msedge.exe	88
PID 5080 wrote to memory of 2808	5080	msedge.exe	88
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89
PID 5080 wrote to memory of 2236	5080	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe13ad46f8,0x7ffe13ad4708,0x7ffe13ad4718
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3888 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Users\Admin\Downloads\Virus Maker.exe
  "C:\Users\Admin\Downloads\Virus Maker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5352
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\24iwik4r\24iwik4r.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5312
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC4AF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC67953B9207B47BEA6F7B91EE7E3B22C.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=paint_preview.mojom.PaintPreviewCompositorCollection --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1064 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,2930656521109098340,6438561120209368651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:560
- C:\Windows\system32\dashost.exe
  dashost.exe {b35f8951-92fb-453a-bf07dce5756bcb63}
  2⤵
  PID:4524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3852

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:5304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:996

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22d02fe2-e40a-48f8-bb0b-b08a411bcd12.tmp

Filesize
1KB

MD5
ecfef662e3c5f19325568110b3d390b2

SHA1
1cffc38365e07faa2c339b6bef69df41aca17fdd

SHA256
8af843069cb9ebe537e8e57e93558bcf2ada7e40358af2895463eb22e5037cb0

SHA512
37c17dc9312270ccb29df845f996a5aae0b7cf6434345dd2f85f66096b23d7568cd31430a10606acef8f48f48393b8a340a3c58726a81b38f2e6f12231648d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\315c6643-db6e-41b2-84a5-cd4991b93ece.tmp

Filesize
2KB

MD5
3655a636a76ea101ebf40f01f7afa760

SHA1
d68cd16532735a3297c96809ced35f52d5ed83d3

SHA256
ca529b9eb08f4f657c31b446eaddd311fd460e5a258e6c7b37c469baa2692dde

SHA512
c792d1ba34eb2d54daaed394ccaabff7b8562bfdc6087938e1fd458cfba3fc13ac1b83a22d10a3a4e7b5f77da568a9716d2adb5d75a5a1dae765041927452a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
7715176f600ed5d40eaa0ca90f7c5cd7

SHA1
00fdb1d5b1421ea03d2d33542a4eaf7ac543d3d0

SHA256
154632629a0698587e95c608e6ed5f232e2ba1a33d7c07fea862a25293a9926e

SHA512
799cfee1969b6137813c98b83b90052c04527b273156f577841b64828c07c4e6a3913a6ddd49ae5021ed54a367ddbc5ab2193226960b0ffe9a618c663c8d8a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
48f925eefce06701a10bb34743596ef6

SHA1
3271af5587fb44878f2355cb99cc2a5a915706fd

SHA256
85712a77e89fff00123155170da85c01b812e5b68de05a05f59c71fcba597a17

SHA512
76993db32748cf3f3295318b153ab6fd85d18a624f5b75d85d2e8c7b39f5d19003cb10c659173dee6a87aec02ce30f3f3219ca9bfae0996e37db64fd6b446d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\115807c81f46d2fa_0

Filesize
4KB

MD5
c9cb1bc4d2b6a0643c553711ba171f55

SHA1
da2c026f393632c94f58be83f05b38c011fb7c73

SHA256
fd396f1033666c3ee8c2efeff894646ce1f4c6618b4eb65e437b87f3ade50313

SHA512
ca604f988f9ec2e6600963c5b6b56e058772b16764c44589a0705013e5e17bb50f34fdcaf7c7e209fe431a41cc7667e2a1dffb02aebff2dbac73c88752f088d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\155b84309bb53d5c_0

Filesize
109KB

MD5
de2db72973a697213f0931d18b06e471

SHA1
b060913487a5525959c1f4edf8aaeb71682c448a

SHA256
16faae5b42c297764a5cf7b650d87b6e1e4d4846ec02c58ba1049243120adb2b

SHA512
7dce2af6e79d70bcefb8b791805533e78df6b882f36f0a70af7b663a12c9b43ac1bf9f7d6094bffbd7437775e34ee027598117aabaffdba453fbd4a344eac3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ced246d98cd3678_0

Filesize
366B

MD5
cf4a717a75c8668c0e4dfa6da328420f

SHA1
f57437edf0c3aa1ea8de673382f9cbcd83c9863f

SHA256
1b4a43b473928a082f9bc937405e7bf3312f3cebdaeb4d84c5de408d7b1743e5

SHA512
08ce0de694f15cf32e8eb89c202666ecbcd40163421fce403880ab44338f50aa7da9776999d5464ec2de606d7efa73bd93741596223e12361c4139496ff82c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d9c813a0dcdf108_0

Filesize
5KB

MD5
71cf7823fee75271e21fdba43cd13857

SHA1
ec4eea23fbc2ba6057069be2b69ad6bac0f0acdc

SHA256
b04a9c73b8f0d5744c286940b380100fc535419ebe08f9102887654f46730c38

SHA512
a9ff39ce14e0790d1275b0f4160ecdd2cd8845083fda9b7ca42cac882f07de356e014d4cd4c5fd9f981ec3c742600ff19d7db2340e82194af7994d3394e855fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e757ea85c28335f_0

Filesize
37KB

MD5
957b589bff73594acca312af8c9163c8

SHA1
e2ff4e75a895d119a669390cc3ac661d1de7390a

SHA256
6f97f625a42e6b148294fb16aafb5a40c5116c5102baa81db5e87b43cd93b2dd

SHA512
652d633070898d3b19622b2ba0a8d31e62011a58b265f2da46f4e64afd70b19bb6f38caa53867bcbf61e94243498a1b9f785348ca24fb0d3b3d1af7fcc647ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f8b23cc82f2b2e7_0

Filesize
8KB

MD5
f083ed324aa1ea3cff0d719472863798

SHA1
60a3d21ad7192e6952e0f9f93db781864e8046a4

SHA256
292b52df02080c8a850aababb168aec17243bfd91e82ef81512bcde95654d20a

SHA512
b5556ac0c200de6eaa02cfda68c79a47306709d1fbd70b7048978d1c887a81bc25d965190e5375a22c55e6f3675b3d6ffb593d5508828d11944ec31e83b2f27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\427075385d94c9da_0

Filesize
3KB

MD5
826a1d774f6f16570e78709eab96a196

SHA1
43d6163a9e5658d91fda2363fbb91add84c8a027

SHA256
f168f594e728574e77572c9cb9e66ecabc502fee823c1c55498bd6781ac2ea7f

SHA512
9186b90738f74723879a23a9e6ce2e4fe9458120eb12bfe80ab2642e00d6d1b6aea23a6441ef966803448741d5b9dcb198f744f431a7d4f6a745c4dc32be5957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c7c2f497126e908_0

Filesize
9KB

MD5
898f0c2b3c721f340ce0319cba452514

SHA1
db99d2bd27fb130bbba54338a0f5a75548016853

SHA256
df8a8df3461712037f34462058f532eb7c633a86098c90de1cbdbd328d594e41

SHA512
37f0897e708c2e1ab2865c657d7b45bbd4577b7370d5de384c82343c585bdf1d9dd18b2c371aada72b45e83739d0c96f671560d2df57178b4d4a4f478f40c94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a05b0db8f454e7dc_0

Filesize
11KB

MD5
015274756e134a1469a394bac2ec9f05

SHA1
c9c0cbd4a2bb633c425be4122c9b150555353e4f

SHA256
d341727acf3d33f4ccd7c899db4d18e87c348c84182adf9aec27e8f4f0e94587

SHA512
0781e442f0204012e8dba6aa952bac07514fc5bd278c0e4f8761cb626d0621a46842704cbf2a2649ae9a811dfe0871847e2d2f7fc82c7415dd3ad986913d3fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa61758ad53dced9_0

Filesize
1KB

MD5
55eb5754df97252bf49df1364135d455

SHA1
58db1aacc36dd3c23a648527ea04d5c5c29c9a44

SHA256
225375f0b90c19a6c8c89e976739c1960c89cf5925049b647969aa3e26e8ba9f

SHA512
cff7a439ef1487c4c6d0c7f7f88b29ba80635b86e7c17400a4cca3521fc7480b5519618065101120694e97cdf6a1cad600161c45ae1442553e452c85295946a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
34KB

MD5
f72cd06b9daff865c62b4d24bb0c4592

SHA1
43101d670f644e25f0a802049dc6c38a0e4e4db0

SHA256
6f5d2391928e189de88dea0284b9b5c319ec2bb6f43a3595bacbd13e88106c99

SHA512
0b2e6a64a905f05fcadd0c7cb8bea557f9d5590337d7063128b35bd5e9ce52ba6d005bbdd4e252f2d5c38a547ceaa4ddd020baa2125055115c088d7bb91f87d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb307b4160083434_0

Filesize
12KB

MD5
7b98dcab9ac7efa769bdff7aa4e641ec

SHA1
d73f6bedaf8f9512eb6d9653ed0d94c25a4d3e8d

SHA256
5526d374d7a941607ac845fe128f46b41ea2a10de6b5274761d3ac283a87327c

SHA512
6fc86a1f8b4c758abc3fdfddefc5915b4b44bf34bad3544102a818e828b0b2581155508a6ad02ef8c8d15e7bbc59da76ab566785f97462ef81ee08907c0bf9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
8bf74c2b2e74c685f53e7714e34ef2ca

SHA1
2a83bd61206394539699c3a2fb6ffc7894c60432

SHA256
ef4bc51dbba50bb876c9d1880382bf27bb2b6f7b57d8fb25135f97a31a739f64

SHA512
9082050c76da2abb1418def0f9723d91cd0621cd9b3efb1a072d7aefa3845728c861b3fb8ff1523cbfd5deb997cab77451214fbd09c9315419a3542b4c5f5e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
4d29a32d0e291ba91a4ecc7e0fcb0234

SHA1
3eeb03e06e62d61f54a2d75ab6408702e4056616

SHA256
ac45797a5d9ab242ad6e91f7be826e5b4af8510a170cd5b98decf809e7b5446f

SHA512
956cb539dfe1a9a899fa5f343fb10ed86fa02cdad0da04ec7a1a9f400d849d3570e508352d6897fc7219b8c71a3f6df299c3db2114ac9ce553bba865b5885350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e88c26082cc48958_0

Filesize
49KB

MD5
d342f5c36c88b8531176ef10bd7a8edd

SHA1
4384a57934c35217f626279b8d03b9938a575314

SHA256
7d5277d721fc21e0ba778020e9e083aada8ef289fa7f24bbf49461d3794e8685

SHA512
f2ec59168c2d135ca5649ca3076a3256b065d9defa4341c4b77d79ae231b239903ca8ed5329e39274e17e463633e8d26266de8daf14e04e883421787aa1ccecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2dc6d76675d674c20374fe34a9c00d22

SHA1
48b501d370ee522b6cb283114280b3e369f33bad

SHA256
0ff4286f3e54de67397f48ee5a1a338f2ca19a48f7de00ead30eda8feebdff55

SHA512
2d3216b377f202c334b80b72bff6312671eadfa3a6881cc2f36bacd3f47f1b83b1f51af5d17f11e07d66b04009ef8a94c6a6cf91da0672adba76af8debf5ea49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9bd2d6bfc93bb3a1a4c2c2b986bb43b9

SHA1
10de9c4aaf658cc6e551e1c60e6e48eed698868c

SHA256
0e35def2826342484439ed233034073ca4fb917148e7ead7c8d85541e4454c54

SHA512
a7900c93aa69be9d59d5e058ee43b2579ded89e084ccfe3016e2584a986a9e88fccdb6e525e7876469c1cce019a97b531d5d547cd73374ce2ce1c65284f38f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7cf9b94904a22b1e8b85b6bbd67c920c

SHA1
ca968c2e5a9a6ce5ad4a2f1500fbc48edfb823de

SHA256
192ab05f3ea1218e2cee6e0b9fa923bd97dbd8333e2b0fb43c2568077b44dacf

SHA512
e1eaa23d1b85806eaadbfd3c653c8555164bb1588fe6bec25dee90aab3636410aec110ca99d13b920a4222623523db7d75b4f2a0ac2ec80c1cc68281cae70330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e73a691aef0623c82977bc7a7d2b2114

SHA1
d0411a519024f61c6cd90e6c634563c179784ac6

SHA256
2aaedd907b4cd78ec03a4d4257143122c2ed7471be34f9cec6c48b9a80dd6d1e

SHA512
dc494f83cf0eb3d465b34862bbedb2fb7d4da5d9d2a12e2556bdc4b1ccd794caf24fab9ca84e56666d6b4a3f37280213d9064e0ab0fd4caaef47b78aef29de3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
74e435cf39fbae86625bcb69a90a7dd5

SHA1
d49f69aada3673344e4a49d15593d04640e2cc3e

SHA256
7d86c5e785b8fb68bf5870f224ba35f081ee3d160c8918d59a5144c12a3cc76e

SHA512
3a8a39cc2e97619d133b235bf307f552eb3e71e14466e961c0e53405ab3e17c5f8da2a74f864d3a4584dc315be62b541e1bd7942471a42f2bd62bcaa40f28141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
618f57f8db427d723e08e30825c1afdf

SHA1
7b4856bb12b3a43ff7149703e5fc5fb9d99e5196

SHA256
23107c5e004fa1a8fce270ac62103392d30409fd71e90ad1b93d50deaca58314

SHA512
93c99ce51ce8a3fbbaa521991f2bcfaf93b9a052053f6f177fc6bdbad62e8ff7c0e0af3f23afa8af38548699b60be99462800e790597c725d1b6d611e9568cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4f794b67e713577acecb7684666fac11

SHA1
90eb7359a969774e0c0daaae6daa8bbe9ef16bc2

SHA256
7c69b905ef23db37a63ca9c70f02b8bad849caadcbacf7d52bc4558ef820b454

SHA512
1199900565c22b127e23168419b27d9534c989ca9403e04e22e88a69deca488436c0872f2d92584c65afac8dfc3f09690cd46f5e7c6a908015a40530504598e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a5885446632aed852c9234f9d52e5849

SHA1
aadc6e6ffa627c4e9e002881c52813a2ad01db04

SHA256
03319e8b55428a1fab8cb5fc44fa025f9e238b23dd4c1fc2324c629158650796

SHA512
29508e26babf4d19a264af8c22ea8ad23f1960fe3d5a87dfb5435e095e12ae57af2bcbb5a758efb8d4f7b1149fc1d6ebfd4bfdcdcb59a406cb1c65ba5c3fd86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bdbbff4210cc42a54f8948dfc2d5cd11

SHA1
9b337ef5b298ac1e368cb857f0ffaee92a204562

SHA256
587c916d6221117b36b759013a961438201edb8a882da5f3830b0131142b463f

SHA512
ece67e084472b2e72b13bfe2c3bc7b462ed551393c1d47cac4269342762ca3009f04270082c2097f43501c44f1ff15731052a3f0a1419553fd952305396c5e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3d66185e2a7b156c4526e601953d642c

SHA1
e3bdc872c72e7763b2cf774de78e686c26ccf0d8

SHA256
345a928d8a6df33f1068585a4a211e5d83ceff70b05c1964e97644c4dbaaf592

SHA512
5bf6e2edfadc01218e8d74eb280213cc75cda73d08f2d9a9403261029fa64a687a9e68a29f0a12118bd5782c2a537194a3daad2b48c974d6dd6a07dd2bbe9e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
552c94911b4d9413d92d5095a0c64b11

SHA1
e9fe0f0eebf35d168d2d889b5367fa7a12f299c2

SHA256
b687ba320a6689a39d8a01f8c10dc8e5d9f25465dbea04c2851d4d38e040fa5f

SHA512
1cd929ccb9992a26cc3b5c9210138d3f30a46f5388aa6a123dbde986956a74ddfb2d529b860fc3c924b6435197c175bd004bbe309834340c3ddf90484c7d8a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
04347c3cca6d89a33988867ba21307e4

SHA1
dcb98af10fb21a4f9a3699e941d02cf6b2ac5206

SHA256
e68f1d70d5861479854ec9900c3bc1691293c4afc79803d4582938dc547d6385

SHA512
39a28c3159815064cc02cbf49ee1b6e283fcbf62e34a7f270b733145e795ac5ad5f3ae64ac8677207dac63e3de096c873781848b1a6a4f0499f6c09594bb6673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
43a585c81c63f9003c5bfc389f6461b8

SHA1
b29a183f74d3c0dd369fba423360f6aaf7050e94

SHA256
ba0d63fc726c06b268290ea1968698db8e60bb708f06fec4aa83ce9b56a0af8e

SHA512
1e7c567b6ef57d68d9cf82996aeed34037f203a7a54e9e2fbbf100c89a22b7bef7f2aa43b590ef511d5f2299207638cb1b4eababbc7b1e985dfd87759763118b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05c325bdd5dc45217cc92e42ac704fb4

SHA1
6f371237449641ead23e3b54e95bb0d81cb3af95

SHA256
145cb5f35e455583455f60ad077ba674b1112bc276291078640b7bc1050598b2

SHA512
c45f79b0a6c61c7161bf95a4515f0109cc1ee59195dfb43c8cdecb5fe4ae3947b3b25ffb69ef9e83e27832c4b0795308494cad3071339c5ac9a1cedee0770af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1b97e0dd3e3b3485c8a4a11d7e995d45

SHA1
0d4b2c3de0d3bf0cdedb482c9fb6e4fdd6e7e5e6

SHA256
f7caa2bf2a4b85d0a542b0f1a4395e927ab93c4d44df74643fadf25182cfb3d2

SHA512
2508e98ccdd843070cf2b3ac8a6d16fc35f83b3be851c1bb2e5392339a6be9e8d78446777d8689ab1ebcddd4572abc2059a85bdbb285da0ae0be51e4b8923a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b6d76c6c542963e9a9fe6da811af90f7

SHA1
0ea7cff98cd7b018e5034f348ec1c4b751f23a17

SHA256
946f94fe437b7f06f67b2daa67f847b0ee25501c9ad7343df90ac84d98513a8d

SHA512
922eb78aec1670cc9d26c5b70b1f2769b084d1b9856c8e59dfc4cb4123a3091a4c75d1a55787fabf2aa5fbd8a03235fe173a3bae65acf2330815d85c2e805e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
41502bec41713d98276b55cda83819bd

SHA1
30be90036cbe1e47437c2ad2af625756141e57ec

SHA256
1878ea7fd5a9c9d9d04a679997a2f077ee1bbc75be804f020a7d660ae53699ec

SHA512
ce9269fa28701c0e29a331e834ce37ecc149534bd6f18d563b102c0670ed2252a298f4edfa96f008207a6ee8fd40eda2ca16b6e363a138455edcef39e7d4e8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
122be25bf6924388ccc0fc951f655742

SHA1
2d137cab4ab01791ab69183669215e1071f746d4

SHA256
ccf6e289b4fba99da91ac3aefbe18c55a2c257aa225d252bdc0246eccde89f8e

SHA512
bd255fab1752922e2432f5e674bf1cb9bba056ff2a81cf7b55b810fad64466f1c00136c6234c70b9a387431d990d75be0665f40f63febcec01ca89bb78724929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8933ab3bc932a68d1f0d8ed7f20305dc

SHA1
32490138c9e4573a5fc4b545b8d5d84c336f3de8

SHA256
0549038e993b7d4be91ecdd8d9a36025963bc0b706a6927c104bf5984a1d4e07

SHA512
6f42e28af5d1f9411984116a6c1e002ff6581780e77bc79575eb7446e675e7022b262c329f90270ba44daeb2ff4fa56c9cc112936d7c2d89f98c84d68edd005d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa800a7a211ed127e1d051723bd16f21

SHA1
7553adcca4f92f535491fd64bbc8348cae29c82b

SHA256
09555862a7699d6b723e782f03d156aa97c4d6e74b6efd35864c5420fe9fefc0

SHA512
569288bba74a4c4198a20893ed1e5d5a991568ddafcfdedbfed497451ee422c9cadef1c30ee7d64673311b049ee172affd6db39cc08dfc8ed2b10765cc65064a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0eb3064395347186e329346866d27053

SHA1
11b1ec5f2c316f3be8c931277681c28b9dab8f0a

SHA256
d1da619c7f3bc0571fc06aa1439d980e15f468dba3d1ec00a562e935f7c00a59

SHA512
82c7fc58e147b117825ea3ffb6c7646f4d3c2e553642692820b5bea6cfb847b7d7d7c063babea771c788befb3e8f3dc539b0ee5ec99de40bdc1812e4e001c61a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55fafb8d9401380ce95cc3d953a6a62d

SHA1
6e261eb755ae39058aa60c434001424b9092c9ed

SHA256
e32049c183cca3cbdb606da68341d2dee864934d915d2ce8d4d6262c71895b35

SHA512
d839f8b430a5134c21cb33cf6b37d9f63171c9eee6ebf209502123d1e3746fbab9ebc04e83e2cabb5dc6270a006aea7ef007f7c50c51b24f5f3d96aaf52f194c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aab16cbb3ffa32bea1868ba2c973e5d8

SHA1
63611169d26aeea3ece427faf7f0eaa394b6f18d

SHA256
d6f17e2e4d73827d15976b6ad1b26cae07320642f174bd83444062bde816d6e6

SHA512
39f16d9420ee1319a550ef5b5c264f43b2d729eddd364d739a01858930145880488f3926cb391da26cc8cc2fa4e46b39589507ee0e79b0e462db7851ec4a3adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a2a705430651d97e618a494a28073b6

SHA1
0c16f29f2bbf04c74d33c91c1144d171c7dc29b4

SHA256
4c1cb32c42cb75fb8f32b1ef1085d80c848b44d6bece4d78a0e9dc609e91945b

SHA512
5d55e0aaf30cab223a01f9a70f698f9031094d3ac05a9e90c7ceaaa06ea7eb4e6388e2dee942e74d651d2158df1925e0883e84778def86e24b6dab075ff738af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e7abef46e003ac3af67b5c31dbd8622

SHA1
d0fcd2c68b3a869af0bf524638b39a8bb49e62c9

SHA256
e2a0e493043b53879ca6419d09cfc29660cf8ec3bfc5bf45ef4b9744deb02bde

SHA512
83b270a6e523870cf70e748aa5c942eadd0e3470acd2c10eb650af2c6b49832bd4fc982584e33b8cf7e7c4c439a2238251fe09f73343c4b7f82c7f248ce96922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c53846cb57b6c05a6f97f621b78f451

SHA1
03da8e515f97a93e0a294fcb2e0c5654d3143891

SHA256
8fc2ddb7c1fb67e8de96109b5f1d665ba11152ca804d7244808d6c21e2763b1d

SHA512
3374099a4a2800c36de05be8182ca6310103f1165c318d917d15ab02100c9a413285921e49431e2bb4eb5dd5c7a93c3d4342d9f8185d009576d0d0400aab2bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0d73d87cecf92bd849623976108cc9a

SHA1
4db7c4d3b902c3ce05bf6b202a3f73f8c9d159f2

SHA256
997114844704d759ab2acad3a41e4fc8974953c8c96a6e0fcc00ffda9b80c78a

SHA512
c16979150eb6b7ade6401d254a97c1040b71572ed8a331cbe77bb82dda6c1cc73a5e6eac41e4232675d0ad911953192fcf2154ec50e8fe15ae0eac8b3f96baea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18a048b607458d5518f6ff9c904b8f41

SHA1
d6848208d8a887d7199d6161e87ca51da474d120

SHA256
ee2fc673b1481a41d98b55aa72a642ec7b0f702157ef24287ac66ab279e93871

SHA512
83a9d5df8cfb218301e06704ecd6d59ebedef24356ba8d8448ac9b4c641abc9facb909455a767c8d65ffcbc3a3078d4964ce2e25b97ff8aed3609413c9be3862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
130b140e6d364c76181b2c4b55775666

SHA1
85b82ddb2ed7e0e82b3db5f8eb5ef122453783cb

SHA256
a95bdeadda7867b3a40a61d7d63d2a25f4435f394c162491397b77b17f46ef68

SHA512
c9e6f9da3c9b7f465ec7a615bc8403386999e9cb24585ab4a39fcbaba27b02ff77d5ae11bf92778200f26a2ebf852ba46b851b37e67b57e2332b82f1da650d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9b76f99368f12bba42d29e83c5f9df5

SHA1
3b180e6222be1602c7da96b73935558188fc6e6b

SHA256
b617b774c3f11ece55ae88970c7503fbc571f8d08cdfaf395f310bcf7523088a

SHA512
8dde58decbdffd8ff51b64d46840e59a0cc0138efa33916bcb3dcf6db64998aeda6e67fe0711ec4d5c8b9db986f349428281198344847577a4c65b4f0480e1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac67264ef24c9c55726f9cfa72867cc8

SHA1
b71e2b3704e9866bec2c6d16e56927fed8803368

SHA256
7dd76bb3c9935c3969793e7f33b9e758aacd73242dbaf1aaf13b7f333060eaa8

SHA512
f02d962927688381d7ac4106f7c96770b07fbe9e3d2a8fb81a46a257fe4933aa56a654b2d2e6c81e68b51354c887312cff2b8688d9ef533a2c807b4ca1344749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9454f23b283af684f4e53dccf225831a

SHA1
444a49b3c9746c48000a9d07de822ad3648fa666

SHA256
f69038c211e4ebb7a74b71066e460da0a004730bce0aca18d90b0a23b66e39a9

SHA512
971e05ef270369652971717c5529f2fcc8099bed1dcf410c901330d36b088bc7ca1f376dcfb188f045c5432a3f441dc01d82279eb0062209f1139338c437e966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
91848310d8bb0f87dbc40828bfd1e9aa

SHA1
36d7fbbe3697c646be32fbf1976e41bb459b0da2

SHA256
3797a0a5a92d932321dce6c173882b051db9ac8247a3f21e0a32cf47bfffc343

SHA512
9a6c45271d048a9f710d8f9d2618712a9ee09bcd6afa83cf258ab7416c234d5ed9c52df4aea4deb2813a29359d03e9507bafa7453a51ebc6563303c10c085f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62efd1ecd63c9364a142698dcc22878b

SHA1
4e25c0822db38d5fb1081c869e7d1fd7ec0129b5

SHA256
6a60ded9e49362fefcd1f7729e97d4249e1aa8cd2e2d762bb9114617e662132d

SHA512
4bec46640c54f56c4ceb1e9420c22318fce800a676089dfaf5cb75664f82d62838e9f4acd9283d20a273ddf3ceb1bc63661913212b0f46c84a671b8935458132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3afe7f6c27abf98077bf7fcc41507589

SHA1
c00c6a7e74d4e0cf4932b618206cefe55dc4e73b

SHA256
ba0528d8c3ff4b79480029084eb58e641682a83cf34d0de76536ec43ff342e53

SHA512
8d8b6c8a9301c1f76ae5d0f3985aa1c5c7153bdacf978b086e64fadc2c383c9921738affaa4f8674bceec36885a73cd5f663e7f79168f02d161db8b8e9e85f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5192bc615d8179374c6ae68110dd611

SHA1
a551f763fadc578df0455a4187d5e9e5b4679405

SHA256
4baa03d9e75a68e35b89cf656d25e135b241759660d406dca0c0302d7792fba4

SHA512
5d3694307c3efd07c9cacb963ce31ce88528c1f16b6c4572c5d39697d1558444aab8acc79a8c1d59d23f9c3abc8e42bae124b3da8c11987817c183434c030cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
288da588c919f7ff2e7fbcb621bfe6f4

SHA1
adb5196aeb2f41a8394a1e44cd31745ffd8dd9d6

SHA256
7df700d6dae576e90de7581eb1c2ad8bedf53fbb2ccb77cfebfd3f6f49354e00

SHA512
9e6df62b54a41f1d99a76b43cacaac27d7847e4a3cd6f9b67e27d493b916bc06daab6a9596b2677bfbc05f3f5badbd608579615925667fc7727aba0d7eac747f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90a95658e60252ae0e6112bb59078f63

SHA1
eb3e71cdf6512af748e35b19bc87619e438dfbf4

SHA256
68d38d8d8fffdbe4aa77a770bcc8f7d3550b84116e794be664b75dd7523225b1

SHA512
c94cc3189a95a465af07e1556fdf06e8f584b4d83ea700b55a95239449e2d43bbed014d2722a4a6e24c6da580d2e3c7c8bd0181ef84174fe39cfde59bcf1f4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e17e9e8eb43d9b167eb7d41717d9a753

SHA1
2c77ea99b420ddcb3a07ea8ba09fb1472b805cbe

SHA256
baae5e3bf1ebbf7fad7e7c7f778b7623eb6898909310966be912117f8d4a886d

SHA512
fb447f282a66241f382e130b06577115fcfb349312136b77c351642760e4055d9fe5687f042de53b40f9d24bcf8dd19baa365237bf25fb3d21d5164bc5d22700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5061188eca90a01cc22ab3d12c947f0c

SHA1
d0b015df00f038313216500513795fcb99109bcb

SHA256
3818fa7ec9b5dfa1c01a2f526fbc064a44866c6354d8423801a87d7820d3179f

SHA512
f065c32bf38cc542418bb232fbee68c242bdb32e1887346f3d79e50b7bb42bf3d71267add8e280de3e1cf994caba41c7080a621affcafe8f6fee46a7184e88c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d577491deacb7358df68db9b08c5f9a5

SHA1
f363fb01e551e5b222ccf490dee482e46fc871b4

SHA256
edc93708cee539eb7dbafccf32f6245ff6803729e21ef71764584dfdf662f3da

SHA512
e454c81ceccf37535b639bcff02c1fe9d12c6073f6e3b4ba125c75a5025b8a5435cdf30e5ac6ea1d5596ca0d9fc0222d09eb02113a964cb2cdb4abc1534b25ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37666e6aeb63bf64fbf0344d9dc80c9f

SHA1
3b2089d9cd4f9f632f759ca1a7ef8b6bad14f5a9

SHA256
db492b026b38a44800ab3a2b854df685055519e978a59d753d030502347d3087

SHA512
b88917e865243ca6dced1ac5d13133a51c1edf67c73cb9746bbd863982fdfa654b53dd10222a1cd93219882f26d104bd80508d0cbfdee09b5aeb57ceedc94eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
43eacf2cf52bd3dec9dc4bad1223df1d

SHA1
38d2e29269d3201433b8b8ee862d00cc23b3f317

SHA256
9cc7625ef59ed400843988c0400e22e76bee929d36e7e71800361289fe8fda54

SHA512
13509bda48f205317232abb35154f80addf7b09c554d3982281151ebf356a8db4bbd8cfb7f1548be379381d2cd1b61c74812ba23253e3ec1951ebda91508e81b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9acc34c5eed2d47ec628ce24ace0e232

SHA1
beaf85a2001d455ce6ae02635b34bb1948b6ab65

SHA256
d36fb63c0ebce5664c204e45f75cee3bbfcb6f2186baf4e59ed87cb6acfd46d6

SHA512
ba092dd859ae677e2419a1657ecd9142f1857a27a31d6d2903806d53f1c328704beeb379f96ca6a45a55b517670fef06339214321722612751344a09e34a8ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
266174cc7abe2279a73e70de68edea96

SHA1
c9216d78b68de195571c111f45e9db69f30b1afd

SHA256
499907331071c8bd5ece6faa0f92f70871733e0967e5f62991ba92368ef85ae3

SHA512
fdae9c2ac0a8b255708424a45464bbde9d8e6820fa48492d03e01039bb426205e47050599185bf7a41303f21799ade180401093b666da285d5d004a19aa16530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2013aeebf7dec756f78596c4cd46bb44

SHA1
4512d8bea183a0d2d84290e279bd699a00aedc5e

SHA256
40de989d5cb003312d772af83c708b05359fd6574b42fcd5879abe4b9dad9b58

SHA512
c946f3b144738c047d33ac8796499962d209c208e15b360d377be529c6fbff10bf65765bb82649c40f14318f7db7b2179d4ddc5aa0d213a862686ace7b369cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23a873cd7a60478a013bf27ce6708a9e

SHA1
f3384550b06c64d0be5054b1b317199d97d23d7e

SHA256
0f3ee120b413b0333f80bcbc4bed76da70b10d729e53a60cd27c208e07b116f0

SHA512
dea7fd68d4471368aec276fe80694af0c1f6168a9cf444058a5fa19789db0141d2d9575df8ee1c154f8908f7e6fdcb7738fc12c98abd60b5addde6a2290ed073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90dcb92c86271a01eccab73a149f5af6

SHA1
5b7aae663723ecf395be21e555d1dbf6b541fb65

SHA256
322202292cb2f651dc9977499d6e2dbeb01dd5b21e79ddd4f16342b922e4b8ba

SHA512
288ebd2ffd8e8fbf3b951d9299616e3439242a830704991d2a0649bcfecdea5627b7aaecc809c2d17bedc4014a754c108850eed8b982ca489a78a3e07815c3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d520b28fd17255ecea0efaa86b25adb

SHA1
b490217ecf6d2fed2db6d6909522da46d3b1667f

SHA256
c6d487adf6760fb8ed782affed86b7a58072c39147b342e6a6f00e2af476d1ce

SHA512
3a873748d8d0122c55dd4d08e7bde6607889701eb9c190bb5ee454fd8576f70f4f0db2955d290926fc3260fb95fb9cab9d347166833677c04085ffa7ebfee13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
07da0af9e98f92573a7bf41a23b4c002

SHA1
47ccf656b567acdf3ac1fd860a662cbb63db202c

SHA256
dfbc8c2380aec2ef8fc91a818ecc37acb96b0167ff505644a8597f2b607b5c38

SHA512
c9ebd1a0ae2d4c11acbb5a73a160a9ee9995bf029c9564f2886d37ece12156c0bdb281419d709c0925605c221dcc469c8e66b556f9d51e6ad710bda5a91f58ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a3d9ff41c18fecb55b5e4649f302124e

SHA1
840366368f947c768d2731dd9cdb3a6f8a208fce

SHA256
397069934eadcf81f7817b4407bc15e0af451f97208ad8ed0d3e5701097d1206

SHA512
48edf86c19d84c57cd7ae89a22881d6a1887a6f9bfae3770d4f7427ece289f575b1cfd442982c6b4faf61d5f9228d76014852d5bd2d6cb5f4e4650abac3b66a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71f2f39206eaaadd27ca4f0737d7fc36

SHA1
d93a6ccb029c20f208b0e407c6cc8376fe77216d

SHA256
dc329fe221ed0fba656508b9530b36153816f30ebad23bb7ab51748cfd1dac8b

SHA512
13e543c858865b7af4d0bd710371208a232f536f118129e98c8bbc8727a9d1c6c295fb0f2f9935714f55d9772ec2c50a9a1c9c7037b58460b6dc45c8c57329a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
92439c1357d766a82aa5846aee76fe2e

SHA1
8858e1cb5d5d507a3db5fb06bcb7f6408ed9ee61

SHA256
66bcfaaf41bf6c6e35cd0642ccba8108c8d8c7291d5632961b0e7771b4b18ebd

SHA512
4290657bdc129ffb178d9f7765bbc8a9db40104c3cfd84374cf66b04816c86c3cec7472d2c8f0c280ae85478bd246713c83eccb7504037841d966f07a8f91372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e4e7500d62d35b0b183146bbf2eb921

SHA1
46b153c4507f853a6dae236b34ee291db0d696a4

SHA256
ee44aac77da2b5d8dab2d297ba34869c93138b0a650c9a2b7c3d4cbaf4197218

SHA512
9dfd2901ec5920c87d8f0751d060f694a3c11e136bc06dfcc493de591a72e381895420dea4ee100f91b32fcd43c6a396dacd954d4565c98039a5f47d0d979904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f2e284a48be909eaf4fa1ff63e46892

SHA1
e03ca988a933cfb0ec635a20aafaef7f7f0b5555

SHA256
adbdbcbece0e2655ae5a1130109235c8c8c8c49dfc4e7137809e5b06bc1b2680

SHA512
60fb7bca5701c2c17fd2b96d55fd63b0c0579e47b2eb7920925db475fab2afd2ba4b2cfcd65235fbfedcabc301ced00316bebc60acb543645afeb438eeac8696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4d44ff24e38381efac4a6bc89f5e977

SHA1
397abeaf55d6f2dd65fd2eb890b08fefbdaa4eef

SHA256
8f4226580af55af1d5ad4066891ca344300faf28d80ebbf4a585e567d1cac58d

SHA512
ea687a340bd149db3f60670298324bfbdc4ac39cb51941897b00ea78b8853bad1f91c48cb2858b261722423be324f950643152d37845f72acfd84879a43f09ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e388dd80ba3cf2bd9eb9cbbce0523caa

SHA1
b8a1903d8f6baf6998ecf5c0945ded544e3c76f0

SHA256
c4c886922b0f0acc9d5a568d711f4e72d4d64e67219a1b28163f08d75b796aac

SHA512
c5f859ff10a8a4b0d7f3f87ac22949b7c1189f13761aa587c64fb79292e64676704b56aa6b6de5e8bc3ba7c4cb4fdd9268870fc55801341b9bb0430ecdd3b06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89e34776414aba4b252714a6cd178bbd

SHA1
e122cfbb8517301eabc450c82e637a198c71362d

SHA256
6a8a1560faaa0741cb60924568bbb3d13ec85348df1b0089085bfa9b30b5fb66

SHA512
9c7edef92401c13e34dc5f154b2380163c34262bc5c7c57b3c4ebf0bebae104172e817cf2ef43366f2c07b7e4da9be72e9dcdc4e55ecb62dd3d467f58cc5b42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bd8c1d0ba34fc011ee3bf42d4f2a8086

SHA1
7d5453f29dc77fbec67edb8fbc88c421e0c56736

SHA256
370b9a91f0c8b3da544fbc17de70ad48f72630b93d5187ad9c2610e89154f85b

SHA512
75b0ad01d9b742a27ff9eb06643fa202812a43b1790d8669ed5d4251f1cc641e139f0830a12aa63145782290a8ff9357268d7dbb91a685844f84a95c0330d3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f238636029e56fce6bf62228a0b9b59e

SHA1
6f266f888cb5d149244e21bf04e17824493bcab1

SHA256
680b0ff92e99c72efc122854de4f0488cd5053e512732334a838851a841ab393

SHA512
e511fe6c9748b11092b556d03765f19ebac193e6e051943ea1145b4d98196f35b335af23a55280871e86825220f81a51fc548b545580ea687f03e86c232d4a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfd1.TMP

Filesize
866B

MD5
aa79d7c97f68d865e6c4a233d78cb323

SHA1
9ccb579468593c4f50a1060573e6f745a2f0e2f7

SHA256
5d89e80d2e3c38c71db8f17b1108a4ae18c160fbf66d2a98f19f485a5adb1519

SHA512
caed99b19e60c36b31ba3d5567438cf64751c27bd2ca47e7df1d67b4e43beb3431504d60b513af0860517b4a49aa3c32c43f9e6bc4cedc3f002b606556338dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c75fbd6d-56d7-46fc-b1ba-0c1084da2640.tmp

Filesize
7KB

MD5
ce2e122acb28c5f9059b2bf350bfc292

SHA1
2b14bb466b6b84f95a9003ab608592c5392f51f1

SHA256
c837e4e3dba292610a5b6d53de620fab7122f749f264f71f17118ccb87da5f89

SHA512
289ba923eec9c9ea3ead892c42682f1ade87e50f6050cf3f420561b1a6367cadd7b8e772f6607858c4c63052424a6a1c5297b1f030f62d240988471a3b1eff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0600d1d9f0897800c2ac9be43aacfb7

SHA1
9e95661f1e5f858c5e6026aa8bc67e6f2eda8f3b

SHA256
70dae9c2448847f87da6c9a5b0dac528828710666da2d32b21fd2d5a63aa71fc

SHA512
6822081d0a738df7f86e05d16b93c6bb4d3874448fb8d8e4932828668393df43070934a601761e05c556a2436d017d0bad24d309ae95573b3595a5e3ae682c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b44b60cabd9b03f2154142ea733de59

SHA1
2d0efaae83ffa0bed3dadca8699d872fdfafaa47

SHA256
7dd0e00af1da1c7c25c1652369bd6446c7ed708cbf21834260b060d4124d1d64

SHA512
53e14b9fcbf84d078d1bb64c5daca7718f5eabf027a0ff10108a7b33d9bce8f4cb34f1a5c7963094b2681deb9d29f835201360815d2121f5a62d532e2d25c8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
31aa1f5c91bcbbbecb660226e80fd653

SHA1
e2823891b677cecddf07202d4c1ee2639af32cb5

SHA256
3b412efa4ff1c6256ab43248158932ca8468110a0d9d80ca2f8457a15b3423a4

SHA512
fa088eef77f69d42db0debcf3e0623ff26eb7976fe56fe8e77495ba0e9d0669fa60ae4539d88347769636cb8447eca4d956b0a031f191dcdc19c31d5ab729ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2ecbad21d5e8d7be10fe8c62f9a6ffc5

SHA1
7764b44839c4fa3ecedecb03bb6633820d4c9781

SHA256
f052b4ac6f2a95f189c888cf74708ce7653a98ee4aa7eb0ad502593c41079137

SHA512
7d33865b335c5367bf57565635ce114448ea6e9f554aff0b75dfa8ebe4703993bef755a5b8983db32776a3f78ba842dd68da32e09d62383f5e386557afa45852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
94b9633c013248b58dcd2794e4a3e6cf

SHA1
a3b3c2de96bc30886babd15cadab08d3475711bd

SHA256
ad806c67da2841246fa5844769e292b88ca406f36476e79fe4de5dffdd19fc20

SHA512
7d008759177af45035e384d5d00364a3ae8d99c28661a12d1ba6a52954ccdf705c971a5b97aba6311dee39c43d36de56f5d4fe764c12d2bf5702188d52cfc477

Download Submit
C:\Users\Admin\AppData\Local\Temp\24iwik4r\24iwik4r.0.vb

Filesize
7KB

MD5
54dea90bc72ad0da55eeb2ff89a6d90b

SHA1
e18e9817c4b0dd145ff1c8a20626f3ab7344bdb9

SHA256
5f32eb87796c10222d1511eee359e8ce38b5529d35efba7b1a1931a0b87d13bc

SHA512
460b187b47a16de082cc55610c9b5888e09af7c103fe247e622dc86e54d7563a6863e9ddd2991a0fb928a73d27527c9d549e08bbec7f5991252997a0df52816c

Download Submit
C:\Users\Admin\AppData\Local\Temp\24iwik4r\24iwik4r.cmdline

Filesize
176B

MD5
0d2b6ef1287055abe26f434d5f401b06

SHA1
6d8bb22415428714a513b9b2f9123427e8d92fbb

SHA256
8e3c0e30001e96f81ae0d4c92064b6524a7a807d36d6ec9cb24cc9ea60b50f95

SHA512
121c644a60b0397c6dcbb011b2c2fd895e5d2961f2d90fda67d5435d2242a39217324981746b8b1d67b250776ed7725dc1e151471b39ef5cc02be869193e4ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESC4AF.tmp

Filesize
1KB

MD5
d7524f6c02d92f830223bafeb1ecb9d3

SHA1
c42c1f7317cdf4f08d48455559e96a631d6216f9

SHA256
ae17c79fdfbac0913296d4878728eb6a5e6737758ab8ed3cd0030ab27ea307e1

SHA512
cfb30ac9d38104eb4868d75b0b3b9307c3c34d00dfaa821f901432bc10087aa37486f266f5f782d1b0d2e8ee3bf7546da3854d913933611c3212589b2370cf7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcC67953B9207B47BEA6F7B91EE7E3B22C.TMP

Filesize
1KB

MD5
13d25ecbcf2309ab90369abcae61e090

SHA1
c9c3ad17bc9032bfd2e1dd8931b285b020eae633

SHA256
a9867862f9d23427967bfacaed699a2177a0008b4b1d359f450796b29bb5dfb5

SHA512
89e83f3f5a2f307228d885403649857ac4f219850b076a54656a5ff8a2be0eb7d65350810f17f9a13a6378c6ab6b6171a44f44f65694858996d4e112b7b53af9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\M1lp mods.exe

Filesize
15KB

MD5
686cb9b6bce92b9c8ab141fe3f1aab3f

SHA1
823c369d2398ed683faf3172ea4a2485e67c7ed8

SHA256
ecf3754ec6c77771d36a44ca8616621cf632b3da93044b3f95c3fafdc01b6fb8

SHA512
6c9923fae1a5bc6bbd7a46c139ccd28db30433d52eb1d878f95e9a6d4bc45747a07b684a87c73cc2732b0efb5ff838c5c696de68fcc5b0902a134f9bd64c31bf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 405422.crdownload

Filesize
3.7MB

MD5
c00845708ee4e6cbaa628a0886076c4d

SHA1
e011d28a40304957961654e62d00754a772fdee8

SHA256
16f14bd60c84a7838b99c34a791d5d334f08ee1e588c95162290ced38db8b092

SHA512
2b6a09b934ad6076008ad1b8bc960b6c3bf39968275f9f46fe1afbed7228eb196b46172c175106da70af80ad78aafc327869e71860af6472c74867dba022fb59

Download Submit
memory/5352-386-0x0000000005C60000-0x0000000005C6A000-memory.dmp

Filesize
40KB

Download
memory/5352-385-0x0000000005D40000-0x0000000005DD2000-memory.dmp

Filesize
584KB

Download
memory/5352-384-0x00000000062F0000-0x0000000006894000-memory.dmp

Filesize
5.6MB

Download
memory/5352-387-0x0000000005FA0000-0x0000000005FF6000-memory.dmp

Filesize
344KB

Download
memory/5352-383-0x0000000005CA0000-0x0000000005D3C000-memory.dmp

Filesize
624KB

Download
memory/5352-382-0x0000000000EE0000-0x000000000128E000-memory.dmp

Filesize
3.7MB

Download