a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

Analysis

max time kernel
270s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16-02-2025 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

469KB
MD5

c2bc344f6dde0573ea9acdfb6698bf4c
SHA1

d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256

a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512

d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0
SSDEEP

12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
95	5884	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5592	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 641193.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2148	msedge.exe
2148	msedge.exe
3364	identity_helper.exe
3364	identity_helper.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1572	2148	msedge.exe	93
PID 2148 wrote to memory of 1572	2148	msedge.exe	93
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 4656	2148	msedge.exe	94
PID 2148 wrote to memory of 2352	2148	msedge.exe	95
PID 2148 wrote to memory of 2352	2148	msedge.exe	95
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96
PID 2148 wrote to memory of 3516	2148	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde8446f8,0x7ffbde844708,0x7ffbde844718
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16301129708953817675,4091825949553568221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0JFM0E0N0ItMTVCOS00QTM1LUI4M0YtQzE3MEE0QkVEMjREfSIgdXNlcmlkPSJ7QzE2MUUyRDMtNjhDOS00QTYxLUIzRTgtRTNDMTBBRDMyMEY1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTMzNjczRjYtMTNBNi00OUU1LUFENTAtNEFDMkYwNERFRThCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE5ODA3NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjE2MDMxOTMxOCIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
729bed0edd331ffcfd597470f90f3e66

SHA1
a6ff8c58f693fcd9ca68887dfa10c7db29571f1b

SHA256
1e19cfa75b8d279d6295258451a6e2e8fde33c529050e8975ad77d38eb901b88

SHA512
dc697b5b083d69b98aa75a6ffe402430231ac1bbb2b313218e77937bd1571171859b3532a4b441bb674f591568050a45e3d3a19a97d4dff73dae70e15f8e34be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
448b7c8c3b3464847b28d8a3d56186b3

SHA1
8d68fb17d1185229fbb11c83e3e1302c2241e80b

SHA256
5ac4fe094bdd264cdd05031eaa7b06b94cda44d134c9c1f719a82ad0e258cd05

SHA512
eac10e9de38a513b2acc73f695be5e037ffe54d8cde3c5fb032122822de1df5f895b7924a3ab0a05aa644a6a9f4ee6f45f3452ad15dc242eb199d74ccdc532aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
210KB

MD5
1f6f3086bdd7035529257c8ad95a3671

SHA1
e007959c11588ff5793475273d846e16ed5a0a74

SHA256
8bbe7ea4efac6d1d525dafa3a3968494d4b86b02750b40b4558f54486990de91

SHA512
edd293e3b30f4ec24890ae491a555560f37a6879746e91b8da9cff1be00107e849e99f8ac1db286692f13b2c392a1bc38b999bf8baa3d02609fad4415e417e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
82KB

MD5
36f5a723d8ea215105e234d221701697

SHA1
328136bb1f00b00bace5e4c6cf6a7e45425c17b2

SHA256
302c7ac0af04845c20b3bcd54d3a603c607b0d6afd10ebffe5eec7deb059e748

SHA512
5f44f06ff80459b52f7d56933862790b20dcb51dae97b0e26db4bf3fec83d1f01ad862ab26129f9061841730c257a8b9969325ec385f2be9f0e39734910c40b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
79KB

MD5
8fca7a33069cb43280afd1c46ccbc6e5

SHA1
76b3407ef30c25dfefe7d0f164929d21a1d06a68

SHA256
dabd7ffcfca680c623004eeaf91fffff2731b457e80179e30f63a2afdf3b0666

SHA512
275de936f2adbca543cebf61a3f099c9c2d19ef2f916c70b0e93b8de21da90f191caf431c845f8ad183a46d21ea6193ee37ba14ba055e7798e1828c58a787fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
133KB

MD5
1351e5c3589ae50f6f2a4307fd484833

SHA1
8d3bb94ba018a0db42b28673f25ef684aec8a21b

SHA256
ed15a78f4a1506ebe7d12d433f2fa8b86cef11354093f6c7e332791c8874422d

SHA512
c0fbd4fa67af5cca1f3a276c4a6a8a4737aca3a9d383db24b70e5fc3b577f18a24d73160f289cf03e8bc2cebcdbe65bb3d3b0d13b01ab6dc70e68d68694d8659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
21KB

MD5
b0b46b807eee39af0aad8f5fefc9b3a2

SHA1
0fb04f15599bc0844063a6ab776c86e73cb9fbfc

SHA256
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

SHA512
4eec49904a5480940124a1c1b9c9dae764ebb115829cbce4356e66a1d7f077dfd204a4634b0622ffb14cc6ebff7062d7f30502bf0bc7d998a1a55fc8c876da8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
73KB

MD5
7641a1bbf0994262993f9a68135991ba

SHA1
f8f1f9ff42506dcbfe898a01a06e19c8d6886b51

SHA256
cb703cb6845e5316effa4e662a95bfcffa7494d5db4495d853841906c3be5270

SHA512
d169e9e6cbde255697d22f0196df49ebf35959059d5b22de5b86faea71cd445a232c94a16d647430fec3a30507ef8ff27903c94f36c3a38cb52df87c72295ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11059e48a70b24df_0

Filesize
70KB

MD5
033984e7cb89bbec76c875536a6c2c47

SHA1
847ff3605d3a8ffeab2abd7008cde92024c480ce

SHA256
653ff173d8fd7258c4a37648a825a267e3fc9cc6d1046f1adff598574c45beb8

SHA512
beeddbb3850898de1a56d0873f1bb473fd0ef0079518a9abafc2501950709b00367979277ced2ab73b7e144d8e539a4a0357cb8d9079469e741d5f46914c74f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3490675abbd3db55_0

Filesize
266B

MD5
329ddcce4b61b38850c1641f2c9657ce

SHA1
dd4d02f665fef7e101bc7a353d29b9cb4b4ee1b6

SHA256
26a969ddd30893c19b60559b406e8ec45a75d9b592ecf502fb4daacbc0465308

SHA512
06994af1018f63e731358308d663ae183817269a7a50d857ef6286b4565eaedf4cf4210735350a7444aaa5ddb4fc67e1809868e2450f5e043a9ee962be4dd539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d6650105953b5e3_0

Filesize
263B

MD5
c728d2a89c531ed3857b1a021ef1a105

SHA1
ef9de148b23e16654c7b6150f7fe1dfb77f27b9f

SHA256
4683496d506e237f3bd903f879cd285c0627ce5146f8d7471ee34dbc5ce62275

SHA512
29edb69e18b0c69d938c47c53548e7633ca0355626dd18fb5ee0a2f04a1f9c491429529e7ff5952c420d3b44d9320e5e357d4c5ec8c6bce8a9f32ca2982324f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c14e61eb9f2e6f_0

Filesize
302KB

MD5
30376f37f1332b037e8ebe4d6aee5a03

SHA1
bff782f3687ded905b80a263246fefbbdd32ca23

SHA256
b37f1811c37f3f600ea4a2840a285776654327dc5c6648b9b31a4e16ef7a5ebe

SHA512
ab5856a3108829a3a4b393d70968acec0d20b2e5d8fb038da721c435da9244626d305a62dc689551b209a97754fe9a141b011c8a059c36c74884ef4d7ad07c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2dd64a649140650_0

Filesize
253B

MD5
5ba21c5c250c0989577771a4d99bcef2

SHA1
ac7043765ac1ed81efa99f8290c59e9b8d194e01

SHA256
2cb4a3aaa05f6e9dd5328abba1d13a82332cacfc47d6fc3daa2a55fc3bc7baeb

SHA512
7ae8b6b73c637d5ad79bf6a47bb0f0466d94293fd586e2725c6cf42e86f3ec67f959e9ef9825925319026e6aa0b3b5e720033f9fd5e1269bc1e2639909cda4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffd88edb20b98925_0

Filesize
78KB

MD5
e6b8d5f102191c78ffd7b2a3bb791e3a

SHA1
708fff4c76e18b34076694946dd80840f9c7abef

SHA256
1b274936dd750ff4eca74e36e4c0aa2ca48efd184c941d4003db82e26122280c

SHA512
68ff64c413481b67924bdc5d7fb86cfa5f0ef25c1a7048e2f8785f89a39e86f7f5b86ab8e4362360de9bc08db3d728e2293847d5d22b69b36f36baa39527facd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e88254dca5e4dfd4c622a1befd61d10d

SHA1
fe027d20048a719c9ef5dda2be9c97cb307ff0c5

SHA256
b37671f3cde48cd5b7c1e404b005c6dee81cf73f19aacfd70b86c71a6c5f4372

SHA512
8712b14f48a7f2b6f339a3d464afe46f16e36b87a14ce968757f4c425d09064b0f17f4bc617020c98559d48ede6094147a9ce5dd1edfbae0fbe0f1a13513a0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1245170cc182450995373a5af65bcff4

SHA1
482cc54886b1ddcc031b3463f6adf7434272a45e

SHA256
33fa7c86e3049ea069c463b12442aceb416361a4a872f3ba6a0db3a4e7e98cfa

SHA512
f07659be134522b5213f97b563bf7babbc89c0251e025dcd93e70dc7dd4ebc296e3adaa57e2cfa19cf4cfbe86036441daf60a9d0331077521c2a33b83d101283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e337e838229a14f79be602f20dad45b7

SHA1
d966c87f74b492112dc7f7ab3329e3d61dab6fb1

SHA256
9068a5da72ce2c660507ad800360a9d698c229e0c12127bccbcbfa90cb1bbb00

SHA512
65220f9517b3c47fcbe080095d9b84b2e065e7fd860e892bcbfcd1c0995d55afcc91cdedfc7904ae0def3bb5e21fef51f9639314a53a5e9c7f2cbf52a05cf341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
537B

MD5
a532130ea4e9a9f08ab48f737c1ab764

SHA1
39ed9794745e2ea741008e9998d2bea537d5015e

SHA256
263f8c31b51161b38119b8f9c2df390bdd3eb16fd979f520dbd6f275ce4b778e

SHA512
fb2845ce52a79ffc84d4ae7aeba5b5d3266e3e48bfb06f6d6a74c16aaa00304102b3d7baded13f60f9fad34ce78e9003f5d4a42a2e552c586782cc8eeaef11e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
91d4677db4b014f9a031f677c2cf3904

SHA1
c90cc56b0c50719d87f0ab258957d0b08eb977e2

SHA256
21ef4a53ce3314b901726c619e2292b1ce6f21e3ceaf36ce27cc45938a84ffee

SHA512
80a303c9dba6410cce4e6cbf0afcd29a586a3bf327be51d23648e279c100e99b09f362bea63b46a5777aeba1e39a937e0227169f123a7d7fefa8921f61e0e2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
74b66a2479b9d5e3537ec054cdbf1bea

SHA1
32bcddaf057e30a50324a4ac864f8284cb901aea

SHA256
47541d6e0f7345f6963c971ca7dd766a32ee335eb13f953c5d6ee4b59b0d9e9f

SHA512
baf1090a80bc72c6be04137832e278dde732c3308d343efabc464b05e4713a1182ed477b79e58c7ec020ba8fbc1beb6e88cced7f00521c0bae07a131501f3850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c65be7fd7ff45899c11a064b9bf84b76

SHA1
7e202b0fdbed51e7043d843d7701a1875775193e

SHA256
9ad3a541a8dbe2e6b196b07e9ed06ebee38c4c61aa54bfd2975878a77f3d4b43

SHA512
fe28caa4be56df4e2791a4039a4f1fcce06479ded0f096597f1ae439c527c688b0a5bd4b8f48b874dbd4f2d3f37d9d6472a45afb667fcf1cd5ca9838e53cb0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
81d4f2db5765d5bedde0e6b1713f4e90

SHA1
77ee0b699acea72609ae91161cdc605e4976c4f5

SHA256
a886e2c64511fdaacee419ea326a3d0df1c78b8691f482a10db240a6683c6568

SHA512
c397b67175962fb70ca88201352b12782fd8b75b932df6f6dbb28db8afd375667ffbe1c263e86d1afec9a6c63d9f2393e679e5e8c3c5d9d1616bd27c62718983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cff70c78a55d798c5ae4e44608ed0ca2

SHA1
a679d8db64e9b68932b37af32bff95c37e4474fa

SHA256
1492f4ce75ceda971771275edac24c74ad3b2834dbf1a7a7079caed112550fa8

SHA512
e7e99974f900f9a7087a775ea9004af4a55e79403c2ca158c0ebc889626634a587a63a23e8439614dc46d38a2d60e1e86b2ecfece0edc4dafdf4a8fc84485677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
06d351f5c6c0871ec04fe56df6afcf77

SHA1
41ef14ec119a2aeb39ccd071433f2c466679ebe5

SHA256
cbbc25aeedbd2379a286ad125d46f324d31385ade032b259fc7071c1b9d9933f

SHA512
ffd6a964b87d9193909510d20613ca4f78dc19ae8c07ac87a0b2d0cd9fcf98904cbab8b18566134c11ffb6748386a787e333416c3bc0025e66207b2eaac7555c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
001371fd626f58aa8fa5c02ba3b9b768

SHA1
5d8eef732007ef286d8b35e6c487ce59aef8a183

SHA256
b1432baa41972c4757b5cea928a8fda1becb74475f9642d63cd4b1ce2119c4c1

SHA512
56aeb24693f7b7af0c1725efa325db4cda68a331951487393e7e64382fcb9c4ef13573871b07d37c92464ad83c3e369fe844bd684372db06bcd789963a71cbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7896f40dba7d92d2329f5bca68d78f06

SHA1
855d76bab202b145a5ab57144bd688e53d4f53d1

SHA256
de8825fdd443ac8b10255726a5fcc0b2023585a580113a97af9b84941ab8c323

SHA512
eb719e6b6d736abac859d33d1f6ef8a8f46031fb643703128bce0c5fcbeaa8635f2ce0a4cdacebb28115959fda49a0beff01b12f95a0ae3f35f6c94ac1b103e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c14bae936b482705621cd4a7fe03d050

SHA1
0a88c3e3ab7f9269ca08f8313fb2617c2045051a

SHA256
836d804746140aa5d6657eb365e3d942acad9933a07f015c178afb3ebf8f258a

SHA512
f131307813bb83a711a4705048abaa99bd8b4f1aae8a46fcc0daccb6f84498050752a8eb06af1e9fb1ee3b3ac5fd8a25644f4c91100dd8a3727ec114e0995f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15dfe5d419dc248eb2cb47c6b1cd45b1

SHA1
547b8d738ab22a7227112f3e36e0a4cdbaae2746

SHA256
6de9ff84a8670a0498a526744bffd444a65831ded72497c06170ec29bca7db98

SHA512
000916c252d3a2dc7e7df12d519b94b190f1b8d8aa946479410f0b7e6c9786a3d76bc1a84d40cc35282ba52046e8386cd0bd5753a21fab700958accdaf48f284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c5f276c747ab6bc2b94ed5796b93cc7e

SHA1
3e81e2b2fd1f9712e21a89e44213661fda118709

SHA256
3abbcd7f1eda8cb2381cca729b28cb3eab21ed1d9ae217f41818fd64c7094068

SHA512
683f129fc67cc5b327a26eeefd80bbe0fa19c8abd27cf89bf69b6736c1950f046587d6ba6bed99d3892c2e2bdbe5b58096fffd61e986913b7cdd135cba35285c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe665a3c.TMP

Filesize
48B

MD5
3677e3c7a716543e75cf646aba514523

SHA1
49ebd5b5f5a15194afb1fa91126743bb766531bf

SHA256
b9d1060051dfcc26ebba4f8a9334dd0a616c774e9572ca1a22b2cc5f8958633f

SHA512
ba4e8399aca336ad778dd4888530e0bbdfc0d34f877d8d659d42a8b22acd304582fd7f78b13269a56b7809e4194a871b37430727ed22e318b6ea6a652c6b2636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
470b3b85a77d41ec8315f55972ee23f8

SHA1
5edcd9f1baf7fc107a970ee7894bcf1b99a47381

SHA256
2c0aa197578a0a162873f25a1b7a91b640e4eb5bd186952e8e0a3eaa2678af9e

SHA512
4456bda4da148a9a84d44bd59cc2194711193a578c577e6acdcaed983c05799f911774fbd31d22f28b994d6bec5476636f7ecb7fb05ee99779ca69bec9cf2d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5b83155d13511f6d02c1e4fdb53b5ee

SHA1
15af89294fdcd13632cf1c5827d0f4296cc7de54

SHA256
b32644e858f53fcf6e42f7dcbf00e264568a4ce0cb04d831bda585a407c4ee2a

SHA512
9e3906d04e6fe3f4edcdc9bbb5393f655f1a0dca6e49e12c0e5e10f7266bd081dd24c17894a69696d9078c598497cb65c73e04941283b7d697baecc09c38470b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
618ee0c01af451f9cd38f868ef4b6373

SHA1
9d017858ede6701ee1fdd8ff8c0c6f9084c65914

SHA256
fb94f4068f800fcc0f2828252c3392ea7cebc99abb9a207c00022f59ff71e193

SHA512
77647617defcbea88ed4257523bc9db2abf1e582d745a4cd2f94186e7f8c1e20700596b1dfa35280ce9006242e0d744cb4eeb4d559b8c0df14423a045fc2b5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45d7b3b8c2001fcfbe4809e71bf29087

SHA1
b78cda9e48ad74227d378b9cf245817d8894a70a

SHA256
765216b6733be280fedd499c61365d2eaf78dac6ddb9cf162c3b98a8c0dba9c1

SHA512
dfaa4473302b298e1ff73fb31e16623cab270a6aff02940adda4e326c24f00a387c413d565ee548a3a38f178768577514acb97016499865910341379aa8440ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
147d8f2350599b8692b8c20f8d65b789

SHA1
698b65a1e49c05062980877e38877f30a8a6a034

SHA256
6ecebe95196cb353098708972584f2bfe1e2748d3211dc525b29c0a9bb418468

SHA512
cf6e886ba1a29dbbb0a3ab23c2679cdeef178a97efc5f99f464103e21e9c9f11a66e8a0463ab24be9366141f2ab45bc49115e02299bb72896d4cb6d863fe9dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12c5f0ab92e4d638bf1a2315658e90e7

SHA1
63f97417f99f85179abe939809edd65f406425aa

SHA256
7a184d1d6e3f160f06e57b32dfffca3f1458d43f6386c58fa3499569f15aea45

SHA512
4b655e67654a4013e5d4161ea884a29cd27e58282b219e03ab3655efb51c66e6c77ffdf608665cc0e9592414bee7f6b158f06f302484f47354d5844e69a317bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecb31ab36b6fb5d9e2ea14d73805a29b

SHA1
50d4fbf27c6ca4d5fa621c4d4ab87c6ff1c57890

SHA256
1461da57173d9a9a2055c49a1f3cfae2b4d6aa92296c9fa69ec69b0001cb3ed8

SHA512
66fc6fe9e528f643e0d1ad954ea99643e5679db7320b1b3ea7639da282ec63b056a91176ce96d5afffcb8f2227769da1b267229376c6bcd406d0dd4350696bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
052561435f4ed0348aec191ed3e5514d

SHA1
e70f08ef50c4872858d0400908a51b64846be839

SHA256
a467592a2014043f557745571861c055b0871123d2ccac83c8472e41070fd210

SHA512
83a97c8b33b79719af58a2268fb67bc9b6aaabe675bf4d68cebe0285a4e2a316a52df46450f275e2985b87c75695243796b0836c553baca0f7f081030808e467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6475dc.TMP

Filesize
538B

MD5
61d2ac0d01440d6fe6c898e7cbbf7055

SHA1
bcc8c61782bca6b8f38e38b58dec27047b7d383e

SHA256
6377b401178accc128fbad00505b4d98bf21816173ad81a8c3d06b8aa70fd89c

SHA512
6613f8354766d1da115adb77da8e5f72f3abf41ed443bace9cd978291bd04d574d9188c598e0caf045c716bf9fef38cced32989ca5f95dae0ebf803b80c86a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
185a4818c028b47b847b82f80a35f148

SHA1
70400069e6dedc9a1c6f6533a0b8a7ac98d64e02

SHA256
e6054c1e25ad92cdb765e72efc8f6a1505dd65d48396179f93de658a309e174b

SHA512
0d3603342dc17e49f10abe46b44143c8876fd941813687626e5b713bceefac1e1599984e68365f71a49e58494aad7fe837c82560aa5f717bcb9b1b5c19b8c7b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1fb2e484eacbfe987f0d774247131acb

SHA1
df8f47d4ee6e7b2282ce6154f912fcac78b7ee79

SHA256
b66275d0ad0f42d907d22b43ca83b92a70bcaa3213ad25c75ee039fcb425ceb4

SHA512
b9f391c7f63527ee70607588631e9360678e4388df5dd4ee0ba7eacf436af5b5be34afa4e74f946dc87ab57135ebd2377e2269547d176211ed51e78ceee928d8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 641193.crdownload

Filesize
1KB

MD5
b8f24efd1d30aac9d360db90c8717aee

SHA1
7d31372560f81ea24db57bb18d56143251a8b266

SHA256
95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed

SHA512
14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032

Download Submit