ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c

Analysis

max time kernel
966s
max time network
979s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118702991.html
Size

117B
MD5

2dccf9a2e169c68dd4f3bd5ea163e45e
SHA1

4ddcf984285a5c544ed1132f5f6efd7a5d01b470
SHA256

ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c
SHA512

ba8e31094fda723fa66d589e229f240773f46493198b776240897e60998e7695c2865e17213fb3ed0e2756de8227c9271464ba64c5bc9448880d5f2a03cb4f57

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 51 IoCs

Processes:

explorer.exemsedge.exeMiniSearchHost.exeAppInstaller.execontrol.exeAppInstaller.exeAppInstaller.exeAppInstaller.exemsedge.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).bottom = "854"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).right = "1463"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).bottom = "820"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).top = "254"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "287309825"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MinPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).left = "663"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e00718000000000000000000000e1a40ed25739d211a40b0c50205241530000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).left = "166"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	control.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MaxPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).right = "966"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{0528BAAD-166C-4A87-93CE-5454DACEF5F8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MinPos1280x720x96(1).x = "4294967295"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\NodeSlot = "3"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).top = "220"	explorer.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\microsoft.ui.xaml.2.8.6.nupkg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\windows-subsystem-for-android-wsa-2311-40000-5-0.msixbundle:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

5068 explorer.exe

pid	process
5068	explorer.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exepowershell.exemsedge.exe

pid	process
4560	msedge.exe
4560	msedge.exe
2064	msedge.exe
2064	msedge.exe
4124	identity_helper.exe
4124	identity_helper.exe
2604	msedge.exe
2604	msedge.exe
3028	msedge.exe
3028	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
3428	msedge.exe
3428	msedge.exe
1220	powershell.exe
1220	powershell.exe
1220	powershell.exe
400	msedge.exe
400	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

7zFM.exeexplorer.exeOpenWith.exe

pid process

4320 7zFM.exe
5068 explorer.exe
5052 OpenWith.exe

pid	process
4320	7zFM.exe
5068	explorer.exe
5052	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

msedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zFM.execontrol.exepowershell.exe

description	pid	process
Token: SeRestorePrivilege	4320	7zFM.exe
Token: 35	4320	7zFM.exe
Token: SeSecurityPrivilege	4320	7zFM.exe
Token: SeShutdownPrivilege	4432	control.exe
Token: SeCreatePagefilePrivilege	4432	control.exe
Token: SeDebugPrivilege	1220	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

msedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of SetWindowsHookEx 46 IoCs

Processes:

AppInstaller.exeAppInstaller.exeAppInstaller.exeAppInstaller.exeMiniSearchHost.exeOpenWith.exe

pid	process
2872	AppInstaller.exe
4512	AppInstaller.exe
712	AppInstaller.exe
2232	AppInstaller.exe
1344	MiniSearchHost.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe
5052	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2064 wrote to memory of 2396	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 2396	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 3388	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4560	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4560	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe
PID 2064 wrote to memory of 4492	2064	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\118702991.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80f013cb8,0x7ff80f013cc8,0x7ff80f013cd8
2⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3120 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4800 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1052 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
2⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
2⤵
PID:1052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
2⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
2⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
2⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,1345117271275419207,12785967712698532665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2640

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:748

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4512

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:712

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\windows-subsystem-for-android-wsa-2311-40000-5-0.msixbundle"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4320

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1344

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4432

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4676

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5068

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1220

C:\Program Files\dotnet\dotnet.exe
"C:\Program Files\dotnet\dotnet.exe" add package Microsoft.UI.Xaml --version 2.8.6
3⤵
PID:4592

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2084

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5052

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
32KB

MD5
2448f641fbbbdd88f0606efa966b052e

SHA1
25825aef444654fdc036bb425f79fd1c6fc6916e

SHA256
03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02

SHA512
d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
261KB

MD5
f52acfd2430b4cedd65f99b8f21b1676

SHA1
64f019049e45aac47706cc33d90b9058154512ff

SHA256
7eaf4f599cd97991a9e108bfa9abd1536ce11b8a31c4a056590d359966956a64

SHA512
03ef4223b349ff52fc162fe024da0a0c25db8fe0e31c37a79ceb1f7ea0ad252c0c90bf2f971060d2686f61a00c495a4a96fbe44cf6c7c2f8596b71c959c93bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
23KB

MD5
6fd81f8bb9440ab90beca0f45226e377

SHA1
15e6fcb8fd74434bfedbedab4f2150c6748e8958

SHA256
a881c8008909452ede10d3a95223aee2b175aab0ce2f846974cb71b9db07bff1

SHA512
b856b166e811d0a53c0b4bb2e0c4e2189bd4f1bd98917bc259209d0b0a9d7e040b7a9307cdabfd97a6ba39275e0dc7cb3ffb130a6fba4ca7a349e8aa5e625066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
Filesize
17KB

MD5
e8591c5e1e2f01f3dd3f7a2e1864fdae

SHA1
896803429ef09a7cc4ef55387b4cf45e735471b4

SHA256
2a38a25619db990a84da5be0b1b99c6c750ed0aa86aa9309b6b3bf16cff3285a

SHA512
ce40a5218a1c6286f4c6398148f2c568b22e5309460969c1e77b2964e1479c139ea4cd2d9c920f59f780ca3ba2a5fb312d0c4ed25dc7b95c74dac2a839cd72b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
Filesize
145KB

MD5
6317a104498743cef33d4d993713e79d

SHA1
0b242e3ea9bf64103763ebfe036a54df4e4ebb8a

SHA256
d839e009931d2defd4762c4cd53b33b140ef21c7f771de77c00e0f07f44fc50b

SHA512
3dc6973f33012ed79d234a02354bd41812e702e68d2fd2a8324120d2e93dcaabd1e54fabe0fe566b946c82d67b83a1825733b3508a2229faf27266336d9675c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
Filesize
19KB

MD5
3be2e9c4c58e18766801ef703a9161cc

SHA1
cbdc61e9fa2bd8c4293ea298a8aab94745e57f2d

SHA256
1c3f11c5ba6d3d5e0e1e88a3de6c27a16df13833470a19c03b04fb2f99dd5d57

SHA512
2f1a71f1fc17e79ddc1c0ba0be697fdc1641ee38604bd0c424b6ab702f008f9fd3c57f22ca959cea1f1de368016b258027190c279637ae8838787be366e40ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
3cb398a0e337d989f3f3d71914b75be0

SHA1
64cf63e392f0e8e540f44a8627f4db9c28177008

SHA256
b228661408e57726be71fe4ae83309daeeaeb4b5fdb7fb4a17b75ed9cb8f8459

SHA512
93c9332db98ef32b6eaedeca63d893ec4e9a12ffb55bfb0babc6d47de8bd60fa3cf71682e6657a0bfef6aff9582660f908e76caa8147622fdf39cbb1f95fc366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
afcc36adf7872a6e9934caf5da5af2d0

SHA1
ef2962593cc10d3e20ccc50591b1feaa91964257

SHA256
7ab5b2c29c4107e1267e216f42d2f1e03ec4c09bd83c028e3ada87c75dbaf58c

SHA512
92cfa9d0d1e5291feb637ebff3ba4f1289c1c14b0cc80a2de0fdeabbab2736ff4ac67855dff3cb5d09a697a67bf8c156773eaee744cb13e4e2d1d1c8ae74f980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
8bdc533d12eb16b9d89492b4858ac45f

SHA1
a16fda84b95ed4f193f0c7603f7460643ae56863

SHA256
8b7ee9ba9b237b57b2226e252c5f457c44fe7118e1ddf6e30b3cbd92ec94e57f

SHA512
7ba0109c6d96a6a8b8268c9b7a9b0889ab3486d3495759e72a274345f58dca90c6cbe1107d83e4200fd3fd9bd194f904d5a97e4f7adb37762ecaaafe8c43b37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
893897094b157abdd43fe204ff1c47a8

SHA1
ec0b67fac09e6646feb19f118cd2b4c80e8401d4

SHA256
543dde3617454b282c78a6b4a6b13845b6c46778bf93104a59d1710fe0b7fae3

SHA512
5edfd1d5fb3197bde822117f5efe4f88bf39af601b09ac7010585ace1a258ec87cb4dfd4c76cead4ed53ee15b7160bead6ad0c7917a8c59e5803d3ab3e8ef54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
47a82a1ad45f313a28821c140b4cd429

SHA1
a6e6c1781e8279aaf24fde054599becc005c106d

SHA256
39845e1be51274f3432eefddbbcdca2f28715462370a1e69277b23be5da94bf4

SHA512
4ad91f8d4cbf950ce68b139ad2836c2002ed817cdddf88c7b948a1e35b289b94069741fd475ca3b1d1e62b1dee614c6cbca031c6815214e9d969dcdfd98d158c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
d84984c15bf19c6ed58907d7a9b951ac

SHA1
c7a829fda248b9c808eac617c2dde573d65c2de6

SHA256
10e9b118c9fd1ae9b432866a05251703dc1febe8e2734c1dc001c18bdc1f4275

SHA512
cd2bd5ccd6ba8afb62e40f80ce1d33eb2ce6a9f801d62bb03c6b0a41f6296ac7a06942fc6bce599d7774ca3882e89b01675801f757343d1b7cf2c58c885a42c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
871973be1c977c34aaaa8b1bb1d37c54

SHA1
71ce1afbc46ee20baacd057f8c4d1afe7c108f85

SHA256
9f586fd8812de4d6c1cc08016ba7b9f891a263e2fe1becf2bc9ee569a370f30b

SHA512
fcbaab2944b3589fb106fd474460c2ff59c8bf83d5560716acd2ddb961989ed4d6165952584777abe50836097520af11cd46ac438a546e4772f9a66ff622c73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c19f43566f6d9140e6b34d22f71c17c2

SHA1
31cdbfc0223875a2efcc7f26dbeb23241d17d0dc

SHA256
9475f5f2dd49b923f589928120883fe7c5ac595fb71d87e4ec8803c0b4bd6666

SHA512
15cc87dd195080ce6758d5c2bc395423098f7489fbd3f58163058fa8a40dcb1fe088013fe01c5937198661ef67d66909b64396caed9450d8f420b108ba9828b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5376745ead24cefaeb2f6f6388a4dc06

SHA1
0194f50922df9af58712f54a2a1aae100319a30c

SHA256
35f3055ad3fe1f18a562da2ddaf86080f25775e543f1df7f41707a1ec4ce642a

SHA512
0f60e7a130b8abf2b3000975bf64f70ccd4f6411cba188713b35cafb21494baacda883b5f675cccee3479c6fa066f9bc9b9d5c833597838d06e5740776756f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
084b6d0806ca4aeebd20feff03f2c956

SHA1
0c380823b4ed44fd027360f281560f0b4cbd32d4

SHA256
b7fb08eab2155a0f907020434090d88c2c0c6ef8b1cea09618aaa8a0fdde285b

SHA512
2d3e7f570f5f15f79a1d8cc54451313be27f1b3a3fe027aeb268b33ccd74829a2db4fa0423cd5ca49cc043ede34cc1e10bd6d368d1c6c01e888d0a1e8c16462c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1496734af0d5543298b10648e0e280ee

SHA1
4fcc9b0059f51ce736439e2d99efbe1ddeff5350

SHA256
98acd3472400c1c06091a0ffd665121efe4fac2f8cfe1c58ff7a70476e1b1123

SHA512
1447d43f2f615395715d39b348da74c7974e3fa8cc3580789b1f3f0e9c51b8f3d9831ae6cb6a3e9dad1ee80d99e5db6cc4b0e4ac2cc75e061ec655b690330cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
72401196c7ca71d0e755f06b9cbeeee2

SHA1
e563c4be7b16b558fb2d6dd534b6aec38a75acee

SHA256
e52bf27945f881d740fd0e1ea6c11e837162c9c5d040c2d1f3d384026ad5b05a

SHA512
f78c85661fba56a0efd53f7a392a22e4be98fac8887532054cb6a31fc44f5b630834769bb761c375445d8f1cd249a7d7be5b71a3ed7de8933e38fe8d493ca58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c155a703fcfcd92b6b56dc55d37707bd

SHA1
987f02413e3de7fd5d67d11a9b92e94f265e1023

SHA256
18af785d5b4768b743b068a7fad81b3a0c7b2c459aed948e5a63ee299274df58

SHA512
c5d29f8da53819b9f714f605b6f4e2f4afa03e7a1e88f9685e9e1a4e2118fc1fa82cc9745767b3de5a4729d5493de0ddb321898f0cc4d8f488dca010f5807757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
893b4b1e2ef4e5a4daa2f5c699b9ed4f

SHA1
de388a4cc35a920857222ec22ed4baa00815ea0d

SHA256
b6a6ac0b351142d2c1083d5f46234b25378c706b6fde81abc1e531fab9ec055e

SHA512
c987aa52c42511bd91b140b0ced1db0002c42fd1c62c48bf642e0ae00a82b8a704dc8a308ae4d5620e4d5fc843fa29a30134c558e4bce678197d7949dbd83d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9dad5bc3b1823f819033266eb88da317

SHA1
36267b0990ea802b072e4ce0320c87731e8f407c

SHA256
0c15d9c5a22604aa6a8fa5cf797321513014b65b431a0e85dd4fd83c6e6b7cf1

SHA512
f1b50c95dc7a07d74a510a5afbd0845e68092a9ca856e15a5b0c9ee8dec5b876925f3b1b2586e95cb3e59d808d8850ae13b968ebafe8b68c7e883b488aca10c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
e36e84ba99a24372e03c8861b909a069

SHA1
9dccac18ffd7073e83c8ec5c05ce30494b891aef

SHA256
1ee381ef8ff786940ad23225d0dfcba66ad1b3a0ce1612e7b191c396a39991f0

SHA512
46f054bd39d99f4ec78b990e31f7f79a2e9c57c02701bef73bedb59a9c4e81f02d725d23b71a6270f638f78c0470be460a3ef3c72ae4e4a532925d3e2c52890d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
efb2bc307604370a1f7dbfa701763320

SHA1
60cf55f16e7ead3da207965a6a3dbec6db6fbdac

SHA256
c6c111342c678c12136caa9f4ccd84e0b25a3295d485dde18b77f257004a9f3b

SHA512
4715ef9edca914c48e4d6ee79d7c353e3c2906c439e7ba6d24e1a6a4c0aa1043b631c4c47a2ad8ce7d53a3f4081474d61592ca9a55e24c23a2716004d38dc11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
39be0fd0d08f3713c65a9d7a10fb1584

SHA1
5dea49300829106d8306cda41b82d32faa16eb91

SHA256
41f067c7248727a0f0395b46703d8e4d775b16abd6826edb711839a90b5e6ec6

SHA512
ebb1c24e93adb44645cd2e04c2cae92ea7545cbdf22c23d14277976e8a62c2bf88bf7904ea06481bcfbee806424fd91f062f8fbbf5c8cae63e6149451d978b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8af99a744318e6ba7c46bd29d15a1fc1

SHA1
f5e5e5b634e0d9b678824658694973f34ad34106

SHA256
035ecdc2e1c46619568b446694b6accf9588d2951b01bb4c572aa975ea1b76cd

SHA512
77f655616be57810436ffcad402b9498b0cc5e8091b2fe6378246eda39758d0c96b9d93bae52e890669a26bb4dcecdc90e2cf88a4eff62b6d677b3cc996b6acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\57b71988-2ad3-48a3-9a39-6bcce817fc2b\index-dir\the-real-index
Filesize
1KB

MD5
2f3e449c85fba078b7f6eff51f4e26ee

SHA1
d063bf09f07eced4f358b24955cf7c80af00309b

SHA256
15308c9aa4369a11d7abba482422a1c43493f3071549f714412aa8e693c6a314

SHA512
2c8791da264301f9932727577a76ac7fc987287e6d655c5177fcd1812b8703e0136fa5e7ced10d0d9fcd7b475562b49d4347c6a2cfb22be0268229ddfc4c5b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\57b71988-2ad3-48a3-9a39-6bcce817fc2b\index-dir\the-real-index~RFe65bb6c.TMP
Filesize
48B

MD5
6ede11074d84e5996a26f7c9431aa9a8

SHA1
a63af2e3f94067d3e4a6d13ac916f0bb3e3aac4c

SHA256
33863831362ed8281ce94a87e98f3553e62a4c48fac33ec5c6a70de4f87685f2

SHA512
2f1a0fb1b86188d7168fbcce582a031745adfbd29e59f316b8e93eda110a306e5c2258115a4899c38d3aa32fe94615e74db05b5f4cbd5db5188a3980f2ce6d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\b8cab4e9-f79c-4182-8b3e-30d29f38777e\index-dir\the-real-index
Filesize
72B

MD5
44b923bfcf367826ee6404e3280310d5

SHA1
70aecd341b89d698c2c70217ce1baabee8611393

SHA256
48b38b01c36f56712e4bd9c2b1601b0352c151e634d037ff10cd43f0f5318b8f

SHA512
9c9227fc785108b75ec6de828241e26257a61af0a3850f4b4097aeecd205b78dc14bf6c02816452c35174af49ef2ea378109a210f64e62820a45fa71fdf7c93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\b8cab4e9-f79c-4182-8b3e-30d29f38777e\index-dir\the-real-index~RFe65b4a6.TMP
Filesize
48B

MD5
d6d12de0be38005f332c5d7bbc58e780

SHA1
98f9d2e21c90f6bc8b710b0e2c0fb7166f9c942a

SHA256
4b9171756d701a393569230be0e8b71543f0267c53751a198038237a90b5d119

SHA512
5ab76544fd75d08b3bb6ab6895394219c7dada5f57c01746dc7a453a7e859f55b8f5221de9c8e8791251c9b5e29a5b5990052e43c79fb74bf79d5d7f0c4a4781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
Filesize
109B

MD5
5ab1cd786ff58a970c2feb08d250e0b4

SHA1
a7f4098fcaab01ff8f8f0a68ef092ee8896ef198

SHA256
4323aaf0e428132a996066ff94df0f47ec534f853fbf6c8d1c8b1b190bf69ec9

SHA512
d5f22be958cea77fecf947ab0ad2db0335cc6226e9d50e8e18a9e0983d545302141c5efc8b76ac1cd7ee5928cd363616732afce56eb21336c5ef538a774427c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
Filesize
204B

MD5
0b8da8e924d22a47e6058c7c5ce29e84

SHA1
9796dbd48568872644f553b46d64e5adc30d7572

SHA256
065ad93cf87fa677a8953d6fb3d7b8b2115bdc4d89248997a7bcc62b61538915

SHA512
88434402e26ba9fac932f2130210e1d7a381338b739e4affefc1b9d15549c1e2f2b0371b9b105364ca770a0ab5e7a16eefefdaae8e908aab4b03e5b192d600ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
Filesize
201B

MD5
79fdaa71697de50dab72781b7398d924

SHA1
699c60e9084aa5f26ec9c6cac1e0423c0ac1c2a6

SHA256
87d77d6ccd9a632dc278d74c4224928cb37bc70da77eb1c30d93abd1925c5082

SHA512
565f1c208c0444dfa0b65455b3e1379b367ac5eaf75a55ec513206f094aaae1d50e0682099685af89af7787f2b3532ab28ddfffb9b95a2e8d11d46435cb0c7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
ea4f52fbdc7f22d9aa4b08b038328bba

SHA1
0c89c10791507da287d5fbe850a14a1d85196c1d

SHA256
4b9e6be69f2067873aa459a299f3786937250b715bf667b15dad0c321fb4fe8b

SHA512
084f4b87c5363e3f21fc52dbbe343852291c8f69bdee17164d221867b7d9c1ce557b3028f716f20ab64c8ac60322ffe3107795b45f205e22b8c905aea39550a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe65b467.TMP
Filesize
48B

MD5
2d682019be5440c60239230778328fdd

SHA1
a17e1a58eded8b6576959bc157ee8f9f54a4caad

SHA256
ec3d4a3527710b59c70f45aea90ebe28299bfba988711c7c8b99f1c58e398181

SHA512
d19bdfb5bcfa9a98ac04643e4caa523d706816c33840417cf6bec1ad291e008d78fa473be59dc4ad58cc4bd9cfa66e1088dd882f467635d830b60c7223490c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
6064875d3c33a7c61218c51c6b296449

SHA1
a6207bf90347512a3b11552b2c04f785c2ee0758

SHA256
72a1ea1669c8baada2443c091965ddc14a8655f2fbedbde5c355470eb13685e1

SHA512
42ca980c3a6eafa3555df0015d96d0de8823c9cbdd9b73f9d51dffb2833934f48a32b4d6f5104ea2cc507ae26559ca6d9e8756bb1a33008ee1468343e16eb25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
7f0ef9db41e6dc169618bde9ffd99c19

SHA1
79f19403b2c34a8139eea255d0c02dbe306c6a21

SHA256
eb42c6cae8d1f0ca1daa4c7661e8c323d86144fde39308a148e4eb8a0a038426

SHA512
1b0817ed935275e0fbfa1b2265c89874731d55c72818598f34c0c34ff3f32e5ad76e54b8e95cbf437e2e63af0ba8664478e27424cc99436cd9170db9445a4c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
80c9dd00badf6c0f82c40fc3c25ece62

SHA1
cff5fdfd74adebbc672b6593353a4fce35d93244

SHA256
2e0ee22b575d4b6af6f291325e6a29cfe7081d910243f0339f9e996a1ecb5b03

SHA512
821d5c6fc534cb3e6205f5220d8f690280729a0b4fe526ccd57068a685e3acf4982b176d972fb7c70d60d1a7562e3b45cc447cbe9726f2248ad596a2af945c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
bdc3997379696e6816ef9839f88ca453

SHA1
2b3198836d9f885f090a855a12018489a2378a6c

SHA256
d0358e177593852b05939ed635571f39b595165961621fa9db2319f29cc25672

SHA512
73c8fe30a2d4b423901fac3a8d84a1ad8ef21c0662e8a1456cafaf372318378d265e0e3ccab62a161b363eb9db79f6dbbccb7721a446702a933499538a0649f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
c4952120b2e3dc74469d9ca0b522660b

SHA1
ca2da3b282dc8a7788b5265ff92bfdb060392867

SHA256
feb8ea7c4ae651fbe1cdae991b62867cbd7cebe89eba6b080c48fce421cf4f6c

SHA512
6fadc14b34ec2e7aa49ee3642d927ea3df0c7f2c1be541ef06d7e08bb7296aec796510457e5551060ec0849b529068134c66d931563229927bf64e0e4132758d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8a197ed352eca6b56ee0c2c64c1c563f

SHA1
0f91b15aad1e2f8674414e8e2d09d0d4cf82d54b

SHA256
dfe2990b7d5613139b681bddbb6dac0aba50ca1ab2c36569359fbe1d600ecbc8

SHA512
d118b6a0b472e1adcea286cfb0e9c92fae09f2b455971962b6fdd3acf15e4b89beb23c87f07cbbc9d0e5dab16291d7b94ba1821abda6fc2dbf0a8b1893d6ec31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
573947066a327c59c9e01838bbd18f4f

SHA1
91d02d430001b8e4752f9eaa3865a6aa0caf9349

SHA256
23908ac28ad831d4404c9aa605c4b35af51e15c5b39a22467fb52b7b44fa5360

SHA512
298015d0d32ae7a9704cd1efa1f5d4fc92a184a317e5d821068743c6d1e682a0053505af6ecfba56475187bc4b75306666f715f6c86b50a71ab695f1c1e30c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4e76151c5c0acaace8ddd66d6116e7e9

SHA1
1d7423e39d8c83eb1cc15b05255b9dce9bafd9a6

SHA256
534f6a159b0522f98267a8e29224c8b83d2b1971c0f9729c5ef4a1cb96db25f0

SHA512
34f0d502f6e80180581a6863403caaafd750de04ce02724aa1e8e493eb36b9548a1ccbf2683a2b064a05c08e3d9a4931589177ee37e1c85996cb777cb3f36b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d676904588d9f2e650b092f7dc5fdfd9

SHA1
0d7855b169fed0744e9da471202fc4a5df6c6039

SHA256
e8382915993362782f8b04c48b33c24ca1f01baa5af6f2fb9e262c911d5b0b4b

SHA512
1f48d1a7f783b41a3e6e04c760e1e279f2e68a7d299933a740c464360be091ca88db4bd52a981a48a6ad752dcaea05fc806dac918b51b1b2611e45c073368c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
7bbd6f5c47972458e57714841491d4a8

SHA1
9eee42ed7425cd8cbeb6221eb8b7805e2a300e50

SHA256
ea412f1d3d6aacd9da74ae24a6e7176acc1a3efb37eae645748720ad002057b0

SHA512
aa52277189cc5c3d99ed644fafddeb951fdfdbffc126d9b8df58596196de6a572a27d7861a2444ef1b4d355d3cc34297fc50fb946af60d3f8a07a01d268f42a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
a15976db7ef0928cd317c9dc243d30c7

SHA1
de2c6d8f0898c5c99fad84308c5cc3cf9439a93a

SHA256
234ba8d561f8b1e12c8f9315cac2bc09a9fd11f98cac23a4440cc029ccb5eedb

SHA512
0d3607f4ba415a69e99dc2f1c5001903aaa5d059c778af5a7cdf5fe182622e52987bfcc5018e53d32996ffcbcbcb2a65c816794e5acf79b70f8953900a7a00fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
67e9a916121d854ee8c9b664f349db3b

SHA1
c492d66c02fa177c69bf7d87e17399b8e6242f86

SHA256
bcf3bfa1f6341403df22cbbffb43ea5069791989933839970e5f376fab391896

SHA512
78418f8355d38d9970274d804c45ab1ea5203957c54c405108bcf4ed4ad2a6f5c1fc92b688dac63fcc9fb4c6e50e69991191af4dd618179bb8b9e07e3e79852a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed3e.TMP
Filesize
538B

MD5
a5b775c5582efae73a1d3b4309ee22fc

SHA1
bc570518d791cda77e6704accf9828ef7ad699fa

SHA256
76c907571f92fb3ed942d75f40d911941affa3af0ad7d056404aaf517fef1264

SHA512
c41673c058a86f207dd09d3ca4d7294e15c6fd68289dddd280045be8758df5673eeb576779768e520047ca5fe8bba17acee5fca8ace8369259b18512d08e612a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e84196ff-f479-4a11-b817-7fb0c633f182.tmp
Filesize
1KB

MD5
4edf968cd222125e3f92af2613002369

SHA1
3ae5bcef07bc26c8feecc2f35e81d77b9f7d4459

SHA256
5599f94db0fc1e3d70fcbd3fa08bc5506a905e4eb56dcd2ff89a0e7970dac113

SHA512
acf3eef13dcff3ddf00dd2b694fde942e22e8749de8bc22f98d11ca01c28c37edc7b0c34ee1a9ee8efc70b1c4b71e03b91dbee33910d734297e043290bd2dc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
958ac3a3a272cfd6c76e631e5ffba6c9

SHA1
37b3d42a4a8f78a7ef359ffa40ec94471f785198

SHA256
4af89a8971507c0c0e0af455915362e5d62c5bc289d33a054d856d3244209e2e

SHA512
28e402a6b5b832e256c21b415fe1eeba562dde61055f037e34e16db0172e43006063455caae7455c3a270f2426001e0f7ddd6145fd7aa6a85ff19c26fb5ab9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
593055bb9ecb7418f618f47f95a1184f

SHA1
7cee0cca77e046a7e6f5b8e8bf39a559fabcbb66

SHA256
cbf5070eca96aefb5daf746c584a6a69f94e3f6a9380f979c2734abcbdcbbff8

SHA512
cf374625adc8c24751670cac7221b1bd9f069dfa7a469616d6fd73019633e1be2fdbc7ad50677814cd0d227cafc56fb469ef28a62c7f013b95a2bb88911c7e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
08a41dd0122b464f03889ba76c6806e5

SHA1
d0ac534febc2e21bdc16b2837c07abfeac31ea62

SHA256
71817b5ca8a18b8e5f9f4591e1b2fa6513322d4286468cdaf0c84e25b48854ac

SHA512
682f3950bd5f6406df9031c6181f4a257469014c4a23c219f50a0eea8899c2ce4550c23e8fe928d8a34fe33133cab6039fd89a1e4fcb1d9306b90bab8c5c9ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a941c967459008e69ab0a6a9b2e90e28

SHA1
b6f18a5fd924103649ac6c5da7f032651f060eb4

SHA256
32108568360f6201f428a2d7c5a30c55b0ba2761689209a7d606630c9f870f35

SHA512
dfca1370f118dcef5405cd26d16519ce0b38064034ea054378eb778be14a1e8e22dc81e4582dd15fa16a3ec682ea201f4d24eff70ce292a5b51ee2d7ce3b9ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
abe5d536b7fa15e5d749ae3672e15a36

SHA1
761819cfe23f9dbb79208e00ca502424f5a3ed06

SHA256
fd9ae6793f5efbcdc47290261a982f6a8a3d7a718bb4286edaed455020f36ee6

SHA512
8131b42ef9b0ae8533e0f0426cf3d1fe36b063a2b7ae583718ee1ee785ea35139eeb2bbe6cacf91de3802d892608bfdcda91ed7d4a2d98086ad7cd0a2f6709f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
0085968db3f467e39cd1c3f3d675ab76

SHA1
ccca19ec4137f7bd1f99d471fc0b9ebd3c242283

SHA256
1ace9525648fd40cfb462f8bd4c0cc25c080aa0812a5f5efea1d04205e1b7966

SHA512
4456af9ff3c0cc2372f6e92d6f4fb92e77e8218686948acb7e4cf544475313f13419ac3d7b523c1ba42063c24855db1e8bea37093a440f447e841c3e02003f2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
Filesize
917B

MD5
b6cb7f7c8fffd6ad54943918abb5de27

SHA1
c6dafafbd5cf2f5f0a8c028d2f3cb73aae044ea0

SHA256
603ec8be3a372974dc9eae2f449c639d46509bbcc6a0405f10e0731ce0fb8cf3

SHA512
693eccae0a55733d2440e9e9fb7155573928a9c4b70c2307ebcd42be108d4bdc0b5d20c977be495a158ae9039f98a235ef51bb4051469d867dabc2755c7d79af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
Filesize
917B

MD5
a9c15fc3f51ba977ee16e17aab5181ba

SHA1
66066045b8ae67642ba7a4c95eb0870ad3081cd7

SHA256
de3242554c0fb92f85788a18e7a3ee007b686dd56e86e77085d16171a4c29530

SHA512
2b81123e43669d6227a6e245effe94532f126eb5e2e773c6cb07d1e1f8f0cd7c38cda8bc8ffd5354dface754a8e80749215e9d2cf0f294e7804f24c7377008e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
Filesize
909B

MD5
49e34d7984fefb34118de0f81ace9aa6

SHA1
593c027258e1571f13fe1eafca2f34b0f2fd7799

SHA256
150240e5a9e3933fb0509158064a75b9cb7dc6400933341dd7caf355a74582f9

SHA512
219805376beba3d0844182d045de0b5db0503c5e355f7b9bc7ff9714dc48695446dc5d6449175f598fa24b18b7defe3836b3f2bfea5cfdfd1033655bd95a3f3b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
Filesize
917B

MD5
137f30614a4035abb1e5fae076f54eeb

SHA1
dacfa771b5ff7fd963894b0cefa4e9293f81c178

SHA256
582a8764ea4ac43242e0137f01a48472fcbd9029525c07debd809af7578e6006

SHA512
b323dbca6d8d5d0cfee0c7985984271c6d5080fda98ffb95214bfe16cb50fc516a47e2f00efb487f920bb493f90c1e6a3fbab5853f33cf87c96cdbbde583ae82

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vu1dnbwe.hxz.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 102119.crdownload
Filesize
19.2MB

MD5
148631dbc1f8f68a80ce460ce40c662e

SHA1
ac94f54bb1d7ea1049818829f9f7eb399b6b8fe7

SHA256
6b62bd3c277f55518c3738121b77585ac5e171c154936ec58d87268bbae91736

SHA512
ca8c3b1e5050ce658fe538c4822bfc122a280548689477dbcd9d3c30d43d39bff375088ca7d08b1cb83d7f922bb397ea51434d6cce1073563048e526cf1c1277

Download Submit
C:\Users\Admin\Downloads\windows-subsystem-for-android-wsa-2311-40000-5-0.msixbundle:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_2064_JKSXSPUYGEHTNOAY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1220-680-0x000001ED54630000-0x000001ED54652000-memory.dmp

Filesize
136KB

Download
memory/1220-688-0x000001ED54B80000-0x000001ED54BC6000-memory.dmp

Filesize
280KB

Download
memory/1220-701-0x000001ED54B50000-0x000001ED54B6C000-memory.dmp

Filesize
112KB

Download
memory/1220-702-0x000001ED54B70000-0x000001ED54B7A000-memory.dmp

Filesize
40KB

Download