hxxp://playit[.]gg

Analysis

max time kernel
106s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2023, 17:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://playit.gg

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4092	playit-0.9.3-signed.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230310181416.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\96553af3-943b-4b7d-b658-11b370930e00.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
5860	ipconfig.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 2c9ba0669e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385236993"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31019900"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{9451301D-C83A-43EA-8DD3-87FA7CEB268C}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31019900"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10bc060f7c53d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31019900"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{47313BF6-BF6F-11ED-ABF7-6201C35E5273} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "471141060"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a97000000000200000000001066000000010000200000005f7d9eba59284c637f5ed945afdd16c634ea44e80686c5cfb882a8be7a1edd10000000000e8000000002000020000000d680010eb0fb105939fd9662d83809f8a279d84d3a3e70b612646f503ecfcdda2000000028e4a16bad82f94935c184e617ad73f2bcaeb2ca7f68d6d1da41ae81afd7731e4000000030434c84b6fd87864305667aff204af3cb70474fd5090966bb996d6e82df517167f482b4141002c4f78ac0318b5742a3e0151f58145714019bb8ac1cf9ba7629	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "471141060"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "484971224"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1208	iexplore.exe
1208	iexplore.exe
2812	msedge.exe
2812	msedge.exe
1304	msedge.exe
1304	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1208	iexplore.exe
1208	iexplore.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1208	iexplore.exe
1208	iexplore.exe
3628	IEXPLORE.EXE
3628	IEXPLORE.EXE
5064	IEXPLORE.EXE
5064	IEXPLORE.EXE
5064	IEXPLORE.EXE
5064	IEXPLORE.EXE
3628	IEXPLORE.EXE
3628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3628	1208	iexplore.exe	86
PID 1208 wrote to memory of 3628	1208	iexplore.exe	86
PID 1208 wrote to memory of 3628	1208	iexplore.exe	86
PID 1208 wrote to memory of 5064	1208	iexplore.exe	93
PID 1208 wrote to memory of 5064	1208	iexplore.exe	93
PID 1208 wrote to memory of 5064	1208	iexplore.exe	93
PID 1208 wrote to memory of 4092	1208	iexplore.exe	94
PID 1208 wrote to memory of 4092	1208	iexplore.exe	94
PID 4092 wrote to memory of 1304	4092	playit-0.9.3-signed.exe	98
PID 4092 wrote to memory of 1304	4092	playit-0.9.3-signed.exe	98
PID 1304 wrote to memory of 3508	1304	msedge.exe	99
PID 1304 wrote to memory of 3508	1304	msedge.exe	99
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 4452	1304	msedge.exe	101
PID 1304 wrote to memory of 2812	1304	msedge.exe	102
PID 1304 wrote to memory of 2812	1304	msedge.exe	102
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103
PID 1304 wrote to memory of 4732	1304	msedge.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://playit.gg
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:17412 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5064
- C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\playit-0.9.3-signed.exe
  "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\playit-0.9.3-signed.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://playit.gg/claim/7aad26fb3a
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x40,0x104,0x7ffa9f1746f8,0x7ffa9f174708,0x7ffa9f174718
      4⤵
      PID:3508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 /prefetch:8
      4⤵
      PID:4732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
      4⤵
      PID:3796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
      4⤵
      PID:3336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
      4⤵
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:5084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff651d75460,0x7ff651d75470,0x7ff651d75480
        5⤵
        
        PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:5332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
      4⤵
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
      4⤵
      PID:5484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17153871063447689074,18074111640849118381,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1880
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:5860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
300B

MD5
bf034518c3427206cc85465dc2e296e5

SHA1
ef3d8f548ad3c26e08fa41f2a74e68707cfc3d3a

SHA256
e5da797df9533a2fcae7a6aa79f2b9872c8f227dd1c901c91014c7a9fa82ff7e

SHA512
c307eaf605bd02e03f25b58fa38ff8e59f4fb5672ef6cb5270c8bdb004bca56e47450777bfb7662797ffb18ab409cde66df4536510bc5a435cc945e662bddb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d2c2f4621f61981fa0927366f8ff994f

SHA1
c27424a4f09bd6cb715c920bce5e454dfd7cee10

SHA256
f7a3106704869762005b691886f8a3f9165edf992060cf2a2f62c4d929438082

SHA512
fbee109ff7939d22ecdb604d6cd79e7051acdf7eb5cbb09fb2722d67b63a3eb15ddc7d1b2438544b5c1a7b1c5636ffccccb786af76c5b939f6fbe94ed2769369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_35C614C1EDB5231332A9EFE1DF808CDC

Filesize
471B

MD5
6a44384f34436ff10edfebe69c575a7b

SHA1
1cf2c799e53ab815264ea2378d2e9802a7a5705e

SHA256
c8853bb6951bd7857d9fed0ed5849d8e0757d0db7af2af271ceca189ad0686f3

SHA512
b8d632e3c0c3480320b1611761f6ff22aa6ee1d380607055523db55f546236b56aba524c9782eb5cdecdff4438f22c52f0768067ae18d943d0b02b89f64ccaf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_51C391A9EF6E3FB3E299E24AAA9F464C

Filesize
472B

MD5
289c60b957a8a6a09989af100a31de56

SHA1
52b989681cdbccaa618d4bb7feb2e60aca1878d7

SHA256
585ec9af69793a53b60877a618cc42a26ea2eb96df03883a17d03f21611f82b1

SHA512
8292166f756fef6b5edc3a0f668e21668a70d2a01636caf6abf77699f07bb7a723484c0bac828037964641ce91ff0ff18ac94115011f76a7ba675eaa7b1952b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_5466F3B009757809D846509F94DD4AC8

Filesize
472B

MD5
c10a37cb8d9ba9a99b8f0e268fcbd341

SHA1
4e106adfce819b322f2aa5bbba476b5cfd4d91db

SHA256
1aeaa820c5be55ca292a47e9f43e8d6421505e51e1a8f4a98980cda5908c0779

SHA512
9073418a35ae929d0876c2b706d403a68777b85ffc48d086d414878f90c30392dd308b819ce57bd55a2cf32cb405bb2ddbcd6ca3e119c73e9c12875331ee123c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9412E32C465ED320A41F9127CA7D65C5

Filesize
471B

MD5
053ab0d7591100985af7730b2101b91e

SHA1
6d6f10dc2b951cfdc6d24246d43e20cd9fbc3cce

SHA256
1794588a9797a244f73dd94fbd745b5b098f21062331d70a0621deb615a9cff7

SHA512
13e8c31e62f15c684484310e2677b743ba5674aa1f9e079a1d3b98e1ae5c7b50fef30c12b2e6fba1785fa5e7fb1f028061dd0802e0b69b9017045d6c93916788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
e6a0355b9f7df1c56d24ccbf08a7eb5a

SHA1
e93e5643644e03b89d884246dbe0ddc8082a30fa

SHA256
8d4e48094725f6563f22a2ab2b9a7f9511e07eeeea6a6afc43679949c126b2ac

SHA512
9bdf6a3882787ffb7a2ca4306a6c20b483e6e2ff2937860825db7bcad5f10d0e3dd43cbf39b967ee687afc8082b4fda7fe02e5e9ff93eb55902e6573f9dbbc1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
8eb1b1d22ad3f12824d148a50aed4ae5

SHA1
c84fa57c0fd84a564139d1cd1403600b8edf11d4

SHA256
014d891d5f8488b8ed12551c3c3acd1dd2d1b2af3317102cf9978f15755c60c1

SHA512
555c3946a9e61cd894004988b7cab4b1e5823f30992b1813db33e0b23147892a38f3f16a821802665a4530e2a48d3a10e8e1cd0229d09ee9d1af77054896b7d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ed6da51a430cf72de9ec15f95b38c073

SHA1
4dcc4b5b92ec7ffabad77e4163b0d1dd35c25416

SHA256
c0956a2514d12440d54a5cded1c8ceb122582c53b1e54cfa172ba0e097016af4

SHA512
6028fcb15bcd1e0dc69fe535e4920c721948d60bda648b999de0a9b8effcdb617d5470a1749a23d38325180259702272e91926a9e0fd2a89ca5f46424dfd883d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_35C614C1EDB5231332A9EFE1DF808CDC

Filesize
406B

MD5
2e070db6e7b735e11bd7ea6ee3f1378f

SHA1
9de9d7b57cb748c74a937d8cfd8e41471c96a2c5

SHA256
9eb101f8e24d3f91e9575b7e17190c276ee84c3fbc1c9e2a726976e878574c80

SHA512
f725fc222c6ee0f569c6d3eea8c0f6127859caac532e98e36202bbe32f73a510af51115b47f35909849525f3eee4f32055d9040d0ea2cf06ab09ee8d5ed6439b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
475bdced47027f74d8c2f3eabc17a4ca

SHA1
6ba9b925f9a05f55f938972f2ca44addd2acb809

SHA256
57556d74c1af502357626b200908629985c044850a6168dc1ce5f440f4231741

SHA512
dcf2200eb1ba454ba294fd6e23b169411dc320dd9d1cbbf8e171cbacddc8f345da009965190c7548832243dc61567bb43b0fcd9527ef385ea79aa826969cceb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_51C391A9EF6E3FB3E299E24AAA9F464C

Filesize
402B

MD5
750413e4f5491b22c8ac6f56542532aa

SHA1
30545596f1b1fb1346229c5e630e1847ce469331

SHA256
21e4a5a0710d6caa7c134266db106a6e65f5ff54c425e0188c6cf2e9ad946387

SHA512
fbc86d23a6c37a61f954ef4edc6b99db74559e6a08e1eca609939b9e7feb6e03024916eeab65f5b053fa25f79f9b03ca3d0d54bf4288162cc7ca63d386747736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_5466F3B009757809D846509F94DD4AC8

Filesize
406B

MD5
137993a53b1f822dfb3b1b6b0cb74b1c

SHA1
df04b5dfd70000008288e4c41c47c4f95b4d5f9b

SHA256
f2196a0ce65afac69cccfa0d5fa85e3bc830959bc0209998e23f5019b5cc8074

SHA512
b06fde11d442621ce87fab15347a6fb7b639566675dbd645c1237cd70fc34efeb859bc9be534d732eb240e3ec498941e9133a119c521231618913124cd152d64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9412E32C465ED320A41F9127CA7D65C5

Filesize
410B

MD5
32f9757d258da604c43254115fb4a1e3

SHA1
ce0029b08915f316feb263c3984092d7d4eaff82

SHA256
dd471e0cf4ea69d0790ad1e6386056095689f70ad57377b1be56604efb81c86e

SHA512
cfe4f35ef02158fdf85a423a0a50870fd43e3a2ae747b9a820c559c1aa9fb0b340d49382adb402edb2dc848029d473e43a4b0e9f4e01fdab23c582cdda1b8991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e496a340b7502192f5d6f15b5c6818b5

SHA1
fa36fb28b4fa7b63d758627201f0fe96282e7a08

SHA256
732bcbd004b2b034b7b7b9267a12d4fcb6afceade472e34d81bf12640de94b82

SHA512
572e9aaf564fdce4caad0382ff20fb3205850e50b7721a8cef3371a2f3edbe515dec1590e4ba9c49f7ee67d8579ff5f37e01cdbd40b1059273f1f661352ee87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
57762ee45d9877a9e0f54a7efcdca859

SHA1
e717c291dac67f285887e58312604e8c23a627ab

SHA256
5883a64dbf0cb358856eb59784fef0394ac7fd57ce1f76089677dff10e57c44d

SHA512
fad104f0a02efa7598c9b49d15eb9bae4284b991fd511ea2fe556e4a1bf8c455b6dcf76b7ec91411643aee3a33075f721ca1f4e042ed87f5b999bc8bb27c475e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c55dc1374f543982d0ea7c6c4dca6d25

SHA1
789883bb438298018cf01b4eb68d9e56ddd6db0f

SHA256
1418d7869f9635c2d0c6b919ac8893632749379369df23396c6592cccdafac22

SHA512
92571995756765324d29e48b3ccda4f63d9f7e3ab19a9c0ac292ca7c39c42ea8d2a5c368f8829c51f055c47bd83541c884e310b29183ea21c6cc107bf6ba3a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f783d06cbc55774e6347dcaae0f29f65

SHA1
511ff66f45719dee0ff980b3bf354484ae968125

SHA256
3771e7838df69767edc013dcb42e0c5fd4162dc64b22c923c401bb2ccae43340

SHA512
2e3ac12c2e78cce19ef35739a1b2a119ea4485383c44ce0e7b1df73c7be6d90c676ecf0bf03478e65c478658ed0daa6d91270d08b16031277733003ee0467e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb46debd1d083d83fffe7b49ad174595

SHA1
ea8185ebd04d3e491e653650490f514b4c257bc1

SHA256
a5fc2c86a14b393e5978a0d6d31d0ae25ab0c32c327d64fcd2f98192d47631e7

SHA512
07949bcf40d28234eb8aa9c2d5baf4c28952015ed9d41c5ebb820de6e0e70678b2b5384a1457eb4e56e3b7a1ac0e65e7df7d05115a69aa9736c96cd0baa95d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c45fcc6019e4f7525ddcc1120130423f

SHA1
4eb775a900ccec3debc4873215b80d4ec542d957

SHA256
1d9d1fda8c383f4ce4c2c328f513717a3ee2602e1e1213da19ad68be95e40286

SHA512
1707cefd30e6a740f33b83251d4dd35171f8ac2271ddd65e3931e0f0e0e54f6ac28fdc03c9d930394c116e9e45ecd4dcc07554e216a661e557d977f997be0bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
22ada965d0f2fe215b6570b559889405

SHA1
9f0a69c6ffc97a8134723ef5a598627437a28b90

SHA256
3a2a0f240458c7fcfe91bae194750b9f6777c52af10e88f27383b0fc9c075875

SHA512
3dce4c3b0320ec876906b41faf8acc0f9cea8aad802d6afe04a7b795db2ffae3eabc579075a372bcf67dd07d14b73a0df65df8af9e96f5e6900bf68ee2c83de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42598c64503858820e7c1cbef9e63a7e

SHA1
531cf53a8bc5d5a94793f196152a3cf7c30be844

SHA256
bc080951e3f878ebeb704f86f04917a8e7b1c94b308bb2ab8b6e92827ddc3321

SHA512
9e0c71cb697be71c21213af9e4efb0b27469ed345469fef963dcb9d82ddd85e40a4dc2caf37eae612564cb4ad127cc9c39190b3846bde8e06eafdb8ef6f94f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
837a31ff387f01701d872c98c39a8d54

SHA1
bace2de6f1bbd8012213383202dfccc4344c9964

SHA256
88dab86bd6d526c63a07fd0e1ecf6ff4470e1ccd39ca309631d2bdf421254826

SHA512
51a165c60ee44b599ecc00d672a22744349ba89dab2000f967870491d90a92a927f96ec37418d9e3d0817ba3bf131fd7c3cf9e642214bdaae543c6ab9b09759f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e0f4c4684a7e6f7f7f7fd2b8e19d2fb4

SHA1
ee1a65e22c049ee3efd3d946f0e5df48012d40b7

SHA256
e847d01aec96d4d611e741ad204fad33c1b6316cdb910a11fd3e914e1dc979f3

SHA512
571834ddd54ab2f6ecefc83e255156963b9f1a4bb29bd806eed25cb09890d23863c8698d6373d55ccd5c356d2a86407b5691adfe3565ebd2fc9f6dc2a9f133bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f652600f1ac0822c67d028b9d042712d

SHA1
e03fa27745a09ccbfff93ddc93ee6b0350885f60

SHA256
773bb26702c8017f5344cfccf354209b0af0da4be774f46cd543f271c2fda8dc

SHA512
ed9b08af086f9e9e0262117b0f018ce44ae5cd82bb4273efc73b766f77262830b61486b10c6bf45072ae638dec78b472ae50739b758141c178c620c183afb4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9de60edbc2e82ad79d0c82107ffa1b23

SHA1
12e69dbb66365d0d9ede854a547157280f11ae3e

SHA256
d219dca837cc2132622d822b9de490227dd533831458e3457a796be5bcfd5d62

SHA512
87ae601bc25058a1a6546f3777af620076cb810cbccfc48826d885f4bc95c240b52aa4121205026cd5b8a100ec9a35ef86e89ebbd5d73a3447c34b90b1766249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
15KB

MD5
d48f90c9fc5282225ac95204659498dd

SHA1
6ad3fee90e5651542cad3257cbee35595556278e

SHA256
20d910b322a23a2da3614f612f50f3190c687fdfd7d1663ed270bafaa9f951b0

SHA512
3d7cb87eaa7efa9cb43315ab098125bc964a74df3ec81a1c68c0cb299635977d9aa7f65c80507c47469107cac2b3697c9ece67dbb1d4f061e08694e5f42c359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
30KB

MD5
2cf96418f2675abe25415c5d66077f5c

SHA1
65a9a6d8c4c33e1c947b6b0dd42f7327fc05b84c

SHA256
be5969fe6f1eb2b8ac4656c77389c3b8e5db4240b0cc8f9c4de114dadcd7bd19

SHA512
7f68da3e7cc4b3bcf9dc650009608317bd15c7432a2274e0c0926bd2ec80b698ab159caab0ba092cf5caca0c9951d738e0369cccbdae25b52d70660b10d1c784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
30KB

MD5
2cf96418f2675abe25415c5d66077f5c

SHA1
65a9a6d8c4c33e1c947b6b0dd42f7327fc05b84c

SHA256
be5969fe6f1eb2b8ac4656c77389c3b8e5db4240b0cc8f9c4de114dadcd7bd19

SHA512
7f68da3e7cc4b3bcf9dc650009608317bd15c7432a2274e0c0926bd2ec80b698ab159caab0ba092cf5caca0c9951d738e0369cccbdae25b52d70660b10d1c784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\KFOmCnqEu92Fr1Me5g[1].woff

Filesize
63KB

MD5
62b936e168110e58e89e70ec82e22755

SHA1
323e6800b4b0ee85b338e9a19ce5b28d4cabed36

SHA256
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f

SHA512
2394904e6e3b4eb2eb5499297b96dc5f19402fa3ea05173d53144b6e816a476ba10c5f9f99f3443c1eec4406f5e6d87463e3db415e922e82b3229abb005ae9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\css2[1].css

Filesize
593B

MD5
db03e743752bd696681c72331996796d

SHA1
898f670bc24b9e1177992e981df6d65c6f7c7803

SHA256
5f93540e32df18cb8746b460b3d829f083adae62722d991a04a0febbbf689da6

SHA512
611c5da1b9fb6ee2a8328b62ac663e7ce1505d2dc0bd66c88d9485530ba7e5cf6c44b12cb16d0c354b0ecbd9b2fa27995f1051d4d2f458307598db4fdc1fa9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\playit-0.9.3-signed.exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\playit-0.9.3-signed.exe.s8dh0pl.partial

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\favicon[2].ico

Filesize
15KB

MD5
e15402a41f04d656bceedb8d0a3ea40a

SHA1
31fee0b94d2a286a3d9b8094d5549a9ab1def5b0

SHA256
d8004341ba5458033d06eaa55af945a158f0bf170c5cbfb30a626e930e048bbe

SHA512
ffe902b3466bd6e96110ffe20a800b96a82f4042a6826fcea1750d0ffdde0aacc164aca51bceda7bdfef5047fcd41bb2026ba1e3b5109888396847881e944470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\main.fa0ea54d[1].js

Filesize
1.2MB

MD5
1dd52d57c7084abace4e66d81d925ed1

SHA1
0932a81dfe6edbb677f69d188e65e36ffbaecaba

SHA256
f5a14076eb28c5a6fb12499305ec8fa7d1555eed272712c1f157d3bfd0c8c670

SHA512
f0e5ee4c8cb2df863de3e81bd1c6014c469f6854d74c0c515b7122dda108e5b4a438347b385cc4cf001f535cf8d80eb4a4db8aa5a1fccf9677a47e9b9733affe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\playit-0.9.3-signed[1].exe

Filesize
13.1MB

MD5
da0750733bf36c61222eefaba4805dcb

SHA1
304e90d123300e646b768f1f358e59ba506b7dce

SHA256
c9ff8f05cdde137cb0e1e386184a42d4889988c4cfd235fd3340fe545f5e06ac

SHA512
f9a8e89f294257f785388e237a6da1f363f8d78af7c9b473d67261b99526224eb84598eacbba17f01a9f2eb2f6fea0740f7e37df92891df8fa39a33820287454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\KFOlCnqEu92Fr1MmEU9vAA[1].woff

Filesize
64KB

MD5
68d75d959b2a0e9958b11d781338c8f7

SHA1
3e84834a4337dde364d80e50b59a9a304b408998

SHA256
8f838c807ff9fffa19ef81e9ba11530361339b32d8243c273baf687bd8118126

SHA512
4f84ed171530f5511b39cff5b240b01988f1190b7c758c5018722089f624dde39264797a5a4948867eb05c4d37564f9bced7abe9ea47b5ae2d1e2376944af549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\KFOlCnqEu92Fr1MmWUlvAA[1].woff

Filesize
64KB

MD5
aa462125b8faf7600001e1fe9b47e216

SHA1
9be15ef7af056b9cfc908c3e825a4b755e9569db

SHA256
b588388326a9d3d30442904afd354fbb2f1feeb88ffca342e1c2f0391a692910

SHA512
b9908dc73f8ee43a27e33a211250433436db3494548f53f6bd00fe888d433075b1ba79f17d44985c06073a097a078135edc803f5a0945edc700bb2fc28392a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\analytics[1].js

Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\js[1].js

Filesize
112KB

MD5
4df7245d6ec2e0cdfd97b37da1f7e36b

SHA1
fcf108fe47377fc3248a555872a62a620b83180d

SHA256
3975ad428751fe38d48db8a77e635be5286dd4ddadc4d27185820ac09eed2801

SHA512
05513cdbf54e6ec89687bb6c14ca06afc0f23b39d51ee65958dbab96f328fe0a010d6a4f5416e622add4c19cee72f6e212d4ec69c3a344933c2fdf81a254a5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\js[3].js

Filesize
217KB

MD5
0250d5507e97cf2a8a11f169967e77c1

SHA1
bd68231ed00fa017e533a345fe778840c6d05a70

SHA256
98e6be680efffa5156ab2f31aaa7d35d539b59dee11ba02410da9ee923001304

SHA512
a73499b529460957e64819d93889c42ea5e8f4803bb8ac0d2c8ed6f7037bd20573f12ea6c8c5f41745cb77293218e6188f61eed9da8cea9c5eb3fa6975c4727b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\js[4].js

Filesize
115KB

MD5
ebcc50bd299a15e403a8be1df2e3e8ff

SHA1
34067b5a5e691563eec2bdd89781f5b7c6080653

SHA256
ec5d87649698830435e0c38283a7afc6d3335bf4ba8ca56ae2634a328992b8f5

SHA512
eaeb018b5115265086ebaaea4c9a175da963dceaa2f6018c74826425367a48323ff1c04e6c9d5f864c20f81199cc95193c4e209051b4bb657da390271f09890d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e22f5ca19bbe200ecb9345496cc5dec9

SHA1
e58f0fabe2bd641bd83b70dd990b59f9bab401de

SHA256
23eff8e9d5f3a7e5c427797b4ae0b9a64a07fb3f4ad86f8275ea85d498e5309f

SHA512
4f8f8d8bd5c762e1a37b9962f6a6f25e871153433788a82740beb0c6880d22cc50fcb2031b4633121c5836e5d1e3d9311d46306ffd720f1e84b5e83f5fdd5f8d

Download Submit
memory/4092-540-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-528-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-500-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-562-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-574-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-581-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download
memory/4092-432-0x0000000000400000-0x0000000000C1E000-memory.dmp

Filesize
8.1MB

Download