Analysis

  • max time kernel
    300s
  • max time network
    304s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 07:03

General

  • Target

    https://v.ht/EnergyAus

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://v.ht/EnergyAus
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2236
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://v.ht/EnergyAus
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc12b46f8,0x7ffbc12b4708,0x7ffbc12b4718
      2⤵
        PID:1936
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
        2⤵
          PID:2720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
          2⤵
            PID:5092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
            2⤵
              PID:4640
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
              2⤵
                PID:4820
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                2⤵
                  PID:2068
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                  2⤵
                    PID:2196
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                    2⤵
                      PID:1572
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
                      2⤵
                        PID:3452
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
                        2⤵
                          PID:2748
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                          2⤵
                            PID:4180
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
                            2⤵
                              PID:244
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                              2⤵
                              • Drops file in Program Files directory
                              PID:1640
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff74f695460,0x7ff74f695470,0x7ff74f695480
                                3⤵
                                  PID:856
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2196
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                2⤵
                                  PID:4224
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                                  2⤵
                                    PID:2044
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1928
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                                    2⤵
                                      PID:3112
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                      2⤵
                                        PID:1312
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
                                        2⤵
                                          PID:3456
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
                                          2⤵
                                            PID:568
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                            2⤵
                                              PID:1236
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8306669574409697378,14649828286685354166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
                                              2⤵
                                                PID:2416
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4688

                                              Network

                                              MITRE ATT&CK Enterprise v6

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                5a10efe23009825eadc90c37a38d9401

                                                SHA1

                                                fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

                                                SHA256

                                                05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

                                                SHA512

                                                89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                c1a3c45dc07f766430f7feaa3000fb18

                                                SHA1

                                                698a0485bcf0ab2a9283d4ebd31ade980b0661d1

                                                SHA256

                                                adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

                                                SHA512

                                                9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                Filesize

                                                162KB

                                                MD5

                                                4043af37a3392a9db521ff9ab62d9608

                                                SHA1

                                                83828688e7a2259ed2f77345851a16122383b422

                                                SHA256

                                                ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

                                                SHA512

                                                97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                Filesize

                                                37KB

                                                MD5

                                                414384019ff3ecfce16f5fe0635dcb25

                                                SHA1

                                                c38ed2e7c3a9ed5b15b10f48484c9cdab4adf275

                                                SHA256

                                                112a7b3ff338e20883286b75e28ad2c1e3c34cf1c1819d29b8dc77f9e2f03110

                                                SHA512

                                                1acbe9f78361cc084c39ff98b68bd8865cdcace98310de51c5b206fdc68eeb3e71b5bef2a57480655893e52336c05e55d8a75db700dd6a85e01b4e210b687a8f

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                Filesize

                                                28KB

                                                MD5

                                                6613c6abfe8f102b8c0d8cf6f12e4ad0

                                                SHA1

                                                870068f4d2594ac6a7108ee9b1ca513f0d610099

                                                SHA256

                                                b80acfaa32aae0a66f2cc9adb477eff9ff5120c5323a232f76625ccceec6182b

                                                SHA512

                                                b4cd3b90ee5fe5a2c57c4d0730ca20b6d81ae389efda5f99c3d32acb2d69681e57eaf230e0d4a467f734ae37c08995663cf3eb6b554b748baa1b12e4c271da97

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

                                                Filesize

                                                28KB

                                                MD5

                                                f04217f47619ac51664e7a65b3f77b48

                                                SHA1

                                                c32c07c33ba8850f282492b2bd38be170b556541

                                                SHA256

                                                5975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61

                                                SHA512

                                                baee23291cbe16489213a42eda355edbc0db78a8fa8646388bfcc9cf07911e7833bc2af58d3150127f263679f1025c955de97c66d2072f82d8e433f6033fd6e3

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                                Filesize

                                                42KB

                                                MD5

                                                68f154993676229c6eb3df899437e312

                                                SHA1

                                                9bdeffad7e97fa3cbbdd78aba0d7be7d5df061af

                                                SHA256

                                                dc17a9cdf47363a015353ea4f3c1f1124c4706ba432b61922a4aeebb360b27e7

                                                SHA512

                                                ec3d5cc098d64001d72de18aa6f9a2a3d4ec321850ff9adc3a22f1c21cc07afa2bad6512dbb1d7181ed61f38f51cbf7525cf7f308d3f8ca6d150db27a444546d

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                48B

                                                MD5

                                                e3a2e82bf4f1665bb51cc9a9a5764425

                                                SHA1

                                                a89b2ec6418fc8ce6a492e5f45326becc5a2e976

                                                SHA256

                                                05badf6eff471b9e1d9dafa8224fb42e2de45475c3b5cd0f11a60336fe2e042e

                                                SHA512

                                                6196871f2608d0aeb2e5e473e1cda5064a0418a0b59c126ac3a7d0114a41ca4d9be4326eaafaf19c2e9b7c357fd59410d0e8e630c4fdcf562851dac32bf01198

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                480B

                                                MD5

                                                917de03e2f6e30e5621b007bacd7c74c

                                                SHA1

                                                c5b311d30cd774c798ae30f00a21b9354550fa58

                                                SHA256

                                                0b88f5dbf2d04c368137396df300fd543bce6a8db6ee3d8116122beacdc1159b

                                                SHA512

                                                4ea620aab9e5424160843677cd7b7160879ab515a3c93752f3d9a473d076f0cd705d530349b5b5d8bf36c680333f34e0a840e98908796af79e0b87f00ff7f6fa

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                504B

                                                MD5

                                                de7c10e692c18ca73acf5442f02a4834

                                                SHA1

                                                c1f5b64bc3729f45f4aaf17dfb329288dde64752

                                                SHA256

                                                cb8be83d0a536f1f245bb5b97789960aaea73656c25141806bbdcdff878d2741

                                                SHA512

                                                e5b263fa36d0751752ee035cc1f02eb9d6392e78834982337a2a86fc26e286b6df36b044cb808a2ceec3852f18e0f0b6777fbf2901acc63fed869981fe36f00c

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                912B

                                                MD5

                                                2e8ca88817a9c1805f55cc91e558bea6

                                                SHA1

                                                52de3c149e4c2abc6010ce9aa1dd46bd656a3191

                                                SHA256

                                                6c8f6be69bd22cfbaafe4229529d7b3203f7170143b4df0c9ea7e57d50436662

                                                SHA512

                                                757320dfa020e9b990333467626525b14f0410d949dd890f6973961530df821dc1941f3ee818ec088ebf1950d1a7d6a7a8c09569a0f49b24915db49d97f3dce0

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                Filesize

                                                70KB

                                                MD5

                                                e5e3377341056643b0494b6842c0b544

                                                SHA1

                                                d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                SHA256

                                                e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                SHA512

                                                83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

                                                Filesize

                                                41B

                                                MD5

                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                SHA1

                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                SHA256

                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                SHA512

                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

                                                Filesize

                                                2KB

                                                MD5

                                                34a0c6db0c194c395485fb16822afd13

                                                SHA1

                                                a66eb9e3465dbe0d11c3eb55bfe5eefd239efd19

                                                SHA256

                                                5303d5a63555feeff59a5aac80fbbec9c1cdf55edf8255681226cae864187a60

                                                SHA512

                                                a48e20be38a9d1f66f66e5a5321b942de1890fb9babc988b228afd4f4d3081a9e768d24a08e95623399c019a2be675cf08cc1a37d7b3251e107a0864b6d28abf

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                111B

                                                MD5

                                                285252a2f6327d41eab203dc2f402c67

                                                SHA1

                                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                SHA256

                                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                SHA512

                                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                2KB

                                                MD5

                                                b96b8ed9b9f5aeb43591602fe08d6125

                                                SHA1

                                                56c5c2fe40ed5acfb8c3f3b3e9d3d8068d09a75e

                                                SHA256

                                                6c11110b99ee7d45a5a15aeda65d8cc0de05a699c694e53c5e54809ef1891bce

                                                SHA512

                                                c73a8b51ae04bbfc4739852f77b52df5de75bb90a6add908f1c7a30d57ca4c99c029e8366dc20f80dc90b2c75ff038b1910848c600fd023c55aabc0eea297aa9

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                a54353f54aa27a98db3760642d8cc2a9

                                                SHA1

                                                0b24e3338adc70e9050c6754539fe02f7d409772

                                                SHA256

                                                646fa45d58038877317f0ad7541f0c3c6fd6f4943f37b2f11851f9e9c56432f5

                                                SHA512

                                                c3da1bbaa2bdb320f5c978881f9814b502d8403c54849955088a7f82e52d9c36be3cbea7661f6fc7fdc4b3ac9fb016d55e37d707a3962d4b12f08b40b67a73ac

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                8KB

                                                MD5

                                                e91146b8b2111b2781d733bda4fdf1f5

                                                SHA1

                                                aba2d563ab39f8ee1d5a9a710997fd970a42ec5f

                                                SHA256

                                                d103f355fa53fb885fc9d95ca526979c7231fdf8b1cbead6476e8b4146a5cfa4

                                                SHA512

                                                756a3cf503fd693e05958cd495c792862b399516d00fec41ffa923a751f6c5abf3c07c7f402bf352a355be88ab507793dafa5f66920bac5b2a6b04070cc45f2c

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                3b998413e27fb66bd41caf49db6269b2

                                                SHA1

                                                a26fa97543e112887a6dd2c293eeaebcc9d2babd

                                                SHA256

                                                c666afbc23e3d7adb10011dd47eca12c10558f6207bd6e55ce285149434d070c

                                                SHA512

                                                8401c3219d78479b6d0e3db94e0873785b69774e00968499fbcf966af978fa840a8970aef93e601d1981fb21da7ffcfeba1811615478f929ed8f2f38f67027c5

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                4KB

                                                MD5

                                                a0916372a568fd5a71382720c048643b

                                                SHA1

                                                5d60e94fb3efad9318de72911d1948a331975894

                                                SHA256

                                                1cbd222bf4c285e93ae63215a0b174a6b82d9c4838e46fc94fc3f89234705565

                                                SHA512

                                                b33bcff90068ef5387901d1bc4885b335f1160394e926cc8ad935da60826ee06ce83c8ccf36274c45f399d0ad3bc9e164a3ecd1d19c6d92ce1dff4a054928d0f

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                d67757fb5fc87def837c7e31b8d7b7fa

                                                SHA1

                                                453f89aeb0ef6f489bb1d97d238bd4a8a068b42a

                                                SHA256

                                                785256320f31805cd9488647d29a2cb7d64e9b71ac03a8c2f0de1d498c35bb0a

                                                SHA512

                                                ca4ad56fdab2fd70abec4d1f0bfe9f7c8cf62c06db7a804d12b73bb35cbaf5ea658b999699fbc0ae475d4ac9ede8ea7ba149e14d8e9a5caee0e977ad233d9eb0

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                755833cf6238fac151799e3576e33a4a

                                                SHA1

                                                bd8e47e9b8d22d15a0174b68ab0878f6c157c86f

                                                SHA256

                                                84ccc4c21f081759da4037732a434f92fd6f634fb8aafecec348341b500730fe

                                                SHA512

                                                c70b1caa1f1ed8d463f3cbfafb2ccdbc5779af9a17309cd0f05b5280b2e8f8d4de4a856d68926c7f70cc58aab58b5e718042506f4a144aa026b5332f7d901f0a

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                8KB

                                                MD5

                                                b00a3449282f4f10e02b2d3550807711

                                                SHA1

                                                c21827bc165561f9d6808e061e4b0c886981db48

                                                SHA256

                                                c2a125f325523fd622c7e15b06f860425b3f35cf0862654dbaa10dd7a0d1ab93

                                                SHA512

                                                c76b2e7474bf260ceb17ac0f82960d1e2a69a445f0fe82a3586b91fd3e223c83200ccc39bdbeabeb77e6df822e426d49fb08d0669e2c3190eaa0928c144b891c

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                8KB

                                                MD5

                                                2208dc2ee9b4cc3a44c902575fdb9aa4

                                                SHA1

                                                a26b24d4bd4e264bdbb910cee0f044111e358d44

                                                SHA256

                                                6197acb372bfe6234a7eb3fa6bb1943a2e50fe1b5818ab66eb489c8ef9d3a54b

                                                SHA512

                                                9f28d59b26a3aafaaa0bf4d9ff80015b91e8ee214d6eb35ce7e1ae6c527bed4e0fe073ba6c9aee8bac482359c69592eecd724dc7677589eb34656a9b290edb47

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                8KB

                                                MD5

                                                dc0753119d444a73930cfed01cd3ad8c

                                                SHA1

                                                bd828e97dffc3013a5817f309b7564700568b79d

                                                SHA256

                                                7cf879e7c7181e387a8c483be201d24fd9f14428a3ee3ee71d29f3b60c7e5938

                                                SHA512

                                                afcbc1409a6ad3192684716b32e9315b14b90db06823ef04cb1b457e7c12c0f26449d15025d585ac3bf3b932a073a9dce5557ed85cbbe84dfd5c3a49792693f1

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                Filesize

                                                24KB

                                                MD5

                                                5edab6d3ffbeee247ccb4423f929a323

                                                SHA1

                                                a4ad201d149d59392a2a3163bd86ee900e20f3d9

                                                SHA256

                                                460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

                                                SHA512

                                                263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                704B

                                                MD5

                                                6cd715eb0deff78dacefb0000a12bc2c

                                                SHA1

                                                3e4faa7cb2b8132898b8f7817f2ab7767cc48fb5

                                                SHA256

                                                a20b5babfb1cede8c41e84285a967407616535cf17190d566850bb2557631e4a

                                                SHA512

                                                a0dd56e2875c9ae6bcf83dc2b066ac90132901c57bb5067d97c7bb9c7f1d53da97e8720a357c931017ee18484274d463de7397d161019d835647234ce3a9d6a3

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                8756e819a835efc25b8e0b23e10f79fe

                                                SHA1

                                                31b68f688cbded3978f36e3fe83cb3c4970cae7f

                                                SHA256

                                                403759a71c6a978d4e69d1fe0244dcb2504ce8b832531bc4f560c5cce6d3f67b

                                                SHA512

                                                cb1277dde9a0336362034e7e753646901cdf7b70691c09060c80e060c72c61bdb2bd81e81a4695ef6b74adf41c9503c595cf652305327115d42785c078414317

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                c25ab4ed8ad17ac425f08e52065a6fe8

                                                SHA1

                                                a9e0882e3de636b125dd2cca283b9d2e385d2596

                                                SHA256

                                                d48a3583fbb4f8feaf6dc730709e2a5e327de1f86c173b6845f06b9c78f8a02c

                                                SHA512

                                                0908bc8e5f4a371c0062330b90b04b37347dbdcc1ce1f967e58ef6a7d97290b03ef11f5c77753223c9adc4f16fdef03635b7485d97c5db98c11b545629d6686d

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                aa9cc2432c284f7fc4594c7af4a80742

                                                SHA1

                                                f0b11856b9d9877303fdc5f9ba7a2ec587f2b281

                                                SHA256

                                                50876f7bdd61f62a696897f77973a565d09b0f478ad77f66ee7274d0cc4ddbd5

                                                SHA512

                                                b3ca1e4a133a4bffebccb37b4447ba7d74732b5e7383e741dca83fa073ec1b0dcfb0445d52dca1039636629210d053eeea3f088083a79d4c61e1d443fd935ed4

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                704B

                                                MD5

                                                2f1464c2b94e34b359d57bc181760ae7

                                                SHA1

                                                b8e1fd94bfd86e5f9db936c66fdd15bbecd27fe0

                                                SHA256

                                                0f5b05db94d05bb34cffe7863fb15ec0290fb40de253ab42ce805a6c22643beb

                                                SHA512

                                                602894bbb625fdf12a2b8a9fd517bfa71dd40252dc82ee3b13dc84e9be19ffb34f5b6063c820c1996d2bb4cbf3b333c965b65e8d53eb8afaebfb206d72dc8557

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                7fe02505cd7dc8a43eadb95db3ca002d

                                                SHA1

                                                c69b2954b0e8ca36071cb3c8c64207ff4fd98cc4

                                                SHA256

                                                9ba00e4e22d9ba8a15058477437265c283d647f79e8baaf6091afd4c64e775b7

                                                SHA512

                                                4d008c04747e5ae2f7649e3b2673dbb0b4c75f29225ce68ca68943ee3ee45e5014ed209d71dee2cc55b735654a07a5fef414192c386eea0429a740e2cf856863

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e61f.TMP

                                                Filesize

                                                704B

                                                MD5

                                                0fb3cd9b85cdc08c29f524eda3a54fc9

                                                SHA1

                                                7f0dc436c77c84bb3842932d8eba9bbe3a0219cb

                                                SHA256

                                                c2b0d64d8a667d552edef8067f1aff8cad7a881391215c7277ac6963aee0a7fd

                                                SHA512

                                                cf57111994fc382a90cac953997fe5a32d0907aa312258bf8040ceb45368ca98630666152042db3967b573323e3985a4c952c33726d6c3a33beb16994628b2d5

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                206702161f94c5cd39fadd03f4014d98

                                                SHA1

                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                SHA256

                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                SHA512

                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db4d2b96-a698-432f-baa9-9aae237f6f8d.tmp

                                                Filesize

                                                7KB

                                                MD5

                                                777204c52d1d87e29e8990006e846463

                                                SHA1

                                                3628bb928568c1f8140f02ca7afef3dd2653da2e

                                                SHA256

                                                9ab47c2f10a65485b4aaf755be21df20d519b8e5faf3c06d9f0d3cf1f1dce7a8

                                                SHA512

                                                30725b1f627b808c7c1f7b7fdec6d0dfcc3d87292327c4a58af0010137a9a85079c17488b41d325534df80ea55d13466f97479a8ac1e29b738349a02f76f4325

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                9KB

                                                MD5

                                                afcb5bffb65e5064f583768950c86404

                                                SHA1

                                                67b1796e592eb895609870e3e9a6b1b8f22b9994

                                                SHA256

                                                facfc204978994a9f8a9d1b6d964fbc8136468bce263d1236e06265491ccc40b

                                                SHA512

                                                a1e49a96387735acef7f0b4433c94895e4be094d8250da64858b08cfe5df9065a14364af61eade58cb1e1c7b0091282715b535d2fb44f107b79f0f113a918d03

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                12KB

                                                MD5

                                                20af7416e1c8d97df2af7b2e14003bf4

                                                SHA1

                                                a0bcb7a8a1bbadbcd4fd5579edfc21ecec9576f5

                                                SHA256

                                                9df9f119904bae1186cfa5e401511895e6b1ee5821cbf6c266459200b54f08c0

                                                SHA512

                                                1a7857cec1c8378e5a8c114265d00d09e1d6a9a7da73b02c7369b4816b01a1ba5c6b1fc36488f272edd1e46e2808c2f5278b35b8caab1c67f0d5ad19eae684ad

                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c115xpkg.d0i.ps1

                                                Filesize

                                                60B

                                                MD5

                                                d17fe0a3f47be24a6453e9ef58c94641

                                                SHA1

                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                SHA256

                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                SHA512

                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                Filesize

                                                2B

                                                MD5

                                                f3b25701fe362ec84616a93a45ce9998

                                                SHA1

                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                SHA256

                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                SHA512

                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                Filesize

                                                3KB

                                                MD5

                                                282571f59fa013206832f0a549836ec6

                                                SHA1

                                                05d766947aa928098d196fe7cfdc904f286beff8

                                                SHA256

                                                4b6b1ef48f547cb1253472e51f40b232f3d57f3d7896a3264f323201021c7e2e

                                                SHA512

                                                d2dbc3712c1cbb1d9a844ea544ba5c308f8792340201846b196e7a0db15a4ccd18711a93e987ddb2190a15e3be5ce3d280b67e70525e6c1f12753c4d124ab01b

                                              • memory/2236-144-0x000001F27CA80000-0x000001F27CAA2000-memory.dmp

                                                Filesize

                                                136KB

                                              • memory/2236-133-0x000001F27CB00000-0x000001F27CB10000-memory.dmp

                                                Filesize

                                                64KB

                                              • memory/2236-143-0x000001F27CB00000-0x000001F27CB10000-memory.dmp

                                                Filesize

                                                64KB