hxxps://twitter[.]com

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2023 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://twitter.com

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4b5a0f04-9951-49a2-8b69-1036a40fcaef.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230419002132.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4164	powershell.exe
4164	powershell.exe
4320	msedge.exe
4320	msedge.exe
3352	msedge.exe
3352	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4164	powershell.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2868	3352	msedge.exe	87
PID 3352 wrote to memory of 2868	3352	msedge.exe	87
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4012	3352	msedge.exe	88
PID 3352 wrote to memory of 4320	3352	msedge.exe	89
PID 3352 wrote to memory of 4320	3352	msedge.exe	89
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90
PID 3352 wrote to memory of 4492	3352	msedge.exe	90

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://twitter.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://twitter.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcae7a46f8,0x7ffcae7a4708,0x7ffcae7a4718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4776
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff780255460,0x7ff780255470,0x7ff780255480
    3⤵
    PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7285316663049925281,1242257480843774687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8d26d2854d0764eeafbc8cf80e5c40f2

SHA1
6052806ac8f7f48040bf961dfc94fdf08a820711

SHA256
3ae270b20de41b8d08dc5831979a457010598f6b17724bc59f6f807eb0c8ab98

SHA512
9450529e539f7629e0981916c7c9e76078f6ddbf8e575c502550d0ac4d066629e7ddaf71e02cf04c8aa0e98bb7574ed075ae370fe6dc01fe0546b99ed5ea5cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b2afd3937107fa54882ad37e6d7f3d9c

SHA1
41dc73049b36536ae5b58e0d9f76406575fd8bd9

SHA256
7b6422c2c1de19665db07c3a56135640c73919a0a17da5ec71c5a719cf2309e6

SHA512
00a30aae2894e35fcc00f3b5a3cd31be75d739af0bcdbc9dd3fd636ef9645b5c04b94c98ded0eb625486f77ede621b42528905eae37ef5a770d277f679e55d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8ed3e24a49c4f372b0c6f19d05e98c11

SHA1
f80191a3b6151bb149d9b956e09d1665a6d26e54

SHA256
9e8839b07cbfe8ba2cb77133bb4128bae09f4116d5eced35e24cc69a33c0de9c

SHA512
a9cb607b4e179fbae0845bd38fafc90de5d605ab9df914d7984b8f9e96eca75ecaa95ffaeeeefc93056c7e80cf22d3da55c45d8bcb3a39dee2daf75389c07457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bea13e4f19ab78af736eac880fbd692

SHA1
d740759e22c3cdde34b6b2d69f8af69796e0e677

SHA256
574f0ebc284ab7d67922cbe51d741a991855608afedf49a746171ffe74a20b09

SHA512
a42bef643eaffcae6ba90b1fe99e674c6c81d3c9940b5fdda4ad1724452a0f364649edc1f83ce6901ddf5d6fd413e646de10e5f916e27478d82a67f6ee3ceb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
57ea2cfcb015dc1841ed231d853be877

SHA1
66ee8b019f3c328112b4501cc443326bbc202434

SHA256
689764eee81f34ab93337cd08c8d6f9a23413d468a6cd4c63a04de21eff36f32

SHA512
b6654b0db99b320cf367c342ceb3e0ab3d763c6ae31bd529d5ceb99d2dd175330f5f848f660dc0e60a2c997634408357935a91aaed31bde20194f88e30fe7c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3eee62dc6669c298319e1b9dc6b382b

SHA1
6a0d06807dc12996cb8c6c2d0282e934385ccc5d

SHA256
39fbcc70a3714f25d88ec8172f7f3db84a95d27ffbe5f9219c380569e444b23a

SHA512
fb6dda7744dee228a59c2c80a4e4bfe3f8301730b230b4e0fa212c20e37cb42e4a14bed5130b56043a80eb9c85a8087e16b038f615595eba05a74ec35ac9134a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed8770a3a576ce50d909bf432770fe48

SHA1
0bcfc9d45a32823b2304321fbebe6fc0a7e7c3bb

SHA256
76f9d8a09d21207053402d539e40d6a2715e13a05966acd3794ffcfa085c4b20

SHA512
eadeeb35f2217b3982312d475aab07da0cc6f6e385aa90386cd27c04b7746433d549414487240365ce359722e7eef3e5ea1cb7703561feb84e20eed6e4400873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1806b0b5-309d-4e05-ba39-470272c12dc2\index-dir\the-real-index

Filesize
72B

MD5
3c09bf6b45a00c3530d4b210fc31fbd9

SHA1
386a04ad56ce6581fe0dd768d6f5cc2b0b1a6c1f

SHA256
e4ce96a294b8376ee76eea4e2aeb525cdd3ed9ef369d5e89ad6b8dbfeeb90493

SHA512
1d5820ba8caf581acec7f7014cb9574fb7e979da2cb71e40e7e411fead5fc0f2e27d3d6ffd7f1ae305de2927ee3b085b42b5ead23a7f162a5b24662f7b9360a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\1806b0b5-309d-4e05-ba39-470272c12dc2\index-dir\the-real-index~RFe56ff83.TMP

Filesize
48B

MD5
8d2cccd39815023b5c0ab2d7325fbeeb

SHA1
4f17196520f36b0c3f2b9031477f939b41c7703f

SHA256
1bd134a66b72fc00783b83f33b5ed4dc2988e275186210daacc7e632a92eb7db

SHA512
897df0282eda7510e7620b8ad167aaf4281360d9b688eba319b1732266a5abee2e3dde4930606c5352faa133efee5fb9f27ffea3bf0d91cb636de7c593f0896f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aa7eae54-9881-475b-baf5-3726f944d36f\index-dir\the-real-index

Filesize
9KB

MD5
e99b905c1c7696cac98a0b697a7f7320

SHA1
a531f150adbe1df96717e52b22a4804a0f833ab1

SHA256
c3889e888ef5d0bd3fd0b5d3faf65439ccef022c87830da669b376b69e0b9e49

SHA512
4f884fd2e78f2f05dd7f639724ef1eed9d8e3afa9eff9cff4335ef6c2face17e5674d68b7613790f221752b50108abe3c6d876fea43f67437ff4a71a231565b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aa7eae54-9881-475b-baf5-3726f944d36f\index-dir\the-real-index~RFe5880c4.TMP

Filesize
48B

MD5
5bd74dcce211a3d102bde8df890e0a0f

SHA1
7d13c29fb1e031ccb7f054dcb31d71ae3002800b

SHA256
fa253570ebf7037b1f6fa3a870350f8ba194b996ed1e98710e1f58958a4b6a04

SHA512
937ca573a93e1cf8508a6777847890737f66b80aee9a6bfeb6ee458891fe364ff257077479c0391ae42743c3d190f168bea4b069633fd637cfef4c054663e858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
147B

MD5
0c9d0aecbc0b8d640c09aac62e24c7a9

SHA1
27fc80995157c20998389526b42b1f2961762090

SHA256
8417a82717a5f7ad7b563523c2009f1f96ba67a7956bf1422942b390a1d8d0d0

SHA512
d22280776d5e8e94a82c959d2e6c03990fec2f231921afc03bdd0cfbda37ddf50a47bc45331badd45337b113b6c607df3ce20f845ffd62c3eeb5051110fa7c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
4dc00bebc271bb5fbbc6d3cebe0f63a7

SHA1
d699f412e1d1fad60dd6aa44570b25a080ee017a

SHA256
6b1aa03797fee2e826128412dc2f5b144d9c88367bed5bad3a26f503f3863884

SHA512
11e032818b541dba814667f521ef69f9931e255ff54dfccaff7f97ba4df9e1ee16214d1f9bffd32bc9dd428e418f4d368640670c38f34551646939187f43b828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe56ae07.TMP

Filesize
83B

MD5
ed3682a7369c26a77ef2efbf7d35e47c

SHA1
f57cf052252539715ee23f84f751d5e558b0391e

SHA256
6a194dab12a843fbfa3d56935c64d465908f1e8a40dfa76845bd3506480906a5

SHA512
baa74c99f9d3ed24f8024f7172b760c2736809cdbd507aad2993c36b061b10fd5cd3abdf84c2722c8b64851475360da9468ac766a687eca6820d786d75dbab59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
799222d5534dd44371c05cefca5536f9

SHA1
e8f4953ab043ff04495c524302d4a00b747aa81a

SHA256
ccd0de95acbf9aca79d7ab47a8e5dc6a83d6450c81f4112b501451c9e207aa74

SHA512
a686cec0a3587964cd7af9326e0f710180a0d0d46c6f9b70e3f7eb3ecace46a1e45316628c6fcccc868f713a53f757072f2fce34cbf6a61e6c51aebfd19258f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56fc18.TMP

Filesize
48B

MD5
2cc5f33c324e5f5fd5abd6461b321b74

SHA1
158a03dd6cea2f783ca095e1c9d77860262b3029

SHA256
06aad41ff8457fa7a65e0178d1a43889ecb47e3a2de6ca1de1fb8b64de272eb7

SHA512
bb7f027a53cf7bd580f5fb9de3ad17f9d24e1b0bc594abefbb9a5898d5200895bdd6fe43337eb0ef73a66d4eb9d3b46e70f6fc47d8243b1b7d713712e907a663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b58d6bbe26ea74ce3f18fd63e2e59e54

SHA1
cee7af410b78d112bbfa65577f9193029db89b4b

SHA256
9206b389060db511246753d45273017f55ad894b9c0cfae920693aaf21da171d

SHA512
9cc98d55f3b3aabcbc67ab86ce475adb520251f5d5e8aa37dc287d6686888db2961b18d5ff022994a86709accf7455fd689dfdfad1c77a89c1c470f578968dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f03fea819077ab21850ec192297d2cd

SHA1
18bc8a065dd65cc972eee17d0f151e3b66356d4b

SHA256
aa79a9a8476dbb0c30a322d1c86e42b6fa994a228e37bb880e69f95de504e0e5

SHA512
bb6d1526f6f356ff3cb40c656c66d3b07bf8fcc94d423fa3b06bac3e71f0426b0e03799fa1c5281f56995b729cd135ed73367f55b97f5f230f22154816574276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d751bf574a15faa66a2e9e568efe174

SHA1
ff5e5a97e0ae94aacf2048c441f7856fc1564606

SHA256
5c9105edbe19e374cfeb49337f0626615898ddbfbf86d37fa9e4ba696292c63d

SHA512
d528a463d90ef5ae2529846828df2984647de35fefa3c12da24451a4eab11df7053f130c1fec0059989fa04023ad36198a2658e520d71f29a5c936485ebb7c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ef8c806176cff2e1d449e60f2813a03

SHA1
c65e970f6ec83a569d2d00144edf9ce4af8d0219

SHA256
7a3c234621c5ba54631c3965b23c59e6ce6f1179e88bb3004644b1258ce02513

SHA512
a81a5398161d42ae7793426fdcaab060f4f71e6c085867e2405ef700dfa1e6166f1e6707df5d16b246dec38642706714f7ee2bd4ea119cb5afd203c36091849e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3efba0690059dca789abaa32ff78cad

SHA1
55ba09eee04e24353e42b7dde12ea879435aa2c6

SHA256
d53f22333c641ec1f77f18f80b951a0525922b03a189ec4ccb1e4c2ca170453c

SHA512
6e1898ce5e2d9e1da0077f4f07e1d5812d24bd4ba6082792511038a8fad89ab28cbe5e19cc41f282dbe86249afc283762e44f0daaa9b52e7c2414407c02f3136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e081b1791bf532283554f79244d0a34d

SHA1
5cd1fb44a4a9afe537026636cd52a92052ff6d22

SHA256
8f9f655a97391c7c408b27d94507a089e2208596cc38fdda56ed0e412a5fbe87

SHA512
c61679b55de1f1d45ab3073c077a619c423804c0488b50836dc31cf1b5b38b1b6211a5372bf6cabe2be584b42c34c9c088004b9e55b4e598b600fed2db012755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59858a6f4e8dcc118bbc96e3346e16d9

SHA1
1673a3b58bc27769ca28c18e49b9fff886d2aa55

SHA256
3f7b65c0282bc41aea8cd5ba1028fbb17d0bdad8211a124a34a54ff93d12d74d

SHA512
bcac6f138db795c9f1b803a0e014c7efa56cc53ab3712808866bcafc45bc207ac5d112e44d072cb2d380c824ceb23e367089afca189765563da1ee7d1586c4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5e1f3ff9980719064a1f997f542e328

SHA1
5e07819b65923d968d1a412c26a3842e2bb61faa

SHA256
7fff28e7f2cc2cd44f79052e92b1dc242a01a0adb85c500978c2773958151b90

SHA512
0235e1dca1c2cb5d4587262d4482fea1a850f1d1106ea19b6ca8f0b2015cefba32cc29951d98576040996cb988a48e8d2e829b6c6644f889d4022821d1b181c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3322aaf9a3b4eaa3771fceff74d23be9

SHA1
86e6893dd3f8b1fec27d27b0f608ac8de21bcf99

SHA256
a6fc00c2aee02913774b6de69b5c144674cb0aa17651cc7d25260744cfa0bc2a

SHA512
e2fb8d55a22427e1ebb7772e8263ec8caa8a7ca957743d3c765d6e6fbae6d7e46e6f4e3162b52ea86e16b30bd5c7114cdf4edd0a7e2e24760413080df8092ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d73e8ec2d85e0bc449b9f2a7159b9467

SHA1
197bc757be81072ad2688931aaf7cac8e696129e

SHA256
2818144f7ab84ef11c202d47e5434b5136f7a8254eaff3f117ecaf161c9824f8

SHA512
646e422fb63915280551d92cc7ee19f2e46822d85f8938b7b3514b4bd2c75ba27444c1dd6ae0c42092ccc4f9000885becf9a520bedc56e6b5325b30c5c014a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e738.TMP

Filesize
707B

MD5
a9cb14a97665779761af11320bc15afe

SHA1
a3e04a7957cb7229529bd5558796ac4783f5994c

SHA256
8e25991f0fbd19d90ae49788055a84966bd9ebf722da6913733cb4612b49bf01

SHA512
f50e719fb34a64451266a05b7445a6c4db223a53da5c04257dd604c56b6ef5d3c1d79bf3a548c8b61aa588b60ec4b8c470c1c390f9b98b53148f8a7efd5bd421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e677998c-adcd-42c9-a644-b80a51423ebf.tmp

Filesize
5KB

MD5
0d5710e8da6ad0f9e97543b517eaa244

SHA1
06027e3338ad63e60a7fcfd65805a760338ffd8f

SHA256
4178d1f9730c9f0b916974c9e9b6c5c177c465271d157444e10780f94f7f42d0

SHA512
f9ca4c8e8461d49bbb4084af48b95dba23775a32cf1909de0a3c66b5eacad01adeca4a38ca3cc39c5ce70a8c4106c051d4498b63bb3ea7e017dce18fc7283701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
37e16ea39809560aaebaff211b887110

SHA1
0e43607b4caab7ad50bf11d7b94151634b1c3bbd

SHA256
9e0ee5674aa130a0bbb614bde66dbfe8c00f06297b412e6bcfb1beb1bb02a253

SHA512
24f04e5377d4b4142d5ac9cb2882a38e2d8f14f1820c8ac00909d632f4c649e61ee0a3af4240dc7ed73ce23d80803f64d136d1e3b09ef585fd981a5f4b79dd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
392fbc09316000db8fe13e94ab849180

SHA1
cd1c9da0bd8cbfe7ac36079b045e336143966503

SHA256
f1ad5226cd804fb9144f327ca2c4313360795c083b2f00ce526093acf48ce23c

SHA512
1e6b9bfce3a9f7aa38fc750d7e81455119d20f0010e24b9971bb439f655d46c7f2fa277a401e15e7836ceb5ed638905f14d4cb313341fcc1c2be5d816df7c01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sf5vfzh3.sxb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a7cf960694204744f48925eb41356584

SHA1
eb63b2d5714e4b34002bad990dbae3d9afe949b6

SHA256
d70f407ebb08901385795a859fe1a226eae1c8a91273222dd324d3f8b81dbe23

SHA512
324fc8b6da316fd1b602058254148d7ec8efd1c293eae95f4709cc63c4055690685dcc48f842377b256c05e1b72046ed9fb399c810f3a4b1ee894d35ff8df4bf

Download Submit
memory/4164-144-0x0000020D21470000-0x0000020D21480000-memory.dmp

Filesize
64KB

Download
memory/4164-133-0x0000020D075B0000-0x0000020D075D2000-memory.dmp

Filesize
136KB

Download
memory/4164-143-0x0000020D21470000-0x0000020D21480000-memory.dmp

Filesize
64KB

Download
memory/4164-145-0x0000020D21470000-0x0000020D21480000-memory.dmp

Filesize
64KB

Download