hxxps://solidcaptcha[.]lm[.]r[.]appspot[.]com/?c=912a54f9-f4b4-4059-b228-92bb087b3689&a=l15027

Resubmissions

23/05/2023, 08:29

230523-kdvqhaed93 4

23/05/2023, 08:25

230523-kbelhaed86 4

Analysis

max time kernel
228s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2023, 08:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://solidcaptcha.lm.r.appspot.com/?c=912a54f9-f4b4-4059-b228-92bb087b3689&a=l15027

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0cc4f9ce-ff15-4d77-a5cf-35917bb36dc3.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230523103022.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1468	powershell.exe
1468	powershell.exe
4124	msedge.exe
4124	msedge.exe
312	msedge.exe
312	msedge.exe
4856	identity_helper.exe
4856	identity_helper.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	powershell.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
312	msedge.exe
312	msedge.exe
312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 224	312	msedge.exe	86
PID 312 wrote to memory of 224	312	msedge.exe	86
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 1236	312	msedge.exe	87
PID 312 wrote to memory of 4124	312	msedge.exe	88
PID 312 wrote to memory of 4124	312	msedge.exe	88
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89
PID 312 wrote to memory of 3444	312	msedge.exe	89

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://solidcaptcha.lm.r.appspot.com/?c=912a54f9-f4b4-4059-b228-92bb087b3689&a=l15027
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fffff9046f8,0x7fffff904708,0x7fffff904718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff633c35460,0x7ff633c35470,0x7ff633c35480
    3⤵
    PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1044 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7582338590692267102,16257003914585842190,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
606bbe3594f3b2f8ba7e7d1a8cc56148

SHA1
3064bf5f5a3ba72edb21061f1b7eb4a964f50bf8

SHA256
e31ba1421ec0e5e1eb1975769d1af018d100c3d4a9e83eea5bf6f7339a822c0f

SHA512
6897ef00b3bf96f570ccef9bc4e69dc3a0677c96b276ef50df1e789136d294631e58e732f84cd8116e61c31e3c6c426826a6117c4069d54fc987a1e5168d4fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
b5e2e5a7db4795199acfc5f18aaf7192

SHA1
e47704b01c7e8f35bbb1dcbe7ec577660a3179ed

SHA256
747c53170a1aac8c3e4df37566db00c52a7943137b637f4d1524a83ff7aad57b

SHA512
5eac3149f5a3f87636897a238289bca62f94543e4c8825da5a4bf1ff95427e1f676b2738b44c0f8933e7e3a6978980b3bbad189a156b62dbf55c7f7c6e7159e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
3ca9fe63fce76be560682751ffd34d77

SHA1
f08a75b4d16eea2c7096d37de14d6ba78ab36ee7

SHA256
c2b8d84567dbf143b09d06a68b8b2569fcf7c4d4d2b76021e3035582135bf452

SHA512
515e78ec17112e5232113b867e9e7e5872226bd065a1c7ef5432c14f2c8b01f9b446f98a9b6e034831b98dcd97f387e3beb96463973f02027ca2c29a3b610268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d5d6371af65c6e6b4fc452fb3af145cd

SHA1
ac8e323be2ae6e20359ccaa9f90b41299fca2d38

SHA256
e0aaa3adb7155830d07498f827a78ed495bb3ca6a3f53a56ced8da13ead06e13

SHA512
af210dcbf825545bbd852aeff9f53934d04e0eeae0f927c58e930c9bb172b84eab626eb0b7a32b7c46f7c239e0c153d810b28fc4ba968fd9de6a35dfd92db008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_solidcaptcha.lm.r.appspot.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
3d11cee2294bbc9c038dff407f1519df

SHA1
9f5188e304974491625a2b48ee7e763352eec715

SHA256
56fddaa96bc22fa443eaf4ff58f742602f4301b6d41f5f4554185803e4704249

SHA512
9bfc653b641d08dd367f088124a7dd485e5d52fb3844b1684e5e0137a3e7d78c9a83dfcd17962f3fc8d5b92bb3ff25392a16b2e022efe88b2f7d3711469fa5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8ee9aa7f3cc742a59475a4157d6d42ad

SHA1
ec3414047871ce04539a519ebb16be5ed18d7f67

SHA256
533f9f3d78762f80350c5127f367ae172c5c01ba2dae93c17df189163cacaead

SHA512
8a9b88bb5e01d65d1ee13604919e7bc542d73013a66593af32dba70d560b73247b7d753c6ccea565234d8751e78783b40fb45cb3161c1ff5baa1fdde35b58c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
296335fb3737ead33acd3c072cb19a35

SHA1
f7ec9e8326f042996ecb3b9401db1b769ef4689a

SHA256
96def7c104be7ee290edff719c1a9d329b81550ec2828ee24a4efe147600050d

SHA512
f1f2885ea2538d854592c2e7678afcd5b05ff9183fe07fa60142725f197ef491d50fb49fa938bda8bdd4f2df04d5c3a1ea281815ad397a56f52f7523b7d566d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63b1cc57cb9bd7ea2590054b569185c2

SHA1
9e1401c7f0e77fb425c9c1a2f77ce65f7988b326

SHA256
290711782f142ccdf12d23b9dfccb938c92b846fc1096950e8c91cce3ba85e34

SHA512
ebdb728e26acc9d087b4420d2ce404e72088f1e4faaa6cac039fcb0786f32a80b848034f78427e789f90ef4c298428553c51b7cb82162875d07cb85b29d46613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd9fd8359ec0e8c0c01e8cf37ced981f

SHA1
5b5a11f55ba25d17e48128fda47ef33adf8dfb06

SHA256
5c6b55b224ea9ad40dc122046ce90891aaa467f20daacc5afa31a0e2466c9d29

SHA512
727767d983e9a5a3788c4b10e6ad2093be616990205cc78a6ea1497d6577e448a1ca5cbb7ce28efbd69329b163773af2c2486e138b1054f3e3ac1dc23def8b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d421cefcf4b7f760053927cfbdd2e522

SHA1
bc59315df0b588b5f0cbf05da069fd95196abf56

SHA256
07235b63d00b17fa98d8a8a4e654ac6ad6fed3042a017cb1378490c2ec82a3e5

SHA512
be6f52bf6ea80a5800cd7b9878f39d832999eb9a5210619a097369c562228ff64bec50fc6b67f71b4186e79d2563a0a8870f4611b4517dab6042b4fa5a720600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd94cf260883abd543ee3300f1c0b6ca

SHA1
b77afa6d29950433ea93a51a433eaff5af9db125

SHA256
3536835f25395d27aea7351a1c834c6eb9e0cf56b1b363e45e955b79d518207d

SHA512
85f6516b0080ae40ec9c859805c9c912e22dfbdf1b5456a698ebb26085ad7b209b20915a124cd276badf00db5f606b9c3244b64cb51f241cace5a7f881acecaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b2895703bfeec50895b029e896c4385

SHA1
9da602374aa3e5f04eef83bec9409d4b228ba798

SHA256
1cc527fbdb8855898a27bf91b692b92b61691bac0f7e4dd92256217e6ac665c5

SHA512
7f2ed69c2b3b2094757ce843ef205a02ac57e3ebe2b684696820bfcaf1efb6319fb7c9878699675ef4cdbbd8499435e28d534a04c08977356a8cf2556ca0bd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
782a17e11c73c6ad052246a15ed7ff54

SHA1
d102fcd5b38f536fc245bd5d992ac2b17cda4974

SHA256
61800bc95c9da75604c8ee7f532ac456fa7e98435292d9f9519143f86c7cb5ca

SHA512
ff83253765af38efdea217f46f643dfc11343c0b0219becd8bc9962f58af74991ed934c9d42cb34b7f19228bf6db18ef13d666bb7e0d477452457c8a5392c400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
266b25746f783381d8b4a5a7ed47c59d

SHA1
42f7a69060c49f0edd535dda9b5384947d4512e1

SHA256
9e41d105a6d5b6765b4dd82144291140e9a111ce3758e018a3a17dc494ba1fd2

SHA512
f8684ee1d73a797f45476d4808689e6fc227259eac315af99ce0b71b8fc2c6370dbe3e8497408a7d58e6facea171b3037c1316b99d477c9c00242659e73c8a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581a59.TMP

Filesize
48B

MD5
4ab3d40024608e972c808c1e9ddef5a3

SHA1
868f7350e7ff6cb5ce89e70a244a5645b7d93081

SHA256
7ea624f6bfbe5718b6a0985dc1cd65bd31c4d192f6a67a6eec3d2988b5230052

SHA512
a9dd4812f5697175bacdaa7c04fd194da25faca25a8fef9443ffd9eb91b9b278bb9f9af021210e95289bd554fcfc56f13be5f71e7822bbf9a97a9fb98daf3eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
708939628df44c4bfdd6b106eb7d585a

SHA1
e08253a90c2d19c6dee43327573657eaf56235b7

SHA256
5c3aa36ca64ab44092f9a6847db067c991503c6e2265db3804b7af79270eae73

SHA512
ba275bb52b310d0b90c0468ea991513f6352cbb64b7b81140c5f63350ec6f352a0c7e871f435412d1bb7f10e0f6076950840f0669d0e3b5e8cbb5741b1aecfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
187b73e3b59f1f812e7b2540c6e1b041

SHA1
95b12e0100627b231decfcebec4db64f90288c10

SHA256
d7ed3e5df779ee82a2fdc1cd518f9fede8ac4a55c7fcd2afa84232d88ef8c303

SHA512
73877c410b5888e05b692985f902c5a3bb76719ecefcf5f6a98f9414e5a460c01480d97b75c449244fcdce6e62eb98f163cc97ad62a000272662bda0b9bff1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
add8f8c4229b37bde856a89dde295a01

SHA1
642682999a233de2a7a1e4943b89e2fada69f264

SHA256
a4a1dc1f569bec40f04c3be3fb2202edf1fe6044c3f893ee941daa02e9671882

SHA512
cfb638d7a911b402e8c64618ad82649928661a8b617b5b758f131c1d10b73ca8141e8075fa5f54798e2638b6e355bdbb92f4967df73eefc7610b5f7c1043b55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e9af6b0598723e71308d13b0c85ce26

SHA1
c3f5e21e932ed03bfb69013851911445ac3d01d2

SHA256
d139b84ac40881d8ef73e369109b9e78b331ee61477ec45fbeb2cd48b4f6a2a3

SHA512
b0564d8500ae45f9cdc5683bb6cc0d040dec14908ffe94268bcdc44fe72c2b54fc87cfc613fd175512212da0aac242f75d0d1ffa623f185e1eb0bc74761d0872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df98c7a565733f763c6c0f3e6d38263e

SHA1
87e322ee3f10fd2ad9d351d9e794cbd0d51c598f

SHA256
ed7ae53619c6eb521b4acb18de2b360599aea918369d21d7c8c0398e84d776e9

SHA512
1d8fd83bdff9f779a6f62336b6b04f7e80464362f2f3f136cb2a60662ac6a2d1e55ad3479602872e56effe493462d350c161985e4edcbaf18b611bdfe7e3da44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7075951fe1927032839fc4174841bab

SHA1
052f721c08c1e147d830f67c1fefb06cef0d9263

SHA256
75b0c842a5901a0dc8c56c05ab4fc148130deb95e39dfa7e3d8fe93b179e1d2c

SHA512
bb0775d8f9282ee1392ce76e74b524ac1c600023984d2cbaa7d0b87c7bd16495e4b152c56a73370f751f8bcf0479cab848e4c90241f70b8b61cda67b5d42a2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585c06.TMP

Filesize
1KB

MD5
e3f5e39e86b5a185c11869dc7ef7d013

SHA1
5c02c6a9ff0ec2194619e509b8e2dee8025d2a29

SHA256
a6b84386ec08bd127cf7f8292f5a6baa9bee7075c1dac626756f7f4feeeac0c6

SHA512
b1fc76f3314ed181e44cb560b026faaa0fd4b5ca6edb16b5520f626c532e9d5acb00e7fa60080de24044af14eec79397c6f2ca04316499ed3fcfaed378115941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1458bbdfa5af89cd737a9af4c723ac45

SHA1
30f4f0b6b50a97d29193017c6daeec7ce85177bd

SHA256
69b027d2052b9032668b15eea7ac1145945e99fc68d8f6ff165e7fc34c2411e2

SHA512
1b6740f406248b2e6c5c38fd47b641381cf2953dd87b2e5c6c1d8736e0e4adf30989a46760a1586c559a32217524c7b5641dbeca283daef0d7138386af97e340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b36f735a11c40f81404e7f383248503c

SHA1
614c404b8479b6409cd7a5813e2bf97d4c515516

SHA256
261cbe4b3601cb718c0e1680e7afa50a9645733fa9e770d36791cc75c533f0f6

SHA512
bbece0084ee8671a872aa545e2d8ede35a72420f983ad1f112246f2790eb264d4e41d9727ca088ba5f45d91c739e37c249d979256ebe1ea63c46b116e9965a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
429b68fc035d4e258e96338b05ee3d54

SHA1
7b5bb223e6a8692361a9eb2eb77f4b4f39002bac

SHA256
200cccbe779f14c3f5590ff92888ed8d6949315be26d5035e96b4dd794459a5a

SHA512
401f5269394cb41f411742c79cee4303fc7b453a2b8166023a3d2241cecd8049daa1dff4cc831b498a38b7b9f06b23323f326471cd593a79507b89b1104c9dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3f89e1b82351c3b596a0a9fc23abcf4c

SHA1
96876daf3b2dcda3271fd07971f4fd5e5e5357ac

SHA256
2c8948ac45aefd07e6b8907992b3b7273749706be2063808e5b3634a5663dd38

SHA512
075fb9d75a1cd46878a7787a376361e83c9ec3307efd791945c6cf3ee2e64052687a414743365f1cfa0424c38d4ac444f5de997582152f6dcffda1ff666b89fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hj4ym2uo.s53.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
811bca4f32ecc580fe07633078a60f4a

SHA1
67723915b80e2a13f12a123f8bda2ce4e3995e0c

SHA256
d296cb097d48223a729f8947d2430a301d6f60726c76a8102dc6cd6ff8574d2c

SHA512
7d744cb133ea63ccb85724eba9e272044f60f29d86478fb26850111139aa11a721c149e8a040b6159331bbd6de5ad51db95e6010988f4d43aa0e3b62d2a293cf

Download Submit
memory/1468-142-0x0000014379300000-0x0000014379322000-memory.dmp

Filesize
136KB

Download