hxxp://b9e62ce10d663d3d1a9111ad6e186af024320d2af46879e20ff3d3508de30a5a

Analysis

max time kernel
1689s
max time network
1694s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2023, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://b9e62ce10d663d3d1a9111ad6e186af024320d2af46879e20ff3d3508de30a5a

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1309158-33b0-4779-beea-07d27a6ec046.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230531233134.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1372	powershell.exe
1372	powershell.exe
4956	msedge.exe
4956	msedge.exe
2860	msedge.exe
2860	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
32	msedge.exe
32	msedge.exe
32	msedge.exe
32	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1372	powershell.exe
Token: 33	4356	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4356	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2232	2860	msedge.exe	85
PID 2860 wrote to memory of 2232	2860	msedge.exe	85
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4776	2860	msedge.exe	86
PID 2860 wrote to memory of 4956	2860	msedge.exe	87
PID 2860 wrote to memory of 4956	2860	msedge.exe	87
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88
PID 2860 wrote to memory of 1760	2860	msedge.exe	88

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://b9e62ce10d663d3d1a9111ad6e186af024320d2af46879e20ff3d3508de30a5a
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://b9e62ce10d663d3d1a9111ad6e186af024320d2af46879e20ff3d3508de30a5a
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d96f46f8,0x7ff9d96f4708,0x7ff9d96f4718
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff606e25460,0x7ff606e25470,0x7ff606e25480
    3⤵
    PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7261616681864435070,3394312807035009826,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
671266cd0b70e1fd7b6038fd4a48bbed

SHA1
1ad40671ba92bdd92a7af9279272b7fcf49bf855

SHA256
c090f98a075fdce2368d39b3633e320bf1227ba548b02bdb38d2a19d208d6496

SHA512
bb537503d3819c0d407beeadeb9bb293f4b0b8344914407ff218ccfc2b54086444582ad63c3fdb78dbd7751e1f7499e50d0e7ff3a6029522e16153d31f568863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
ca987246bb2377213c1683be092c02f9

SHA1
26a564f6f3ee47c3ae809fe14042c86365bae691

SHA256
ffd96152550b7b20d96e34794f1a7fc32264f3e71a2939d55dfeacc805ae5b7c

SHA512
aaca6700c7144364194e8137f817b62dd41edb0e53cb2661dfee99c8d1c202b4e2200f057f821d6b309474854738beeb915f3f5b8e9c405ec59ca2cf18fbbec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
60KB

MD5
0c901056ba74138325e30d4984f1cef4

SHA1
de5b21d139c52b2906026da2a66c7d2e062eabb1

SHA256
ce220e0e0deb2d51e1a5abc32a8fe6489d3984f856d7a33348762ed37e607114

SHA512
0698308388a48a692761491cba65d423e3c8676eadc8ce54828c16d6034261d56d601be78c077f1265e61a3a093077257636ddb7eb2948fad82a5d4251ae2a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
46KB

MD5
65ca6289d40efe3ec1ed68679e9a1d61

SHA1
e349429c41e5169904d5f905f15d12b86bd5457b

SHA256
361ff3d7837740143a1f12b59e590559c6c4c493233614980eed2b98e2fdd0ab

SHA512
2b30e3f982063765a236bb9b042e1d0501ea15cb50fa9fe64d9df03762e54db32b80cafa57133beb4d4d5cf1359092baba583f1a3f2117b83a24d6fbbe8d130a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
17KB

MD5
62a707260fc6c8d9cee535fbd161fe05

SHA1
2d21e1d7800ae2ab8b0bc00ee538383c799fb16d

SHA256
10522ea2b9e5d5a60b3e0a210ef64580d5e8b3d5e4a19376d01698d5cf214f41

SHA512
acfb5de939bbab077c78c43bf5ff64f1ad5cf9d06eb30838f7d606c97b10253c82de3dbc6bccfdc91823e1a6b4b82ef84b8827135715553d4c6e95500c48f2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
12f9a49364d72d42200a0db83cff8ebe

SHA1
a515241fc909877b3a003dff61c49131c3ca923d

SHA256
c278ed358553091ae5ee43499da6ef72211b7ce0ea256c58f5f77dd990fc15c2

SHA512
f921649ed67a193dfa00b9e6a3b6982a0ef60c85066f76f51a1e62471ddde685c0745fe0c5e0f57d685f9326b214c55c23b281cc655295000d7c67b807585f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
60KB

MD5
4b9c1ef3ce6c920eec603034d25b3d19

SHA1
ba39c71494712a7fcfddb0deb8ba03d2f920b60f

SHA256
96ca2dc3ea6f449591af80a617e15b23debad0242ccea974a3ddee8847f4d74e

SHA512
c07e444b310607285548456352773197edee8d3b3efa8b1d22ffd318ecd8e597a9e6a2ad1a4eec30f02ff1ddb5a71e439efbf78818b131396f209f3558c09479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
1024KB

MD5
cead702c050c4130f640fb01ec7ae3d4

SHA1
acddfc75c1943ca406b3ddbb8393125e48895eb2

SHA256
a5a889495ab96032c16232fbadc12ce1a71f82892d5d449eae7f5f52b472a679

SHA512
0fabab8ca8bab09327f24754ee22a8e52c401168ebe1e448d07582c9df98bd0134ffe5feab74495e7b14e333ee3da4c4b7f282e73ddfcfc25857a3b4df3d6b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
91KB

MD5
4725361a720a429a4a8e573b5be65bed

SHA1
1745c3c5699fd58c3efd4d1d8dd90b08c6a1fafb

SHA256
649e309f190d69a5fb219fb5cd65083641503df66506cccee12649aef673b4e6

SHA512
3c3ce9cd6b096f8130bf96d5cf64baad6fa488cb7b5de273e15f71d711f66e549b6b5c0d18ba3e8cabc55078d4f6b8a7fe7a5a2b5d8ee294bd2b43c3b68fad88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
89KB

MD5
653245e60d40a300901ec62b14882523

SHA1
73c38b69ec91cf590a3a40caa6e3ba300f93fe7e

SHA256
2d54a0a91ba98d7cd149749d09a4e24dcc25494d132fc71a41a34d4607c1802a

SHA512
71c3cb5aa97a3f31899f2ff4d95eaae1b0a2ee0cab66f0ae428843a302f93d0531fe1f6711acc3e8ca101bfe1924a2b3ad47c626982a275326e79a6178e91193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
98KB

MD5
c296924340ea87044b7d4b494c1e5224

SHA1
cef9324c44031045c0ed16f552802e08a76bff21

SHA256
62911001bcb7b9bababa23b899896d5451d9ea5c41aee3aef619c1e809c7a218

SHA512
6c48da2eb61892d7fa44cedcc0904fd9761148cb98ee1a2d73449ccc18ed804da1bb4410ff7e6a8300225172ee0d0948164ee4d76fcc18e6cfb74eae18cfa428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
223KB

MD5
cd510299cf34a29c1ef7a8d6ee28a502

SHA1
5ecb725f938f95cda61431cf7f012b143f725978

SHA256
0b90233f52e90c7dedaee553b75eaaebabdc162274c7afa918297930329e2313

SHA512
0a733c9bf0087bb8401338fe2cfb5c626563002020dae8a7ce4f7ae60afda8671bb60c047e9ee3a2761c5b2d64fed3cc4e2a9b5bc17e02d9348d25052c3ad334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
608KB

MD5
1b7a2ba33098e29f7856c5593a8508e7

SHA1
5c80441bab1937cb889561ec0cee4fbec2836c1e

SHA256
97804a67e3b3a0feb420a52d78b1ceca6161f99e05fb13df96ba23feb61c9bb9

SHA512
881b0123d7dffc65dcb7a3346d60553acb5709f755a1a7e011fa6f39a0f57b5a3ded800033635031598c62439493717f14bb898ff0d7b702359d0399efb9bcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6c2fd536359f576dd03b33451024c6fa

SHA1
f499e914c3ba0d320888fcc6c562c0ff95698ded

SHA256
67297813e037b1ec7b0b4520f37965649057a663a3714cb4e19e4f451c53c5cb

SHA512
c3b7da1531c5272509a68f82595483d94c07ff43099b8b0dcf12e9b69666ea430cb4a74b20e7dbd861be283feb46a32bd70a01ee9116b0d9b93e4174008ac927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d1a11fd29f3ab7f73ee5165e8544b6f1

SHA1
2e803f67add3a6029aceeb33cfc04242c3be1713

SHA256
8a903a4016c2e733f3bb9403b73179817e8044c03c7158238b091d1c303f64ae

SHA512
42121599a160f04aa612ed4f5ea7efbd7b6eb5ded8bbc299879a5424024232ced33b614279067a6e875ccd0b6f7c2854600ffc8edd0b928bb5f0b77d600ba29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e4afca5c3a916ec9845c4d1bcb6a67d4

SHA1
67fe821ead6bca55146ec9bcf75b496a47ae0311

SHA256
7d042cd34fd6bf54f9ced77dcd6c93e61953418729522b52ee742dfdab9e086f

SHA512
46afe91d185a0ebd2be055f470eb10bb436cbe65d3327d0d8fd97ab63844b61168252e1dda00300e5048942091928e7ce771d0e1272446c114d6812f0650f81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
27f96be420706fcd1db700ece3e5793b

SHA1
0b1baf3524de575d35a5a250ad84dec9e20bb510

SHA256
b0f22dda86a1640748df2ae32f45b640ea607f52d6682291b6d30d5efb0c44b5

SHA512
c0f9c39b9f636a3911a218369c0fce78685494b4d1c8c56763c0c5ca88a33d3dc6858f3112b31bdda949059cdebb02a74c22904802533e44fe71e8d7ba435f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fe14b4a3d5c8c5053626dfff173f1a56

SHA1
ec301c8032ab48d4baf5624cf517c1010926b666

SHA256
1a1276ed8d3957fac3cd6bd1d8273f0e128c6362538fc4739c71b3ba699aff27

SHA512
d3eb700b05d58661e77b6209ce97eeb6b3dbf2413a8635fd7aa6e9917afda1b20ed6f98edb5be231642332e59d1de4a3c2b0958174e5e69716001b71c8f4a148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8c0440474ca48ccdde82cab100bf46ae

SHA1
72da14fb43db836ec4f1b20d4eb63ce0b1adc128

SHA256
68b1104e5cc3b19973b6d0729b6f4b5a552ed2fbc64b8f3b579a4780f2c5b884

SHA512
ccd2a07de4aedc16350cec65da035c747d52a895ac530a060b9da118dc94c846fa36978425ff876f4819d919ffb2b7ce7eb28516bc04fda141db0c81cde46466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
22b5d3412067b14b5f9f0247991179b7

SHA1
a8427c4a77132e1524e2be875fad7d126e0b73ef

SHA256
7886f748def7168f24afc0d567336f3ef3c4c5537d0d9b6ba492453f579d57cb

SHA512
0934e0835c6d9df035e161b603421154e7ebf108919b51581f0bb2a43b72639d41ac64769cfdd495dc442951bef44a6f57d028491a4737b76d3b62df65ab0a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
60b09e0fdac64ace6ad175f34f037765

SHA1
7d183ed20ed5e6baf53bbd4ea7fe8bcbd4769788

SHA256
f0b55f902e812c02d41c33170376c43a87e0b8c264623d609fc1e19cc69b4200

SHA512
48d0fa3c5ea305ede7da4478c5137cd2d8665904ac76956756f6a0e5a074c6404155c5bffce0ba4e926b5a3a6f710ad52e366089fecff07fe00b793bb298034a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
459B

MD5
93510b98d249923f82500526e317d3e9

SHA1
30aec1bf5bfa2d805f7fe5f8f64fe99f7013f7bd

SHA256
5ef27e5b418abedf8a0a13c109ddecf93b86ddd6e2f0ed37f2fef2e71f1767eb

SHA512
fdb3a06c26fa0544d5abf8bf23d25059be1100ec1c7d7b0182f8e9c096da857f87eec8118396a6eeb8b1f165d0a078fad32fba8985acb828d6f86b055e7f652e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
23ac722176b0f4dd34c166c08709a531

SHA1
e2ee1599a18040cf2fd0258ea689fca48e5a82f8

SHA256
2deeb5f0b3472e5a7684df72eb3dd7648e2bc80ba0290fc1f8a4ad39b563d6a2

SHA512
093d7517c97dfc3af582a1fdd25fa2360bb8e7bc598006a64d45cc45fd9956a6458505eae0ab02b0a0cfc4e65c8d066a16e021c55adc46c99e775e5e235407a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
716ab6f4f58f602f0fed35e347806974

SHA1
69ec2abe37fe83e2524456d47e175e17e726dbd0

SHA256
08ac858f7bffdc05eacee9307809bb7f58743f0a0203fea966d7707a617d1da9

SHA512
13c5c5c033e65e01757e9624d23b5dcf0227b6169cb1e42aba0d6fc808694ed87f058b3836f3f2cef0b8183e98a3eea80ea17c9a592db720ccf3b101f5e6b49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
254b84e1743abb9e3796fa136cbad198

SHA1
e897118ba38ed26d1625af6d7f7f348df8ec1cfd

SHA256
441b6284a48fd8be115ae8ec7a0f21b5309e08899d21cfb8ac045be6cee38a99

SHA512
3edc2ed741582b1355b57d7abbade9e51a6a61cccb76d388c9914ed3d26ab93ae4dc8dedb69a31d8cdc621603204ed57034073bc35b7c6626e97364690092364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1de9d7f8cba88014b342c1513f79aa6b

SHA1
6c9bbdb7e54728057295d85d8cc806f3e51f581c

SHA256
e68e6f812a780d2178677a2895797e45a312d7eb5d22763fcb0edd8792e672ad

SHA512
af9b5dc4ef28aa656f58258bbcfd5ecf3189ae33a878e86628f239a9ff482f8b37fab4036062dcc994361d3629182f32983152157f1a25b9b898823ef55e6b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b6b43df0d16d47397b4414f882b81d7

SHA1
7db414c1603784b42c30b097dfa808ccae24e61e

SHA256
c1b92256c4bf35ae46a7cac33c94ca944826e18378a6dd0c8af91fd16e8da62c

SHA512
3da35632ecb3bcaf882c0eb2ff869bb237d9ec972b48e51c678d41a55a54094cd61043c7dab905e594c12574f7931b342b949366992288e33efcd0bdf404bce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5932a256dc06c404afcdcf9ba897e66

SHA1
ba5be408fd240c7823192ff725a3bf4bb5be147f

SHA256
6b1bfa9a5b61b92ffcac6a10f8c0b28b6259dce2fa98ec6342ec4f6fe0ed5378

SHA512
ba4c6d63b55734f859e51952acec75ac94dd7a7933ce9fd7c1636f0ae383cd9d7a3f67a0fa625b23fcfaa3a3f8cf77ba76e90f965bc0248acd84049a0a8eec1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13b5964e65ee95f805fb22a1b47a3153

SHA1
f87eb28f43866193485852b569f8841113aed97d

SHA256
826e7c72b47236006e9daee0e232f871945d770c118f7dca2aae7c3e314c9813

SHA512
4af220db82a866b77ef46b9c00a7bc007254d42cc6d04ff07e44a5ec3f929072fd7750dcdc8aab2f6444fcf82e424c0d5cd7005bf8381e796e08e51794660df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81d724e33a641d5dcf0fb43f161bbbc7

SHA1
652877a1332afc730c46d0534c0be2afa5fa77c8

SHA256
a8352969dbce157521de63a5476ea851227f1ad781cf8b5ed130bc7d6caefd0a

SHA512
056546ab69d5b72abe3c019c4bee5f174961880f241e541c19b0d35b9f0a38f5ea28f8f25477850adf9479d2a7bf17c457ddeefb7d0c1cfeded799b4f1b0e4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a355c5a87bbba476b72ea177419a1b0f

SHA1
537c8eae58f40079a23c43eaf14089e3808836e6

SHA256
89716145ed52ef9dda9d6d8b8cafc22cc012b737f1634ca2e2ba0d7c510a3376

SHA512
11b0e8c3580e7b3ef239095f1f19e7cf6ceac8f2b7cb05ad687a4814db107e1f99f2b4dced1f175ce6ee28d22db87ae0c298bce9a05734fbf00c2a3f2bc1244b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d13c251f982f4d7d10a916aea926a4bf

SHA1
057b3f3d566ec749b7f26427b1fea3a8cee243ea

SHA256
8d131413da2263b39bf2bd71f0caf4a549c8e9813dfce98feb46f62e5a1edf7c

SHA512
1af27f676b1f19c14b849e54104f3710a03e7f9db079fa99863ed62f86ab473e522b76a08c0464d5bd0cf9799b033d4aa2380e11242583935742d388d4c982c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42d1e0601b62d0aa22a9c97c34cf1f5a

SHA1
1ddd16192acc5d5bb25346ee5bba180b0eebdd62

SHA256
822dc62df3cea865de20edd3d930b6d4b0bfdd3721a39f65c6f6d36a004fac3b

SHA512
ddbc5332406a8747492eb7e419a9b59c3cec93a4beaf47eddd42eccb7003adaabbb5c6d2960653335f7ae478f991345d7f81574ddaf384297e9f1b7f913d7c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e5ba0451ff36f3ea9e13836ff06ff26

SHA1
29d9432a220b56a8aff2ec973bd6006dad895117

SHA256
be939c53dedb05948868aab0d04a7a31d9883884262e1da601e23cf95ca80951

SHA512
10247ac659e1ad79d1984e617f9ded79cbddfe9c69177968f385729cf7d934c3ca82d4da8ad5dc025336b2ffdb0fbb7629fc0c400896304a5a71a001d030ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
65ad17691be7a89811ee2bb441c04473

SHA1
e102ad87f1cfc68cbbd3581fe68136e4d23ec61e

SHA256
b844949253cd6ea037b3fe214695749e9937385f8e9b4b3d7922b3da5c34f5f6

SHA512
ed919f0ed25be9f84eeed535ac84718674b1cd40a69a54a9ab602281f617cf667f3ae242b2e6a90196dd81ca01db4a1f778d41d12c7f3899f8987b1191813c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5839b6483efe8901448d5830961f487a

SHA1
4456ce4be00adf5458028a1fd120ee3fb259c7b1

SHA256
576c72c6754f2f6708c27814f79da762eb05f85be5d49bbcf695d8bb62098e81

SHA512
c65d1e1f9fc51d7662cde0f54261a39aa6f5a7cfaf99ea2c91b31a22fb3d80ff148c1cd0494da16bb1ecc54dca222a95ecab59b40ffda1df10d54603c0e74607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5896cc.TMP

Filesize
48B

MD5
ae2a535b4076a5ec2725e64e9dca7d21

SHA1
7045c92463422764b0fb5c4add188c28c386812e

SHA256
52fb3c0e3a83f9bf06148e09572e5a3404a9858789738f1c262dd4d62f13eff6

SHA512
f7e5c7cef36e7a4d70f197fb79b6156df465a88913e2a481dcfcdd370f6693df8b0576c9cb391293377d759059bda0bcbbfa3c2297ae0ffa0b37d9007f7c5965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b6494e861a0f55f4c5f6b356f9c8a36

SHA1
909ab56e1cd03b13b006fbccfd4b4a6eb89eed98

SHA256
eeeaf07ba124e3e933f6de447f5b397cd3d1725b24334ae076bf9dc88d0a3b10

SHA512
eea0f953f9f4a7708053f17b3309299bcdbda55aa36c7b3535cdc46634afa629d79904eec99db3a74bb68e02663a6258c30aa62de6aaf3552ade2b587aa14bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c35c6c65fe2ee8e4d014bc10ce84b075

SHA1
247c1a726568a8413a5dd1c9edbdc1a3b03264b3

SHA256
004182be2e8f8e162fbafff3f7585fe01c14c15f3394c542c47e616daab2a71d

SHA512
7fc2c8007d319b38670083983ec3e07cacf02ecb4fe17180e14ae65db78e227be358267ae10193092fd8f2601646281bfdf7553dcadeec41ec4624b11f6bdd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f48270b8dadd80d252377975268ab653

SHA1
e9c983feff90bbc22958aae41af332fad3039531

SHA256
524b62e403c239a5a24d0cd44cbb4ed2cd3b697f090719c5c2ad618682b4a99a

SHA512
bd9879187eb125422936ace7694d8b9bba5678ceda10221855515e42fe574b5ab872dade63c9d91f31335220635b3ed2fcdbd9051fb937b349ce8b3b870a9619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24085a018cf18280743e524766bd8692

SHA1
c64bdb2c07c4318412f80fd7dc83f1851a572e87

SHA256
583703703185265ee01e33621ed4326877307cbc08e1696842e3774f46520f79

SHA512
70181ee8a98827395ca020e94d19bd4dbd2f96df70b6c2f631c561201bfa1ff65f764cfcf8ccadaeeb417a15fcdfa2c3bf89ff241e9f66a42b8a209da14f2bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a777b5a4dd2c12c24064027f1811ef8

SHA1
6edadf5bdaffac2f3f610b4cec38729d05f9df73

SHA256
1251c20a767b04599e389d6c4bf62121b2c5383702727cc6dd2e487995710c51

SHA512
2eb9c79240793d88a873556e6ef754cdfeca227af27c149932feb61a43beffe620b0305365c1bcd396cb7c539279bf5fbcc58e7a8ff6d4870da1a25d17de1d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fb62877149a8f5df34ea83f6b8c8bc4

SHA1
a7dd55615cece3d41afe62ed6c7cd3e1cacceb8d

SHA256
f1b4e247cd44bdb582dc354ce3b99a4e71925793ee5eb03f130e50246f7fd0e1

SHA512
7631b993ae71e551fb109f0cf676c60f80fc9071de08528a5b923e566b763cc9dbdef8828ba0b844e5ada731421659bcd2e3ac7ba5c3bf3ed6a5eb8a163485ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fb33a5a6517be8c82f2bce80c551857

SHA1
27c0b220545648a296e60cf5570319752a1d903e

SHA256
9d48b23f9a5b9e64e2fdbe991e0165db74fa5e618da6f198dd92fafc53fc8924

SHA512
dc3df3a00d690f2132936b1b3de163334725de5560b5ebd5f39ed1c9e86ab0091c351e0f0b873337acb7f2e1b48ca83a742d2b6bd803be85b47cac51c55666f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2848a5d87da53027f6c199d266f691cd

SHA1
9e436f14d4d893b00e0769ea2e281fc8a8b9ab2e

SHA256
6ec45296c3290a46f60a229fb2067f4bc21c0a02316833a71ea08b7de08018de

SHA512
5ed3c23bee2711ad18171eae9907271905143c2799f08a66762d0faec1fd5f4cea6d85f7e426d661c11abb7e3ce7a6f8b971055f8e41234d315cb785cacec4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879de.TMP

Filesize
536B

MD5
8197bc3b7fb0becae7717a7fc481c8b0

SHA1
a7f71fbbc63948cb4b99ef2b272df7a9c6d08b5a

SHA256
9806fced0d8b012aaa9369fdc3755cbc8ef06a2fdd71e4a584b3a9b6ae248fbd

SHA512
29b970f17e7fd8c69f2628bb0eb732849d9372c127bd4f1fe4ef716835f8baad3687b56d9ecaf21ea2fe99fbf9b84f030f835e78cdbc966b6ca7682e904994d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfe2c7d5-e671-47e1-9cae-a20f4b59ce27.tmp

Filesize
1KB

MD5
a4f76649ba32b224c70a678234b48de6

SHA1
4787535dad413404ef748a214e55b3dbda129e83

SHA256
9ed4b0daa07a4e1aca3ddfeeef00c5448de0094773fb73de1c4d7770a361e81d

SHA512
6493b922f643ab3ba3a59ed4aa0d746b175a62c2edfbff6d23ca3da9baca94a25a8a66d0a69ba8132106e2664b81e892db4908cbc400fabc75fcd10ec6cad212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4c2f4fec4eb88e32dc44e4464bbe107d

SHA1
741f78f2531189264aa6e921482b868aec8bc568

SHA256
9901da1fd41ed74e120cea6335acefba3a7a0c15357cef6b8600b0ae446f7fbb

SHA512
55bbf5bea47d6477fc57dcab3396adf80aac96a7c30ec28cc134b49a0454e12235746af6c61e7e145b174c2050ac341e66cee56a79db6b63967e773af76d9091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
91e4bc8d7c1c0b63a09cd5bcff1a6270

SHA1
8dc592a13ba0065264928d5f8d9741a5bd93dc92

SHA256
2db992ffeaac2dde0631a1f053a6eb86b2f32b1a26fbb74a0154de492e601517

SHA512
8b75248ef37417a2c46ff2960f0b3706e3fa4c5516c01658eb4e85b6dfe7ca5579c4e5695664a323a932f2ab2e8ab41087ec9a78675408a68379b592ca59e49e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qkw0imzl.dcy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
7a0c2f7cea61eb312bcf14e905a2d50a

SHA1
f5e07abfb9acf98805bc593b9d002c6ab2b9731d

SHA256
abc2afed2f771d75494b38fef81f57b58e5b1a3083ffc948e2a981013b4711ad

SHA512
8a9d31e09788a146fad80c83fb4d5a861c2022507ceb6ce568863608067f3297328502f2bd05921874c5dbfb8145d728d8beba099827393a1437a2dc6bec993f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c6edccd47ab471c23bc9961a331fd93b

SHA1
16a2dea44c1c3bd37cfb09fc835f821b543c7dfb

SHA256
e09656bf1ad898ab34ca8568ea1acdc1d95b83b330f24808609087fcc2735f21

SHA512
115786ab59524ea1c06c7520b40f173d578870bdc821ac09b7ca02c9c3e1210cf3fe784683fdf3d7f8d5ff4656c67642c07c1af5d2b42f3490ab3c58be85223a

Download Submit
memory/1372-145-0x00000197E3C10000-0x00000197E3C20000-memory.dmp

Filesize
64KB

Download
memory/1372-133-0x00000197E3C10000-0x00000197E3C20000-memory.dmp

Filesize
64KB

Download
memory/1372-144-0x00000197E3E00000-0x00000197E3E22000-memory.dmp

Filesize
136KB

Download
memory/1372-134-0x00000197E3C10000-0x00000197E3C20000-memory.dmp

Filesize
64KB

Download