redline | f004a6b85ea2006cf3849e4ddee42a2df74a43707c835ef916344d565d2dccff

Analysis

max time kernel
208s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2023 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GENSHIN_ESP_AIM.exe
Size

367KB
MD5

403512d851024c4e3efb3cf61e5058d1
SHA1

24354abc6d58b9d4fc4d95380e7639473b2b45e5
SHA256

f004a6b85ea2006cf3849e4ddee42a2df74a43707c835ef916344d565d2dccff
SHA512

962f157e2d43142abc74ab728919693937ac61ac9107787c393929b26cb23c5e2846567873404b287f747df1b3c66f87c6cec14345b46079f77e49845842724c
SSDEEP

3072:zcSg6LmU8Rz+644/mEymgPvwiDmR0yW5IKQOzOUax7glWBJtCziX8sbSXXq5iRym:Axm6zHi8WmhOba7gluJoeXphiom

Score

10^/10

redline 835252574 infostealer

Malware Config

Extracted

Family

redline

Botnet

835252574

disdoctor.top:40309

Attributes

auth_value
eb1555006dcf91279c06d36896e53b47

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3340 set thread context of 4728	3340	GENSHIN_ESP_AIM.exe	86

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d1dacd3c-f342-4354-8b51-af5dfe8cc1e1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230603065806.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3512	vlc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
2128	msedge.exe
2128	msedge.exe
4112	identity_helper.exe
4112	identity_helper.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3512	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
3512	vlc.exe
3512	vlc.exe
3512	vlc.exe
3512	vlc.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3512	vlc.exe
3512	vlc.exe
3512	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3512	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 4728	3340	GENSHIN_ESP_AIM.exe	86
PID 3340 wrote to memory of 4728	3340	GENSHIN_ESP_AIM.exe	86
PID 3340 wrote to memory of 4728	3340	GENSHIN_ESP_AIM.exe	86
PID 3340 wrote to memory of 4728	3340	GENSHIN_ESP_AIM.exe	86
PID 3340 wrote to memory of 4728	3340	GENSHIN_ESP_AIM.exe	86
PID 2128 wrote to memory of 4904	2128	msedge.exe	98
PID 2128 wrote to memory of 4904	2128	msedge.exe	98
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 2248	2128	msedge.exe	99
PID 2128 wrote to memory of 4460	2128	msedge.exe	100
PID 2128 wrote to memory of 4460	2128	msedge.exe	100
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102
PID 2128 wrote to memory of 1836	2128	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\GENSHIN_ESP_AIM.exe
"C:\Users\Admin\AppData\Local\Temp\GENSHIN_ESP_AIM.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4728

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowMove.wmv"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd484b46f8,0x7ffd484b4708,0x7ffd484b4718
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff799575460,0x7ff799575470,0x7ff799575480
    3⤵
    PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11221629491126318246,8126492127617301895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37d00b54-bac5-4df0-b08e-4235fd347f84.tmp

Filesize
2KB

MD5
9de651bcd0472e6babc47e5b96dc29c4

SHA1
e328e4df74677bcc786c0aee1d5bbaff6f22a227

SHA256
68780c26bf78324bd122f28f6b662497e82f7a33a0496c94bd249335b0009216

SHA512
d2acce13c9158ec2fed9491e1a0bffbd17bee6966571c5c8bab721147a3f560c9e75ea1ab8a725edf73b7328fc216bde7aca6207fbc0d3ec4dcf5388765dd5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
9b13f2a8f8de9e8da40c4e3e1392574e

SHA1
864fb91867e4c429d8ab821763bf11ce15fba384

SHA256
66094d65d176790840968a73dec5c88cb77d1d573a9cf8c32da223fffe41cba6

SHA512
9e40798ff8b457b8089c26b5745b99cb64dd125f0210894fea156346c767858e71b30af383ba8819bff54a0f9d1319bef0466b3d283fcf310d36570e4cf69806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
87KB

MD5
3c57b7f2cb0d057fcc4738684f20736c

SHA1
d4aae3861d8bc401290a065dc1dfa06f0a6aab96

SHA256
4408d6e4a2e8e3a301a710895c44177ac8db2baba572eaf3acd9ced75c6ddf29

SHA512
7ba4797eaebdc9d5f5eb53486028c899c1fd910db3f1af8be88f218215148f984ff0443c8bf8cf43e0d148fab4ac6a0b8688b43ea303d9932f21287da908d824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
995KB

MD5
576dec2e20cba6290a6859a068da0cd3

SHA1
e680bdbd5e61c19dbde2955b4215aa030ec88d98

SHA256
c3e81a746837d256f68fca79b9e794a6d91460eafa5cce5ba77cc3e2bea9f05a

SHA512
33497d4ef79262f7555d9022d49b258c94affe199affdd926fcd6dbdef70faafca32f930cbf2a4679765bcbaaae8fd076db2740442ebc72be1bdab1687e6589f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
78KB

MD5
1227deb8aa67f2fd1410d1ba887fa7cd

SHA1
6d88c9075932bdbd64514d309d38245669449e97

SHA256
453a015a2914543862048537739b3f170487f34505e55722d29fed64886ce9e0

SHA512
3172b90ee36da5c737c89330c575e146d1146cf286fbb70ee5069da286092f8716a34cfeb4f4d3213f861731757bb7b542bf369c7fbd1d9eb869fe5bc2dbd6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
45KB

MD5
ed41906b0ddc2618580f06d717a3d285

SHA1
54fa871fc6dfa89e1da0e7d81df893e9f45f037d

SHA256
a491fbd67ddab379a67223dc67f3ad88da3b4bdc472b83db0d98eeb1245fef7e

SHA512
a9fe8bd101bc4bd217378f3a5525d27ef7c21d2365cd43110e63632906ba0df0dc7cf9f9976d98b20c38e016657d30e4370be070c4f17a4ed62a5dc85e511124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
73KB

MD5
171f383c13fa046f4e535bf5ab5a20f4

SHA1
f79e72bc8d0833d932a5aa98342334f605398f1f

SHA256
9cacab55be3353a215a36312150c1e71c5f1f417c4cfe1aed1f1ebdb55d3ec6e

SHA512
4e1999dd8e6eabb3b6a79c28f73fde1b7db72f8f23ab1793a196deb70723010e5603367cb2b4db90415f7930d1186c1d9db1abb8d8935284d32e64b54183ed85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
166b86da7ab645ae3992b9a70338ac83

SHA1
0f11f3803b24435da75a7c23a987e73fbab5dd36

SHA256
72c625b696fcca93ff81bfa4632797316ea26d57a579be20c9ca83a5a2d503ab

SHA512
54cc069e9436343adeea38910c6875283d6861c67d79491279f3b79b95bd012b964c0324b382c8fed81142523485fc6a908e0e2883de47fdb4e5c93dd24f8d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
04a3b9c9fb860dda93043e150c32ad12

SHA1
7b9aa5ad2b20362df7b96de8b5ad02e765ff08f6

SHA256
ebe3b822ee622b67e5733f3bc6de6bbf46c4513e6f443660045edf2cbb45c2c8

SHA512
20704f287c2360d75d2a7d19641894ca193ae139c51a4b76b46ec2269d364d39afaf944e5b3a6d6ebc4257cf40a886cc3537a34240187e7e8fed2a8302885b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
405910cb578c72b42de8c8922352ca32

SHA1
785e8b7f830ad0ee9d7e8c3176771bfc1cc5db4f

SHA256
29d749481520a2587ccefb7f0f8439fc0e684e16c0cbe6f6c4d5f361f1a6123f

SHA512
661a8b97a313a73c9a7e7e71721b91250aa30b88e6cacd9a0fabfc395a64f8d1522ecc7bf0536e02be4f8f7e5748491af4c0b836e569a6da532a08d305890812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
28cb619d6a64976fd70c9bc344fef1df

SHA1
91285368d31f4bb208b9f94651e2275a7309f20c

SHA256
5b0935f207dfcf14464c4d9bb058d41c26ddb589d703984ff147d9ff256ed4f2

SHA512
6f44030cee3011f6d2a41f6272a0824965d75a7e799dc7cf0afbc68663c4b74ba86e80f8a955c631ee7a0fa422e5c4f2dae65a6a6f047c3ebaa3dec2df910cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3475d3f1665214acf12ffac8eb253422

SHA1
ffb30727178e433357dfdb584d8142429da7487c

SHA256
fa0e4389bf7c74f556cf5ccb424a88c4a3228727a2c4cac1dfbd1d4bc816a926

SHA512
58e214e2302dfc09fab9f4eefe24be62df5980292481ed5d9ea7186438b9bbb7c8eace374a961452683e6ae8523235f5cf09dd65122f8901f458bdbefbd128a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
69fe4e1f684cdf88fb4f9928a4543135

SHA1
babb43a67457f7ccf7f42a7600fe39bbe00e2363

SHA256
9deecf5a972f7917410dce5404178f3c3fff8de70d9415c5851c0e7770b2aadf

SHA512
ab0def860e86a8f05d2d90585addee68b47f8695ecfb0364b704b677647729135691a36b9be675de0f22251a1ddf68c06e8effe783c58a7d51ff8fecf059825f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b589843f656854e397dba23d74595a53

SHA1
f37287bd2f70834cf6e18f02918203904117817f

SHA256
ee9d75d671c5239da3c4bf63134595015a22f0c0bbfa77f96fe511d25ef3b793

SHA512
5cb32d207f7e02e77a745c3bc9dfa204cd6331e3bbdeeb46bb752b778928d6e929fcb37bcab9d5daf1bc041e4fa4de151d65e0de8db028173a87b98cba857672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bff1334549004233a403db2918618f2c

SHA1
b2db99cfcd0b2b5cc1b0691ee0828fd004d838b7

SHA256
64481ba3259501cdee5a921b1a7573424fde1b1184b060db478441bbc24b12b4

SHA512
c2ee4d67863e8b882165ff689ba772861e113de7d543096bc9f4a9e6d36935e4b6ba8a00cea7d1b7026b9bf0259dee36d63a9108c5ecbbd41de72af05b360ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
648b173c483813a8db1cf3dafbbdefb7

SHA1
84e2d2e0d3b6b259532df877ecf7e4bbcb8554bc

SHA256
b803c8dc6ef691cc77cb44a556f2975708ba17e4a9de6c9f6b1c7f2757831dae

SHA512
592294508d6b35a24517c3946abf6b79ac75467dc9eeef19f374cb9885df9808159b3eb8b6b0ad13694f71d847b5164747cd058e17996cb992364f8375b72f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e451d62567560a0405f05de5c75fa4f

SHA1
81de8f986e9ddbe3dcc015dd49593ae7d02a9ca8

SHA256
5711570caf49b76ae97379daf393c509d5c5b3f50e76bba84519485c9a198504

SHA512
05b1949adbd12209a3c70fedf0df85a656e780fefd1f297eef70b4e88a8413ffe492ce9826a738d0bf460862d0b709cfcc512a957cf54e04ee551229baed7e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4df46b38a343162b23f6accb35b0ba8d

SHA1
803fdaeb7002644adcde0f62a283e9e63202ee71

SHA256
f6f1bfbf8237c23711a1edaa4a152bef0a9bb973f9f3a27a3bab3a91f157f5da

SHA512
e6e50cbf788bac4e4e212c92f8bdac473cb07cafee143651fea4dee1d516f214ce6768249ada6489b91226ba2238bb2d7015492cb3c2e8388d8a12cdb1ec776d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed7a7e8f355a1c72bb917d47ed2ec9d3

SHA1
a04477e323ca3d39d3a6ac16a322a4979a9eb358

SHA256
6512d1b6ae2e7b60e3f779dced2c335a7b93ecdbe1297801830e0f7d1943d878

SHA512
c86e99c0922b2cbc327438afff58ea8b8975745eb4e4f8d847f105898ca31abcf32a16c18a22316572627d523794284a9146a6a902ea20e1507b33bf8bd4e04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3d874cbf2372e29aa7bde5be5e1db4b3

SHA1
a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

SHA256
84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

SHA512
8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4c5e232fc36f583be4a6041eb71b6c2b

SHA1
00f86e6887960c9155a462bb4ebe897a8f8ed85a

SHA256
4a4cd7dea90f4c0c8bb9b41745ed6757d5bbec935f6acf15e3ad2fe71d4eb458

SHA512
9aff4c8ccbe7ba00fc3b5a446e58b1f285c94e344428bfbf9659de515478ab8dc21cd776ccbaccafc6f26838d46cf1b09287e01e02c6504d93c45c3a402bf539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c67444d9986343bdac81a8d034e1e37

SHA1
5e8f6d31ecc3b2f5c45da1bb59c37c1222a65363

SHA256
7a6c0dcafe597c7910d69935de072758d7ed6fbf4b1f0aab08aab5141f5970a0

SHA512
cb31e4657fb13c5f6409683224066090997f5978b9e75a026e74a08f55c51c62a2be5bb94ea4d4bf7956e0889a92f6eddac8588cea5c13d49e94c7b9020bc514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6f093deb9e586341ab8b2580eada6ca

SHA1
3fde5ac3cc87c9afd55da8c5212f7efd98b06e3f

SHA256
2b976b45c4ad7fbd39043a4f58615a50991656e789d64875e9f741de91ab5190

SHA512
3abf52b4ec85e1c78ecc73ca09d7289f06935536c1484aca790fbe0f55a7563553bd4c4012b52e762ad1b992b0a4ace74ccf5c144ee523f978fe1ac2be046eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c93b7c1302f3d2fd4e04f344bb428b94

SHA1
1c4aa9ce776366afe03ed6b1e33462556331814b

SHA256
ccd985cceda95dbef1cb800d3b0e737c0239dfc5ca2cfa5404e1e83bcd6061a0

SHA512
4a66ee5fa4c9bba18177f368952d29d75fa7dd532cd41ba9037cb8579d67a768cb47075ec6e4cb82eab11a53ba5e11d963b1571a5e4b1fa7f3f390c54e8ede84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ce2875e66e70ccb39ae74059ca2315f7

SHA1
55995030fd380d8bff9bd04abbaf73ff5d6cf16c

SHA256
212b38d443aee9065365e15f3367a7593375029a95174330036bcbc6ca938692

SHA512
31ac6d1547e6bb25b98ed78998754cdbc922ffce3ec31b4d938515e2a73e7d9851b77e7f40611312230978cd79d3b152d098eb5ef5960ef185a09e3027ca2f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9d4044e0fe7fcfcc79b5d84cd40fd8ce

SHA1
6553c988149ae17f538d31ff278dcc7d1d53dd3f

SHA256
47f8647dfca045577a9e3927385e3f31b12e0dd4c3429a126fd1d1935cb6cdee

SHA512
094a05b1cf93e2d891c538b4d8e8cfe5acb761ad301e4d52e7d0887e1acd2825aed4a43e972b97db8c2c73aa2a784012995701a40c1cba11185ccfae80db3b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3dd0420513c2417d059658ac477fc794

SHA1
93e5c82f871d133076fbd5b90821a6f07262729e

SHA256
f0c9890ae6f197e88b94509b485d2c3803e9f9b94a896b1f5c5bd4b9b9e50893

SHA512
4ef8d412604beaf13cdca577099f3e3a5374308b6cc558bb9e4d6bf74bf415dd9337d05d9e985e3f35feb75e73c32a6be46ba617c00f8afe8f87def2454edd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
512e9139f0e9e9336e3a75461527a0a0

SHA1
fd7e8aaf82acf9ce25c93d1a2301ffc0d6051f45

SHA256
ae06d377f7e388f8f0b496dec5e52ff2a4b92736ccdda854bba4f6bc8a983f00

SHA512
b984b541c83f44e6700ebe5d82751398ef8cd9158e36cb41547497ecd04b8a02526dd8afaa327fc4f7dbf13abb12056bc6569315d1ecc62597df97c87eda2904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5e2.TMP

Filesize
1KB

MD5
fa3a61dc53a98a476ef27f0cedd7155f

SHA1
6742a9a70c545fff803c773498d2bd6eea34c1d5

SHA256
04458a8ba6f33d8ec77b6cfecc61fc43725dbda645d7a00a469391dd7fab5800

SHA512
6d6dd383cfe49594f704ec1b66e66279fcbdb7cf59065407079661e8265cdb8ed9f13f6b67a3ee3658349659e03cf5ffcc4952eb9d503d4a619a5603790a7a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
905899798714c773db649c6753682a15

SHA1
03186dc3fd2576c4afac27b4b01772a8537823a9

SHA256
648b2a2db765a9726772926603e4782aeeab2ebc50bffd9682f40b2b5c6b026b

SHA512
58544d9d3ac2724c4ddfd983153266b597a4d354d03f5c5b4d3a32f228eab47b8666b6de82186a48ae1090be44f0c24606a60e14e151b46b3e99b14d06380f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
15529af2ee56ac5c2fb02400d8f0edbf

SHA1
bdc074ee765e84a740a4ca7cdb3f3ae78c53a7dd

SHA256
667bb4050e06b168dce6ce4a6a2c5777e6acc28da3895865f1bf240706e8d60a

SHA512
1339afbe0a14febe123d42d6234061b96f2884e489a9527c963588b4ec0a571d25265afc56d810867e80e187598438a771b69fc7194e9af10e2f7b1f62c87c9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7cd51ad908491d505232498fab79eac6

SHA1
7abea6e651c3e3d251718f023354926010dd4201

SHA256
29ecab286303a3f86928bab5379d5de2b269db1d1c501ff685cc25172fa0957b

SHA512
183f3e98367cadd01162e4ce3e947c40062ff7e5f2c28ce499d586ad1585fa95ebfecfafe966df11393274142f9f458a8fefd68891dbd0e07d7007962b8510b4

Download Submit
memory/3512-154-0x00007FFD46800000-0x00007FFD478AB000-memory.dmp

Filesize
16.7MB

Download
memory/3512-153-0x00007FFD48210000-0x00007FFD484C4000-memory.dmp

Filesize
2.7MB

Download
memory/3512-151-0x00007FF69CB00000-0x00007FF69CBF8000-memory.dmp

Filesize
992KB

Download
memory/3512-152-0x00007FFD496B0000-0x00007FFD496E4000-memory.dmp

Filesize
208KB

Download
memory/3512-155-0x00007FFD45C30000-0x00007FFD45D42000-memory.dmp

Filesize
1.1MB

Download
memory/4728-141-0x0000000005A30000-0x0000000005B3A000-memory.dmp

Filesize
1.0MB

Download
memory/4728-134-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4728-140-0x00000000033B0000-0x00000000033C2000-memory.dmp

Filesize
72KB

Download
memory/4728-139-0x0000000005F40000-0x0000000006558000-memory.dmp

Filesize
6.1MB

Download
memory/4728-142-0x0000000005960000-0x000000000599C000-memory.dmp

Filesize
240KB

Download
memory/4728-143-0x0000000005A10000-0x0000000005A20000-memory.dmp

Filesize
64KB

Download