hxxps://16615[.]login-outlook-qr[.]live/#56a726f62657274736f6e4064636363642e656475

Analysis

max time kernel
443s
max time network
462s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://16615.login-outlook-qr.live/#56a726f62657274736f6e4064636363642e656475

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

SearchApp.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 19 IoCs

Processes:

SearchApp.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1764	msedge.exe
1764	msedge.exe
4752	msedge.exe
4752	msedge.exe
5852	identity_helper.exe
5852	identity_helper.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SearchApp.exe

pid process

5800 SearchApp.exe

pid	process
5800	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4752 wrote to memory of 4824	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 4824	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1816	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1764	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1764	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1928	4752	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://16615.login-outlook-qr.live/#56a726f62657274736f6e4064636363642e656475
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89fa446f8,0x7ff89fa44708,0x7ff89fa44718
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3140 /prefetch:8
2⤵
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
2⤵
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
2⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
2⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17879679548477916025,4252269013116566777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
2⤵
PID:1544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.1.1934273839\1195072761" -parentBuildID 20221007134813 -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93e1c0e-d5eb-452b-b335-8c2aaa2571d9} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 2272 1954f9f9258 socket
1⤵
PID:2860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.2.1998097529\1453112245" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2916 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1a8a44-d81f-4776-834e-6cce13fb3704} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 2864 195531fab58 tab
1⤵
PID:1840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.4.1637515437\450736210" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26438 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba7e2e7-2b48-4107-b6b4-a95734b8ca9e} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 3768 195543ee158 tab
1⤵
PID:4608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.3.53327809\1591655564" -childID 2 -isForBrowser -prefsHandle 3352 -prefMapHandle 3348 -prefsLen 26438 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d59abe-7165-4af1-bdd8-5a4325f68b36} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 3360 19542d69f58 tab
1⤵
PID:2168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.6.1135290947\347913192" -childID 5 -isForBrowser -prefsHandle 4752 -prefMapHandle 4748 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6af7192c-bfdf-4f03-88f5-4cff01714aa8} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 4828 195543ef958 tab
1⤵
PID:5496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.5.982092878\1870028458" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64259d2a-8317-4c48-961a-dd9352717a48} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 4492 195543ed258 tab
1⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10266803404006342648,2326287069842572203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
1⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10266803404006342648,2326287069842572203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
1⤵
PID:5884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4664.7.1786326591\1882122597" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 4752 -prefsLen 26497 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16712289-32b7-483e-a48c-5652ddf4d8ac} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" 5268 19554b21e58 tab
1⤵
PID:6128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\fc16bd5705ff41928bb677c93b5816b5 /t 0 /p 1376
1⤵
PID:3584

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
c4a784e510f63cddfe7b4cacf8368910

SHA1
72950935b848173973ee3578bedfcc5de649edea

SHA256
d1ae88a7d711e7bf8d4b3d6726a8f650ac17ebf705b849a6f75a591ca1891b97

SHA512
c9660f3cdcade3ad1047872c93c80b3a002ab3ca72e52e9cc790d47264d47f5b18fb5398110f97121e9a4d09293451a3bf3dde5face2dd041b0fc4ae281d349b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
bb73645e5e7aa9a84c30fd79ef7aeca2

SHA1
40562c025fffda57bd6274c477320cda188a1f46

SHA256
c1b140f6cf7bf465d71dde15a85b45ba63e5257694c107b71a43e2e12d25c849

SHA512
18fa1f08463d9eddaf5f320888739d4c1fce8d08949cc191058d9b5a72afaa8e2e1996b828784bbdafc588286fb5b2ee9502f2cabadc1d38972de20cfc54cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
bde2483a397fcb648f0966a036b3ed74

SHA1
3bc57a1d39d43b455c2c1c1c10e2be21d55f8bf7

SHA256
6b7370cb66c712c4849e47c6eb3e53338be17593b33517e2632404023e799a8c

SHA512
d66b4245d66fec83c6cd9c19c75f51a15dad77422c26bf282787980eccf38073557f164bd95f91b953a2545fad0b76388679c7277c9c8b1c70534e5b724f79ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
64f1c8d63100fa58db9461bbe33b6453

SHA1
019dc8658592a477e26044bbf826269d9cecbe4d

SHA256
6dac19ea94c0eabc1155862bfbea2d567ea3a73b9fb228e25a0d0c5584043322

SHA512
14542ec44c7fea2668164d37c0799bd6a6cf941c3a45dd97b9fed3f540daeee8b0dabe0b4b35f940edb72042e16b31e14c5eb468517e81192c59f3f8cba50c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
d5b5ac0c74d36798b1fee623fe115d66

SHA1
a601880604a5a3c3e847d176cdc28ca6ef97c048

SHA256
f35e13300c57c24ac5dc950e71ab60312ee2b7f5412cf2bd17725aa197c055ee

SHA512
e07be3d7eb4ad51f7ace760f5b9ede00901a9331222ad4cff3cc73f83f87c1b4d2fd04b8b79498ae37515592ffebe2b6304352fea689b7beab1099217669fd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
434B

MD5
f44f1819ef1251b3f91d61dbf9a01935

SHA1
7c4688b2fd4543634798db00b50912fcfa8fedac

SHA256
fddaf35fe3818b57115cc3bf6d35687fc145db65f19cfc29a7fe548d59f4584a

SHA512
59fe7872acb5c39ee0ae10c8ea0bbbb3b0fc1471a1fc7718018b46d7068019558bae17aac3d2dea0c704584aa4f391fc5a02aa4a934d5afdc9d0760f1c8e3814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
587B

MD5
24473737d6c973e9d3632da335bce4e9

SHA1
24e60172b5656f030fae4557dfc7831004918c45

SHA256
56d562002bbfd0348cd073de6b2be5aa4f7d36e2d5eef67bb2dc52b40f1fca5e

SHA512
92f9fe03574da8c26229cf8802b120c30436edf0edc595b051a4c93858469d0d859063fae63772698ab3fb9d31f2c4c0a4aafd546dbb6e94ccbc6dda6bc1c657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
195B

MD5
710dda995bdbc64fa9a45050177edb78

SHA1
443b87d944fe2baae838305587d29251ed2a4906

SHA256
d0f8f7f5e33b0d77a8da2a9f9e633b7dcde7ec0aa6fda9fcb2532cb10bf6c0ad

SHA512
e8f34250f9365ff938f1ad7749cb4bb1e83985b20129b3d47b9e2ca693a66b304159167da41ae7e160564f9dcce4bc12b422adfd6b18f122ac3854067b02a550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d1b630d390f23fcdeda372a6713336af

SHA1
16f02205d1045c0b838fcf84b32146ec0e71d64c

SHA256
cf731407fdc065e2b8c942a6851b5b580704ef7f75c22d7cb4e895df39a4d98c

SHA512
3961e30b4c58b94d7a1867a05cedef94605d3a931084b82e8caa3c172b72e02fd712f3af599a18bff19c1310cdc97954039e2c241ffe6d9241d43fdf73dea032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2f952857de01455bb86b1a88ef588e0d

SHA1
f68624d073a7ea683965518e88c26c5551a032ab

SHA256
07ce11ab8e3ae271447d37b57449dc1423a269074e126188f361dd81eb731b57

SHA512
9704f6812c497ffc87face0d3109d5eaa6ff3cfcbcbe0fbb9b632b47a3e9defaff39bdc74df4514676b8de8a8f5da0f5e6e6cb90ffaee070b2a043d4ff321098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0318a6467a2648792ad275b30e5b5a86

SHA1
5c976e8a5af51d114dd61de3504d264026e6d9f4

SHA256
10d38c22c0a3b1d99bf73832b1b852e457d346a70f8f55ec31ab669d43a03f23

SHA512
0410c080ed64e54f7abd8a74287607cebf76996664fb5f57fb2afeede09115e77d7d22fd907d25afff062bc2b91878f2100a69f76bb6d5f0007006eb364174c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
187a5f961324b520386a1bec426c2da9

SHA1
867de7690f7b54886ec317aa141556e98cce6090

SHA256
b3f39003ceb2ca8939039ab0a7c1a6c2d14a44b5ee72e63d01c8c034a8f1f1a8

SHA512
4f40d3b34892fb91c0efca4b85072ecd8c94224ef1602ddb338e669f7e262e2373d8830a4a14a7029840a581659c6d97db77bd61c910074eaa1849292c611c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
c63da2e62e987a2abb09648b91d5971b

SHA1
c711eaecb1a75ac531eaca705f1195ab22099ea9

SHA256
e89fc26798b8d01470b149eccac569a72ec8e452f2a6b841c095e2ffcf0db31f

SHA512
d52cb3e3771aa7721248b726c0dafbf707c6959e82d4de2b360afdd2a9bad89a1d4cb1e76632b77a23654be6b967668a7e4de1ffb8b9a2dc739e01e7037fdffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
06500b57682a6c87d3b989edeb922a58

SHA1
07a2e2658b4da927945d5ca5454935991a95f7b8

SHA256
b7a28d60aa3147171b2e1ce6935787ec68c0617e259cb581322106ce54ff0567

SHA512
12c73901ec2dc7bef280c3121e329d1b2a7367c62f9d612744c6ab76a7572eff1be734301d3363f5d6f015ea15108b086669cc0cb9abc01fc9a268655abe7c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
8b48c9dd2259bdddeda9218fbcf802b5

SHA1
75ca9f02afa9ef6a1d354f0218cfd07e4e484415

SHA256
4ddc61c051862711d01ecf69d9df61ae286702e12a5109a258fe538fd7d19a7c

SHA512
acaf0e293de2b27e61e3b9b6d607d46fb925dfe592b24215c21ba40d2748943b6595102432b9a03dc436198a1fad08f3d28db73778da28c73f398b489c5fcb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d55a4.TMP
Filesize
204B

MD5
c919df384c4cd2d25eaf29f772b53034

SHA1
e1ca053bd19618ad9f1a6faf5ce153a4db7b1095

SHA256
65d67e074b0c005b194f9f4bcaa518d4aef9f53c04e2c7eeea3a89cf6d0f70d8

SHA512
ed6e0841e2fbf55ec8b9e3de99ed02138fa7fcf10865c592eb2320f8f96bb5b7947123a530759ca5d82c8be0bf99a2bfd4fb8f48c4e25edb3805cac50fbcd482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d61dc90a-49e3-470b-aca7-7452d29c71ff.tmp
Filesize
5KB

MD5
632dd519a37c7f9e0bf449a27e2c3e74

SHA1
18eda22e3d325e3a6fbb2881bfbbcb2d7e82e454

SHA256
641e8cd8e29e448bb3c07e73eaf259665abda276864680b6d49856f3d4034ae6

SHA512
266c2de6e865418c07b03109cf912c0ffda5982bad482e1c919a2903419aab7529cb451a3ac5bb8ab3d3d45331da0ce373628334ed322ddd05eb5299bedf72cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
27250d16430e176fdb9d1e56c781167e

SHA1
17bac80b7594e70fac9af8005f7c1a903e871a09

SHA256
ffec71ca9e5a69942c427945f26e17bbf023068c7235d8e0b520204674b6c127

SHA512
c3b1e66ba76afbf8b40d390aacc7b2e6a8e4d78e5152da2c593133a47c0c1d9c8a4042c960ef48a10c2c7e2260cb654aef229423fe77fcddeb66d63566fc69d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8eaa6247111f706f9328e27af70ef8e7

SHA1
36f3524568ed14b44d41b9582e9f1acca31a77ae

SHA256
a9c52bd7481443aac36737c41b28596dd749531242b9146b15138210cd36aebe

SHA512
570d8b89b04d22aca34f7f2f33dde54f51659b991ac745024ca6801ac84d314f87f98f2c00e0de93ea6c029616437a2d25ad90cf1e5225607d88cc8a6eccfe16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
37549f8118c3735cb30238c46792dd29

SHA1
5665d6ba040978cdd9cd203dff9b6870f581e49e

SHA256
3980c499c50871f05adbae1dd75ab18f264c2817a4842df382b8de3dd3b477d9

SHA512
e2d532049cd88254d5d971bbb57cd5221846a1834b0c2541a297eaf407801697aefdcff995c92ade9b37251eb0056c94b2222a20224e0f8589548e4ad608d59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cb9cacbd1ee54aa2c5b162c0cbec3197

SHA1
9c60b85c90dcacf398a88862d7d13be346a06933

SHA256
341c0e2bca834326bd39d5d31e2eead5c7a513d642943c60f066967003d16f71

SHA512
44f7f3ddc51f621ccfc22ede61ce951634275ea10a362cc0241608e6b9ae0d782c98e86016c6efb76e5575d065e1731ef4c0c649115a9dc33f5eb3676787394e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
77c62639a0be2db2b39c38ae2ee39702

SHA1
a71d5e472689b61fd1033b28a974f0aabfdc1c98

SHA256
75b23f8c7e37a2b6b9909fbe839f147f65532abce4dbc8dc37ce8a13265b8658

SHA512
63e34159b08655804dd2a13d5efc1bb661347214b0d4ed13c5bb3225bf45e36aa94b5131a72b1214993526d2880fa3cb2067061955c116ab5cef32f0a54d85ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
97349c34724bc93a266c8eac833ed2f0

SHA1
ad7de997069944ee0e517d7628ed77b8de8de946

SHA256
873981cb39d6e62550d5835cb6a4a24afce38892ef3bcf76483f62e06592b980

SHA512
c9b96a47f1bdb2bed41169cda1cb3589bab721b8aff85030f01dcc56f289814f32d9ec02ab2da63210bcf02eda23b2e57df759a10fd397a0916f171b4f4644a8

Download Submit
\??\pipe\LOCAL\crashpad_4752_GYNNZWKMKIHHNCBC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5800-437-0x000001E92A9F0000-0x000001E92AA10000-memory.dmp

Filesize
128KB

Download
memory/5800-440-0x000001E92A9D0000-0x000001E92A9F0000-memory.dmp

Filesize
128KB

Download
memory/5800-442-0x000001E92A990000-0x000001E92A9B0000-memory.dmp

Filesize
128KB

Download