hxxp://fortnite

Analysis

max time kernel
1811s
max time network
1160s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fortnite

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{AAEC1524-7C0A-4952-9F23-E0637E339028}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
2408	msedge.exe
2408	msedge.exe
4908	msedge.exe
4908	msedge.exe
4856	msedge.exe
4856	msedge.exe
5924	identity_helper.exe
5924	identity_helper.exe
872	msedge.exe
872	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4892	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 836	2408	msedge.exe	90
PID 2408 wrote to memory of 836	2408	msedge.exe	90
PID 3112 wrote to memory of 4684	3112	msedge.exe	94
PID 3112 wrote to memory of 4684	3112	msedge.exe	94
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 4020	2408	msedge.exe	95
PID 2408 wrote to memory of 3340	2408	msedge.exe	96
PID 2408 wrote to memory of 3340	2408	msedge.exe	96
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97
PID 2408 wrote to memory of 4836	2408	msedge.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb6fe146f8,0x7ffb6fe14708,0x7ffb6fe14718
1⤵
PID:704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6fe146f8,0x7ffb6fe14708,0x7ffb6fe14718
1⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb6fe146f8,0x7ffb6fe14708,0x7ffb6fe14718
1⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17810086002419835466,1918125237609875684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x80,0x104,0x7ffb6fe146f8,0x7ffb6fe14708,0x7ffb6fe14718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11280413417353914690,7385314914260323820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1056268096877934226,1087341155043725226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6129886692950506463,3091483675600828219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x3f4
1⤵
PID:5192

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
2a4e2fddd849273e3a67f81e5e80c2fe

SHA1
233f2497344cab8e36183ec68b5d6dfb79c6c577

SHA256
41552ad651ac608f71fa25a78baf86f1f9857337c7688822b9150f8e9ceb841a

SHA512
9d2fcc0e6893a413d7fdcf275fc18b459bbd4862f4f301d3a93f4a8bca2b9745d7a69c2337e5cdc1227ee063b953e72a1e40f3d379b90f6dc95b66d3066881db

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
ac735946f7b9c7e615fc0e3fdd5bafff

SHA1
f6dbef0aadaa74caa3a2069f1d5d449d30388484

SHA256
b9f7a34c9c13854d2f4f4d206273c886fcb9b805e7dd20a46dce537ba118da0f

SHA512
85cfaddd4371206eb659aa91bba32967c46088e1d1c12adeeaf70abed2f3848269eec6b199a1c291a6541a030f4470974232f58dae4a19ad3ffcd9e34e35b6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
f0d11cde238eb54a334858a3b0432a3f

SHA1
7c764fe6f00cab8058caeba38eb7482088a378f4

SHA256
579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96

SHA512
b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
bea64c447b0f2a1012d0ede8e09e700d

SHA1
03c4e014a1ed074ed2611b5889ed79b6f1ed8aa6

SHA256
34dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f

SHA512
ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
d253c5d04a625e5182566145f17ab332

SHA1
2995a12e7ae53c1e87f3181c3e2faf3863f9fbbd

SHA256
be20a57c68c6369cd371a733e17333232f493d9fdae2f5e13a03e676d348de1a

SHA512
8de9a9ba372c6aa05df234e653d7859cfecad13453361f050f6659b214313f3dff250f2d7dd00eb059989feb013781de51c6005c76ca78a399830ad48842b9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1007KB

MD5
a1e72f350ac621f71fbf94e44352154c

SHA1
1a283df4aea1781c50e7de42024ce9441d3aa9cd

SHA256
86a45800d566190217634d4ab2666dee64e1722d295a34020ea36ce8634ecb32

SHA512
5948e873b323fd55044158ae21d76a5f97ba16748036df44e9d241383df7ed6b836ff226687110dd1ba766f6e55b252c5bbf1d736c390fd8aabd28a986195d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f9175e3e31f64a4645b3cb774cdb2808

SHA1
27d1f20bb6fcc86e549fdcf1da040449233a7fad

SHA256
2740e87c1e378dc0171dd4ec1fa0c05698e8cc12599546ce637e059e683f11d3

SHA512
14a10bf19e30d78ae7d9bcb5cc2115c4127222d11c63d033a3fe0723df741d85a889a9a377579b761de6099167ddcdc591eda20383929650436269a42a1032cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
66b5615c502483bb964976803f5ffe18

SHA1
67702a82168a3887172d1546277fc65cfec2d626

SHA256
627eca38918c50c023e0645f9537bd99e6117cfa345f02fafb2a6b6c32b36c07

SHA512
82d0ad22047e1913d711806023df9c06dcb9ab45087445fade0ffcb3aa3ac375ca04fc1d90b36b5c9a104386fe62bb3bba6610a3e1d69e47fbac558ea30dbd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fd643e32fdefd6ec10ce6c8145f6879b

SHA1
6f9b481b291a34ea4f6f602db03e26c2bb5aba7a

SHA256
cc33adc12ecf0ac636ebed9101afa86f7093dd3d76fc8a2654c5a7ecc5b0e2a6

SHA512
4a582c4e771fa70f37d9236468d1c4a95bc1b7a8f59ce3f6c20f5c04e4af67c6930a14adaa3fd0dca9a8db988c0bf5eb133967a76f78f71ea46a4e858505adeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3f21b04f5a6879aecade3ecf1caf1f16

SHA1
07d229351206974d88fd780480c0a8d424defc25

SHA256
de99e6e79c319ae97b28b26d144974c2047b1092b8808fcc1b47c389b9a60108

SHA512
dc386a6606e6ce3b667453684101d5256188e5830fffcc8010b34f7c7c6896fa8b452bda273e36db7fc4b466ca9183af96ba33fb7d165fff1eeb2251a579fd4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4385f4fb17ad2e89e44cac1e4267f655

SHA1
b2ea27b2831117c4c9e1f42330541d649abeb0d7

SHA256
6cddf3ee34aeb52ce665403a56f59e57ffa6b41cd0e7dbfa276d52f8b1cecf22

SHA512
33d5c1969a243846618f3b5944630246df37dfcb280b7e497f659402e2d28b07ef802a8463e40f4a07fac27c677a2368230a3594f6c432ce6efd318e44e36dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d4913205fc3bd79d5f712869d690788

SHA1
4a8fc6628542979f04c0b774c18798431f83e94c

SHA256
053bda6b6a307192e6bda93f3de617b3fea125593c0b4046e577d58778f3cf41

SHA512
adb0b66d0cbf2b4c352bb7ae013d5ce29a414596fdaa098ab4b02459837b3661ccaeed032b65819a9eb444f3e86f8238c86f69542691562b897bac855612373c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbd48d2d2de764aa1bb7b2a206d06a46

SHA1
3c2586786991fd3bdb97d46a3755bf3ba8bb84b4

SHA256
0f347ce868446b24b5fdae543fceaeb3e1f9011e479e6a3affe8c54e66054041

SHA512
b2bdb1a3bbe27d077b849d5cd3f4493f75aba8e1cfd21cbd9b063f775aa4adbab01fbd07e3018c1b0b5405bc9590b36a36beb05efc8cc2e5e8afc7030faf2252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e10f33042324bfd94cffb68d38e2c2aa

SHA1
0693cd2996b0b1cf210ebb294a5175669454bacc

SHA256
bef43347c7f4ba608c17c77dc17c7a2f1a61ffd8ebb8e2eb3a898b5940160b88

SHA512
3d776ddad42b9cb974ceeb4a86ca557320ec9755155b9ff642a5c9177a1d1782063762da0a6c331a7a999c0b151d4b17867e23603a8c9366bafdec0b710d9474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9a718588720b90564c90dd903bcb9c0

SHA1
cc695c96e846cb318a0f8b4a3e241656fab7b3e6

SHA256
5d90f841adba0cdde0481bac569e0d5c6e95cc1292432695e5a7f10884191019

SHA512
4c309b0bd85c29c0fca4e150f17092fa557688c741bd6d00158691b0aed87289c8762bd2a72d12c05826015c80963f7cdebac61c999ac979e7c66e38015b0b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d0dfa55bdfb494800974a48197c1fa6

SHA1
ff7818e36be3af7901d9883aedca8ad174c1c0f7

SHA256
320c3c2bbcc5513f68f5f039021506398e6dd5f3b2b34a55e362be9985d646d3

SHA512
3d9da8a136fc9a8ebfa949dbaa20d4624e03982d6bf496f71b38ae3640043f9c17109bf198cf0a6d8a63715298fd9a72e1c20094038f36ceec84b20f795fe5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a9589003c509623703a74f1130014dc

SHA1
cf9d767c8023034197641a1d97b3a01215449a3b

SHA256
574945fe93506a40074434bd982eff8d8803a87d67e065de0c2c000200675e5a

SHA512
962ee02ba9e1247131b8e40366f8705127e09e6ea2495260abb9f7e1af0191cb999c0f9e79ec8733ba4fb2296407dbf5237e3dc62dd41e1488d48600139c30eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e8dfd5ca0a28b13ebb610dbd8750e417

SHA1
a19338443cc43bf0bc042ab48ac8928abbbe7c6f

SHA256
f9fb8a2bff906c53a0cf4c1b4fcd51ab895f8b3088f0409199582e4efc752feb

SHA512
e76a73b7c97cb94aec4cbd83c96e9ba0223be6ed7c31e26f106fcaba47b8fde6aafb7cd71416cb6fd45f15dbbfeb3c8a19b9eee21173fe6acece289f792f755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
a0315621dbe59bc933fecf1284fce862

SHA1
35e56d7fe52429f7635188fb60834474ad772a1d

SHA256
3d06c506def3665e1a1265ac0d07f47172439e6045ec5c4b337c4508eda4ab9a

SHA512
f9a2e0424046d6899eb84397c6ba0143456b5eff598c579507153024de6697e0825b28299412a3d9ab250427a1f16e06b5c0f374f57417507a4a5e09256de76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d9dc2efd90ac6109c4eeee88ebf8b31

SHA1
c212b681f062a44f72727e2667a6b1e2f23fe00b

SHA256
b756733c8b1a8543380d25aaa36ceb92daf9ca5af24420c40faaf3fccc436565

SHA512
7da3bd07fa8dde3634148a735d9aed38e2c7c1bfb615e4b81e12d33efed9be26a4f07d2e4d141e1e1a364b5aaac99bae3647bcd1d29cccac54fc1fe5c4bd3308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08143a9fb7b29b2a128c5c75a414b743

SHA1
bab53d0bf524907a0b98133f89aed19693e401f5

SHA256
0a2072ea43de4edc93e7d09911c677172e05fdeaf3f5373ea43bc27d2c2942c9

SHA512
85797e7eb290f1ed705a333e2f04a0fa0cc2bf71ef998f9bb045388d1985ecbefbf23ed0900286a5b6614c9f838c1d2c8cc60b69df1ce9eaa889b6d1e28911ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82c093b369828ed2f524df49f2889805

SHA1
89ff5bac480437698d1e94f92dbb935ad6fb560c

SHA256
9e4c2434dc4af64c1e01d58f50d3a63d304efa46851e20cf7b1b60060495e1be

SHA512
4f6bb982b24fbafaa5db61ac1ffa499dcf369d2bf9cd0692e273417c6bb66c7bf616da670d9b34ebce661b7baa0fb1e88b6e9683ce9c8309a4d128a0f1771d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592409.TMP

Filesize
203B

MD5
555be8ec8b63698620d07be0e4192852

SHA1
ffa2831d24efde87f9ff04ab8cd9dd8076718d4a

SHA256
78d1f446b1214b53fa4f4688e865f6ca826d548e4b7b34d7d400b02867ad8432

SHA512
e5b42024f5164cce6bcba720edf27482ec3b6dd548b583286a341974a5dc80b19fbff8c7a19b8b1b9c6b195498b110192f65f052420ada634096edd6fc984cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee0053d1-795b-41b6-9384-beff0691c487.tmp

Filesize
5KB

MD5
ad81f8ba2d5cb47e5516b5a74bb91d37

SHA1
08d5eb6a68ed807883eb5c26f0130d2ed3eedbf1

SHA256
3877b39bf39bb365f17ad89004e742c77ed63e5d068f338edf023eaa2e362b0a

SHA512
853f5d5644306ec8f2fd68305023c20c5f06f6e5e320c5441505e449e5996d08810c45ba3a902cdb247e678a7a337079f9f85756f8ef9543f30e297581d7861d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
97b4e93e834d11955c60f0245fa1c4e3

SHA1
a86d6db3f8d4a3092cf86e3d9b74fb2b86fc6b79

SHA256
d9831cfa973ebd5e91993b18d77417073a917652c6ec9499f021f12eb39d031b

SHA512
19f49a0c4cd0d0656e71c9c9a5f1904807ef3bb20c9831923d0563643fdf706fba106339356cbf9c158aa2f84c6f4559beef3e4cd4abc6e7cb959c2a7bfa5b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c9dcf624601697bf9eb7dea4465a99c

SHA1
c2010412764a12aea28fe692820cfb0c3f0f3cad

SHA256
9cc61e1dc3064620c09c5b1c3e59bdb10a0ba037da83132b6f9a59909b83de67

SHA512
f61012c526201a1a67c8e13faf9f368b0ee997126c3161e52da25483a21be09d4ab7b24b57dce2e0fef4f89c7144214a9a72197b74d741ac8d824aa590cf1773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
35e21df7736f1f4ffba48518701b9938

SHA1
536706ce5639fd027e4059a2aaefde4538c50396

SHA256
3e06e62425ae3cbaf70576cbe1a5989abdf13d567174ffd766cc8e2d54aa09bb

SHA512
c75c67e734ac410ffceb9bd83f757540c86a19b7c44248293917d065fdf8062b6c8d7a2e889ade4130d5f02caad59175c93f57826038d78f5d67abe973780b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a03a49ce7f9a81e696e70f303dce94a6

SHA1
b0ff95999f5207c65bad9cc2825f507972f92e2e

SHA256
b3bd7dff9da4e0b59f6d6a558a40c74cd25f1e46bec5c560e39bfe20a6070bbc

SHA512
c3ca2eac2990c4a9c80363ecceca812fb30de9673ac243453516f7293ac50b3f869989f6df81deb909a59f9084397b433ee5434d787c599a2693170cbd8ee33f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0cb49d92231727bec5f8cb788f37208a

SHA1
fc660e5af28c9b43a6f66cb83d177e200ecf4d9b

SHA256
41d6ecb429fbb5a44d2e331e21413329952b5de891893d03eedbb68646d631ff

SHA512
31e663155e9f74da0c45ccea84d8c3a3df32da8eba6e19f99ed0ffc8c5da004164242c0bf9f126d180cdf9aeef2bfdfcda5755484b4358f48d25af81e39cd305

Download Submit
memory/4892-1068-0x000002A97AD90000-0x000002A97AD91000-memory.dmp

Filesize
4KB

Download
memory/4892-1078-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1069-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1070-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1071-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1072-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1073-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1074-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1075-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1076-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1077-0x000002A97ADC0000-0x000002A97ADC1000-memory.dmp

Filesize
4KB

Download
memory/4892-1052-0x000002A9727A0000-0x000002A9727B0000-memory.dmp

Filesize
64KB

Download
memory/4892-1079-0x000002A97A9E0000-0x000002A97A9E1000-memory.dmp

Filesize
4KB

Download
memory/4892-1080-0x000002A97A9D0000-0x000002A97A9D1000-memory.dmp

Filesize
4KB

Download
memory/4892-1082-0x000002A97A9E0000-0x000002A97A9E1000-memory.dmp

Filesize
4KB

Download
memory/4892-1085-0x000002A97A9D0000-0x000002A97A9D1000-memory.dmp

Filesize
4KB

Download
memory/4892-1088-0x000002A97A910000-0x000002A97A911000-memory.dmp

Filesize
4KB

Download
memory/4892-1036-0x000002A9726A0000-0x000002A9726B0000-memory.dmp

Filesize
64KB

Download
memory/4892-1100-0x000002A97AB10000-0x000002A97AB11000-memory.dmp

Filesize
4KB

Download
memory/4892-1102-0x000002A97AB20000-0x000002A97AB21000-memory.dmp

Filesize
4KB

Download
memory/4892-1103-0x000002A97AB20000-0x000002A97AB21000-memory.dmp

Filesize
4KB

Download
memory/4892-1104-0x000002A97AC30000-0x000002A97AC31000-memory.dmp

Filesize
4KB

Download