Resubmissions

05-02-2024 06:12

240205-gyjl7aedbk 10

05-02-2024 06:02

240205-grxkgaebgm 10

Analysis

  • max time kernel
    596s
  • max time network
    601s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2024 06:12

General

  • Target

    4Rd235Gf.exe

  • Size

    896KB

  • MD5

    b661a7050fb7583c5ba7a0694e1aaa85

  • SHA1

    53149079bdc6ac8d55302b0893544912daf1e17b

  • SHA256

    0dac193073903f2d4e5323100370a8818c6910a3be1391310468c488c0634e78

  • SHA512

    b4821749ffcb2a02d67565c2c9c5fe76f84712c67c0ebdfd6e22224f79f64191762356fe3ca7db043a6be6941d683546ac16209b7a12002d1e62721253756f5f

  • SSDEEP

    12288:LqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaUT1:LqDEvCTbMWu7rQYlBQcBiT6rprG8a01

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand paypal.
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4Rd235Gf.exe
    "C:\Users\Admin\AppData\Local\Temp\4Rd235Gf.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
        3⤵
          PID:1360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
          3⤵
            PID:3144
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
            3⤵
              PID:1392
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:784
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              3⤵
                PID:2468
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                3⤵
                  PID:3256
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
                  3⤵
                    PID:3680
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
                    3⤵
                      PID:4268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
                      3⤵
                        PID:5376
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                        3⤵
                          PID:5544
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                          3⤵
                            PID:5648
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                            3⤵
                              PID:5952
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                              3⤵
                                PID:5156
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                3⤵
                                  PID:5172
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
                                  3⤵
                                    PID:5852
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
                                    3⤵
                                      PID:2296
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
                                      3⤵
                                        PID:6220
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
                                        3⤵
                                          PID:5252
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
                                          3⤵
                                            PID:4472
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:8
                                            3⤵
                                              PID:6532
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:8
                                              3⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:6540
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                                              3⤵
                                                PID:3604
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                                3⤵
                                                  PID:6956
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                  3⤵
                                                    PID:6960
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                                                    3⤵
                                                      PID:1324
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8000 /prefetch:8
                                                      3⤵
                                                        PID:5728
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
                                                        3⤵
                                                          PID:4364
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13532433256642798101,2192444040881921051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
                                                          3⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5784
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
                                                        2⤵
                                                        • Suspicious use of WriteProcessMemory
                                                        PID:1776
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                          3⤵
                                                            PID:3616
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12550637633337692760,13205082297234097357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                                            3⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:1612
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12550637633337692760,13205082297234097357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
                                                            3⤵
                                                              PID:4708
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                            2⤵
                                                            • Suspicious use of WriteProcessMemory
                                                            PID:1752
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                              3⤵
                                                                PID:4792
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6402630665474009189,9617888292507964941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
                                                                3⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1600
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
                                                              2⤵
                                                              • Suspicious use of WriteProcessMemory
                                                              PID:3056
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                3⤵
                                                                  PID:4168
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,2555587623731223665,18367148658164245818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
                                                                  3⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:5316
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                2⤵
                                                                • Suspicious use of WriteProcessMemory
                                                                PID:2072
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                  3⤵
                                                                    PID:4128
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,16853409591345418394,7934941951046446235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
                                                                    3⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5876
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
                                                                  2⤵
                                                                  • Suspicious use of WriteProcessMemory
                                                                  PID:400
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                  2⤵
                                                                    PID:1496
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                      3⤵
                                                                        PID:3920
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                      2⤵
                                                                        PID:5884
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                          3⤵
                                                                            PID:5932
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                          2⤵
                                                                            PID:3320
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                              3⤵
                                                                                PID:5860
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                              2⤵
                                                                                PID:1804
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                                  3⤵
                                                                                    PID:5436
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd8246f8,0x7ff8bd824708,0x7ff8bd824718
                                                                                1⤵
                                                                                  PID:1576
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:4316
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:5248
                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                      1⤵
                                                                                        PID:1964

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        59a60f67471b83691714b54bb462935c

                                                                                        SHA1

                                                                                        55de88c4d7d52fb2f5c9cb976d34fdc176174d83

                                                                                        SHA256

                                                                                        b2c8e6719dba039dabcd8f27cd15466e7ba5335d2a87066129c7860b124d2ed3

                                                                                        SHA512

                                                                                        04a52ce294c128dc495031e376f3ccb84ccdee6f38e972e3f0d7a10e6db4edbad2381ec1d052759d756ac66761ca42524c83baaf2acfe731e510a022e40e27bf

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        fa070c9c9ab8d902ee4f3342d217275f

                                                                                        SHA1

                                                                                        ac69818312a7eba53586295c5b04eefeb5c73903

                                                                                        SHA256

                                                                                        245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

                                                                                        SHA512

                                                                                        df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                        Filesize

                                                                                        20KB

                                                                                        MD5

                                                                                        923a543cc619ea568f91b723d9fb1ef0

                                                                                        SHA1

                                                                                        6f4ade25559645c741d7327c6e16521e43d7e1f9

                                                                                        SHA256

                                                                                        bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

                                                                                        SHA512

                                                                                        a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                        Filesize

                                                                                        21KB

                                                                                        MD5

                                                                                        7d75a9eb3b38b5dd04b8a7ce4f1b87cc

                                                                                        SHA1

                                                                                        68f598c84936c9720c5ffd6685294f5c94000dff

                                                                                        SHA256

                                                                                        6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

                                                                                        SHA512

                                                                                        cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

                                                                                        Filesize

                                                                                        34KB

                                                                                        MD5

                                                                                        d1a0d8504b6a46215e2a4cf521ddb7b5

                                                                                        SHA1

                                                                                        3d6e16808a1e17ccdaca99f37ed30468391c62e0

                                                                                        SHA256

                                                                                        cb357178d5e09917800b0669d958b5517c4f8b322c01f2adeca3ea7fa4e707c1

                                                                                        SHA512

                                                                                        2ee68d71b04a78e1bc353f66daaeac1ab9f2e1119d7b6974571f8ef1a7a20fc1ea3903f3d90f3feffe7d820339abed4a26cabb230ddba3baa415309daad2d570

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

                                                                                        Filesize

                                                                                        190KB

                                                                                        MD5

                                                                                        422c3e9942ab144ccbc976f3b9a3a1a7

                                                                                        SHA1

                                                                                        2f9612bf91f16a52b7cfc30d91459e77568061ec

                                                                                        SHA256

                                                                                        3f075b030090f3c9b036fc183d35cc23651f0d1f8d36cedb586b59d0934e6c3f

                                                                                        SHA512

                                                                                        5d251fb1dac75d47827ce1aae8bed1c2a8effb95b3dfa7b61edf35c20430c10d7d1b528cfe710bdf559f65ac042a65c5ddeefa4226a8fae7e1b4dc394fe01921

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

                                                                                        Filesize

                                                                                        193KB

                                                                                        MD5

                                                                                        7fe2c36271aa8065b034ce9efdbd2a07

                                                                                        SHA1

                                                                                        e22ee654cb122d0d62393dd8d6753d2bcad148a3

                                                                                        SHA256

                                                                                        02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

                                                                                        SHA512

                                                                                        45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        0bf704dbdebab63ff5daa57e84d6da3c

                                                                                        SHA1

                                                                                        cedfb08e2a7ad4019778b3ee8652dd680b2b04e9

                                                                                        SHA256

                                                                                        1485c15a2071e3081721b4009e468232d049b1d0b85b3119c443e24c10abf043

                                                                                        SHA512

                                                                                        8572b4365137569a814e7ef2eb498c7706ab092965e080f9ee45d933057903ee274a5dda572891d043c48bbd8ce67be56edc358e86b1ade7dff045f779e652a1

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        bb817ed453a6c41b73fde8a2da98811c

                                                                                        SHA1

                                                                                        e4e720e90bb267677799e88ff98945af612414f6

                                                                                        SHA256

                                                                                        437d20e7ea13c4a5742840a53491f35a8c0b1dc4d5387f1230970d0a636df829

                                                                                        SHA512

                                                                                        db4d4c0fea42c769fb0a2b3925e0ebac116e76daf5ea2bddf8ad27860d06d899527c10cffccc56bcf9cca4976e4749192712b2d651c6a2aa0e7deaecb794f3d2

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        77c70cd3e18d9a13db65e1d7b8805481

                                                                                        SHA1

                                                                                        6593f267c2f193cd2826cf21d3af76421ae8f065

                                                                                        SHA256

                                                                                        cbbde8295620b9a009b96e87e421d73cf22f29284a2b8eb3cf6c9c1c5e367b3f

                                                                                        SHA512

                                                                                        db5a5d65a4c8c41f8e0f6f9ad15c13f55c1190557811f5c2f61cc27fc9fe6887feafd0bd8772d4fca9bf9b8ae6bda244f795d939375d58d3945c804879ebbe73

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        645044b2999db350fc70483f05ed6df6

                                                                                        SHA1

                                                                                        1c47543a393be005ae6f41d80e5cd54f41b76206

                                                                                        SHA256

                                                                                        76f7b0bb3fcbd0da5080ba7d02585709b8f6029bd4c91968b12df64cbc8d1de3

                                                                                        SHA512

                                                                                        d1fb4a3a1e8590d7d0dc13cfc7a45379ef221c40f8590ca32d3c34a2bc83d15281f92e20f2dc22c222489285671b2e03e8e93acfdacfa5540d9d6066d3402b96

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        0f16e097f806aa9c2a2c50af52b498c5

                                                                                        SHA1

                                                                                        718b648c15c50199f388cded5b31a62ba1bd5165

                                                                                        SHA256

                                                                                        cc3c961e6632e0ae6574d45ff5dec3778cbd8034843405cf461d75cee3a3d893

                                                                                        SHA512

                                                                                        a67db656fddb8019c8e627c8fa545859dcf93d3d6a7f963fa2f141f3eeb431a7f46cf704f5955c0221e1a7cfb68f1cc2371b478df1466def103444637da8c3fd

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        5d41392698eaf4cc6c36874d83321106

                                                                                        SHA1

                                                                                        3c066a85838b0a370d984db824609e8cff76e588

                                                                                        SHA256

                                                                                        2e49f25e92e7186abf5ed659000a2a0d83f09db49527c13b2453afac0051210d

                                                                                        SHA512

                                                                                        706d45e1514d648f87ee2f0339207bc4c6eda313b43bbab267c3cfbb8f3e6750b8f4782b6b5be49eeaa662a46509e4e84efed920430fe64a7ebd177aad487cf1

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        ce9ebdb7cb936162441e07b812f51e11

                                                                                        SHA1

                                                                                        83409c47ec764ef76b2792ab5d04201e1ea93d99

                                                                                        SHA256

                                                                                        d83e956a2d43985c9c1c47215de455f34eadd31062d03a577e29977e361835de

                                                                                        SHA512

                                                                                        f5e1f877b77fbaf6e5fff2f0851d5c0d537ecd8911e99de971c0397fb0f71f8174206f2f9678c0541e5a84baeb2ecc9f2569b36406dd91e26fbd556fdd2a28ae

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        fcbbf94f9184c0ab493505541f2c0a0d

                                                                                        SHA1

                                                                                        f1c4fd9f4309d3b4c2b20e173b421bad349ac41d

                                                                                        SHA256

                                                                                        9d1cc8b4d1593bdf155ded8023758dd84fae0b5f6a03eaf6afdb4508e60da8db

                                                                                        SHA512

                                                                                        96352037a298d076b476f85d8344237626f326be09a31e149b11c38fedd718648cf2fde5817c4e05f9a8d3f4196b8bbb8a99b82fb35f63f039e74aab1f2ea9ca

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        a6d27ac4f8cf330e7897ac1f28fc76c8

                                                                                        SHA1

                                                                                        16858ee02d0f6cfa1ebb0d4c91b4575d84d54347

                                                                                        SHA256

                                                                                        9095f3037d143b05c1b8aae8241eb10f77a2b971ba46435e5e63cf9703b8fff6

                                                                                        SHA512

                                                                                        1ff7799cf06d4a5b5926a2a9247951daba597a67b2f114d9fa4d9c7a4cb693b3e9a9449757561cb22bf806d1f5ebaa53e0ee1a8e7a056ac82552ba89bb9ef51e

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        5b085105879e4f8451ef5e5e52f7635a

                                                                                        SHA1

                                                                                        2fd84d7222d89ded56706e2fdfad253410c73420

                                                                                        SHA256

                                                                                        327001e79c03b8b0d28681294b621b883a6475d12c7563452b8727d3a66b7188

                                                                                        SHA512

                                                                                        60a7ccc93e0c825da123fb389515a50e7f5473427908bc4079024efc88cb8bade4cafe18f5d44ac0555666e92888a49dbddcb47162ad53b78140268c4f60312a

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                        Filesize

                                                                                        111B

                                                                                        MD5

                                                                                        285252a2f6327d41eab203dc2f402c67

                                                                                        SHA1

                                                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                        SHA256

                                                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                        SHA512

                                                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        489ebdb4c6cdb6234576e37033dc9d2a

                                                                                        SHA1

                                                                                        3713ffd69c79eaee5aafd680a4ad225017691418

                                                                                        SHA256

                                                                                        0729c0e08e7619638cf787662db760abe9ffcb93b351e50b433c66f4fa8ba03e

                                                                                        SHA512

                                                                                        433d59801908a1544e7b9b481bc062fc819b040e963ddec9e7e4f95ed9c29c07fdb982126fac5e46a82e18ecc2d9ddaf228c9f61fd91ddb8df17abeec681d15a

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        fc8f9fb372083121d5ece97cf041d22f

                                                                                        SHA1

                                                                                        ddfe6c729e82e58d971ac5253f3a37ec6cec0044

                                                                                        SHA256

                                                                                        8bc5d2a577714e5087196aa9956ec57fee7b54ba36849fddfb1c0963a71f5c49

                                                                                        SHA512

                                                                                        33a8493ea92256674ee9e6da080ca20c1bd82f652fad45cdf2fb4eb370d096d061b836b7252a6864d1d0009972a66ada320ff42f1083a2499d3f43a70798f244

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        bfb48d833ad12e1749f5e8e602882755

                                                                                        SHA1

                                                                                        41fe5082ef19bfd578a9ce46f6ccee47e21907c7

                                                                                        SHA256

                                                                                        4d21f8e68ae5a013e991049913f7346a32d47266b46fdd032602629f6a09e194

                                                                                        SHA512

                                                                                        10d0e2b79d300b81771054b2f6143a7efbd70e4a02b4ca724fc88fb398b346746465e62118c34a8a273d6f0ea62ad321b540cd77ac76d0ccf08718f7aba48675

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        4e951091687cb383e315a7079ee3a242

                                                                                        SHA1

                                                                                        3a717120ac1bb3b2915073ffedf095964d90f7fa

                                                                                        SHA256

                                                                                        8fa199f62bbdd26e7ef31217f6aee1f0164b471e8cc7507fcde8c471333a109a

                                                                                        SHA512

                                                                                        3d21bf81a801b5867cf1725c2b21ea069120c145607467b2dab234292ac2acfdc61b63de78901c2aa2e4c34a6fda5f46d697d311667afd98c6cc9214f99a1400

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                        Filesize

                                                                                        24KB

                                                                                        MD5

                                                                                        917dedf44ae3675e549e7b7ffc2c8ccd

                                                                                        SHA1

                                                                                        b7604eb16f0366e698943afbcf0c070d197271c0

                                                                                        SHA256

                                                                                        9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

                                                                                        SHA512

                                                                                        9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                        Filesize

                                                                                        89B

                                                                                        MD5

                                                                                        82e0ffaa4ff66001795507040e6a601d

                                                                                        SHA1

                                                                                        cf9276c4a0ee95bc03c0414fc6fa17df1493a712

                                                                                        SHA256

                                                                                        f3944b880f76545ca2a0fffd33d38760ff3cfec9eada2d948889aede668d432f

                                                                                        SHA512

                                                                                        cea0bdb698e8096371faff81c3e20be343589dc9a69f2c7daad0826ab43f38212ecb0c40b63bb14d4ae4578b0d4dc15054e1acb22a18e480f990f41fefdfee99

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                        Filesize

                                                                                        146B

                                                                                        MD5

                                                                                        0950be4395f4fbdcc275e35478ed1337

                                                                                        SHA1

                                                                                        7b1ce17f86c033259cb53cf14ebed050dd428326

                                                                                        SHA256

                                                                                        a7c481d507d7753df165ecb250122b52a580c9d1209732394a6dae36f4d12a01

                                                                                        SHA512

                                                                                        4025aa115fafe44ae408d4116b8a11825394aabd34d56d30342028b397e38057da2caa4315f2ece0637dbc21c5d6b00e93f323b5c652f06e8bfb86ef1464c839

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                        Filesize

                                                                                        82B

                                                                                        MD5

                                                                                        bb8ac2b6517aebc62cefcd86fac79f69

                                                                                        SHA1

                                                                                        e6431702d2b8d0b2abd070c8efe4028e52a990f3

                                                                                        SHA256

                                                                                        144c0525abdf35e604d9ee68232715031ad8bbea40c86ec04e757247e9cb0106

                                                                                        SHA512

                                                                                        7a2fa596380a817ad6a033bf0c4c55ea0501d2a88cc583f10ddf8185c930c919c21d80f73e67e804d63d39e87c9a8979e4561323c0f830a2804ca3eb52653441

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\beba93b2-0902-40ed-be99-bd81ea9bf20d\index-dir\the-real-index

                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        6c164cd249f0401ad89ca2418b408acf

                                                                                        SHA1

                                                                                        3519ca2aee6dd8fc35117ad385d5b9e6ae86a1cd

                                                                                        SHA256

                                                                                        994a8f06ef9b7ae29f61264646e011beda4722559090e9e1479bf62c23af56cc

                                                                                        SHA512

                                                                                        b77fb5cc7ec96c873fdef85012e289d51e6961f4471c82f1dcc9da4c15f27601618a6d66c4edc71672f64ac0824ac395e8901717b811c1cf74d10f5d6b66f15f

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\beba93b2-0902-40ed-be99-bd81ea9bf20d\index-dir\the-real-index~RFe585b4a.TMP

                                                                                        Filesize

                                                                                        48B

                                                                                        MD5

                                                                                        50d4d886a8a4b2361b0f9bda5a22493b

                                                                                        SHA1

                                                                                        a09fcf283b91865f212d7e4de30dbd3a3c2ef9ab

                                                                                        SHA256

                                                                                        160b20f8d3c49deb41f54020881643f06c8fc8a935eadcd59beb69612ef1ab58

                                                                                        SHA512

                                                                                        9e306e8c7e9b05e1644d037bd95f26f6278c0cbd453639cbc88fb0fa9e4d3ffe65be630bbf0ea45046bd221f3a0a3b7327134ea0e96f02c5a00db3e730f10cfa

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                        Filesize

                                                                                        83B

                                                                                        MD5

                                                                                        bc9ee4133fac44366e525fd63c249e9c

                                                                                        SHA1

                                                                                        eaad2783686c58185b57364460702ca5bc61a7aa

                                                                                        SHA256

                                                                                        fa1aa4974b73f3b6d450c65c81ea91ca20d5d9252ea7c6d90aa19ad916709913

                                                                                        SHA512

                                                                                        0f0cda03aead779e37a695b4ec46f4045bf39f246b9f37d324c6f8014ab6cf20b3896b235d7b09d51ac1eddeab8a8c0232ad0af884681ee5914200aadaf5b981

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                        Filesize

                                                                                        79B

                                                                                        MD5

                                                                                        0b022ee40846704b433873008e8265c6

                                                                                        SHA1

                                                                                        5b8091299c665fdd93605d76a078c2f96c5a0a23

                                                                                        SHA256

                                                                                        b2ce582e3cafc8f8bbc09f73ad233c071dc2dd50319296b78bc5317019b52a0a

                                                                                        SHA512

                                                                                        7b01d6be80f386462f9f5c9110a57e7c9302edd00a7c6532fa5147a6acda6f2be9e24c0a7be1fc2763072a3a454c80e478082d7f763ace49b58c0f7ee47619a7

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        46295cac801e5d4857d09837238a6394

                                                                                        SHA1

                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                        SHA256

                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                        SHA512

                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                        Filesize

                                                                                        120B

                                                                                        MD5

                                                                                        e55663b9ffd5167dcbc9d686ff1c0df4

                                                                                        SHA1

                                                                                        dc1aeacedc7ceeedc02893c7cec83f27fe38ec62

                                                                                        SHA256

                                                                                        7838065776974f6d5f2bb34768ccb0005732a2523b17e7540ac5d01c4718a834

                                                                                        SHA512

                                                                                        bd76d4b2bcd745906adabcf824ac21aba665f01af932a6115a992b8e6beb885291d98f41357f62d57d8f264a8e6ea7a1348c79a3cf766af15179c4b4585eef4c

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5836ea.TMP

                                                                                        Filesize

                                                                                        48B

                                                                                        MD5

                                                                                        971f157310ae05b95cfd12951236188b

                                                                                        SHA1

                                                                                        f7934cf50ec44dca84e85dcc0a862131aa14a5c4

                                                                                        SHA256

                                                                                        19357a07617d3b4b05d64593561a5ab99fedb3a6e076f5a8e115ff1b0fb7ffa4

                                                                                        SHA512

                                                                                        c22a075de470e2b8482fa12addce28356e62026393af29061dfb11d0c4798f6b5f68df559e141780068b38565f9dad0cc500f2839fa9b99297c486064de30941

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        0773618ee196686d1e864700bde990b2

                                                                                        SHA1

                                                                                        628fbfcb148c3480e068308904953c2137126143

                                                                                        SHA256

                                                                                        5e528c1fa9c106504262cd9e84e149f8657a4a1cbbfba2be6f72a58a9c1d2c1d

                                                                                        SHA512

                                                                                        60496735f9e62460e0664c62261fa7d98fad10a32f63edb5173361de83bb4d24581158599274acacf6251103fd5b68d94d0ddb13bd54cf4d9d939de3f35b724a

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        bd1f864410e797f5ff21df6ac947bf44

                                                                                        SHA1

                                                                                        4db45df6d493fb3c098ddbd885b0cebc7b9c2398

                                                                                        SHA256

                                                                                        36e331bf58d9244a088e379634c78b1ded6551800bf8374699c4f34ee9dd48c4

                                                                                        SHA512

                                                                                        1cb48eac7ad996a0a597784ca9714558f75652b403d2d35889e30e71f64a5431aecad277b19fed44e95c6f37f7dc37bf880c2b8fd1af7e4712b35c82ace878a1

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        4a857ce922e6e83a8e447de7d1a3ba78

                                                                                        SHA1

                                                                                        6f35d9597db4c1f220a2629c82c6e2f7f65e1cbd

                                                                                        SHA256

                                                                                        543cce1d0f2a953df563c6c58de444fcf86d1c261e2b0706a881e46735543720

                                                                                        SHA512

                                                                                        3c2b3beb4a350efc5d8fc36e7ec7fca0d0d7cf5b7ea9ce1c5b95806a52f41cd2bda91d160fe007634935f8e73e1460a3fa2c8f916954487f3738cd4d8be533f3

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        ab553cb9758a4b8b03edd05e3d0ca69c

                                                                                        SHA1

                                                                                        7e2a55f940c027a5dd4eb3f18268c5cb69c8be95

                                                                                        SHA256

                                                                                        8a993f5565c73cbe482406fac1898fcf03ff09779ba3074ab25d82961912cb5f

                                                                                        SHA512

                                                                                        1efb053d1c82c12986852a2e6af68935811413faeb49bd09c81b7cbce49afcaafb603e695cfda1e9d442fd1c866179d22f077fb3906b2f57b5477c9c4811e057

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        d7887194da1ec0fb3cde8f582a70a7e0

                                                                                        SHA1

                                                                                        0e28f943e701ff29ae52ca467901f6a2cddbacda

                                                                                        SHA256

                                                                                        ab7146c78ee46ed8256ee172a7f0e09743c5579135d75c991ab4b36cc0f1c642

                                                                                        SHA512

                                                                                        8637429081f149c9ea56cb178f26914751b810d0a64d1b388f9b3c512636a78782eaecd03bb27a1b7ef5050b3adf2bf4d7ff0c47bddbf23695a4966baa49a9c1

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        705b38c423e7d25a745de7b37a859acb

                                                                                        SHA1

                                                                                        c21684feb5578c9006f490fb9dd776323180f544

                                                                                        SHA256

                                                                                        ffc49deebd5f28c9824c6ac74e2522e6717781ab04aa56decdab994a5c6bd468

                                                                                        SHA512

                                                                                        cf6539d98b7730dea40ddefcbb8a6aa99561fb49bee2e74940a60200ed5117053b49317a33444fb05e524f837014433279cdd677608c0c9ab235a3272deb84c3

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        565a2bd2f5ecfc37323e3b7bdd38344c

                                                                                        SHA1

                                                                                        266d8807e7431e22ff44c571f7c2b9a4b543bb2a

                                                                                        SHA256

                                                                                        bdc09ef91c0bf2d6d1daf3d8f2359289553a41993d2ab62c739060ef14ce4b70

                                                                                        SHA512

                                                                                        4147dbfb3249121da40c6d58b1185b2b3192d810cb6103887f952ec553dffb1079cc6eeafc3fb2404878378c2cfd44867481b91f30c8a58ccb498f4fa421a4bf

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d08e.TMP

                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        d54aa38d6b9c1be67f146d839a0476c6

                                                                                        SHA1

                                                                                        e9a2db272562fe8d2b86ae7f8886da894f3af453

                                                                                        SHA256

                                                                                        491ca88a86285575c95868a5d97c846c45304ea8164b5625c53fb540d0252e9d

                                                                                        SHA512

                                                                                        4b3729b9a5d677e843dd9ed11471531cba9102a5bac775c45baed7215d2ea7f3abf8bdf21ada55b257ae0755cad40e6793c4542bd1315c354181d5c9c4790e95

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                        SHA1

                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                        SHA256

                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                        SHA512

                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        df2e61491ed34eaa37ea63dde24b6876

                                                                                        SHA1

                                                                                        17ad188259b98ff03c84a51e06cff536c9c79f41

                                                                                        SHA256

                                                                                        136e23f62ecad649c11459bf9f7e2377488895bee820c8bc148515ed83f87c84

                                                                                        SHA512

                                                                                        17f7571a15f02d173d0b851b9ea7aec0a6a0fa04ffd331033bc0eba2bcf67407cfaf62d7fe4aeba34913206871396eb230fe2f98aa356ba85db1d24bcd82d3f9

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        9a6fdf8a2ce72ed21abf1ce370d77065

                                                                                        SHA1

                                                                                        70f7aff0d8bdb0835795da73393b0b66879c0e39

                                                                                        SHA256

                                                                                        5f099c48180d8aaafdb9541556e0a2a2a7219349818e40ba27ea32ab8689dfaa

                                                                                        SHA512

                                                                                        edc35eafb8a61421d4e976e21a36e0eeac6f2881e2c7f2d6d529b0d39029e7935d0b82d835e5096f9b938d5ef89d44b9e4d563b0e6ddac380cfc5f558465bf77

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        35ff3085ee8ce5a1ab4b3d196eb9db83

                                                                                        SHA1

                                                                                        35da5a69a72d92068cc999d60b5b30d73c7ce732

                                                                                        SHA256

                                                                                        54c8d331e32ff10859bb6daa15e78ca340c79aff1b91a9486fbaabd5907eeac0

                                                                                        SHA512

                                                                                        58f7413b8d33e3c28f9484c9bcaa8f9f7757c3f467052fe83b7d174a8f7cc57833a795d3a8eb4742dbce4b2f9df00d25c5eb5061e9b85396fc2101c56f008c6c

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        a9b3c9df1893bbfa50eab7f54932137e

                                                                                        SHA1

                                                                                        e0d86bef3844adf5df06d2aad728b57ab0118d80

                                                                                        SHA256

                                                                                        0ecdd2b14d6c2ef9d15d1fb92106837460f1a352ddc056bc0128c79b315b7552

                                                                                        SHA512

                                                                                        42111a437fafe3948bb72d4059a24f91169f01a68fe0859f66b4cf6f95fa1cec815372f0d5c36d6320885b50763ae4995f3690e83e79805731fc86ccb8c8a11f

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        a4240448a73135118ade23580d0092b2

                                                                                        SHA1

                                                                                        16dca859b52b922f1ee81644268c6cdc75d75640

                                                                                        SHA256

                                                                                        07cfcfa9e566873e4e48d35e866adadc4871f2d51c8781fbbbdbd4f4b4d8c1c9

                                                                                        SHA512

                                                                                        58efa4a11f8e72d9dfa712f0d5c740b28f925ba833bb0c6d3f10f19146442afffd813f15a1b633f555bd7fa78665a6beae1f5456551cfbb13c4cecb9097d5229

                                                                                      • \??\pipe\LOCAL\crashpad_1776_OFFWBOERLJDRDVEH

                                                                                        MD5

                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                        SHA1

                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                        SHA256

                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                        SHA512

                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e