ac893a94b713d132df7200c8bff22ad23b5e3e07ddf6e66a0103a3b93b2bff53

Analysis

max time kernel
269s
max time network
267s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exported Data(1).csv
Size

595B
MD5

e002a909b6ec307c7787417f6e6a48d0
SHA1

fab681cd2fefa835b772f7a56b0329d8696d854e
SHA256

ac893a94b713d132df7200c8bff22ad23b5e3e07ddf6e66a0103a3b93b2bff53
SHA512

22f15e5e3d01148a728fe72685c0bcc400329249049adb68e6be84b8ddf61e7d3de25e63b4be247a6b4764ae69a4ae33220c633c6dcc912f90176efae467afec

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1784	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
4040	msedge.exe
4040	msedge.exe
868	identity_helper.exe
868	identity_helper.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3896	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE
1784	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4556	4040	msedge.exe	91
PID 4040 wrote to memory of 4556	4040	msedge.exe	91
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2584	4040	msedge.exe	94
PID 4040 wrote to memory of 2712	4040	msedge.exe	92
PID 4040 wrote to memory of 2712	4040	msedge.exe	92
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93
PID 4040 wrote to memory of 1572	4040	msedge.exe	93

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Exported Data(1).csv"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98dbb46f8,0x7ff98dbb4708,0x7ff98dbb4718
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18389360294909457589,9864148198666292208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8387025e-b0d4-49c4-b8ac-565cb8a283e9.tmp

Filesize
7KB

MD5
e507bcf527b8095825036aa03f4ec44e

SHA1
ca06bc24ad436aa9882283cfef633b2335657bd7

SHA256
82411f3ee1c1e4fd10410c816cade76cf1febc861c1be844027af844fb5c04e5

SHA512
b68f0d437db00e04459a65cc90bb2bcbdcb70344a8b1553e5acc4d5a4e65c6b53d6a6d8505b9965ccc753b69b41d9ed43fa11ef873ae77532930c4598da97def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
b5f3e154fc6a9a1f7f91affc358a20b8

SHA1
fe5c98a953697dae538543d4597ed909999c2046

SHA256
9a5f3e28b91b74ca241d83f457f02973ae35cccc94069de6f3f8f80b4720c525

SHA512
3e51ed77b19864b2393a9ce544a888109601b7650958daa234e74da4845e7272b047c223da758e0fe53742d0649735b012d25bd51f9ba58bce43a619e69935b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
9c3e60e3b44f396f1cde61209ca441d9

SHA1
52df252a71ba9c959bb39d6d6974e4ddab6bc972

SHA256
9b0692215a5721ce068262ee8c77c0421244317180c5086e4d9b37bdb29728fe

SHA512
2a21098ec63790b883686735ee991a060af82eac7b5da7862c039f6393be915265f49d54f691756a293116f6ac9a5fff9d4f1b6a67eaa753e3ab6b98ca3b335d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
225KB

MD5
8e6e208f26ddd4ad322bd486bf848b38

SHA1
ab978c3fab3a236dacf86d9c2f8a329abeee48b1

SHA256
148258672bf5bd8eca680add350ec089b7316b59587864c95b2de6279687b19a

SHA512
9b3c2717c2aa9997f87cdaf0cb4707fa7813ec8dda1827660ca141d29e05522e4947a13a95055c275206153ac75e28d4e743ad058fac1f911a92d557c277a438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
143KB

MD5
eeaaef0c6107a3023a6200a482bf071a

SHA1
7c9f057f8e7cbd40a88b272ec9e473273edb6dfa

SHA256
445341489473f33828546217d74b05d106be22b733aefe124e604e104da9e0e9

SHA512
1f3b7b1ad56d614a8d21f024185e5b0a9d6d9a219ee431639a0daa9e05643f89e3647d06ffa19808c9a4ff699743db4a81cdcade49141e98172c5dc4d64d7bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
111KB

MD5
1e854dccf64b7733e818e4edcac93e17

SHA1
9b53a305052631afc38e046befff26612d2db0b4

SHA256
7628ef937a3dc60c83bd11bbd5f77a44f77610b944297b2b6da2449400f65164

SHA512
a4b04016543b31d9eceb951f6c4e9e2ed233c0b16e0edb9be9c5597ff3bee2a023abc42e132c10ddcb06427d02b8d19a46856a422eb8c90e457396ad26cfaf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
b28dec82aa28a92d4a8696fcd97f2229

SHA1
e669cc4889cdbbd768675ead1861d959816ddd7a

SHA256
4e8d8e4fc70ce2fcd3aba00bb8f77ef49b63fea871b9bf3fd2436a7ab7b90160

SHA512
1def5bcf1ff5332c2530a6eddbce3a6208383f54784a42b2b0bb1e6f16c95212215acb75ef2cfae797b03853d1175594ff2f54f6b344e07c7651ef52e52ef987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
59KB

MD5
a1ccb233437a296a13a22190b43e1721

SHA1
1a72aafa2682f18090493d3d0f6b0f1cea36fbce

SHA256
760d0bd4fa88fe36d023d14f6d1dbb980bef3f900b3a3223c2a407c31fb55673

SHA512
b107d1f699cceafea4dc913bfd5b9b0f5f4f234523eaaf86919c04cb91f9572bdf18aa496a4a8698518ae5fd1c11e287fac3ec80796d92d2cf8bc1781ef4abfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
52KB

MD5
891ffc3963b33f6eefca676c2f47d775

SHA1
a49a320cc4b539454f72b9d4f1374c0c970e6b36

SHA256
82f6de58fa7c4001deba5d7460f91f42a72c2df87e8e6e3d033a1e0867e5b338

SHA512
74cd4df156795ee0186ee8653032122bbb18bdfb4e44bee58b79745ea6c433909786fe0fed791bda5a9769b5931565c16caaab92ad66f7d0faa0a6a6376e2734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
41026f61b5c2f37d2a9ddff66edde392

SHA1
f919b60a772befbea558db728ca831fa9518c204

SHA256
71965373034be1b2394f5986da60880580cb051cf0baa3176be9c00dd842d40b

SHA512
dcc2f14b3f749fbb4a2075fb632cd5fe80a9beeadbc40e8ccb47da6fc210a6f7962e5791a3535efd9ca0c143b659c34392a106ed06a4faeb8e474d57f45218ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
23KB

MD5
fee707e56e0bc126840034e0ce87ef18

SHA1
a1166c6faa4397a29a2c76ed3296f7f034e238db

SHA256
594261e9101a5ca8288864590c36a4a71560481e31f2ba7874888d48fac62a76

SHA512
60f292fe2604304e1a91594bfb6e4f02da9fd44066dd1ed5c704a5b260db06041a5679651f58decc272f682274531ac4ce248164ff03002bf1809c6ae6916ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
55KB

MD5
aafc526d5c7c67363cdbb151325b5c67

SHA1
5ab3a25e99b71660ca410b764a164a1c80302795

SHA256
d8bddb566adbfce40de718f073a6471626d7e16bf36a14ca6bbdd071bb4ac96b

SHA512
e2c9550d1dd994151c4f184500ff16058872500057edaa71b4f723402f0e82484150a5b11dc3801f3b3f2c412f755826b5818f763eb87701d59694c16809af9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
55KB

MD5
779468d52fe55e5f1a6b324964e48b9d

SHA1
877b9bb9d76b89accd7041b7faffefbe86645637

SHA256
bf3098ba8c023481f13aad2622132303821e6bac10f1482ad8a384e97ddcf62b

SHA512
e255c5643d3437e93b911f063979ea75d0340b2af44317ea762fe03821ac2d85e9a3e3d01d98e50ec9fb1c7a95432ae28bd17401e668c7d5ec5a09e490304e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
26KB

MD5
979d76f223971541c9b7c8a79b7a69f0

SHA1
b86eb28bac6c7aaafeb905f2c0c456c3fc30d1cb

SHA256
0be3e1a7de77046492aed01f805fc0125a032d41e9163aa2d1cfe109faf98538

SHA512
107a4e0f7bba3c678c1514552b506472dd90a012e50a1d9e65bde93885b707f5e7df9ef1444af222c7fe55bd664c5e6277c0ec519caf84d988cc0df20ce73147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
71KB

MD5
442d02a96c1a6d402b3e208a5c0d0ebf

SHA1
579acddb5b8621366b51726b40ec01f8d21d3608

SHA256
be2782ac10e1d1b876c2164186806a6d6259541ad06e7a8a04f91b3e573aa5b5

SHA512
121fd41509987231785f17174fdc1f295fd92f5aad5a196af2ae4f68c9a0b6f484d8db989ac463f070a9b0ebaab0dc3a86871f6eed7a6cfe21bb6a16c49c2503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
64KB

MD5
fcecbbe8e4eac882f44f211c840775aa

SHA1
6e3ffc7b2796780f97ab933ccc2fb3ba854f1a90

SHA256
b611724979652d33689dea07f7069913abe14ae99ab170b1be85225b0b688fd5

SHA512
7325bb6d67ad9fbc6c3a6294f38b8d04a8adf43cb8514e61ed79d47fc282526e27f92fd18241efed15c7a44905608b03a2af3932a856aeae57f9d0776b94549d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
92KB

MD5
fa024c59f83533d58479a2525b8a07e0

SHA1
ba4212a1300aba9bec26cccef45d8c847e1dafb1

SHA256
6fcec56677e1307be1543d4d3fe05d898c06d0f4db82d886a7a3d6258ca250dd

SHA512
e77429f0fecf0ad853d545b007bfbb28c2b9106bb842a7589034d5fe3ebe2127d2ec55f58e228f151271249ab937a0463fc32c0b3ed5cd93e4dbed6ea2469537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
142KB

MD5
006cb1ca2dcd76f9a997c77db7352787

SHA1
53e987ae79ba0fb953472927ef3e67ab5edb7cf5

SHA256
e781f57fe51e69f402e399bda19a02622e6da68ed7275f65ad2a7de258b91ab5

SHA512
210c8c280e06c36782d2583054df4783a7605c9868a65b31f0a21ab0ae2c1fc1bd997fca2814c9073b58de916bdfdf417c92e64eca2d5d983389a691396ddfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
36KB

MD5
12a387e924e38568f6fb81254553fc5c

SHA1
bb620bc69970e402bc9d14ce4f8ce5a0329f0849

SHA256
204b0187e5ca2821e889187017705387809be1b662772bee69ab987d4a808021

SHA512
1bfd6422189ab95956ae063fb2c337bcc731d4d790367358931bf5ec18dc0e18829b8fc389bad5378111fb12c89eb27193fc54c5cdf87dbf91d7c2edf19c2e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02d89c66e3ff296c_0

Filesize
15KB

MD5
c88cf59fadd173cf4f5c2c6084467cc7

SHA1
797d85a87367b35b888778741d79c9a23b1c7ef0

SHA256
915fe4fe0d6c32890227559b9ed12e616ef81b9efc81974467538dfece26fb12

SHA512
eaca1da4f7a021da3078d7a1e970ad7d20f5a72080a9a42b77b0ecc52befe351d3f38b25b6cbe6269df006ed1b469dfeeece248050b51e48de5450f4163e4fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9b6cabeb81098d4b74a45584f68c77f1

SHA1
4e4111e592aedfde52e52a4237ec6f176345d48f

SHA256
14fdf374bc413faed8ac2d5d80f7a25766d31b2fc818f90a12d2e7b820f97898

SHA512
a1644b645bbec7b9e6f4fa15f5e50ec59f331dbb99fbc5733182112c1b3a2b8feb789a922e9020e8751bebb0be6aef9c385906c9e72b5a72524d613daad0f27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32586c3cbcfe8724b860962d8a7d42ff

SHA1
3e78c981d6340a6938c17b36a7324f3c5acc7ffc

SHA256
eb1682b7d4f43ecf6b43225dd2db931f3f10f8c643f733ca5bdb813fdded9818

SHA512
311317f505430f116ac58259ace7b532c835c6775040a087889d53ee1b330add47fef042cb04f45ec461eaf66f85db4f46e1d972267398bd595af0c4a712a060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1180d42eaf8c7ba5a10f2cab43b3a1e

SHA1
68430f6018db60b9144f5a04859022e7a01ead29

SHA256
951685f37dae03a45d698ec0a9e50787dfbf1ea6a7332bd97034cda26363900b

SHA512
f3d6acf1af12434e045ce4a7a71d6679f09d32290e31969b124b5f53dd494600ade671992051f4b305483ccd8cc9b31aec4d4fddefda4babbf1f2f7c2ac533b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4293e9b93f99ce60ac88be292fb2b1ae

SHA1
fbd020d74ec40ec6b3e562cfacf2b7da42457003

SHA256
b0df8b5a75b01e09adc7c6d487044c8238b12df7e7f7a8d6a140fb30f74a310d

SHA512
6b7ec29ec6eb04daeef89d0d3da26e7f5a98ee41e3bcc94ef8731058000b6d96fd3d6ea0c4f78c067685c8cc4442aa717db82ab4d12e61043454186c12ee6d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e62b0d429dc99b77b5ca58ca264f442a

SHA1
ca9820dff53f655fe9904342d96076a26183009a

SHA256
eb557deb9dc3e064bfba733ce42d4b82682c9e64afff75c5e490d8233e69f143

SHA512
73bdc6e682c8b2e34a0a9cecff0209e81ee4e12255075d17756939d8522775be14d20a41311545618dab7879cf60d4c555ac2138f24c72b98f6542b72bdc13ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
98266ed81652eb7fd0bc6e407561cfd8

SHA1
ec73557f0934fb26a8929b76a1416bd2cf25269b

SHA256
73bd0ce9c1483ce24c98f5f3ca38ea5f99eb982f7c72239cb0502b6833ba16ca

SHA512
e6e2a9d981879d8891337bd96d82101f37f0fe0cac2ac498adabb41389bd76f29340c408891635d9da7131c21811f503678ae7bf2d891f8f8c6541a55eda3fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05fe55b56759ef2fbe046ce45ebf4bae

SHA1
bc5a5656aeb09c9c2911a264b22165e04d648de5

SHA256
50544a73f3eb92fdf52ce9fbeb7354778dc5963c48d4e1207e5cba208a3377dc

SHA512
65c7a628c8004aa7df4943c93c5da180eefea33056a04ce85abc2fb75b14026983629bd778b42690864ad3eaf16cb345c27eae4244e75fde61633ec6fb6c7d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c3f2ee7a2ce50e8ea06d26037807bee

SHA1
69980e987c94b17d24de8ebd8ae8c95c49796357

SHA256
a0422c9f82b33f52ae7a4b8a716660ed30828900bedd2919c49f7ff26a871124

SHA512
4dbba2d62804805cf2bfdfcdc0aeda64c3ea9d95f3408e43a869e78607766f89291e648aa9d57f092cedb5e200d16028bb68f887643f0676e4669ebc3db43ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19f3fc0b1c8690f224b03702434596d0

SHA1
b855bbfc2411fe648f38718a2fa910c00a5fe281

SHA256
dbba3acba468351355064a045d322309b653fffa7fc7089d4fa55eae58b14448

SHA512
a0b86e734bf52c816412c2842f8ad0575d24adb53d73b1ff55637afb7fe807045133a438e118adb2f13643ec2101b34e82213fb32fa81a517074238116967f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0c35929a97052eb60389a0029c4f6a5d

SHA1
35ce47672128fcc7b1ea9feff6111ef15286ba04

SHA256
3c012b6f8e7eb8eaa68721696d30ade3b9d2467517a62d896cc243057b839964

SHA512
467146454f7a8b5d4524c2aba1df082252baf260a12488605d1d717a7b278eefeec955724a2d5c6e4f36d9b05051b4869e873307e37deaf4eaf02480c82cc5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
85b7868a92fe0e2a6cdf423db35b8e7e

SHA1
a22bb50ec4e22dea0ad78351709daa8b62d498c0

SHA256
e7720ab6bf0ba404eb8aab255e501250ca810a199dab16e0affe48427f39ef6e

SHA512
412695ea8b262ce6744210a75fe9e4b5cdf930d6013f632a9d1fc41753679142b6c657aac754a346d3529d2e5e12f3d2e4b49dc25e2ec6207d2d07c23cada6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e672f5c3dbbf4fbcd658f6e105ad126d

SHA1
7f450930186c6a084cd5ef8bf092e51d6a6c36e8

SHA256
2b62e63b39f5feb8d0e7fbc19a79857846705c940a50b4c1ab61b8589c09eccc

SHA512
3720eb268b6155d8b22218566affb73f48d943400e2afed14834362248c6a16f48f0ad837568d0466aa165ae56d659de20ecb1c4e2853ac468b7a6bd886abb52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
11daef38ddc9a3ac31f46d83b929a8ad

SHA1
0416989162241875df5468c50043f703a7777dc7

SHA256
ca373d57198902ce354ab48d2715b8eee5eff5c84df3dbb133456695cbf641cf

SHA512
a9c47b07301746bf709c782147354383f9e150e75ca483e5a78b2531d267917faeb85d468d0c27240e4c6cd3c2ec0bed8798631c4050df3f41525796a93fca42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc4608ec085d70998a5f3a2be7133c45

SHA1
da487d30f7f63efde4e44d78dea3205c13cc72be

SHA256
841ffef26b927b36155ff577b030ece0b3bb539d7bf6ae5bf3bae500b6c02195

SHA512
18f97bf2699b71fb905e5c5f301f09123cfe6a33a002dfc3823f3dffefe8850aabe41fd0a6b8dfe56a31b3d4d54a6158f31e358eb157c2ef8ce53546ccb8bfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3bb1d68a35634f59cfe910ee4b33885

SHA1
55a6101d6af6ac3f39f5e52b9410692a856d56ed

SHA256
ec2495b7d15c718d68002a43a620ff6cb831abc9903ab33cfb289d62f9ca6aa9

SHA512
84479e44b4809a789610b0b0c736e3df47ee49a5dfc847aa5e8bbaa6ba27119a92a489a015b8482f28e8040c89cd303c213673ae7d584d675dc6ff1cd8b34a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3bf046b0051974b497775880d44b43bd

SHA1
1ca7b8cbd1af06cbef9cc337742f35dc4965790d

SHA256
fe984d5d0d2443a4b00ec86ece9c8fb509fdd67782e37703cbd546babe0087d9

SHA512
eda3c408990a7510316205ebd78504de75847462d33a6ce768dc2090b000a1d35ca5051957d55bbb1fc70e11e8625faec52eeef3b582664fac037c73b1f4eb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a265.TMP

Filesize
1KB

MD5
a7346b12620daeef3cca531393d81a59

SHA1
56e061f3311bf5ca08e8a980fe80f17722258bb1

SHA256
12267644ba4f15dd8a11387c12026971f17fd547522116985d3f197c631e4d2d

SHA512
7ae2ebd31f1a12b344efb7cb44cfaebde08faccec230d24a45a1131055fc83f86dbbeb42a28870df87ce953f91fbbeab98fd70f44283506643d50db36b4b8cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84f2100b4b688889515fce07459d9f3d

SHA1
b1827a1e845ac86d32f93fae271306501a4f2782

SHA256
3f720b7e394ab14e00ca622890a64ad14ee5d2ef6ecf594366ffdd42cfdc24a3

SHA512
817a0f641375fac45b6491ad8dcd192d75b611ed469fb29cd37315e8873b40d13b952bda7094907bdd42a5873b26f083a177cd941a4ebc294c7e7be2f4cccb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
18930d184c1be9cfcd1f5b8c24179399

SHA1
ea8a083a602a0fc3609d6b8c0a258f0cfc2c3c6e

SHA256
ce1a5b8ef9da560a2752006cad7fb0deafd81be10cffa671d21d8213459540ab

SHA512
1e50bbbea5c62a7a6e26ad2f7150fd460d080dcd877903f3282cd66521b9393063e245b1b059ef086de3578357012cee74d258fec3a9ca6bf73b3f211c17b995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
7d139e7f09ec24fecb3e83865910b99f

SHA1
9cb8e18dbc3ba76ea2aa8ff757e26a0ee39ae089

SHA256
8cbe232a74c113206c296e816d3a1fe9e86b4b5f13247cb9d25d83f9b7adb4ea

SHA512
00f9248b7314e83b2b82367c727f0cf85ec6c134f802475696677ab27892de5d153f80dd585992eb6a73406f0ddef37a0fc1c0c291ee33cf40ceeff5cf0b90aa

Download Submit
memory/1784-16-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-9-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-19-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-18-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-17-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-21-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-15-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-14-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-13-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-11-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-12-0x00007FF968730000-0x00007FF968740000-memory.dmp

Filesize
64KB

Download
memory/1784-10-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-8-0x00007FF968730000-0x00007FF968740000-memory.dmp

Filesize
64KB

Download
memory/1784-20-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-7-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-6-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-3-0x00007FF96AF90000-0x00007FF96AFA0000-memory.dmp

Filesize
64KB

Download
memory/1784-22-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-5-0x00007FF96AF90000-0x00007FF96AFA0000-memory.dmp

Filesize
64KB

Download
memory/1784-23-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-4-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-63-0x00007FF9AAF10000-0x00007FF9AB105000-memory.dmp

Filesize
2.0MB

Download
memory/1784-2-0x00007FF96AF90000-0x00007FF96AFA0000-memory.dmp

Filesize
64KB

Download
memory/1784-0-0x00007FF96AF90000-0x00007FF96AFA0000-memory.dmp

Filesize
64KB

Download
memory/1784-1-0x00007FF96AF90000-0x00007FF96AFA0000-memory.dmp

Filesize
64KB

Download