hxxp://j | Triage

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://j

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3538781373-1545967067-4263767959-1000\{44B38658-146F-4B79-BD1F-D22EE8768706}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
864	msedge.exe
864	msedge.exe
4500	msedge.exe
4500	msedge.exe
2240	identity_helper.exe
2240	identity_helper.exe
4064	msedge.exe
4064	msedge.exe
2108	msedge.exe
2108	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4940	svchost.exe
Token: 33	4356	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4356	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 416 wrote to memory of 4912	416	msedge.exe	26
PID 416 wrote to memory of 4912	416	msedge.exe	26
PID 4072 wrote to memory of 4788	4072	msedge.exe	37
PID 4072 wrote to memory of 4788	4072	msedge.exe	37
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 3564	416	msedge.exe	100
PID 416 wrote to memory of 864	416	msedge.exe	99
PID 416 wrote to memory of 864	416	msedge.exe	99
PID 4072 wrote to memory of 4500	4072	msedge.exe	103
PID 4072 wrote to memory of 4500	4072	msedge.exe	103
PID 2108 wrote to memory of 2016	2108	msedge.exe	138
PID 2108 wrote to memory of 2016	2108	msedge.exe	138
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140
PID 2108 wrote to memory of 4600	2108	msedge.exe	140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://j
1⤵
- Suspicious use of WriteProcessMemory
PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffdf7f946f8,0x7ffdf7f94708,0x7ffdf7f94718
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,583764282333137268,352513995497722238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,583764282333137268,352513995497722238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf7f946f8,0x7ffdf7f94708,0x7ffdf7f94718
1⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x7c,0x104,0x7ffdf7f946f8,0x7ffdf7f94708,0x7ffdf7f94718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17099595625972627391,10509627054740245874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
1⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
1⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
1⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
1⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
1⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
1⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
1⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
1⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
1⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
1⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
1⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
1⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
1⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
1⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
1⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
1⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
1⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
1⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4636 /prefetch:8
1⤵
PID:4416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
1⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
1⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17251944123803637705,9247316430115633468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
1⤵
PID:1400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf7f946f8,0x7ffdf7f94708,0x7ffdf7f94718
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18066488383614810827,7461788951773443630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:5656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5b0bf4edca2187f7715ddd49777a1b2

SHA1
eb78099013d0894a11c48d496f48973585f0c7c0

SHA256
562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

SHA512
1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4db60c9bb06ea5452df26771fa873ac

SHA1
c118183a1315a285606f81da05fc19367a2cdfe1

SHA256
f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

SHA512
180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
01970e016f21490c29279ba79a124881

SHA1
36238c29e584f7807a19a4ef973b7695edf3b8be

SHA256
072353f790366143e619f8453a01ed54c291f1abc16982af257a3715a2844948

SHA512
a44aaf81725e9a2ee051323ed0834760c1671f96ffd84e36aa9fa0344196053af2ff25ff14e5e96b98364ba1d38f4da3ef0ffea9d262029507541fa5903df146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84da2d5a4b6c05d9e7da95acd9e5154d

SHA1
d51cbca88044d17d4a9260dbfbc089b8570201c9

SHA256
292ca4d2d49985bd01a3999e45f8efcfebbdbebe3c4c5ef96601ce8b478166c1

SHA512
f0aa0a00c83973af247ce3026c2cd24eb4604bb09fa8b1a7ece120bdf57155dc99bd568d37a22ffebe2120e6e6095bdf2fad51d52e3c25edf1269cb34c4534c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
52cd32f9e99b457c75b2cf64138bd2c3

SHA1
41d6db88cf6f581d10d479a68c13c8af902d8391

SHA256
1244748bcb9a6e16320b957102c42e18fbd70a75639f1f335f7fff7daa0e96d0

SHA512
ce658caa234a0e48813cc94a060ae1c73480f0c8ffa7e0acd0e6539ede29121357f52b916f4f52fcfdc1e47a5f022e80aba2f036e1f0414399fe37bcedb5ff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
849b53e4591803fb5523e73dff20ea9a

SHA1
280336c5a352cbd73527ef93ab71e06833086915

SHA256
dbb215cc06d1465a05266e1f438a1ebd61c1c41ebbe0c886dac5e7b02b027a05

SHA512
9d47c6fba139633e7a2ac67d8525caefb6d70631b709ebff2aea1be4faa8d3dfe875c3de7138a18f3bd970fd23aa55bbd61703c1998a5ed10d665887c94105bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4995416c5ceab8d39c26507052c88015

SHA1
6f60e382ad00b59e0a731f3c2501725cb14f0cb2

SHA256
9a1ec1791a7e70154b916b7b425303288555cef9ebc5025a3a532720a31a4346

SHA512
032272c45bdaf6947dacf2319869dbf27351b8dd44a2d70b5cc8a7bfd488656310b089ec44ca1e25a0bff091d18287382f9e0a8e8b178bf9297dd8553f943603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
747eb88ec78f331fe12c595b6ed28a65

SHA1
744f83ee7847c89f3435964b88bdb5a4698f753b

SHA256
a57f96c733b4e03f403521581bf3ee7da96575f81e6408e95e25814289da9518

SHA512
24b905786b604619c01f8ed40cf35066942a3dd6c8baf2fe3813864f314565465dcf1afc9a169ba7161942429d02cf546ede80a79bf4936e30089ed4cb42ab37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
fd0505ef7f1dce8595cad19d114de2ea

SHA1
166764ca6ff6e4faf3e97bad14db957f17e2feac

SHA256
2ec56ed4dd859b047d079163f90cd27dc7e00d7b402839d96397b299ca6975ce

SHA512
9ca7e84d34ba043b12a131a3cdf39e24f268ed262b49162ad925c01ffa43d7a4c1fbbc9a1608bc76035ef0a69eb2b6d1fed51693abe1faad7e7b09d5b110f647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
3114eb92aa8bedb1c98152d2e37ea0f9

SHA1
59c03c9291da5beb07b367b7b2c20fed780c08d4

SHA256
18ff3bdf3debb467322f9c0caa10bf0c5a32f9b7e2010d8eea1bc12cb4b25c56

SHA512
22644dac5129a71fd7b8cffeb9c2d313abe9a1ff9a6bcd768c159a1ae1ec19a8576460fe7a6c5fa36b6a58720b5dd59472ccd34244cc690004b4b921f2eb6741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
34KB

MD5
1b15151f04072b735636f0f75b3396d0

SHA1
e15192dcb3fcdcd3fddc9d4ef9d2abe1d1ae1543

SHA256
a194407e7f1287b168f81d14402daddc04c97529d9af1eac407c1bf66c027ace

SHA512
b2fa69c791e0689556443df38a178771e6484d847490266af415ba3bd3456a149cf02d6f6bbc00e3729a7889f22cac78a2c28bd429e9def80192d087d18e731a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
34KB

MD5
5764d7948f6c1253d76293a35691a746

SHA1
4b412294c701e5ef031061aace7f556911bdc2a8

SHA256
4fa2cd6bf832e4dd7222530b2f21844e1105f4f333d72557d57cac9f24a69730

SHA512
f9b5c789d6a06131001bff1fe5bee677105500ff74a5d038a84c40a2859f72d436b318fd6af75297a0a80d9edcbac158d9d4aa14ce251048708cd0ab3a96d109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
92KB

MD5
50d3e8919103b8778f6a789dcc9c57af

SHA1
daa2c28dd1d86123150ebedb3b514d6e04e8925a

SHA256
c8c12251084dcac7a5629a55d8ef08a29b6c1f3006bb34d9188454053c4d930f

SHA512
ea542264c4a1b5d37a99154638b939274823c4690424bf4b5115e6229416d53367277e5e697715fe8ddf889ef11175d3d4d1dbd8f008dcaaaa6369c8d383f441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
92KB

MD5
b77d6bf8aa9a31cfbb4f60c34efa0972

SHA1
19e69678ec015c20111da11cb7a08cb989c2129e

SHA256
af9bcdace47ddc31a00534391813bb4e217bef0f212bd90d7cb581504499908c

SHA512
6b50eeaa87105a6ecb9d62c0de5c13ca76658f1ca690e35867061006843970594c9b1f8d9fd4f86b9475fc7d3590d72e20b1e4489179cf296dd7958d60bc56b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
1024KB

MD5
5a4d163138540129ab354b7981e19afe

SHA1
1e23be77fd0bdcebcbec163797c1b75cc77084cc

SHA256
09f98271fced2e1a9e63ace127e5ff5e955a89ce1091881b4053b52dd9207fc1

SHA512
3bbda35970fb841dfd5816921f3fc250c42a2156b04aaa41f24a200f9767f965d9e9b7e287c77f6e93643e3136555d517ce0615904d193f77eea12e78c11ea1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
830KB

MD5
2c3bdcbdeb6b607e6484ab0c54fc2568

SHA1
be1f98ba84432a8431eaed5f1d2a37575d9a0103

SHA256
5d6092cf4e4403cc5113066a51bf6be433c75d3d5022c3b0b29b2c83b6d01044

SHA512
56a644e0969eb96d19224d1d8304d4a4af31e1dc43c6942375929397ac3615df144312f11223cbbacb7f8f08952759c2e5d4fe367a97242098b64baf19b9eaf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
648KB

MD5
6da93131a4b4d451fa69376d81cc9985

SHA1
c9e8407f73cc5206084feb706debf93a5f6e3d44

SHA256
ef79493f41edd53bde4f1d3230a4ed7c0dfa2d3b34dfe7c8aea26024be670e21

SHA512
9e941cf5ec138a522bec8fb22006da53ea14abe9a80b00c0757ee413ee187ea823dbfcb634c5a5d25bb78fa59e2a243515716cfb5b30a3de3cf326175c55aeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
38KB

MD5
005f735a84df4da9caa4cc02e831cab0

SHA1
561376a919a19c09aa4ba8c394e770fdfe3593ee

SHA256
5a1f0eefee059f0ae95d0139fbd1bb36881361e96e9826521b9c5ca84cd6f65b

SHA512
ec9c540c69768e07585c23460c89e8ec5dd473ceb93e09f53b1a1f4eddd2f7a4db5032f11abea096a373cc3db6921bb1d1ed24aded452219c47edd01306d5606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
16KB

MD5
51149d629a2beb9d34458ca2ecc70d93

SHA1
7ef1b336e1706d7595b33741ac53d84c46711a92

SHA256
1890b8ed892eb11548058373f974ad199d9deff76d615e4cdd18c473685d1578

SHA512
c354e8fc7515f22b781bc45691e8daae9920dd52d0e2fe9fadbef6b28f97ebb970b415bb6ce4c82a675b7bdb0d8381d9232500192454025aff1b655b0dc27d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b5181b563f7570e9d3ddacad5eea0931

SHA1
95afde40d1df328e2fa515dde28af77da525f550

SHA256
b575f02b5492da2bfeb2c04c291043b4b643d574713ff4ea19f18c14b5b07492

SHA512
ee312ad6d3522f49f2927d80f0a6b3081d18fae38655ae9286126b641a281058b46f2eb65c1cd089ab7ab7f34242a8a90239cc015c827410b1b702eab0a1bc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_store.epicgames.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_store.epicgames.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4875182c27923cb8bf13e82aa2c31ea8

SHA1
a6305419de67f778171554ed538b61b0a698a2e5

SHA256
c2dd76564bb2d681eddee12dcedc5cbca077be148ec99cc0ef82b7d8c8477f7d

SHA512
378c9510b549444437ffe781e8f4c6085770ea8abec725beefd5462e2c961de09ef081cd98fe8d14546ee019f5b0b0784a9bc82dfa474b6e891e6b682ba4e2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1aa5d26c10a7f98a89c9204d1d823be4

SHA1
7d6feda0836295c77230207de911514ab83221c1

SHA256
ec38f4db61b3ad216b01fd231de4afab98efaf8a796e42e25577695478fc7c31

SHA512
fdb6729e0af7a4337bf2106e3186f0d7d4324732d72f01862596ecf0a9fb71fb5d0942fdb12e69ad098ed10f05a8cda84bf5de7e3a987c4bb9784d5ebcc8d051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
16ef05c8803a587ffff951ef07bc7715

SHA1
515cdfb317e5abadfd79c16f11fd211ba969c89c

SHA256
fd8d9739ba410230e77811fe8534992d529176c8904d45922a117614abbcb20e

SHA512
161421fc05244b04aae7c60de12ed70528bfc03701ce4c202a1519498f84156be7e8800607d770ad921ccc718dfe26ef298471c409043906deb811ee1b87b30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbd320139332ae1b7bfe8402465d9f97

SHA1
8eb10b048ccbc69dabddbe15fcd173ad826b2462

SHA256
4a15b7c2426ef7c19b627b18a2ae7fcc5b07de19c2a0d47f4abc4220a43722ae

SHA512
76f95c59926f56ed1d3eb2209a2385e9cc4155667127a1aec873ce6bf32a1f327dd7dd257e82e1bfbfe9248783b11bcb062c8c2327da1615fe3def373f4e573e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf423270a3cafafd85c6abe5ca95a1b0

SHA1
ccbd50a4a3e470579f6180049af4fde7e2d09791

SHA256
008b11366a36593de2460ab62dca0676610dca1cff7a9bb81a2bc230a7cf0037

SHA512
aa0cf77183be7b7d83bd85e61a36ce9582629a8a5ef9c25d607da3d66a9f6ab7c7f159e7ffd526e868ea79eb3ad746c267caf1256cc6e2762937d563abf18d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
3676f3f14618355c1756ffdb070b1448

SHA1
3a058333c6745f79b131998423d886b4ca4f0258

SHA256
57c3ec88c918149c4ef9aab793125085ff3d53df45137796e2b7bbf54cefb2e6

SHA512
c484215bc7a37b4f11052aedb387e88bdcb8d178047154d220ee2c9800850fb8206644fc756c8cf094fe784259192c81e0c9d3a1d150b6e2542fbbf7db553f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d12f4fae73ea187d0a27fcff38ba4a0

SHA1
adad94884c0f047e67919155938cb33cab6f3e10

SHA256
6458761a21a7a1eeb5112e0c6e7277c13a254e6cf4689f9c8aa49fd90de7600a

SHA512
44cb8782100c367cb607004d2b90aa7b43ca151c1ee88f68c16bae15bf782184bd60cb5cc5812a3256fe6f63c48ee3c4782718a4a5a7bcd6b9b4ee4f7c1c710e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ab85b014be56cf86a0842bf60210b96

SHA1
8c9d39752d23d3231e15e246c0f884a47922f309

SHA256
edda43a85d69051609efffa0239c9332a4f4a2cc4506210b59b7e77391098284

SHA512
f884231bce8c0cd43e18def6c1df85208250f7fffdc1efb9c937ad0637a5311a1a3ec6d4db780552ca5c9f63691bc7edca805bef07bb93a85db23678621a23c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd9cb5aa8e476579fa1de747692ae7e5

SHA1
c9587a8b7fc484d6c9e223a26b5919163af9d19a

SHA256
84e4a73d141b97bf953041a55425298f9d798672ef05ec828192fb3cafe8d21d

SHA512
118006ec30b8d587a6ec370b6603bec8faef779c15b10132b4ff90e66ed920b2b2a710883490f748d8d78b46687db110983ceddd26f3cd9ba68b0595c6e3a59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8adcaaa6833ba65346dbb69595c4281

SHA1
21301192318c2fc44979243d4a8a4594b4e219b3

SHA256
7067c2fa8c36f3be90a42fcb6443d43c4a11f4f36ff89c0090e24f7192e2e7da

SHA512
2b92ca965b40378a3e19e3563fd4a7a87de7ec1afa42b1ce62644047cf771a479488ca7e78e584298eb0e22155fe3a46f91143a52903c149603a8bb6981c9796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c5162bdbd9bb67e73083dba77a02b8c6

SHA1
9d06e0dba5c44acb14eaf76afc966b5137ff5601

SHA256
4d7eeea7d926b386f49776feec131e669d96f2df94aa100aba04d264ff46233f

SHA512
1590813dd856670bc6d53281f32cd14bdc99b454a6f99315338eea389e103243e0a101e7ce4bda6ae02ed3f8812a7027944de6a4b206bdd61c05a22c615a59de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29f5cb6457b3ec9ecd0db44b2ae18d6d

SHA1
71fac9078bd187b0d16fa4563dde04f405750916

SHA256
0439f5dc925ff3af6eca930393fcce69dcbf234b49bddb3b39b319606531c633

SHA512
28a78467331d232cc2bd1b887e8eec951bdedb8791df63fba746cb6170974e991494405262af7f1791150d767092a702587292d05831e090e7f2d0894b33325c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d70267b4f168e27530355ffdd4e3c197

SHA1
38ae581c5938743983dd019fd1c9b1a95ea45a48

SHA256
6afbb9500ef7638cad1fe8783ad56cf9479d4e5d56b78f6f9d9adee31f6b0f1f

SHA512
283d04f8096908bacd93b1038563ec76a2e4e88653e063e986ccbff309fa7c344f4839752763563b36630ca735eea9537dcf31a9b4ce7fbe4537a235c32f6702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58078d.TMP

Filesize
1KB

MD5
a5d27473afe99bb34f5652c10ee5416b

SHA1
d352cea688d0d4ce7116472fb7da3c2fafe412fd

SHA256
fb182cce35b25186069c573141731c62246d9a2d378d8a16553fc5e66e7792c3

SHA512
c7f26868dd709b017b961d8131ae332c2204b76498afc010145256ba7f077f68c2e251d18899937a17200f2f703b960ecb791272fee59a49270f07e1181b5c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c7eeaac5edda99fdbf7a207e09a2b5d7

SHA1
1ae5ec2e8bb7e1a5539f028e9d8598b9a0521b87

SHA256
f0bc4309deb06c9767523db75d81eb2e2095aa07a11c9d202b1e67ad9076466b

SHA512
38f297089bd25e46515ea437a0bfd1a0dffe11b9ced51885f7841996d85feb5519072706d7545fdd29520683d89bf45e8461a3db1d377c19fb7c378a4d5bebfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
80241971fb227bcf8642fa922d2e49a3

SHA1
c8d09188a10476c58eab7b472191ba3475ff8813

SHA256
4ebbbff7a51c8b1632ced850fefadebf7c97984cc185538ed094c48c7a9c3ac9

SHA512
db03717131ed50fac54c38b80a31e87bbe2f8f9823da0214a885d51fc52c82b5fc13c82dc3fb338041d0f19d7098736358221d3bafd68192eee78fec56e3e62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c19f87ce548fa0a1f52c43e3d72072bc

SHA1
baf8978cae218267df18dbbe9eecdefbaa226821

SHA256
4fd4db79e263391639315e247e365112fe6d6e851a526d2e0a042fe299cd0a1d

SHA512
7fee3d0684413d68744e9bffa8374c7107ce2452c4067f399ff09fbd4ed0bc41a559384ad32e5d92b333639022d25a0c5a4f84ffaa7a2b0ba97ca8cfb1464b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af47291596aa3d01a979cf748caf6f44

SHA1
4c4397e41c0799e3fe9c3df74b495d34d43126a3

SHA256
b32c762467890430d981d825dbcf0a8fc9a142c68dd4d8cee10e07a420fbb5c4

SHA512
db498417b6a7be87de9763f271154c9dda8b1fcda2902911e46e80406d668d9819cefbb30a07688bce6044672d0349be407c1dc351974b2dd92ce7705657d740

Download Submit
memory/4940-338-0x000002237D4B0000-0x000002237D4B1000-memory.dmp

Filesize
4KB

Download
memory/4940-299-0x0000022379040000-0x0000022379050000-memory.dmp

Filesize
64KB

Download
memory/4940-315-0x0000022379140000-0x0000022379150000-memory.dmp

Filesize
64KB

Download
memory/4940-333-0x000002237D480000-0x000002237D481000-memory.dmp

Filesize
4KB

Download
memory/4940-337-0x000002237D4B0000-0x000002237D4B1000-memory.dmp

Filesize
4KB

Download
memory/4940-339-0x000002237D5C0000-0x000002237D5C1000-memory.dmp

Filesize
4KB

Download