hxxps://t[.]me/hardwarebrasil

Analysis

max time kernel
219s
max time network
215s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23-02-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.me/hardwarebrasil

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	whatismyipaddress.com
82	whatismyipaddress.com
83	whatismyipaddress.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{A747C3EF-1D09-4538-86AB-6536764473E4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2816	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
236	msedge.exe
236	msedge.exe
2824	msedge.exe
2824	msedge.exe
1388	identity_helper.exe
1388	identity_helper.exe
1468	msedge.exe
1468	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2816	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2556	control.exe
Token: SeCreatePagefilePrivilege	2556	control.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe
2816	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2816	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 1776	236	msedge.exe	78
PID 236 wrote to memory of 1776	236	msedge.exe	78
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 3676	236	msedge.exe	79
PID 236 wrote to memory of 4404	236	msedge.exe	80
PID 236 wrote to memory of 4404	236	msedge.exe	80
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81
PID 236 wrote to memory of 3088	236	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/hardwarebrasil
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb74f23cb8,0x7ffb74f23cc8,0x7ffb74f23cd8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,10304698803427442513,12348203806013837790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004CC
1⤵
PID:3132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2736

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2556

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2464

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1372

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\JoinPush.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\685ee346-4530-4c5a-bbbf-1911d93f3be3.tmp

Filesize
2KB

MD5
803f645e4eb37a657403f92bda56625a

SHA1
692ead911e06fd5acbe284944d8e0580af6ec227

SHA256
0439bac459e5b032cee598554a6037f7c359396b8b1377f8684cacad13056407

SHA512
f0fe29cbd01c0447ac54dd0642fa8ea3ee701659c7480a5898f73858fedcf7c051f196278e2ea61f482f7d1b0d1358965daafc2670ace90b60c10aa6b94562b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
ba04d67484e3b1ddc9a216d5052b72e2

SHA1
3ced344c479d8f9ce868557c027dc06ce1c8cb36

SHA256
be3d96f737a61daa5c72987cd69103bf699b7871455ffa018b6d6e350caca16f

SHA512
c05983c3f501d3f9d0488646dd695fd619b348fb79551ec1e0f437f49564febe0ea954eabbd276a1192919e579462f498510968afa406f03548f24e843bf315d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
d307ce6ce114ea2d363c2e709df6f9c3

SHA1
e8173b7467489dbcc7fa23bd6dc2557a70624ac6

SHA256
ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df

SHA512
6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
35KB

MD5
ff309afffadf8e6d33978bbc43de9a02

SHA1
332e792bcf1e64a41765b0254ddba428676999df

SHA256
8b95b8a9094a322ddb296375ec571f76110655dd653826d82ceb285010a279f5

SHA512
5383dc70b6fb67a346df1744c5cf76dcee77c59675c2b3bf9ff4c96b3300e68853f4d709bfc5a0ee5e44c6b0e037b39f3b8ec9ba96c0531effe8ae3be365c33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
22bee2640ac34235b9d906f2d20d9e71

SHA1
4c27986f6d024ae6488c46a13dc6e89adebe2758

SHA256
a89150e8c6f0395068bbc384b42184f6cf9d6812fcf4b5d99247f467d547af94

SHA512
0a0b39b0d255254d375f59ddd3a371a27c465de28e6be952fa7a1b6ede4941a942a73c693a1762bbb9babbb304167748e40085fcdd5e4a657b3049d72a36925b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c77d1c7ae80d7050b1f6f006a11dc5f4

SHA1
e4b7aba97e043b04b83fb9d1455a388473a428b7

SHA256
18bb5e164f8bc7b5d783909f1d81fc5e70018fd5455c3a908d676095c104b3ea

SHA512
d357cb22f6ac0496e8b4bc6a39d1984aaa0c556ef842f20f66b5454849c52b4d7bfb0cfee03adba25b1384638e8cbd79eb003cb2e5e0a7d8924c51431c056524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_whatismyipaddress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9782072a69eaa809afd3ac33c7510971

SHA1
eab68448348218f806054fa488c1f8c10e2d5d1d

SHA256
8581c92a4aaf1ca69b5b3727b689b0ed4b90119d99e917c492dc5290d5c2b437

SHA512
acbbae59700380d2867dcc72010ebffa6ad79c49955efa9548cea8b24a2d44345b1b8f623e92a176ddec107887664c08966acf86d7cc14cc546afd70cc985014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
8812989af4a5e258a3f1079b64fd0571

SHA1
b6bc2ac5f5f11dbd7e4f38d23362f8e943a26512

SHA256
43d7aa862125c2540689157a2de327c8f31387cdbd08361ca299b8b6579b02f4

SHA512
c2e754bfadfd444cb1e28dd35fe79a1d3e08a9f735f7b5b1ed86c51749830335b95d7ee7fd09953e07d306457e07ccb51cde063b21d6f211d1cdebe3606db636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43887331906d99a0401bfc95a6804ae4

SHA1
1605205f8a1bf53de2a89a65992bb1425567875a

SHA256
484062c0e23aa4ee55e00c59ce58627a26861212e578f569c9e91cb89585c1f5

SHA512
cd07aba859805b6d33487c9d2a01f39c1f644d2d80445666279c7b9529f680e7d5380038dc1fe74e5816e6dc8551f2e7ed218706fae1bb046ad36091ae282dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ff2e29bbeabba5007a591a240e45da1

SHA1
c62b1aa82364421b31c53c5ac826e0164654bb23

SHA256
eea7effb84221e90f2fd019ba1bc877f6c4f10486ec2b189b0c902c455dea1e5

SHA512
9404624c63f95eae6b376410c927fa2026d336add4061bc3c823d91369b5a8b5b62109f248a5c1d7d1f3e85905488cc4d00c5977a72cd3d1413674d407c99d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e786e69c3dea6b194a4539c2cfc65b3

SHA1
c42a9348878c92c2ca170e376220d2d254f330f1

SHA256
7441afd27a027fbf197d6b61981e591092635405b8e8f26f055a7a9dc8867752

SHA512
ff43ef2daa2142b30dd11403367685cffdcb1a3206f9a9b05f54adb377bc5939db7626d3e3c8e2bc5c45d5647f92a0d32cf04edf73dcf1bbd20dd46122b8078a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9df0e653a0c8421fbed9ecfef2ae4f15

SHA1
85f3b4fe250bcb624a62527cbe4d1c5109228a7c

SHA256
e7f55ec53db792331b5ed2028478a1ef7dde1c6fc55c385c7183d656dc463bcc

SHA512
7f17e6a278ef4ea0f9a7ca0adfcd53f7c43d334183aa0d6ec770fff16deb661c2652340f7f0c7455d64bb259885a8d3681a7db1a262df36abf9525188bcbe031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
778e31594fb86c0d130ffa114aaf1dba

SHA1
597f4686864783fc5a340fe06e3673a5c2b2008b

SHA256
b2060517dcb40e9ac5e7986b3412c18aafe2324df2cc74cf7051b1157432b321

SHA512
33f75476eb1851644e261ce728bb6d8ee20064bd5ba06e37ae6b357792feef8f7c8a1c5500a85e608eb33e8fd613160bd64623dde3b757d04f81ae5e299bcbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9905587b84ca9d64fe978d386ff7a6d

SHA1
19ed21156bab3b732cfc7eabab36b6c9e1a92d89

SHA256
d538b1523fdefda11ed8e31217ff27b714377400fec170c4f48765b8110a8eb5

SHA512
91520fd85d66035efcc0f0dedb78da431c1bbc2a88e9c633abe860964fadd3a27ec0024ad6c79cfb3d5df3416a5b64ea7a3f1a9a650aed260f1a74b6331cd5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
587340070b551b2559a2a75a87e7f167

SHA1
1f7ef91a1ecc48e766d35500ebca5d16bf9102c7

SHA256
bd7206948ef4ddd07188ac1d45f4f8c403e58232523b101dd99e55d66e564c0a

SHA512
8be7c8c004f8603db4c28773b77dc6617bb30064f5e6d3ce7f2f1d63755c4c9292f53ce9a1eb7c5a3824b1a2ce58667db7ca53fbfc1b987621efcabd096c6c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\f17013f6-3c86-425f-b9ac-4da06cab574d\index-dir\the-real-index

Filesize
72B

MD5
b834996a5167ee80e1588edff742344d

SHA1
b4157a1ef37d4a87de712334bf8512dcfa9e6cbc

SHA256
89f07a8bc60f62ce6e1e46745a0d585d298a50c1e05b02f74c2f37b2ffd824e2

SHA512
bfe1a146efd9aeaf09d2732ae73517cd8ce8ed0ae8afeea1e8139160dea1a8fc51fc541c3417fe9705f57e25252a708960d2437e813ab8050104ccb358295a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\f17013f6-3c86-425f-b9ac-4da06cab574d\index-dir\the-real-index~RFe587896.TMP

Filesize
48B

MD5
0943bf6ab40935924186efb3d270ee72

SHA1
3ddec5f6ffaa56a38f034a2c84b755ad39dc7e93

SHA256
4e282cc052ae95aaa70278d6301cfe4fe5d041837e226129bd9fcbf350c2daad

SHA512
2e91851c7fdc32436267db4ea6253fd747aef3c0467426bc61c8bcb2b9719d4f8c806a5877152ee371a9a323d0e141a46c261bce1346c494ce22e56fc71e9b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
92B

MD5
b815b3d6b052177144bfac07a5ff4b96

SHA1
94b3bda43d94f29ff2faa17d509ca65e82b3ff24

SHA256
45c438318b9bc52c20867cafb9f1052add43d57222e4e34156dcab4da865a1c3

SHA512
66fb959719db8e7832e2a8cfae78712f2bd48d7ca7e9c3e33c8c62789964c5233864bcb4c4b8089c4247890beb5fac5c427c532e8041db7198d0c779523f89de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
86B

MD5
2215de17e6f3a5a098cc9554fbafd666

SHA1
e00713de21f39f56b1b9151d30a974050dec399a

SHA256
c533d1772273868799c157eeb3b625019a7cc76adb75262e03aa24ad01971151

SHA512
5893aa08756d0f8b3c24bd02149afdff33233502c9bb036d75b7f85e6f83b7634e8fb291a75bf6fed1ced01028acf119d97134f7c63067fd48783e0ad142e8b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
55e20f93e1579a391110d6b44c05b254

SHA1
9629ddd2be5708b82421587e9a24cc63c67006d4

SHA256
836c35032b98fe183e3dece0d2b9029bc11a5c7e9b769d9016c35d3b7d70397a

SHA512
671903448ab63486e91eb6a16f409f39590ba9770b0ff6129f98eb6f552d0d2c45d9b7d139eaea08fa4c54346c811eea87e9680e3eb950bae5f408427ffff342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58776d.TMP

Filesize
48B

MD5
b9e37357b93d647b666d80a7f8b3df31

SHA1
05b929f6cef1e9ba1339e501d0b371ffbca2448f

SHA256
51d091882bc4bdb63dca5a5f7c22e245256f122e469feb8d260f4a9974d83dcb

SHA512
77f27ad1f6570de124217fb17765ac5373c19adcb3b4dfa882a28ecd60adf67149248228ddb99a6446f2b820436e3664473ffcf63e176467688f2fd30f6d1af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2614f0a9def382c3dcc4914dc95a2377

SHA1
9205615785637e81bd5611b7539095c4946bdb36

SHA256
3494b0654122629208099e0d88c09dbf9511bcb5327e5d9dd1b087327411190f

SHA512
d01c7351167dfc02e15e2bb26620b197537dcb45a59097c4837a51961810d78aaeffbe296ee577a311b7d196a6fe8d1d4cce6e63b06af64661573c09c254ce9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
527630273f6321035aaba71dfd9aa2e9

SHA1
ca00aa3a3ec02982cfbe1605434a491e53ad8215

SHA256
835c3b49d3fffb3247edb818b0b0b63e1e3f1158b4530eb76bbbdcfa211a226d

SHA512
d0efac3f1d0ff0e65d6a2607261d120d0ede47111f44417740d52267e85b38dad27720a637c1c54d96c720c82e02c69063523ea8ef9248d8123f47eaacfa3b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f55a05ba5ed507d84b91c5a6ad122f4

SHA1
afecbb97b43e05c7c59d2b60f707e54b2899db38

SHA256
04a5536772820aea48ff4ed424071055f9b08ac024a718df06b97da82d0eba66

SHA512
c7590e9c5e9a419add05ac9426f036f13b474346e009cb71b3d1938cc322538bcff9e83e0179cbcc87f04cf30d24c09834c4fb3898a3d7add27ed0bf059eaa13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb67.TMP

Filesize
538B

MD5
bf947cc1d90007de93dad51ea379adcb

SHA1
b79610081bb87d4a6c807a49e3fe530f4377ce9b

SHA256
8128f1f9e757f1d796673060fb6b40cf381be8fc74aaa952b13c9a6bbe09fb99

SHA512
f7b1a641c6205f23a5453effd842cb5578d62a9e3da0ef09605c9f87ecc42c10a7e42249193d1700c3fb1d5ebf8717bff3ea9d8ba26f406bdb67622687960143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84da4681c470f214951b68adc612524c

SHA1
dc8ad56b51a96272ef351a9591c8919270483a16

SHA256
5de9c3fe2f0328cc807c5b228bf845b93e0d61f5713bf5635c25c72bef7ba037

SHA512
1a4a9fc1ac0300b2ca79c7312c3cce183f89a17bd5d67329b669071d194f86d663b5030bcc96684f2ec14aea15cdd97a264ee9982c7a032e7fbf606e8d84d848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
991e470e6358c360651cbf40fbaae8ef

SHA1
a771f438d005d12a831133396a87e912d1e8fd65

SHA256
12304b2932003a451d76625f54f3118566818e18fd4ea4b8ca934fb66a077956

SHA512
b9cfa3556f865e486566b4953837188f297efedfaea77e9738a98c1cbc96b7fb6b5bcbd2c320ab58594dc1fca09e24dd773b56f29f5a649969b95200a690805b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9126707351f196c28f85d4cc02fbbd3a

SHA1
6e7b16f3a90b8fa87f9aabb9d14f95ed4bbc4168

SHA256
073361b216097eff1d846ceaac822f6e507551855e573f6ac9fcc3f64999e0d3

SHA512
521a0f838da4f0bc756d444cd2eae37ad6f22447af6317f9c741f9765a53809506858cf7dec61256d7405a07de90ab9949f45bc2b72f820586f00c538020a469

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
be94b005d1ce65238c794451c45b2150

SHA1
dd5dc61d5ca75bba17de7e61789314e4f1fc9386

SHA256
f7560ebb0cffa3b5f96d0b8f77cd7ab583c8a5865e0d601fdc016a4d045fddfc

SHA512
aa30896eece8f9ee510ba00276aefa322b9ec7bd7adba5586d970bd1882ee40f373f3ab2abd5ddcb02a29137bc749854f0b9587c65f4999aa5829d02a4973e03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
58991131b0b329f572c2afaf68dfee5a

SHA1
fa6357e12657d1408141f149852aeafed7136458

SHA256
067f477b7eb1519b4051b18b774df7b969ccd82ac67384efd9f97c3e8c91bb27

SHA512
18d70650aff50f0e938d1382edb38f6e23445a23f0dbcaf21d72bad42c9c3f753d50b3f79263e69522f53dfd77faa8c5e1741530f867e8a556c98be650c727d9

Download Submit
memory/2816-1121-0x00007FF6AAE20000-0x00007FF6AAF18000-memory.dmp

Filesize
992KB

Download
memory/2816-1122-0x00007FFB742C0000-0x00007FFB742F4000-memory.dmp

Filesize
208KB

Download
memory/2816-1123-0x00007FFB62020000-0x00007FFB622D4000-memory.dmp

Filesize
2.7MB

Download
memory/2816-1124-0x00007FFB60760000-0x00007FFB6180B000-memory.dmp

Filesize
16.7MB

Download
memory/2816-1125-0x00007FFB5FC20000-0x00007FFB5FD32000-memory.dmp

Filesize
1.1MB

Download