fd493c783543c28e5744915b6c8603a38dea4a22bde1ccbfdb9ef20f094626b5

Resubmissions

05/03/2024, 20:01

240305-yr1essgh93 8

05/03/2024, 19:59

240305-yqdveafh9v 3

05/03/2024, 18:50

240305-xg69xsec3s 3

Analysis

max time kernel
1042s
max time network
1035s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MDPatchv410fix.exe
Size

58KB
MD5

aa4aa3ba54ef55906593bdb94d99d34d
SHA1

3f3fcfbdf5c817aa4eac7c4b6ebb4c9100933ca3
SHA256

fd493c783543c28e5744915b6c8603a38dea4a22bde1ccbfdb9ef20f094626b5
SHA512

73b045889cba2d3dba7a25e9c5884537cfa7ddf1e663ef6c6ba44fec5fea304bd3837b2830b43204120d9da1083a2cabff229780e07ade94b06d5d53e8b0fc82
SSDEEP

768:vVNYvDL5aqbo/pNgV/XY6CozORpxXiz9O6fyGg+qZSZcvsBlXB7T45Uh3B10:viLUqbkvgVWrTyzC++jUrx7Th1

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
1152	MDPatchv410fix.exe
1904	MDPatchv410fix.exe
4424	MDPatchv410fix.exe
2388	MDPatchv410fix.exe
3360	MDPatchv410fix.exe
4564	MDPatchv410fix.exe
4008	MDPatchv410fix.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
262	mediafire.com
260	mediafire.com
261	mediafire.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{C494CF76-E444-476A-AAAC-9A43517D61AF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 757793.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
752	msedge.exe
752	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe
212	msedge.exe
212	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1772	svchost.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 3768	752	msedge.exe	120
PID 752 wrote to memory of 3768	752	msedge.exe	120
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 2504	752	msedge.exe	121
PID 752 wrote to memory of 3952	752	msedge.exe	123
PID 752 wrote to memory of 3952	752	msedge.exe	123
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124
PID 752 wrote to memory of 2340	752	msedge.exe	124

C:\Users\Admin\AppData\Local\Temp\MDPatchv410fix.exe
"C:\Users\Admin\AppData\Local\Temp\MDPatchv410fix.exe"
1⤵
PID:4916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb35f546f8,0x7ffb35f54708,0x7ffb35f54718
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1100 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:876
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Users\Admin\Downloads\MDPatchv410fix.exe
  "C:\Users\Admin\Downloads\MDPatchv410fix.exe"
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3012216403853001007,9531218061465785873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1524

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1772

C:\Users\Admin\Downloads\MDPatchv410fix.exe
"C:\Users\Admin\Downloads\MDPatchv410fix.exe"
1⤵
- Executes dropped EXE
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
95ca316d5c5deb08c94dd6dca1d759f0

SHA1
6c826f4311ac04f37814c3cff14b43c7b1aab290

SHA256
5a441f2e2b3b0b8e005660c297d8ed4864bf71ac480a7cd2c92e0f8d4a68f251

SHA512
4951a21627989b5dae02f29f4c75cf65b42b074a1dc0116a37299153042e1f773ca3931452f3023eb5b26c49c7b44b4f0391986fad80a8df2d0b3fabfb35a20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
37d48c3265e55bb1d26b09776fcd877a

SHA1
dfa74b79989ad3e20c4b7cc4e03afd49e4b1b643

SHA256
a74aa40dbe7aaa1ef6a8ff97d9ea5e0c3ce3d22ef2132d3812e5a84728db3e4f

SHA512
2582275d9fab23fb39ce65cb97571c1af5f4e403741fd894f24993fe9bf30afb8807b3278b3f1d9454a38982303728b0b53e931ef76092fdfad7e0877a0ecc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
f07899b2fa8398870c2dcb5d7fe44fc5

SHA1
6efd418ec9d45e731cf848b75b52cfb6124e773b

SHA256
732fe8afbf4fda320d34ed9bb0d4d4f5525879ed87784870face53eb50ffbaeb

SHA512
0b30a0d01277d2f3abcb85f3fc16be3b07fd826e9cb523b73fd9e45bc5cacab03e6f0486ce84cdeab01adb70810d6891d87dae036e525959a4e97114588a900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
e12e8601e7ee545dc55078166b6e7578

SHA1
fe69cfd429780910fbd176eccbfb2f7b11fce815

SHA256
ee982f27e60c37eca1aed14d54d1aad6923b42caf6a1fdc599ed76316f0aae0d

SHA512
644ccc343c10d19f5b5222a4f9b37c4460cda349c115064fe02802557ed5fa8e627de75a1a3ec611b09798b81126cb102c43237eaceb7c3212bcab87c3c371e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3a1693a41f3d07e2d89435be02b04ca1

SHA1
8903408339a94748bab82993a5c096b893db0f25

SHA256
715a29f4a09bcc40a0b5c2487e6f19db627fc919896a0d88eb4215432fc05a8b

SHA512
f4c84853da55ee54ded784bc5f30f1aa697072a359bb3bfb85e284790160619abbe8809ddde3c2285a6c14a3426a01a5c85bb2762015a89c261a351b7b8a883d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9c400dd73c51e5c9e448798052ced843

SHA1
63e03102d1b4effd3ba06e026970e6e70211f7e4

SHA256
f90c49dd75d9d391f58f092e9fde07a37900f89016dfe59b7bb48507e10113dc

SHA512
307c7a78f853dd1bcb58bc15d22c3dd5e9d15a2fa2c1974370e42232236cf97615d7c02f349b7258b2c0d7f8f612ce322e7a07fa72f801d5020a9a3024bcea76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e26fb0de9ddae38e6e067aa65beb6538

SHA1
a5c2bd715888aba31cfca179b5c8cefb8ffbbdce

SHA256
159d3e24a03db58ab8f580fe43d493a46ff30e119832db6df10e41e74d69fb53

SHA512
47734e3e5bb03e6d3c2abdc2bc9b6f90185455155a63e25e170ce5898471b9ee650685c121200f4996eaae9b1d4f2ec3ad29ffdc46fca287fdbdef365c72d09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
731c1d55ad5df038b017599f3c9cf27f

SHA1
d24cddd5500acfabb22260a49908e157acdf0461

SHA256
6b52f10e78540f4530998e76bb375ec9c2adc5816581537e2878fcd3e2d8421c

SHA512
ce62fd3c2ddd3f069969d4d34f6e40cd351ceef41784330ca888030220b63aa96a0221373b1c86b08f145c2ae3bef0c0b686632cd28dadd1f6c70a5122ed1382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
550B

MD5
15da3061e1433b80db81c641654103f7

SHA1
b5e0c22995d75c1774bc6fbac66ddf0cd20fe148

SHA256
5504402195fec58a500d0e49c0470fdd683deb4afe1bfdf03e4e5f857d9e4734

SHA512
aa40d6d91ccddc37fda50dc0d073d5e16c553104d489a9bb688ed51524e33964af050515fb2281779fbbd16e5cc3fcb39aa46f4e808e42e501517b18111ea6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
95167b08b484e77ca194f64e8fcb959e

SHA1
33dbf18a1bf52af7e3148f9cacd43b84dc960710

SHA256
3605bba7db67dc243b1b902a4aede1015f7890e32a32634f5ea2c4f958c2f3a5

SHA512
71bc90a601c614d2ecbf9e67a2178a5306b78dbc7304661c32aa3c0c790474b189dea3527ed95116cd8cc0e5f9fde699cbbcd1fdc636fa50517adf1a2d993251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
917B

MD5
9ae7bb73257a78e623eef5b056b23177

SHA1
7d0d968d1c4827828e381b7469fa23796c6d11f2

SHA256
00a1dd25cb125e663ea72b001713a7fe7f69b1f413b4f5659f2c20c82b0d4d15

SHA512
53044774f13fb9115e66bef4797f35e06f2fac2f0af69e53c251c28951582e4c1545b7196f2083587db8cbe3264b3a34918066c8f4f3dcfb9d475238f9ab68e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d380f2e8724e7f058ac925f336ae4234

SHA1
76b051a8a342102cd5444af27e532736b56b9e09

SHA256
3d252a9fd4a3453cbdd219ea2dc4ad6b894dde1c9768a739fc61dd77a969227f

SHA512
ed36e65200804ac5c44cf846fdd12a5dde7768a4a81ee26fb217d5f85ff10608f7efa0e50ab9f148b81144a142a0f87c068e8647a26d621e69b1e0faf31f3f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2992ac107d4477255adf5f6121dfb786

SHA1
a04724a64266ca45f7803cac777ebd1faacd8cf9

SHA256
de9100db0134275628d5c6d521bfbf89ac5df2083f7b7927916111d4d5c6635e

SHA512
6152851d3405bdb875f492bec6a3a1da098238c51df3f571931e5de14d4cbd85ef9117224cf894d8ad74282cdbb3a679edfba9d056e2ad21cab7b9da06742e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e101a98b6039fa8a70b39f8f8365ca27

SHA1
d9f04271c790ad0214301b694b8aa09d53eb8080

SHA256
aaf016416bd7dbfcb2b919c394e22dcf39f1aa252984d9e1f171dc61a9357808

SHA512
f77835c97c0ac57f1460e56d543accbf89538d856a17cf2dc8376a40017ce0b5a16c66d8b10dc89263527de5ad5df3a23b8488736936d031ae620ee71f3a8f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
defdc7daa033254f2a7345990e0e51c5

SHA1
f5810d6fca48d1d1f97bedda8163829647181dcb

SHA256
cae0f9eaee693bfce0a3ad7e93b2ad7c453f784c1fcd08e10e548fb14ae1e38e

SHA512
1c7bf183b76124e252656ba5df4a070a45a5f1703f77e02416026422c6c3ae506eb068eca217875f35ca5d4b442b84f00f84a182dfe5e7c2d5ad5ea5f183a8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3faa471d57e0b9fb9c0daed5e629bec0

SHA1
b78d66d424534576654c7593e3e0afd9e5cb4a18

SHA256
7bd6fdb371db4c0e163aa24483e3856a6807ba23bfac7e8b1fb86a3ddac93ced

SHA512
9c506d9af515ad8fa97fea44e135d9898beb3705d8bec4a58db656fbf4731fad9abf066829f4701811608ae366e991de49d346984bd875afb619b25051621073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a41b995329299597ab67de284d08d440

SHA1
8a584fce380e91cc659b7d284ba02f8cc1019402

SHA256
4d182bf7f81a124f7d314c71cd7cd61681c29e4572b848d8dd3e18440dcb3598

SHA512
0d2972fbf544a98c53d72f017c4c5d9fecbeb3aa92dfd1f51effde580dbedbf42df21ee010c7c700b0f4cd4b9c4d7b671047e8aa0956e8b7567f1813948dad3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0d572c22bafec5d695e6109827bf93e

SHA1
e6236ec65fce2081150cf32df1fd4616baba4c55

SHA256
91b13d69c4517bd249173dfb9bf939901a7bf20a186b0e11ff79ddc27362fe30

SHA512
9c1111f19d4d1c1993182dc13d761027042201e0fa16566f9c34492f766d8e2f6a794d0dab3983338400fcfaba2b178dbe10bd76fdad79369ec29f38e50c7cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
cdbc3e38246ac586078b7313bcb55183

SHA1
b20244eb56419bf3d89223b3afb5be9f94b968a1

SHA256
1b8d1d0a80a19b58e03a22527c519822e9aa8ec29e9455a236aa1676aed188a3

SHA512
2c2026f8566d0b9190dd36569eeedcbea75dfb579c9f66a48f857f97a4b169dd47ab354c55d62784e64dc4dc52eee252de1c8e92d6c21b2f63475e598d127d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
039a439fed53d33362aab47fc660dd56

SHA1
4cf41957b570d5533d7fb4555ed91130854415f6

SHA256
6e588c8b8a7d52e400f313036dc6d197a763c1fd6df40e55f1e15f35c7e346a7

SHA512
7ea06d81ca374a1f54c7b2f73801816e3084f11dac51ac9bbaf8bfba38d62089b8226e274ef13ba6b734a5f90262f7a4e9a1d3e4b92ebda79701c903f08b4505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe61b584.TMP

Filesize
536B

MD5
f68cbb070be44b3b6bd642834c7317db

SHA1
1cb5f42d697ad6af6bda2f32a3b0112cf99a7619

SHA256
4de550fe6f6d7dd181bb666b8c535cbffd1535241401fd9069d4f8735146c9d8

SHA512
3ea4c273f81cb293ba82b016b30303dcebc5def1aa94e118b21522dbf5b2c61057b51691ef503382fabe120920c932e2c676c89a16b52e6df260b3a59ef181e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8743243ab40a7cc97c71ab758a2608f

SHA1
7912ef2720f3477019728ab2038ad55ca7ad5bbb

SHA256
b7994c3e8552dd260b640cf545bde8e51094af665f24b49d7a5edb5cfa15fddb

SHA512
a929e9d04ae9e988676303ab637d32cc16c7b14714c58fb783dfd74f114900e6cab41df85910fe21686181681268943aa9c85d93495faccdbc2e2d11375522a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
21bda4d7e0fe35e8d7c38a4fe9e3f633

SHA1
bf6a6002b0bbfe61bcebdd707286933ee5469a11

SHA256
74a0d8e69d7a0bc587fc0cdacada0b5de85dfdee49b7e352fc5df174909525f9

SHA512
877587f5c4f45f666589b9cba04cc1f2a9de2af371dae329fe9664323a487e933f402e2354c2f1a7f229574860d86e5bed31e328b0c33f0bdca287bb2bf6206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6b74aa072d913b05497c36b17657a5b5

SHA1
c39d6a128104823bef4c4985491d274a87dfd202

SHA256
942d32f077b56bfbd83790e2d9555d9e2f191e278b0fc567e88aae90b09e8e03

SHA512
e551d609f678b3bef8213c0ee42ca29518ae0831355ec880a4c2ccf682f258a6f246bc535f917d596f5b91a310a61f234552c11f05944f6a686e957b671837cc

Download Submit
C:\Users\Admin\Downloads\MDPatchv410fix.exe

Filesize
58KB

MD5
aa4aa3ba54ef55906593bdb94d99d34d

SHA1
3f3fcfbdf5c817aa4eac7c4b6ebb4c9100933ca3

SHA256
fd493c783543c28e5744915b6c8603a38dea4a22bde1ccbfdb9ef20f094626b5

SHA512
73b045889cba2d3dba7a25e9c5884537cfa7ddf1e663ef6c6ba44fec5fea304bd3837b2830b43204120d9da1083a2cabff229780e07ade94b06d5d53e8b0fc82

Download Submit
memory/1772-749-0x000001D6D5D20000-0x000001D6D5D21000-memory.dmp

Filesize
4KB

Download
memory/1772-759-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-760-0x000001D6D5970000-0x000001D6D5971000-memory.dmp

Filesize
4KB

Download
memory/1772-761-0x000001D6D5960000-0x000001D6D5961000-memory.dmp

Filesize
4KB

Download
memory/1772-763-0x000001D6D5970000-0x000001D6D5971000-memory.dmp

Filesize
4KB

Download
memory/1772-766-0x000001D6D5960000-0x000001D6D5961000-memory.dmp

Filesize
4KB

Download
memory/1772-769-0x000001D6D58A0000-0x000001D6D58A1000-memory.dmp

Filesize
4KB

Download
memory/1772-758-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-781-0x000001D6D5AA0000-0x000001D6D5AA1000-memory.dmp

Filesize
4KB

Download
memory/1772-783-0x000001D6D5AB0000-0x000001D6D5AB1000-memory.dmp

Filesize
4KB

Download
memory/1772-784-0x000001D6D5AB0000-0x000001D6D5AB1000-memory.dmp

Filesize
4KB

Download
memory/1772-785-0x000001D6D5BC0000-0x000001D6D5BC1000-memory.dmp

Filesize
4KB

Download
memory/1772-757-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-756-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-755-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-754-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-753-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-752-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-751-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-750-0x000001D6D5D40000-0x000001D6D5D41000-memory.dmp

Filesize
4KB

Download
memory/1772-733-0x000001D6CD740000-0x000001D6CD750000-memory.dmp

Filesize
64KB

Download
memory/1772-717-0x000001D6CD640000-0x000001D6CD650000-memory.dmp

Filesize
64KB

Download