hxxp://u | Triage

Resubmissions

07-03-2024 20:35

240307-zc7q1aeb4v 1

07-03-2024 20:32

240307-zbghesdc56 1

07-03-2024 20:31

240307-zazydaea6y 1

Analysis

max time kernel
960s
max time network
1041s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://u

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{B5078585-9412-4794-B9A3-439F6E36315A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
1056	identity_helper.exe
1056	identity_helper.exe
5540	msedge.exe
5540	msedge.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1712	svchost.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 1848	4236	msedge.exe	88
PID 4236 wrote to memory of 1848	4236	msedge.exe	88
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4424	4236	msedge.exe	89
PID 4236 wrote to memory of 4884	4236	msedge.exe	90
PID 4236 wrote to memory of 4884	4236	msedge.exe	90
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91
PID 4236 wrote to memory of 4560	4236	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://u
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff971ed46f8,0x7ff971ed4708,0x7ff971ed4718
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=3432 /prefetch:6
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5740 /prefetch:6
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5548 /prefetch:6
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5396397059835734911,15186819847090339974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x324
1⤵
PID:5956

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5532

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
26c6e1cd5ee3b680f9b28ca22ef78cb0

SHA1
85e6c3ef03f0cf3c47e1e44e9773273ffa761534

SHA256
3aa4e0e3434cee0859333226241f4078a2f1449bdd4e659866e94edeeca77574

SHA512
d48306f7aeb37e2252d02a7cdd5e3d985859cef813fb9a95c36ed264844534fe2492ade1f11b55cc2bd00b701be3dfd7e364398672b9d35e08960b79ab71bbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
30108d7db41e5c653f635b1f065be23d

SHA1
90de23907503fe348393ce5e8d6ae1f87ed1209a

SHA256
22c401ca7ff630ffcd07ac27bd9f2527474b6204c70b90876f922b3f098bcbbf

SHA512
c2d2c163f6d7625363d1a5c1931aeb703d16933c0f05d0e0ad52357b21f6a9eb4431b830c310b280075e25dcbd6b414f155d3ac1aa2e2bbc879abbe4cf6b3183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
84994fcf8097108d12070ee230bd993a

SHA1
028e099a72016d5f166d30f3da79de24b2996076

SHA256
fb0692e6d9f0f07179b5b1a1db785c3c2d07462af60324636257b16eedf222cb

SHA512
26f71425fbd29e1c03e62bc3702b4f4e57ae12e67ce5cc06ab7a242d91d3b3fa3a03e101d1ee9916d1d34dc1265df3bd5e55d2ffb8461fb70a751f642ac0fb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fe400caef6bd201ff8cc18e2206b455c

SHA1
74a5b9fd728ad53d81e57c98e9f26278ea39c0fe

SHA256
2c0df4d2fbc2cdea493e9542c38e2a1a516402d356748625e12fd715178ac77e

SHA512
a1221ed36da5f354518e2ae56107c91301520d64e6251a36e486620c141c842afad44f075049a3899ce93a9555641b2ee450b0e5e55d96a94be6b6f01a3832a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
484B

MD5
ee4afd66395f4e6f38f070bc884399d3

SHA1
7b67c32c17e6b089ea4c67c837a58c78dce7878e

SHA256
a7e5d7147297250ede4c571b4c716de666763646790a86ed001e0b42fad4335b

SHA512
5d5c11a9ff485f0cb9b74895fe075d1d6663c762aac8c4e3241be97d5264bf0d3ddbb4b9e7594ab650825143a1e20a8820f6dd0285a8913f66608e31a3a89f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e9896d118021273e8ff8daf016e9e045

SHA1
652f8007a1cad303b271670586905f3c3971b805

SHA256
413ca8b0b7e6630704fb3281319404c759a5c5b20ed7222ed90b20ff78e68d6b

SHA512
e0d2bfb81704d2348603dcf2a94a8c6dae02533f76fc130ab95004a6a84f4971753f8e06d41af5b65aecf1ef1bb7ff793fb64d21551a1ecb1c3fab6334d1db4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
322b76ea89a82cecb342aae1e8159677

SHA1
041ad7cf632d780f419d83be2c92e6126f4bb4fc

SHA256
e6831b5a7c237bad66213b6c9f12526340fd7edbb6e583f293faa61ee2e2a276

SHA512
52d7ad5afeaa367631c1fc3337bdef59a5096f187304175a16de161e60a9130f25ef15c00c886698002a262fbf6ea1893dd5167e897570db3193f73cc784a49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d3d09188bd2dfae17c5b6d3e8ad2927

SHA1
3a8bf1c40158453d9606caf5b44a979a15510dcf

SHA256
08bb1acc867cdf57c4cd4aee026df41be78ce034f2d2ce172467a97d54bdbf02

SHA512
4a04f0da594731eab74fe30c8faba1e262da86860ac6b4bcaa81c64a58ae53bb9acfb606b13465cf45ad8b39d7b556de285b132842df9dacfb216219beacbea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54d3b536e99020a319aaef88d4b51e59

SHA1
bb2552217249a55097d65b8b984cf6d03b66faad

SHA256
4824049ca4641dde2a9657d78c2ba48cc2a571a296d17853769d91c83a145ecd

SHA512
86cc167edad36ffaa2c9e533f564a236dab7e5a6ceb5db5c0b7e1d6f8cee0a52160fa6a6af210fc2af42d3f2aec649a7c6dad61db5ba088da11ede016370d271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
905faec0f47f1393699cbfc852adbe09

SHA1
b5d7cc61ff3807a5415dc0abd5d62824ddd365d5

SHA256
424ea0b0bbee92d528d81f7f6cf4fa83882c7fa888ee26acc41b007621a538aa

SHA512
c773a07f61e98b50d58662c8f890741789725fca245cc945da865e90416e09e03da9268688dfaaa2127c2884deb10e234f97349d757716f6090e9d513a12e40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7cfc7345664a35ca735318ed7b9ab774

SHA1
027d9250d52b7c837aa6619156fb68804ab4c3e7

SHA256
5ec54fa9880d55520ff38b95856ef8d2fa4ebfc45736c518daaf57b4a08cbc49

SHA512
6406acef4e5a752e9a0285fa8f5d8ab2ac5eb48305ad78a69ae8a2e4e1b45df899b31833222a36ffe7128abbde11080fa0a2b58b22e8c96a87410d324e19393c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb6c1f54a93ec6325175ac163e4f5a5f

SHA1
53aadfeeb3f1cc282d18e4700f76baa58f6dc9f2

SHA256
29b45da5842c0c27400ea3d04e769fb617d9ff924a5f6200e7a9d14ff3fbb8e7

SHA512
4cd6bf977682af25eb7c74ec11c013b9398368d7dce4929b05278cf1ffa0943b517935cc1f51963591848fb30db174078eb55bea5a3fa1dbf4f457a6775c0c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
514713aa603c47f6bf7a43871b392ca7

SHA1
bee6e07064a537f855601ce6980dacef35d6b42f

SHA256
101110a672255e57c35879628be73501674a892ed25a517cb24ad253e2687478

SHA512
5a291fb8139561fdfb78af85cbb21251ace897799fc1996351ae8491823a4268fe8dc368306cbda5adda6c00827a07491cd1b7f2ed41b7f84257b7089cc7275f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f6747570fd8ad0d575a9339a875d3295

SHA1
5ead5753f138b4e7118c8084dc3ce4e5e1a3ce9d

SHA256
4a74fb877911a05fd45382d248e8e215135704788aa1308157b82d3cd69a90b5

SHA512
f6bb1bb444922805dbbe5b9ffb61a813731dee1046dbdd1f5637c651de494baa472203b879632ae5096a1a6d2bac499d69e8328169193d673f2f72596e426f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e966b61063881d5f6d80b699aac7fe53

SHA1
b4a90bece6489f21336f9d55cbed4a148758d67e

SHA256
ba85cc770f0021b55c1a6c65aef6c9b97e9880025f37210edf32b49c8f1edf8f

SHA512
0c9836e0ead4159d800139c53209ed89a9dd6ddc0a9138ac46f74f5c7355e98c93d0c9fdeb4cad27ccabbf4411380d6e0e4a1f8451eb9315c1a5ea7ceaab4507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
456fd5c40b12277213df8f5f2981fbd8

SHA1
0a41bc527cc17ff37900f9a6b5032aca1d907bc2

SHA256
38113ff32e8016057b5367db1f605fd845b20a76b3367e9e33c0bbce6330bf95

SHA512
1fe41b7a99f308935573adc72e69ddbb0a3b544f665237fc1c1c21117e89aec34ebe7757b224486d74e6ea1518982426d6d3397ca8fdc73032741d8d4c437ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af62f577220828b9011a7d55272b4dae

SHA1
f0486763f3c041a51cdcb88b97040cd32b40bfd6

SHA256
915d16c1236ea67d70e3a3c12bc82eab714dcb1db04ac706155b8014579f7d9d

SHA512
47e3eb955b11fcb9e5c3518046ce89a53e28aa3356b9c24510662fbca27237bce7dae7709e6a63791eef5818815b253f545b1d4b826cccf81ffa203dde516bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0010b490ec403a85d9a13d0728fd5b13

SHA1
74482ee710488e75733cac3f10ec007403724d13

SHA256
ad30277e77cd02f1920f09dfccdc0e664bae4cdc4679c40c701f133026601558

SHA512
eb2c3acb1773dd9309e73b5e8531a4c1d18a36158382e7cf16cac7d243d6d986f01aaa41fdafa70d92b339dd40d47ed415c71025baf0709aa3f92abcaf91a2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c92b5bd053853b2c7c47d1e7ed324180

SHA1
6bb2473573226662b0c6dd3b94bfb3625c2c36df

SHA256
f57c98bd43d391a107d9b156e47e1d4738e8e17187fadbcfe03aa48981ee91d6

SHA512
d46fb271fd73c54331c9c728c75593697785ee570cd48544fbc219f6f5d18e5e30a1cdb74b02a6f36f3ef0d6b323a8625b18aef9b14ebb75dffbcf8a5cdabdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ba84cace3ab6328443e9f3989cdbadd

SHA1
9dd840c6e2c216c68e8c0f7b7d68365df1c5b5e9

SHA256
51c1394da47911b19aea6555b16759f610e55788cb285a211d18a5e4dd8bcc46

SHA512
c9ac90bfab7e6db36fe03117d6c2c0f5236e0d1ad4677897fbf3866458037b510e290f94a4a3b7bdeefc97f3f4e0ecad2ddd31110e3b0cb5e6961ecdef1a3fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
87362825c72971f06d3ddc7533d030a4

SHA1
23a68538a4b0cbf551d24e01d40a07497d7bf386

SHA256
9190bd6156f58bdefb3ef57af2d69f64a8d92346647f2f78dc04277a3fc9e336

SHA512
63c91f933ac6b4a1709d5016b5dedd718c5bae5e8bc0f0c7f79963ec3ead74b1d53c8410390d47fe2ecf0a1059d65fa34eecc7472278b3b3d9fc287ead924dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c47c5624496160db000d467a42b4d94e

SHA1
cfbeee9a2c765863f49864d1d3ce0c991a1e5848

SHA256
8b1e8779c3aa2f49ffc19f476ebe8a03588b6c3221b409ecd4a0774bd57fb0a1

SHA512
14610a78c197b8edf02364301e4a817dc09d6a3fb28827b9e681705563a5abf701a55379feba84cc6e690ba2a87cfc8f575ac7fd8656d02d5ff224cd96ebd8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8aa9f8bd1def5593fc13d51d4a2fa4e9

SHA1
a311b0d0b59c3945346da7148ce40fa611394b23

SHA256
359fb3a2581d7f8b858d1da1e2158ee12b69b9ade92f5050a62d4f893025cb4e

SHA512
fe8efa9214f7dff44773dab955c0df68a47684a060ff23227d43a81a59be28a8c7a2eb823d9e16697c3cab6e7b7c48af3a3b3abbc5ed8411f9429fb1aa6b8ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af4b2.TMP

Filesize
538B

MD5
4662efd8ad308257a9c097bcc0268023

SHA1
fb08e712165bd2534f7dbad33073ab5ed31db377

SHA256
780c33a854c66336c4e8a88a3c44e55bc42b9d215cfea83abe1183a4c38f709e

SHA512
fd2d67d1a470c24013447c3fdf7f23458898ec9bfef500e1a1f6172f62b29a53fdea7004c59dc859810a670683e882a616783546e3659186a83f00a3fc90e98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b50fddce5516d51bea858b49e03dbc27

SHA1
528c7b642a4e1e5bc11fc850d179abd3609a935a

SHA256
cf848be79caf0f0b6a8bbdc87cd5e7595a12842a049f326520f81d35833d409b

SHA512
eb6f9320e8840523dfd9d425bdb848df54923b3850479e08ed3504073e1d1b4199fad37369c7a54dd0ee4c9ea473590cfda7bb842a4ab8158b6bf727976bcddb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8YUWCGIYD0DXSVWLJH1S.temp

Filesize
10KB

MD5
62b574bab1db860d212e9d60d1959688

SHA1
96bdead7217a0d5cc0bf19f9117a73ccbcf9870f

SHA256
d6b77143989f4bc66b142e7d6638757871147e0e984e1ab9fddaa4a7153a1419

SHA512
d7f6e2492bf79de0c9d54b6f4092a2531d4c880b93b319d524682a37c1a57512ea9c44d62a94710ac2f2c00982239f7511fe16af8daf197532e29861c08d8379

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1d208f786a79cacd2de992358152957a

SHA1
fdaccce062ef3c8b6a93eede3928a8002ecb36a1

SHA256
fabe3b2a935481feb2111086e6bf05e11a5f5de50126e4ea25e71a18f00251e6

SHA512
b26a76be939809fdf5dd0827c8d5d830904c2aa5ad2080ad6fb9b8778c8c14164b1e571349fb1889a4eed43d45e5a46ff1e9957c28706a874f5f1999953911fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b22a9846f8b175888122746125afa539

SHA1
0858c88ba45473bf8f0df5e03b142e2a1db3e9a8

SHA256
ce79d8171937cbffa37e436dc0d40b899976c2421dd4f25a69144c749c4ccd0c

SHA512
f412b836c9fdb837a92ccf118cf19d5dad2d26df719711625332e4d3f4b353e470a765bf4cb351d649c2620a84541f045111174c213c8db5b7716918a70f1ed9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
da81010fc8e28795023822599aca07a8

SHA1
35c85e581cda78f26626eef6d3f64c00820d603d

SHA256
b97f645f4330ccf203e00ae47b4149e1be9e1e48dd7a093ba61b66622a7a40ae

SHA512
e2bd525365a5d1a89088b2f62a8f86d44f831b4c31be68e79f24bebec9a9fe48eaa3113356dd952492349982a068e7989894517b058b7c334a104224526619b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0b06aecb6b287c7ddbcc44d4ebc52037

SHA1
5ab7b0af51a41ccc1f802585caff1d2bd47a04eb

SHA256
59456fa1980ebb8551ee58c7b69a16b26d95b124701d0c1da47c96b7142de2bd

SHA512
ad7fdd531aba15fc30de4fa7d4c37696a2f77b92784af7f6856088a665079a5898a2316713f00e8cd42aeade444856e3d0f858c5ab604119ae0649f5dc9fa0e7

Download Submit
memory/1712-853-0x00000221152A0000-0x00000221152B0000-memory.dmp

Filesize
64KB

Download
memory/1712-869-0x00000221153A0000-0x00000221153B0000-memory.dmp

Filesize
64KB

Download
memory/1712-885-0x000002211D710000-0x000002211D711000-memory.dmp

Filesize
4KB

Download
memory/1712-887-0x000002211D740000-0x000002211D741000-memory.dmp

Filesize
4KB

Download
memory/1712-888-0x000002211D740000-0x000002211D741000-memory.dmp

Filesize
4KB

Download
memory/1712-889-0x000002211D850000-0x000002211D851000-memory.dmp

Filesize
4KB

Download