hxxps://damnedgame[.]online/

Analysis

max time kernel
24s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://damnedgame.online/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1688	msedge.exe
1688	msedge.exe
4656	msedge.exe
4656	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
2816	msedge.exe
2816	msedge.exe
3672	msedge.exe
3672	msedge.exe
3180	identity_helper.exe
3180	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 2132	4656	msedge.exe	86
PID 4656 wrote to memory of 2132	4656	msedge.exe	86
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1572	4656	msedge.exe	87
PID 4656 wrote to memory of 1688	4656	msedge.exe	88
PID 4656 wrote to memory of 1688	4656	msedge.exe	88
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89
PID 4656 wrote to memory of 4976	4656	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://damnedgame.online/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa44546f8,0x7ffaa4454708,0x7ffaa4454718
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12183521422490748668,587956735293746877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa44546f8,0x7ffaa4454708,0x7ffaa4454718
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6410906944613941852,3985801783743982909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9e82e6704f8648f3526efaf0a1c30d6

SHA1
383012d8f35f96a9dfdbe2a859feca31e5e5a802

SHA256
b0c2e847b3c5da2e47a64d2926c4a1b36eae8da23f5d620874de9426f558cc24

SHA512
47d1800292dc70f663d1bc6e2b39f076156d7e810d5bc3940505f6fe06b99be4bca18071ae997d81f97c1439256e0942a06ff5813a694cd72742bfb12771d9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
679f6ef643501bd41095506ab6347979

SHA1
45e192a5040a42ddcb22f725cb8a13e6a7f2a0db

SHA256
8ef65023cba21ba2a982d9b9a8e47af5a8ebc9ac45c7395472d9a95c8aedbb64

SHA512
034279bafaface50f464e33bdec0792ed5dded00998fcca3bf6c8e13679fb9be7b6100f1ae9ffc3db168df57021b27d10b81604ce9a6e4e00a377f3ade7acb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
59c711e15e20541dd813505e4c2d4cf0

SHA1
15e7f39625bdbcf3ff0798c11305c1163ea2cf19

SHA256
7b6209efe7349467702bb9e2277081157d4f902d3c0b90f363dfb0b93e3273d5

SHA512
cd54b48805b5a098741145fba3558a13a4e09f417bbd388bfc2c3427c662e7168508b2940bf8aef1f8d9c6088c9810a62fa53d8d6066c31f14a7937e5fdb94a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
92759f4a0a411ba1b0159dd5dd8bda64

SHA1
0207b17f60fa2f9e97ccd9cf93bf4b5380c135cf

SHA256
0bbbbc6bf70cfa0bef8891c15df4838b192c64ce82f4f6110e2d0f6d7405804a

SHA512
9f4ebf990bf26dfde96c2b002ba945c7544b245f126e963c46a001e5efa680e060366145a2acce33fbd7711b61189fd6c878daa8a0457406df29ad105c5bae10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d7e31726829241c6669f2de46c0e085d

SHA1
b211cc77330b463489d5f0689c21c98bf0681408

SHA256
a0ac9d0fdac0f3f075c77772650979a55ce2f5efaf18747477fc7a30e67e2750

SHA512
5276837e946611b7bc3cc12bb255770247e3020bcad0c8df8c908a5a42980a5bf0590e5f1690a08b92905316730eae014afe8fc91d07ab6fc55b19796ec9af70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bf778a290a205d12d17db2bcd2ef244

SHA1
3b3b4e09425b00293b936425b6dc37d5db574007

SHA256
7029455b1f220ea752bd520b93a40b1aea97b54fb21ccd77819452ed974d07ea

SHA512
835d0c30600c12e445f43a1096f03160c8a5ed38723f9a1bbc8afde6ba9c2b0f7b15d411ec7ab2e6e672e7773df74af4d69e3f6552235248b269b034c7f71865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a7ee4372b55f962c53a0b3d1ac03e69

SHA1
82ef64c9cfde32d27d9c177fe3750fb921556d92

SHA256
b65b442b27754844fe4192ca4c8ee62cd5daf2b882eed31d803733e706b56c7c

SHA512
445f49146f68c74355692c57639282fbe62cc32cf4b79afefeab747fb5f48fa7f037b9deaa7fd4e793e2911877905f9b865708489803848baa7e1bbc56e97505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e99569916b2ce7b54d63f9181f6f28f

SHA1
2f16e995cebde2f1e928119ea0c044a64187fe7d

SHA256
8760781606623dd2a776ec60242505a39b26d82c806dd73764823efd40e025d0

SHA512
f665db47686d7d9ab530556d43adf08aa11e1132659f58f5a4efc744654638f5c92250c4286a1444ece76b88306634ba23162bd39d051c4194ae4c62ecfc502b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
40ff7913050e21c5bfb652fc1a7bb272

SHA1
f0e322f69cca7835538db3c44cc618c262f8f581

SHA256
7d2d54c0515d6ee5d9a6333cf07df8a764d7abf726ed4248ead342ea788aec05

SHA512
94b37deb1468aaa12342917dcf60ac052969e5e069921700304f665c109bf80fd0a40512d753fe3ea26139efccdedeabf268928d2f164bd0f5361b9efe892787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358890036156242

Filesize
427B

MD5
aa6bb3781a028ea3944bc448c596c880

SHA1
388cf3f8c4d845a6fe1316d2b171adaefdd48d9e

SHA256
50adc8f683e843d194caaf37ebd9fc06f1025741de05bb3e0f6da0ae9c74a195

SHA512
599f3016bd1e8fa60693aad8e48044a9749b79959885e36cfe3ee4f4fb8f1bd7eafe34d33c81f26715e924dd6fbbe3bfdc5571a5b2af66308d173c66bf9fab73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358890036345242

Filesize
933B

MD5
f6ecef764fc999d14a9a6f8ddfc7e087

SHA1
810335bc8b29b1b490eb8beeaeb64aa9f03b1de0

SHA256
f121946cd2c29ecc0c179e171d9e7799a46b9a68860aec2804b3e40185e0d106

SHA512
a3de6296c0559b94553efa25091ea5a24a53cc51cf611e9cb8b117199f55a50d64c9e1f3be51ede89de25d67161ca01b9b79b711e374030e51f400163f4addba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a8fec633006b945acc40cd8b6ce19147

SHA1
4719671b7c80a7ee8566c90fa9084e53e3072e50

SHA256
7019cd6bf24f35d31a1fa8dd5795a472dbec11c0beaf77af17835c9160be2f62

SHA512
a8b034c9388dd3e9d22e632e1a1473b6213a6b8900f12322591255466597bffda8c47dbb85365a7c4d82ba8b233623784464d4b6c8a175aa7027fc8191effe84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d01438a1a4436ed65530620c6af8b28d

SHA1
bf9737a149b0d8e3702ce09085f5c4e5ec98fffd

SHA256
a8e546d5aa064886bcecdaa22f3c7f612fa68835e27bc0c2339355523f90938a

SHA512
d53960ca15ad00cbe44d1e07924cca5229cde717d446f120909cc8115773990d843f00f211e552c6358e6b26d027928c90924ae414c32ccdf1b8e1bf9f6ac7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
4647a6db61a0c4a5dbade98b2625d460

SHA1
54237f7952f203e5a637195b81cba55bebb3ce20

SHA256
dd1990433e095055982022ebe0aa9d55250829ef278b91fbddb982b99b82f9e3

SHA512
6d9bfdfcf4e8744a93534b70f63d3617e7a8045026b4976eb90b611fa683223fa8b0e37f1edabaf2a3a48bc8300cd7d228d320609a74c71d38612f5f926c91c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
867ec38e1dd73a6fc538def11feff019

SHA1
84d53c704b33375720467f57a63a85a121eaf477

SHA256
95556348a5e7bcca1398939b041f128a71622f340557683c52e329b2e8f23669

SHA512
d9d35aa4f77f776626128c8dc959a8e8d91225d8d57a2ca9e189edca15f826204823e7d5995f004857a481bab9e9ad7736c16315261449cb0b8ccea360297ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
3538f8056f9ddde9891b99896e06cd12

SHA1
315a65ed0fd948176ca1e83d15558df417b13019

SHA256
3ec98fd9b8a6f426ddd97a02dff1cf9935c6430aa434228587f02cfb8efae571

SHA512
d187df3e969a06df06c598bd35ae79d2107659218e7a9c4c8d78c66aebc9f543b55a61bf8465c42d9ac6458f7d49ca78b89527382b73f17530b60d4e6dc83e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
14b453c8704858c542b5dfdb6dfd449a

SHA1
11720df654b098f6cccd78e292ef15cc91e1eb61

SHA256
9d65a15a1d6c7a949d80bf5bff0bd6412cdf9a2105157465ae3d05965740bf78

SHA512
e105c24962fe94b809c6416ee84cd0eda73369834e027453e683ada19a3b65ec3f7f637746492eaa70a64f3a3d6a863cfbb5e807c511d2708d3eddffde97946c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
5f20989030f08065a11a97211289dd7a

SHA1
95e39d71fbaf8c1cf8bdefd1755c27824cb4d421

SHA256
eae620fb8cfaf290561bcaa01262162bf0936855b161ca3c36c7be8274e0077b

SHA512
97a46b4c0e47a86a9585860b3756f5cbd0d79cbda9cd844077f0849c2fe253692031ada2a82ef2c4c0c9d061a4bd4005064de0204c736e545429ee027f3dd4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ee0b0e9e53fbd4a382588b1a2be41681

SHA1
0ace40167d92e1879d684afa1ccda1c56ff13804

SHA256
861a6c91ece8bbd450247c4d37d2c2fdc2284162c7d9b9c3c822d49c1122bcae

SHA512
9df8fa89017b757e13530b5e888fd1c7f00a71f906bf9cc9dda7b412653df5c96e463c660d97718a9d55ddb2ee8d897465bbc33f8e0e18939ea66dfade4fdcaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0ff2d4a98a6edb3a1652775d81b14ccd

SHA1
7976c1c02d604a67d4126cb3a6a3b584fe21ca05

SHA256
7e070aa05d127f13fe714980da97746cf382a618795aeef8dcfe5cf60c76924a

SHA512
ac783f92e70460bcd0efc97b8e41e87012abd05617c66d68ec26a5635647ededec35088d2a71d95dbb109f93eed1fa4915a4a97a2ae9f854751f0776e0052629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
62b2e88fc550937d1e666cdea3fe851a

SHA1
0dac327982cc3b91faf677c5cbdbc4f3d0d9340f

SHA256
c9b910a44b10f9edf615cd193fa7236aef7c426262e5e25cf44731655dd4751b

SHA512
a72f3eef08497382d7a5100707dfef28155c0d39a297687049e03925e12bf4ba449cd35e6de69345ed4f8e3efbdc2b5e6317bc4296955185e1b607464f84c080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
863545d297d288d09e15f85d31d50718

SHA1
78c2046e11746a63bec4997090671573d91456f9

SHA256
a3b153833effad5b4862470c6e5ab0909056bc7aae657b5725c9365bfbfb709a

SHA512
531a2d4d91ac2c3dc9d6e2b70330d7516e544094f923cf9f8669493e9c35e61dab7a531c7f4c5fb0d66a532b647ded24d859a894a13b401e19a82730273bd2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ddd027dbcc9f3e28cd26b4309cd2bf5f

SHA1
3cfadd785a4f2a5f5e1c7a62231c08ba1e3826f1

SHA256
05d6c3579523d566b16403802f74baea448201ea5e3e3d3287a577d36588ddb6

SHA512
e8bab26c094cc2574e275dccab0f47eca07d0475a4b5271f60fc93ab8df0efee49e3fad710fbd45fed6eb943a107a702336cc668ddceb5a71f405e2dafa24b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
91fcf382dfc969c92ac3718f68b4f090

SHA1
52bda6a306cdec89fa5ab5ca4fcbcce11a2aadc0

SHA256
3ea0569aa0c9858714dd6444af0269348b8f8c0e961f0491dd050d2398faef3e

SHA512
a417b4ead5d69e54dd681755fc11239f632d70da06803625903efb02f8ae60d5995af0d0b7db61fbe7b6dcdec179e60f2e8cca99bfdfe98b90aae5f1da8d7bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
ec99c32868cc5214ef98076e1cabd888

SHA1
6dc31901adb6670f0bb75199b6b0e334ca46ccd1

SHA256
f000148ebd44b604c85c904a3520bb103ea1932e93ab540783041d455f26af23

SHA512
bfc76c37ade92be65a44c89d0694bbd07c9a8322823b8dfb7a6dccb7e6a9d9e8d66085352c14a94ef974740e579671054aee3d973351e1e2ac254bad0d26d466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
bbbda24671936300eb34923f8bf05aab

SHA1
5882e138526b018fc82e598bcfecf5d0792bb9b8

SHA256
99f373ea77665974770a9644c33a1c26b07f02e537c1ed63ec8183c36d62506e

SHA512
4904f7f3c2da3b72bad20fc6533030133f2ea23d6e28d1dccc05c0eee3373d6820920e9ba0820bb3adb9c67e5dcc543cc4da547d5d2b87006ca0d46a55f69962

Download Submit