hxxp://Google[.]com

Analysis

max time kernel
65s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1592	msedge.exe
1592	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
3176	msedge.exe
3176	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
4444	sdiagnhost.exe
4444	sdiagnhost.exe
5156	svchost.exe
5156	svchost.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4444	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
512	msdt.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 4884	1592	msedge.exe	85
PID 1592 wrote to memory of 4884	1592	msedge.exe	85
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 884	1592	msedge.exe	86
PID 1592 wrote to memory of 1644	1592	msedge.exe	87
PID 1592 wrote to memory of 1644	1592	msedge.exe	87
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88
PID 1592 wrote to memory of 1192	1592	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa67c946f8,0x7ffa67c94708,0x7ffa67c94718
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1773364678823907767,18437673232707214249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa67c946f8,0x7ffa67c94708,0x7ffa67c94718
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3444
- C:\Windows\system32\msdt.exe
  -modal "328150" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFE927.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16396404519041989260,3888628435077601226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4444
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:3672
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5332

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5156

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
PID:5184

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:5212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042919.000\NetworkDiagnostics.debugreport.xml

Filesize
71KB

MD5
407168c0af1097beef4ca18401890e63

SHA1
7605e441ef1111ac3b332c001537563d8c63886c

SHA256
4751616e00e5a01f6d90ef25f275e2470741757880190470ac2bfa0d8f9cd46a

SHA512
dfde608c8cb659f2fbf54282cf273cefd729592c617b26eab04b3b7eada8a5738082a35870240b6fbadec1d53b2cdd970977dcb390b623ae7664c11fe4763afd

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042919.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8a0fc5715d937e3375b37fb29832f295

SHA1
f24e433648c9039f6158a30215f4559a7d082e9d

SHA256
35f2c6e0666b4bbc2c6c46362ea827abd6d4e46d1657161fedc32edeb63075fd

SHA512
54b4482e7115343ca292f164e12bf50d6f04fbc2f46d3a8fc445ef6095380b7bdf385c7e90a02e55e35c7b86f68a72f578ff1486c9d607bc456e6ef9bad527ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c25fbcefcf8e8591b2810272a949cea1

SHA1
6008b831e25b7a5fae6862fce5c275e294f90612

SHA256
e4aa33dc1d4c2617bb394e7232f1b4782b1dec567d5095de3021ebba72d91881

SHA512
074bc4d55ff356deec8ea490dbf15ff2f2ba76c53fad8b5a511019dd1cd90aa00aa5ec096ca52bc706833683e48262a2f147ca7205102186758768a2b947e32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
e157db6b5dba56c363189e08cf963267

SHA1
ce6687474b8d02000cbd9def8326f2bb42dc908d

SHA256
495854311e1af197cf4652334123fbace45e28401414f490ccc12a102b936b38

SHA512
4494dc79360bb40fc61a70b64a78c17291533344f73e0fe81fd16bab62e28d566a1de8734e08089e7eff4e36b0de7da16e0a89d0dff6aca81becf5d39dde10d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
0c081b7e7fdbf938086462ccabe5bf95

SHA1
517d00fa88e14f3124d507a43b0e7bfc862e5b11

SHA256
2089df7772f104639154914d656823ed17eaa3af9ce40f53f12d9820dff38e63

SHA512
c03d08275daa1ee38cd0438e0a2e65cc8bd839625f9c649f0dfae99cf325b17b11295097502b92da153175d8209bdc4d51b062117b1dea4be41c0378c482ff49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8bace68a3c4f9e870a39e515d6af1ccb

SHA1
f64f4c07cbe91b5db269be101c44f65737881138

SHA256
e590554508e3622374e3f17fe890e5d97261cfacdbf600f3086111d1e9ce4448

SHA512
b7be855606b169352652c3cd5ab2d6ef2b49ab8bd49b437c0f21105b859e7c4e30d9edc903677bf2b0904eb361465f5329a8f9c8844ace31a8a2d83acc4298d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
53a45c0e9371dcb149c6b0c1ebeb4cce

SHA1
926d5ac603832b312bf4b0e9405e1d39e2b5ce74

SHA256
52a6fb8568760d97e28c8042748ea45fcc34dfdec5647b68f92a711b370a8a92

SHA512
010a8ad42ab9122a8a6cdae0b3344b4a75a358abdd6587fc9c6386ee900269409ce2384e7ad2944853692530e5ff67a0e5d13a672e780533fa16366888283feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal

Filesize
8KB

MD5
af5d7d6b38e1db5164f177ec9f348cfd

SHA1
83e71c89eaa6360d29f0c3dac9422169e5ef8291

SHA256
b4a0aaa31f45b97f70af04c1d1e939d30964b327a182cb0f74f902f12e37df51

SHA512
22d805abf160d014e8db919efdf1420299ed9048454920850ca3804d82ccb62baad5df28c4322a757491de98cb8a53a1e63ad5f96390b0095fed9acdb02794e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
945c3ec1f3151a1e526d40dab80ef514

SHA1
851c5f7d6b6589167f77393d405fceafbf327e33

SHA256
58d2430afda7884f3cb2c4e6c0e536c36bb7d7b3ca82313abf10b97e835a3c1c

SHA512
9498049ecc25f9f4268888bf10b1efa04386bd452be0b1fb7671fe4c5b73441c7744322ecf6f7f3e70733d30c4bfd9214033f3bfb8edb2840d434896eb31de0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd1b23ed51baeb6f1291e9c0eac34a1e

SHA1
b1d07f4c6969eb3960ddc5d01b2d0c2a23772d91

SHA256
f24e22eaac39a529da26f760287a6b00d3ebb229ba98466987441b0451b4f875

SHA512
2a0270815c9203e652eb45feff1f34e9d7621a8d2f4f709e116b60491dd8500dd922bd2c6f5179a1717a23243fd12ad2e4b6312e38e0aa0cf8c35d6cdb6384e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
415453648f2dce8ed4db67e428f45797

SHA1
bdb72bc35c862963d4b1d3e48f3257ea0c2c167b

SHA256
dcaf52d6102e7bc253566f04b005d8247eb0ecbbf9c72049fdbaf3677476a93c

SHA512
ea40e4db7e13b3a32fb4aab83a0e09e4213478df6b27183229b2d5235b588c6a58a828c90a664301c787cc9e2d42f0de16e28948e8bea002050944a791ea8126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bfb923c63048586d0dd0696335c2d84

SHA1
7e06b41a2b74d0a415a6711c2aa8a2360611e962

SHA256
b16afe501cc94cd82adca33cc23ac8045ff78d5b11d0d9c59310b64dfe0de104

SHA512
b4b45c6482a5cb899d03e113d3f41522bbaa80584a801c236329e846ae8e840b9381ffdb24b48cd1f475b388fc205dd721f22a90820a193b2205a35f2bb0b14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36e674649596792401ce12e24e1b4c2c

SHA1
e3ef2c62434f1df94c5f77f4dab3632fc464ce09

SHA256
f0de37bfea56a23b27700f1cdc426ffbc4ee5674fe86b6262f01124627ad7943

SHA512
52548fe0e473ac2f28ee98acff62c63f2913ca61e86b0a50d7637bc5bd00097180c08f9cf1f41e4ae2150a9fd6bef75faf8d8146edd4e04521c65550ceeb834c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
4e673eed585e3b89f96bd829a7265008

SHA1
55c1520cc67f2f6233c3b01584412926dfb75802

SHA256
e2e99fbbfc33862951bd9c32f6fb7e3f0a058f48a7c1f2da0666c79934c95508

SHA512
6cae9679ad069736728a90b196675188f2f0cb01b52c1cbb78b04e8cbb1c9ce68181052b74829ca6abc59582abaafa79eeb308cbad8539c685ca53fbdebf0cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358894194117008

Filesize
1KB

MD5
c12c5001d37e483d7b120f65097a1426

SHA1
97ba012b5bce75fcfc201ce396917e04f0b7da0a

SHA256
65b0f436b11f218e388ff6f26fe4dae4a565de64632e27476a90255dd41c2653

SHA512
97c3fd7d83c418534a532389f42adbe02f72d92f3b350527ff53be1b20de9b5cbd3470d746eea3644bdedc36f9d5b916d8f39ea45ecd55bb0b4376db0d405625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358894194330008

Filesize
1KB

MD5
accb0800542a88d59b9a634828a5cb75

SHA1
a67027cd579d42b0edeec3d8015dfc9e1162b410

SHA256
eaa2086d8e23fd72751b0418d96b115cf49e22d235a5b8a4b8c4c48d98b440b7

SHA512
bf90ec096565dd7db1a4fb8094813bff1b6eb799516610d91027c7939ffbb28b2c215bb19b2325e3a853f9ae5720d82b78d719d5e0f8f6c498f176a355e042b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
77524babb3d18227d9cc16cef381b932

SHA1
57a0f1dd0610f04cc8aa71bf856e47123c60cb52

SHA256
7ff2a9c85b02fadafab1b295c5146e49a26d3485c95ad82d5b20dc4b6c3546c0

SHA512
3eae6d5a6b6d52bb869adc9b0a0ae30052e2a6579766c3e161aeb65b9ab711ec498f29df726bd1e2ca705541983a7e2e906d96134a9095afc175a2e8decd12f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
9c57a16dd9f0880c64209e9ee99cbbd4

SHA1
a816edd68b0c594a7d21807066c4a580fab6cdc1

SHA256
6379838a5895828a4180e9560922d5c0911ab7eb059a8cbd998933b26c628926

SHA512
18ff965b715921b635a3d931bdec347b34e40bbef51b824fc3e201add83bd11182c8a07a14fa76a8ed11867e3cbd5765cef02c3da7c152b43d2e53071351c4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e71cc94d966c4b43a01fc7dd40cd509d

SHA1
fff03acb665be4fb4e854b653fd7f30eb2469bc7

SHA256
1d867108b3161635714e0896aa5fddc5b41a0069b423c7bbe1a46d5c3d386b2e

SHA512
b62af30a45179eccaf89ee3ba271bb1ebadc8f9e590ac7ccf686a27745e367a8e3cecddbc77ac339d66d8a0ff36d0349251fa9a9dec420f10899d234ae23dc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
99e0fb3576b15d1f99fccc92e137127a

SHA1
192ec851a49cbb56f229e129344e94f98423de8d

SHA256
112c211e986d5830f5cfcb81bad54373f1f036c0f7c6038d31b2d05cfb747288

SHA512
1daecd7cb61f927690146d1f06ddabba4d7a1f526a96cd74dae6b2aeb8aa72ad8c0610968e57da8fb8e7db645c87cc3ee10acd798cb71191519a48404a73ce29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a33def45a025a405e02d58cb748f71f4

SHA1
3aac4e8b165fd518161b865625e9c6b3ccdcb885

SHA256
1d378b1f82326b7f0c774b46f389a4d6a7399f53414edb206aee18301dc965f0

SHA512
c526ce3b12cfb99c51ed518fa371eb4941c97c98994707d7f0c7fa258f8fc8aca17bc0dbd1e6c2867a29ee5364832266c8761098be187e7354e6813b19bfb7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
b4d2746336f2bf274667aaccdd1f0e33

SHA1
d44509051823c8bd3c5fcb57d3b7b55f8be84015

SHA256
d780efacc5569fb6350396888276b3800e86febe7ee28ed911bbba2cacf2ddf2

SHA512
219e74204882745bc01525a424573353b68ba2846df3bdcff7956626f19723938cb88d12e1aa00ba6787ce9cddc7f9b435fe802d1d011fa15200ee6d80ddaffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
fe4656da6e4d1b60ce432b9180e0cb2b

SHA1
6c13a5e8c1e3d1b37a132c2322df76a77db9a238

SHA256
9d38fb54a6b0da5f8a03cef06779d4f608e59dcbf975a998f4be83db1b6c8ac6

SHA512
fefacc3d9bc176a98e85ec6dee1a46a7e0ae1ea338b965ffdfcf94d033a7fb75a8c02fb9641605aabbf01c1c0b7e36d092425bc93e280eea9675381e566a06ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
8a37d1979dda3785cab1e0491f8fb9f8

SHA1
670e660c9958de4cec5bfd66438227611f8c8123

SHA256
5dea4e98484ceb7cb920f07f48c252a6967d3dd907d40ca5de7cb8328862dbe6

SHA512
5a563002ecc3da85555e58de6870fd5f8b57e5a21f17a356554fc756a9a130aeba1093ea9028d044f3ab9743c110e2dab8865b55dcc8495c0b08e913306e754c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b5f83c6d0dc0d209b77d291a8d6b01b0

SHA1
b0c659fbd971d06649797d42187dae83a1e53bed

SHA256
2d9157a6a8d3256a7e8bef3dd84d0d65d0b60902452ed64292c703b30c9e26eb

SHA512
2ebb82d1f22cfb3acec12f0a24f82437c3ce4f2fc66c81630b7f40cbb82e4f5d144940fdde856b99009d64d485e92c6f4b494ac5d56f2c6129c29006ff7a40bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ac09795dff06bedf005b5543ba2ecf7f

SHA1
484507ee23dea578dc284481faa2bf0ccab5596c

SHA256
eddfb568ff740c3f9f81e41ee7c25dc03ace8c270579ca2df75d79438f2649cb

SHA512
b8e403a5397a32baca7d2ffc1004ffdfbcb0c566bbf4fa4c6e23e03d28c63158953746ca6795a64df46da6a7317eb3fc3f046eb6952646ffd7bb7f450aaca684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1e1d24bbfe1b61a12a0b1c39f1f46f31

SHA1
816139cc48af5c0e690489382b4e65644f05c937

SHA256
42391d622ad5ca65009afec51c1e31a33602361180bb17df7047d5d9bd36348c

SHA512
951ea78e3121956f49aa83a878c8ecceacc8ddb951c04803c1ba2f1c03bab5aa44f80d6cf9473860593a8d3d39c03d22506de35482a1774d1a0df7e4c33fff5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9a5583658a8e63afcca7d9f65e105efc

SHA1
d8705bf517c037ae498b4029e3759608cdd3ea90

SHA256
0e5f6f93268e8e8ad4b7855412d01e5d16163fb15cf673cae48b2291143707d1

SHA512
721503105c0593324c4bec53aeb6aabb95d0d65e9062ca4fbc1640b4fbe61d596f474af29dc5c58227141bd406d81f9f5d148d01e9577bde3be86626666e3ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
35dd6434dc475b4c4de83910566da9cc

SHA1
da091293e6ebb190c6444cdb06f25f62aa1aab82

SHA256
750ffb431bfd5b0733d24804e02bc046bcdfa9e0844726cd278d82a2b70b1400

SHA512
2bfd88d211ae8a7113af689b87835844df40bb26b13fce58676067d0a0d93402a4698dfc38d86ff755d3b6caa5bd9410d59d8fc5959aea64212aaeb116d3750b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
607a5fb1782b49cefa90fd1e705eae43

SHA1
9bc436eaf86ea8bba82b382af245c4fad88e4402

SHA256
ae0c1f7531b33fe55d78def6dc810cb6bcdcf120039d29a966e7717098e78bb8

SHA512
8df97850c6ff1feb568cbdd6c05efb938fd87522da6a6ffe767d0fa1a1bf7d5cbbf862fe41c4c50a46dd7501bfd42b301cd8fa1439f705c2cad310a2810c2da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
64c6d2621a0c5850c0aa07d0e9127d28

SHA1
33ef4d76d04e1585cb957c8688de710b8a48ac8b

SHA256
1971a4051d4d20451ba320c6b58904899be781c8857567844850ece740f7e2c9

SHA512
8e43cad2f33f9021ebdb663a56b8706d7e4c9e203b87548b19cde08131f1d285ff98c5a0f09943861a4048985f395fd8cc401ab25f313e86dc3bf5a37afdf46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
6942d259822f9d4de005c88578cd0cec

SHA1
bd01293a343ef0cbce3f987a52f46c023491cf97

SHA256
4dfdd3108a3d7a434271a56c5ff57beac56d597e244128d543192e5742c0b522

SHA512
b8f3f00bdb19c174df2d23cb3c6dd163dff1a1858f02247aa8a14898b1f2f9c96f45c47dddac90e5d8b2d7143a8c4caa53843c52fa0fbec87711a77dfca85d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
35f69873a2bb5d2601498b00ab6e03ec

SHA1
8cf7fb804bac3994f73f51a43b8c941beaf73dd1

SHA256
64449e3ccf30eec0cb39ef08f81a43ad0effec91b71ec8a8d08c4bd63004dc27

SHA512
9682240c4dc7eaf165b727bf80b8499f9fc7251aaf32f3d053e40da4b891fbb83e0c1b86c863cfb5389aa594b2e69c46fdd2cee26169b148e31bae4393aa4d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFE927.tmp

Filesize
3KB

MD5
d7a46faf9bbb1d3fdd91533fb70b5ba1

SHA1
563c75a03da20f66afb82987bebbaeb898b4d1e8

SHA256
67a0b95dc5813e19e2cc10aeefb9eb6307cfb2a0c1201e336deb6e5b7ad19db2

SHA512
9c137f0b84bf8c4f868eaaadecaef777e8c2d6a96a83c8d6c3e8ad13e3989b9f6ff00d8ad1f28b3759ebbfd1b25f09ee4354c5dd437aab60f2a9326b98a82583

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nyupiqmj.o4p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\TEMP\SDIAG_e845161f-566e-453e-98ba-e47fd3ed6bb4\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_e845161f-566e-453e-98ba-e47fd3ed6bb4\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_e845161f-566e-453e-98ba-e47fd3ed6bb4\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_e845161f-566e-453e-98ba-e47fd3ed6bb4\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_e845161f-566e-453e-98ba-e47fd3ed6bb4\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/4444-611-0x0000024C29330000-0x0000024C29352000-memory.dmp

Filesize
136KB

Download
memory/5156-621-0x0000020E89750000-0x0000020E89760000-memory.dmp

Filesize
64KB

Download
memory/5156-625-0x0000020E89C10000-0x0000020E89C11000-memory.dmp

Filesize
4KB

Download
memory/5156-617-0x0000020E89710000-0x0000020E89720000-memory.dmp

Filesize
64KB

Download