hxxp://beanz | Triage

Analysis

max time kernel
226s
max time network
227s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 07:26

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://beanz

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5224	WinXP.Horror.Peacful.exe
5568	WinXP.Horror.Peacful.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "75"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2860750803-256193626-1801997576-1000\{C6827871-3F1B-4DD8-AF4E-B28EA39FE3EE}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 993407.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
3124	msedge.exe
3124	msedge.exe
1076	identity_helper.exe
1076	identity_helper.exe
2364	msedge.exe
2364	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	1932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1932	AUDIODG.EXE
Token: SeShutdownPrivilege	5224	WinXP.Horror.Peacful.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2112	3124	msedge.exe	83
PID 3124 wrote to memory of 2112	3124	msedge.exe	83
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 4980	3124	msedge.exe	84
PID 3124 wrote to memory of 1728	3124	msedge.exe	85
PID 3124 wrote to memory of 1728	3124	msedge.exe	85
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86
PID 3124 wrote to memory of 3788	3124	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://beanz
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff957be46f8,0x7ff957be4708,0x7ff957be4718
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,14530647034021187336,5365264561304241161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708
- C:\Users\Admin\Downloads\WinXP.Horror.Peacful.exe
  "C:\Users\Admin\Downloads\WinXP.Horror.Peacful.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5224
- C:\Users\Admin\Downloads\WinXP.Horror.Peacful.exe
  "C:\Users\Admin\Downloads\WinXP.Horror.Peacful.exe"
  2⤵
  - Executes dropped EXE
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1932

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3882055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
c8827423b9baa7dc516dd68995a5d06e

SHA1
2fdafa17799c492a9e09ce7c73e84f53933f8686

SHA256
16f76afcae54bb21545d8565b6da201a2a71285645aaf5bda87d2e632729e796

SHA512
cdca7f8421e29e627becdc003db37d4d18d5af57b0d0f482bba062be26ad266d424512584e5eae8b79bb34b16591ea2f561a1666e99943a991f2914cf1d82ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
72d29470153d5e5782ea93886bd2a455

SHA1
bee1191570371bdf1147b76469e42e8599adae49

SHA256
6cf1cc33ce3b9484bc9a8741c24398b3f2e279a705f87a7ecd88824621d74879

SHA512
f036cff8f05902f1e2d90ae36964eb45ca34d60364811d125dcb243ea20670eeb21a4b2caba06c563d94547cf3b7ec9c0415e6436d1716ee196dc76232d56b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
259KB

MD5
75d4894e73142594a20c54ae40a631c2

SHA1
2755f29460f628a6645fa6458a7577e5c8c8c592

SHA256
7451ed77d2fc71d467ee4b8f1941cddbfc72435ac7ebe642316e4b37e4cce51b

SHA512
c4bee7cb357c72e934576e75fc9516834274df655c84fae74071a2db0cd44d692d9fc56d55cd45ea8c1ed5b459859bb798a3b70a23c304f8d27c920a13946cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
840559e094aee881c77801edcca56b5e

SHA1
dba093540c0405d107970c6287a0d45b9d7730a1

SHA256
9bfca8e7439c828396de5896f4827a8573f0730a8d5e0ceca02c9a86f9255ca6

SHA512
475910d8ef25be4ba81b5474edb70d5473b1d7bc98f539998fc699c10e6a1adde8fde1baca08be798436a2bdaf9acb64c96dc7fcbaef5a4f25b89c18dd4907a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
73d4f79734f373c1fde2369bfaa58a62

SHA1
8b724dc04febfe5929efc4b7b0b734da7b70283a

SHA256
49f3f0f2ad7229d2fa333429c21c6fb4f5218ce94d7d002f2952c9448dc6a9fe

SHA512
38fdff30734b8388b02557ac77770e8eb5315f3934578715c4f183608f6cb8a82937c4e9c6b120f7dc1b6c66c84fbd7259c2543c4828320e310ec374f49978a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cf4292e70273033b1cd0430d5ee98a33

SHA1
d1e334c66fd871a6b4c607780a51b8ccd6615251

SHA256
4d3cfb3cadba4ea82b52f117a9fade942c7d79264fcd8fecf36caa8dd592d750

SHA512
5d6f9ef6db2539a995e03634b1de0f12121f79b7dcf504360a57c5ddd264890ddca6ea6d29a672b7e557e549e355c8b38f8abc5695050a0e742b675b56fd341b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1a11515003d5c271dbded4fbd379f9e5

SHA1
9b03af7049c87d0d3f5a4babaa6b052a474a2274

SHA256
f8a08f721ad80b2901d4c6a2959e008ec230a3bfae12735d0632cd4e715c98d2

SHA512
74f40f395f1f1bc668d8a89de7498041e0c71de86f8b3aef9aac8be31b0f603cc2d9881ae7edc0666dd674b98fb1b6b60b2de87b44a39327d7184ef0cf710921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
774B

MD5
1c9b5c76dcf3e6e080faba0cf824ef05

SHA1
458cf85b710db52a2ddd609ee1d2bf0335e85989

SHA256
e42cc01d92f681360a3ffd29175b47da8d156f53a1c99c1c2dd51bb0d8bc1321

SHA512
a33f086a95002180d9b5128c19599109fafe25e861029dd46f2f968e23e96133ba4f5af31ee1f0571ca8ce052f07d52ee58465426c6a9b5da51c26838a325105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a4fc85bb158f20442d3892473cb7ed52

SHA1
4e65bf6c5618420ac4a5ac37cc492e278a0b17f5

SHA256
f27a5c058092e80dd3384f0144d93e454fbb89b031142ed1054ba35b2d2e43aa

SHA512
ab2ede35d97535e8e82c9f89d79005ae865a18ce853f348d59ff13f560c0b8c0d6a5da07ee36836fef5f35f4fca0b4c76d31d6c87f3022ea80353aedaab552b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
948d4916e9a569b291a63d94575c3e9c

SHA1
312362c8d8f0d0cc613eacddf32acfd2eeeda908

SHA256
80ed7f36a11ea5f3468ddd5d698bd5831116e2ab05028aa613ebd03dd67ca7df

SHA512
39003d38c9a5fb397eab0bfbe0d52a909cebb7358ceda5d1139afbfd9b4b4d6e050ff048380f196b7b3785cf457b50bd355315f8135c5279cbbdc5490272fffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ff2262ee8ee50ae50efa8aeb61cf973

SHA1
ead427a72ecbd1af6ba32bd75321954664fbb22e

SHA256
f0b4dfff1b2e3fbb0cc28acb409462c42ab280cba02b0753c2b75d8d1ced0e8e

SHA512
c8f0d46054ce00c3b828266e5d028ff3aff818674987567786e788206e9c125138ae8648b128cf1d158e6b010fa9275e685e43fef84d59d4ed086b809ccb448f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bba860f9688cdab3903b7a520d589bb

SHA1
6e072feccf6c46963f5a22069064877fbf195256

SHA256
f4e488308f943711a09438e7fa42c9448adf5ce7396dfaf506bb777a1f785c8f

SHA512
f3830de25bf9d3034837a70349af2c281ee891e59d805883c870d00d8b1a8881acdf43da08f188794601d7a45259b4fe12987b1405fd41f636efbe7af39a23ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb8766aa22661ba6cbee958012733706

SHA1
981b94a148b36d2f84f2a70dc9a65f0d833401ab

SHA256
0c65dd044115d98ad2da719553be721283f62c8a289538b029a181b1b49ac2d3

SHA512
dbd1a831d2d3b62081d6d198fc93322e94baac9c83d19f75cc01158c211f4669a60eee9427ef77e062a1217de3d77ff0a8616c08a4b368de1788c40ced979bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a02d28d081c80e22bbf2ea7d16c66f1

SHA1
dbb080aefc4a63df2f21cd55c946780408892417

SHA256
4ebf541be2e59a8897525a129d0e2e88b2eb53a99a3ec0c2f5f191f48b8611a3

SHA512
be08f1c5a0d05b41ce9022ee962f1322e79aded4974544350a0fdef8df652276998df834e93074748395c239cef2317a727936579331e9096b3c57330709ed61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8668c2a6630911c6e1a6aebf2a47d907

SHA1
dcb3065a40846661ff2904e18c614de7b9276a25

SHA256
ea51b65e53724fe50d7cbfb983c8e525eb33a6d6dba380bfe446ad014733d453

SHA512
7fed65154c38e27879392d45f2aa7369e0e72cc2a6cfacdf3464c0ec5e65c8086276faed85d6cdeb2b3df3d3a71d25cd74a5e2534edd5f1dc328b44ad8b2ae4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
136980864cf2eade7a4a3b990bf2fad9

SHA1
2d337e2f1166b717a0859c057b77df4c9648646a

SHA256
c8e26627803dfc4389ff88b13af7ed032a7a4dac8554857da4b284bd0759f576

SHA512
99bf4122d7c4bb960aa9e9d8cd65bd5455ac12a8d7e0350814c26f8a734f48da736a439de760adb3be8481fca90a6f8d6b7c80596e74dfddadbb967433398efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
036ca600b6cd76d786580efb433e7363

SHA1
520bc5403781fc4f17f01e0bf527335bf4ab474c

SHA256
458a5803edeaf597b7be7d661eb8bb01aa31820c9c98bce097fa7662f7996b71

SHA512
285657df558fe6bc5911325c10331b55ded9da209ce22697da0bcbb2c371be7be432f5fa47dcf1f01f08e69dfae9ab3b684fa96a7c669a562194e5aec42cfffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c722b0e951083a0c83c098be926dfa72

SHA1
6e83c9499e4580a50843e826529f7a226174111c

SHA256
4f843e8fe9341ddaee4b354d0c4d31c54769233ebd82eba0cedd292a855b1ec5

SHA512
f5ea3e4a473924b0a32c4bd8ceca62b16cba22c77cb753981411803a6b58799c2fa018dc94cde46234766c57f6982eee3c5532d6201725a7efc61fa7ffb20c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b98d624fe83b1194a73b0a702b8f5721

SHA1
c4de627e1f1600d338cd82d7e9813dd36ac9b831

SHA256
7b45cd399d8a0c8086b7aad726c811ad4945a3e4785566b25e306ffcc8161b5a

SHA512
bc2f5b36f8ef839095bd3a5c9fa2307446e9a7593a90daaa5769f20b11b1f180494e0890e7f1dea8636f8384608f5efd5fbd16b00080b86dd5d66cb1c5489e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a0b58fdf2246f904b70f377f882509a

SHA1
778807bdee38df8ad66e617148097aae972e0237

SHA256
05ac7ddb70f1ca67cd657949cc4773a67a515f02bc08f07a25652b0c3f983621

SHA512
fa4324e5965eb8849ffe2415432e240749969a42ab2be1c14254309d25513d4663564f8cbef5954d14573d890db74be12176ded7a1aacd47ebabbb0f9c0bc81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3a160f858d63da4b7e60f3c655bf52b

SHA1
e2fd4572b8ef776061fae3239979f4a217962fdd

SHA256
88b2b6c811d5b3c3e27fca54447c9a1df49fb739127ea3875fcfd9889f9e04fa

SHA512
c1e46847de6e668fa4d9beef7de2c310bdafda78b721397f6c0e7b1c1e275821fec117cb5c95d7c95c068b20aea8ba95df2de4f18a127621bd5b7b64e3448ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
692f4e66e34d5c958981b449391ae144

SHA1
dde1c41b59a5d24dd24c63755fab377fc49a16c4

SHA256
f4bb899adca5d74423ded398c3e4fc67a2fd6e631ffa664b20fe205e1039ac04

SHA512
080100207e3ded7a9d03af3f837efe7094b582262db7eb03245c4a9c3443f6b90eca0f9b12faeddd9b0a08723f8570b07a84fa9c2b1add38db6a0b62c7d5f2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ac16886a5a9dbefa605a75135cfd216

SHA1
afae67e4e57f9343eebac3a7961edc1f27d1d167

SHA256
51b4263fed8a615c0ee9d27c1a02a9f843f4c2d38d91c0770ef3600e975ee014

SHA512
c588dbe03029b1e36cf65e113ee7a3eaa733ae2d5f638b38a6c5f98c535476185559f68a45883d2e49b3411db73660ee09da5b666fdf811f11cb416ecac42fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e501.TMP

Filesize
866B

MD5
0fafa0faa948edcc6e10de50504ad926

SHA1
f9c6b3bdbb92d60d4fe31da4922942cbafd8c91b

SHA256
4f4c392c61490c6f182cfb7271265535cdfb3d58417613c519468bd8cdf5155d

SHA512
905097dbd16e6ea03c11d1c8fed8a4d6c495c2153b4dddcbef3d7bed32823f10f4003a71e4b05b4d0ae55e83e15063bfd5cfc0dd5d4d01c06f809bd96049a3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e0f39d3c3ed34e23e6edf44aebc3116

SHA1
fce73bf23afa020ef944b97d86cd14f83493c818

SHA256
a8195f06969ab102b38ce59d8fb25760d79e563269c77216be8bbe64ccba3a0e

SHA512
c9156d5b26af96e1737162088b1f6e5bea72d9155659dc9b6335783622da94021662f2d2a74c5400fe13b9fc027d3872b59a4a4db148b1439071f252a7ba3eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a075fe2f710295f251298b18f968b207

SHA1
c836ab484836226492a8003f8d0c197676ecd5ba

SHA256
8c773b5edf4461832e63d4f0925f0a69ad94b6322e55e57ed36215fc5af65024

SHA512
260b4281566f2a63b965374f4f674feba4e15c35734a61d5b0cd51fd4226f67929776e2dae57ffc2a5eb2c812df5907e635613928de21bbaa4045b6be66f2b76

Download Submit
memory/5224-989-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-990-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1009-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1010-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1011-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1012-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1013-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5224-1032-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download
memory/5568-979-0x0000000000400000-0x0000000003AEC000-memory.dmp

Filesize
54.9MB

Download