hxxp://milliondollarhomepage[.]com

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://milliondollarhomepage.com

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

Processes:

flow	ioc
18	https://platform.twitter.com/widgets/follow_button.a64cf823bcb784855b86e2970134bd2a.en.html#_=1440449120106&dnt=false&id=twitter-widget-0&lang=en&screen_name=tewy&show_count=true&show_screen_name=true&size=m

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "159"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{35E81C4F-C9FF-4F6F-B1AC-6D3D3CD979FE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exe

pid	process
2344	msedge.exe
2344	msedge.exe
3500	msedge.exe
3500	msedge.exe
3304	identity_helper.exe
3304	identity_helper.exe
3348	msedge.exe
3348	msedge.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
5644	msedge.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe

Suspicious behavior: LoadsDriver 64 IoCs

Processes:

pid	process
812
5844
4552
4064
3964
1268
3428
5284
2236
5880
3996
6088
5404
3792
644
632
4924
2748
1468
1692
5352
5936
4636
1628
5676
5732
5740
3368
3196
5760
5324
5308
5908
4516
2180
3836
5992
4896
4892
3156
3656
1944
2400
4808
1732
1448
5240
1632
3916
4388
3040
5724
3732
3400
588
996
3844
3160
2564
4552
440
5604
1640
5964

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

msedge.exe

pid	process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1044	taskmgr.exe
Token: SeSystemProfilePrivilege	1044	taskmgr.exe
Token: SeCreateGlobalPrivilege	1044	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
1044	taskmgr.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

1008 LogonUI.exe

pid	process
1008	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3500 wrote to memory of 4456	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 4456	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2324	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2344	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2344	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe
PID 3500 wrote to memory of 2332	3500	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://milliondollarhomepage.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6f946f8,0x7ffaa6f94708,0x7ffaa6f94718
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
2⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:6088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1648 /prefetch:8
2⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
2⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
2⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
2⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5676 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1391495291337541380,8738405653583001856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1044

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa389e055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06d49e97-00f4-4b40-ab35-ecb5cf9c1044.tmp
Filesize
8KB

MD5
a6741965ddd471711c2351bae9f9faac

SHA1
7ca216eb0d8201a838bc40cc7a49b0743d117a15

SHA256
08a82e61b205431ca92743339e484e476f3a432294a337847f4320f86670d425

SHA512
ab7c3cf65737c15b2a1d74bbf79b1a2c8acb435f7c8696f2eb6aebc1ea1ff071a52b3e6f4a979593e1eb80d6ca2a15ebb9715862859dc354326619f8caa687e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
21KB

MD5
3956be491e3fb7d7be6d4704ee0a25f6

SHA1
a387a7c14eae88b18a95a6d0010c8341f613f736

SHA256
49db00df7e9f2ddf8ed7236b80b46f5da5d85a6e8d148bc2f84f772e2f60c340

SHA512
d8868322d167d00b07d12dc1557f1c69948e2fa4e035c961f3dfc10e1bfda2ff6306df804da01a6e690fdd38e631a98a61f0499b85c89542cc02c2a99e4517be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
50KB

MD5
8c3bfd3fd97c5fe425bdd3c54d54c78e

SHA1
5df45753cff39f19384dba0e1320e1176a3d6632

SHA256
3ced07b1e0e4e5b9d90e8401fc4b54a43c3982ec8787982e105231e9a4e9f951

SHA512
b8589b2fb8ecd8ac00e53d9483676cdd35a0971799005c7d133bb91ded5245c7a6125e34f4381660516965d163f2fc1c20322c6699c17dd27e9eaed86e26cc8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
108KB

MD5
c2ca4b62632bcd394b4a325497b37ed1

SHA1
fda7098c89d4ea3cd51c253d27c0a00dfbd605b6

SHA256
d21eb030341099106861b27a9c46f56926739df5c14b4b87d5e8050564e91f42

SHA512
b05a1d7714f2109e0425bbc148b40fc81908e2ac21d00de62c068a2cc45447ace40bbb85cbfafd00567da0682ebe91cb69098f86cb1a78de1c88d116351805bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
588KB

MD5
a66d982b0c0c74e1f86fa56c72c9a901

SHA1
d5f47f11e43ea41018cfee7194379ff0345e1a72

SHA256
1c3521e01bc4df0c63f3c50cab32062b2802c868e1f8376e49a447e9d11f19c5

SHA512
f91984ecc9faaeb168f1da29f145fcecf347c17dbabb0e1eb994a2714ac3b4479129e07af519ddbff9164791bee7b63c00e02ecfb2f06f2651514338d771279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
396KB

MD5
952bdb0a7584cbe051d6824ec03da658

SHA1
a8ef5c26e13a382c6245433d8664a8e2e8697720

SHA256
994168aef02a85f1b157c0c9401844c0202b4bf9e0258916409c47a64b3fa2cf

SHA512
b77d4a9ca9af54c155598363758f446340b2bd471b2b367192955676a640c83ada4cd8c741b1a2022d20976cd73060ff651bf7be6e0e0510ab5220f6e2a0a501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
89KB

MD5
b9e66b3b202ec2f1431777c96d2db24b

SHA1
f76495582dd555d0e439314e20f43667706022a0

SHA256
3ea05995b7379d42fc6ac805b3a04cc7d092afac5aa906d7ab7d8f1f9bbc1b14

SHA512
fe25134e3b182b21eba868405c515c4552bfec57e03602fac68aa990d190df42691ad849501069bb874c33040827da33f82c17196e926232b5a1c3bee4ba6e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
38KB

MD5
1edd3d912257000ff5323d9f99d19afc

SHA1
3de2661f92b1ad140510f94e586240a0b0c78afd

SHA256
976cbf636911cd61d2be6ddf2e971df169cea7a7c2b210b852196bd7c81eac62

SHA512
a06bd0e28bdc3d5196d683e375c6c45ec7d673db9df1438623b856a66ba63f1e2b78a60ff729c6ee74202be7ce4264fd3770e912bca6fd9249a66532e88dfc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
1.2MB

MD5
be529a907c265364aea60b32d2a6b43f

SHA1
4e36681dc58aaaa130238083d0aa43d4604019e8

SHA256
1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd

SHA512
37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
05e5f30a664937585f3307226767c2b3

SHA1
4d5558b34900b67d90b5912bb8ea633474e87639

SHA256
cde15ed3c6a431110556c4bbf4549ae28cce5403e274bce8feb8c04daa346832

SHA512
2e7aa43197157004d35568b856f27e6a5a1392a7474a4aa84f13fbad469d493ab2eda45519b1e33a8eaae199055d19f2dc458bb415e65c6ef16a323ec253fbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
14e451ae3cd02147a253fbfbd8f39a58

SHA1
4c072efd8732480b32ac68692cb8f98742862528

SHA256
8e73aac69af139842331c26c1633d262a7fecb7bd3c63c7d686ff7d7c02ca15c

SHA512
c929636d0cd4d3e8978055f31775924c34c988d88ee03273cdd18956905a04a5ddbe11f5b2cbb8b207ac1604519b00eca6c77f6fb734b0e271d09f3285ac177d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
cbd28a33842a5f44c7b0c42c0b17ee66

SHA1
39582c4fc1ddf349df6aa91e607e758120fbde5a

SHA256
9a19a7ec5e1a348ab858150e8334e4312ff680c4a3da4475047e57fa50ee1809

SHA512
3e8ee8d54536478f592a27a64fecccfedcca1c22af90017e1b675e40f5d63ac21ae423023f6396c3dae39cf0931a54e1fdd9fee94b7585f2c7bb86b81ee1c74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5eedae383c0e39c4d0bdbe1c0d138a3f

SHA1
d8f915fb551172cdde639e3e4aecc75416cfc494

SHA256
bebda133c967c1513c4451b207a9395b3ad780f3bb53497f9c8d57a1bb145f59

SHA512
b15a445cf470e3b454bafec68d3254cdbd43c3371c71e46eb31813d07bfb310207d0e14848b19fbf8234f0c10139168489603f657193798f3f675eea0384fd10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
056b12335759a2240bbbce3480a0863e

SHA1
0aa02ee641b573a59805cc2385bb22b503620ee3

SHA256
5ae5b9e9dc5ba9ed775e2c1ea5997880e0132c9581539457930131e902a117a1

SHA512
c3c5006db3660806c10202ade1fe9ccfa436c55425fb369038bb505f612e9b30d3652cef7ebae337f2174b46ac1dce77f008eeb61703b5f106b9779e2ad88be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
8d1760ab968702093311216c52109307

SHA1
affc39461c35fc20bb02f702707c4029b2ca511a

SHA256
394ba887d560971609322df9cd41fd08e99679768309cb6dd4f5ee6128ec314f

SHA512
3e7e0adad7439e326599bed79b5034e5b95d6e0e8af1efc11b72394adec82fb2e751440b46fddc7beaa9d34af0d17a2b0a51a5377396bd8395d61a020596a9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d2815c3693f618fad9f0154d365a418a

SHA1
93b8816ffd6893bec5a01b657bba1dac9699bfed

SHA256
822ffbde378ca7a4f8766daab7220e7ffcd6b18c7e2092c27d6e62d510d5bd52

SHA512
e149ae81beb212bdb49ea168b0f0f22c3e98ed4c0121640aeb504631bb7e62676e645da65e7a3754015adb709cd64a7f0e8e2c91835f64cc830d0e7df3a09ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0e08958951bc21224970a4299550cd6a

SHA1
ecb648ec37ad966d1d7ca86fa8bac8cceadfec62

SHA256
4f1cdc23d32b909fb6cae89ec03ad66c65d37c11fde86a56fa85be743537ca11

SHA512
4775477f4e5883cb3e66a710010ca7520efcb155f169e0011c608a68c20553f4be02696ba63e33190a1876207e5cb78d92f79496721608d30c1cdf70a306d169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
ea715d27d0ee975e530ab164c8d4bd93

SHA1
3fedd2abcab40794b630ef1b21d84f953a7e60e8

SHA256
5f46466dc30e9f74dcfd7ac2e027ead8d46ee03d6cf54fdd7134dfdc3ccba03a

SHA512
7d3c5134a3ffe26cbc682aca295d7990fb376596958d3a07608383aeac703b41f3d76eaf8cdf9dbe9955374e1cde095d3317ed4e2450c5376389b9421ecbf5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2c1b321ea4ed9f7af2389e1fd3ce6310

SHA1
d483ff15a460ef133ee0cffb3ba2607ac03cf727

SHA256
5927ea94f82786dbb28dc1d94173f119da6d0dc0f92f112049c3d5d1c28b49e0

SHA512
4f4b393eea936a07da876889f5eb9bff035d5a123fbd866a3bef4c57b9a5144d86f0adfcb0f3e4b9b232fb8554c2ad06f2254690939071dd708a0ce68dbdf448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
39a9f39045cd7f94516b3cba4056178f

SHA1
712773eb828c6e12e8d3af5a628700f766511d1b

SHA256
1654f8172baee8543c9e00c40db96d7fdecab56a9ad2f2f0d2b1cd5c2b46028a

SHA512
b671ffce638e3ffbd8f67f8065aa4b97e6b322d37abd7ac7472526df15f3aa00d45e7e6528f0540b68d78181902ef450a8c7d024526b42c9ec94aebff28a709e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
46d91b548363b545f63483d906164b3a

SHA1
6a00a6234407dc597790f24dbe536cb017f69e3f

SHA256
667f3ba31402b52e622a1f1042e787b1da8739421718921f9497176c803164b2

SHA512
a1cdf67567fba860e6c70c379dd659508f741f5671798e6f59dd7ed25ee12a87467a96444ab7c424abfa9925be006057c119b32b10c6f3dceb6a8475135df008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
fa4c53c474d02e9a6a202377a7b3f50c

SHA1
1d717095a6d8499dd6d94e040352d99473d49dc6

SHA256
80f2ab6b9042f276b16f1caa622c6a1b7196231a9e6a948b5400ba88e33d788f

SHA512
e5c32a48361a48bb4e13448437c6dc007aeae2edadeaa4d30f6c8be406ddd519721cc56fda91a53579a16c6a9f9964ac47b9a3eb8aa862253cca80281f184407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
dd778ca5c644aa718306b51236bcce81

SHA1
007cd7dbb86cb4fa5b0291b1dfd55107c51ee8e7

SHA256
5e14ea7d363693956e4ba897caf1163900fc2b257bda27b5b77ce9c09ec36503

SHA512
9fce8a29386edc2fa5632ac62bc288ef31e6ff7fe8e350bb4f7c9fb2f56821ee95e245ca2f12a1bf1294efae4515fd3f91149c8a7c223c1b86722eab7a41599c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
298ada8cc9ba73d5a0f3c2d37091f735

SHA1
82541778bd30abeefde67a22126570648d70adf3

SHA256
25d4076483a0a469108d12eb11aeb6087cf6cd2c03bb18f46327a37974704956

SHA512
d4e7d03dc73893920bfcbb08338069fa7e2e7f08ae857a072218cdd82ccde327f050c7d471352f52908cbec5479b57fb9cbb0e5f195e8956be04fa678ca0d4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
04676b1ff7185ea47f439b878d764bb1

SHA1
6a494e19be67fa6dc4c11c9767f124ab00a9e0f3

SHA256
775b42d1ceb4402ac42a684a97e80c173fe0cbf73501264c172770069de1f303

SHA512
063a8f807581eaefa25d5ab1ef15c114ef98f17668706fb6fb9791495bb22c99f074dbca697a362a4596dfbaa1dabc4f2edd520b3d6e827c1db4c42b0114f574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
def2c571cd52fbaf41b4d012631bdcc5

SHA1
648cc4306383c97ef69a00dead81d56d38416ef1

SHA256
e72851fb1cbecce939417e91ba17ebd25b89b05ab8fc8992e87bfdf2d36f4b40

SHA512
0d0b2e2f68ef2f272c99508c352fcda8bd4899a7e23b8a0aa3f0655ce33d4abb1929cff1c04372d815d93a2a6cf69caa94cedcd441afea7eaef64a27a65247f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cb22ba02fb0a81503e3b197ba0864d9a

SHA1
39c8132d32a667e35c3e03e37493e6a96bc43b91

SHA256
b0fe986aaa27e81feff1f34b56f94bf0fbec599cf21335c5da43f6aa08457d55

SHA512
b575e576faae7aaf1884f384f94d2a79f6ddcf7ed67a1efad7c3c82d5588bb67f29582184b4e8be0a544de03dc67cee36fbe7d9b89049d862af3fb5f44120de9

Download Submit
\??\pipe\LOCAL\crashpad_3500_WSLGLXNRLFHVNCUC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1044-730-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-742-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-741-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-740-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-739-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-738-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-737-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-736-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-732-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download
memory/1044-731-0x0000026C79400000-0x0000026C79401000-memory.dmp

Filesize
4KB

Download