Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/05/2024, 01:10

General

  • Target

    Elsify Universal by FrostChanger.de.exe

  • Size

    18.9MB

  • MD5

    e3b560df6cea8b05217e6bd7c5746aa3

  • SHA1

    fe7d61e1042f2a5b0e3d44421a06909eb03eb557

  • SHA256

    888c6795013781aedce5d8de7225fcd9950dc9d22dd7dd0f347945e70a9a8d2e

  • SHA512

    f5f779449e026208d85dda083abc4e2f67333ed475ab7fb96d5d6fa5881eb0b57b7e14120969e8ab38b3491e55b0e7ae04f23d6661d63d6ac2f08c1c43c63084

  • SSDEEP

    196608:PwRSn6zKcX4nkYBSIvpd/MpDUnRC0aYWGg+VKc+LoJnPD008WJaST+/8WwRSn6hB:HPSw/Mb0aQHMcR008WOYidtMPD9J

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe
    "C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/api/oauth2/authorize?client_id=1226873004508708906&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2F&response_type=code&scope=identify%20guilds.join
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd8
        3⤵
          PID:4252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
          3⤵
            PID:4188
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
            3⤵
              PID:3676
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
              3⤵
                PID:2316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                3⤵
                  PID:740
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5048 /prefetch:8
                  3⤵
                    PID:4080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4004 /prefetch:8
                    3⤵
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4484
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2184
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2572
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                    3⤵
                      PID:2304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                      3⤵
                        PID:4176
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                        3⤵
                          PID:1384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                          3⤵
                            PID:2096
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
                            3⤵
                              PID:2320
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
                              3⤵
                                PID:4652
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                3⤵
                                  PID:4484
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
                                  3⤵
                                    PID:3472
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
                                    3⤵
                                      PID:2708
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                      3⤵
                                        PID:4912
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                                        3⤵
                                          PID:3348
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
                                          3⤵
                                            PID:1556
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
                                            3⤵
                                              PID:2756
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                                              3⤵
                                                PID:2796
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
                                                3⤵
                                                  PID:1460
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
                                                  3⤵
                                                    PID:4500
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                                                    3⤵
                                                      PID:3208
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                                                      3⤵
                                                        PID:3256
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
                                                        3⤵
                                                          PID:1944
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
                                                          3⤵
                                                            PID:1296
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                                            3⤵
                                                              PID:4384
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
                                                              3⤵
                                                                PID:3992
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
                                                                3⤵
                                                                  PID:4580
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                                                                  3⤵
                                                                    PID:1844
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
                                                                    3⤵
                                                                      PID:2212
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
                                                                      3⤵
                                                                        PID:4500
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
                                                                        3⤵
                                                                          PID:820
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
                                                                          3⤵
                                                                            PID:4156
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5480 /prefetch:2
                                                                            3⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:3936
                                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                                          "cmd.exe" /C start https://bstlar.com/A/leanswapperkey
                                                                          2⤵
                                                                            PID:1296
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bstlar.com/A/leanswapperkey
                                                                              3⤵
                                                                                PID:1484
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd8
                                                                                  4⤵
                                                                                    PID:4176
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:932
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:4960
                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4
                                                                                  1⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:1040
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3692
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                    1⤵
                                                                                      PID:4888

                                                                                    Network

                                                                                          MITRE ATT&CK Enterprise v15

                                                                                          Replay Monitor

                                                                                          Loading Replay Monitor...

                                                                                          Downloads

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                            Filesize

                                                                                            152B

                                                                                            MD5

                                                                                            c1c7e2f451eb3836d23007799bc21d5f

                                                                                            SHA1

                                                                                            11a25f6055210aa7f99d77346b0d4f1dc123ce79

                                                                                            SHA256

                                                                                            429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

                                                                                            SHA512

                                                                                            2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                            Filesize

                                                                                            152B

                                                                                            MD5

                                                                                            6876cbd342d4d6b236f44f52c50f780f

                                                                                            SHA1

                                                                                            a215cf6a499bfb67a3266d211844ec4c82128d83

                                                                                            SHA256

                                                                                            ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

                                                                                            SHA512

                                                                                            dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

                                                                                            Filesize

                                                                                            51KB

                                                                                            MD5

                                                                                            f61f0d4d0f968d5bba39a84c76277e1a

                                                                                            SHA1

                                                                                            aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

                                                                                            SHA256

                                                                                            57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

                                                                                            SHA512

                                                                                            6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                            Filesize

                                                                                            1KB

                                                                                            MD5

                                                                                            01859503545dff348bba4537e154d987

                                                                                            SHA1

                                                                                            04338aceb516bd97ec803c1a9077f9933fc4f061

                                                                                            SHA256

                                                                                            741530e6f649144333b2bd8dfea48cc74fb97d2726367fb80a33de05677f1257

                                                                                            SHA512

                                                                                            e7dc8e024cfac45070371f168d00be8740378a70cf9566054961a055da4ea21fab07b6e745729e90f33477d3a25e6f4a06a524c36949c8d30c13eedf410e415f

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                            Filesize

                                                                                            864B

                                                                                            MD5

                                                                                            dfebc62d3319aa0bfe35b0f6d066740e

                                                                                            SHA1

                                                                                            a3bbf4d43eb80469d7cac4ceb6dd4a3547eb460a

                                                                                            SHA256

                                                                                            6ad28391a68ce39fd0e38a108d052e19e635c0637242c038a2e5db6b29aeb6c5

                                                                                            SHA512

                                                                                            425ede2e2c758418e083871fc81751f916f91888f1a961c18585c7d2a0da58d21e3b659710f41fbd0e92e20a308e5a7e086d68b350b3dd52a1e2df470005cadf

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            e24aaf2c84a9d48b157781d53e0d134c

                                                                                            SHA1

                                                                                            ddd46eab17595c2fc26f9e5f9501d67e563c7ee6

                                                                                            SHA256

                                                                                            1205ecb731c0a07ce62ae464d70528decedef908389d38fcd628923fa4614c08

                                                                                            SHA512

                                                                                            c9c1ed39e7231b10728d6c15f183ec911078d8db27d1ee2a6be3f6c1844c1ed1d34e9a8c9c2966c5a75dcf50fea1e1a007a05169d4e8324ca08cb06687f70f63

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            5KB

                                                                                            MD5

                                                                                            933e80c9fedef09164625c50c4048e58

                                                                                            SHA1

                                                                                            2ad99bd27ff5aa5c43e2301d321b443445a8bd5f

                                                                                            SHA256

                                                                                            4ee7a2f2a08da7f84095cdb35918eb118a72d780e1372820633722fbb42f47ce

                                                                                            SHA512

                                                                                            8fb3e6241da12f5b504152a4857b4b7f484c58d034fcd7201b868ff5800b8e7f405afee56d7c839dd5d3466c9095449f6f4c296bb456d975cc0ea93abc002e1b

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            1d16a955c7faf43167005cb77dafb347

                                                                                            SHA1

                                                                                            84919d8a9743f530c3e7273da5d39e7d394a916c

                                                                                            SHA256

                                                                                            56b99ba1ad20dcbb57536be57c3a18f187b879af949ded78689bb476c255e6d1

                                                                                            SHA512

                                                                                            e767e86439de9adc629878ae10b8ee374b54c41ccf9d420517fdf30b2878ae7efcfb4b026a24a8a9932cf20dd8a5c18cdc120261c04679de2b7caa8945b927cf

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            3d51cf82de87717296d31a050f11ede5

                                                                                            SHA1

                                                                                            d64f1e45ea19a5caeb07a2eb138a3a10927a9a0f

                                                                                            SHA256

                                                                                            beab5a16842c5a56fd4c87d3b8f70f4310439606e304cfa04f8a6c8ada337522

                                                                                            SHA512

                                                                                            38d514eadd71a331d671d119c08eeecca688862229beb7367130dc8a389eec83dc3d1c1c5f0f34590c31f874e43d1aeb4d2fee368105322ef3298df6db50b450

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            7KB

                                                                                            MD5

                                                                                            2955b1347c9640d80d99835a05809935

                                                                                            SHA1

                                                                                            ee99f263740bdc44a2c5f63364b3f9b940ee457b

                                                                                            SHA256

                                                                                            747f5b5602aa91342f27e017a62911bc466a009c39771ba1c0477b2731cd71c3

                                                                                            SHA512

                                                                                            1846927658c5762f43a3e15648f2daf21794193d0d7f4ce19740012d5e47e3c7f95245b169a75eae15d5bd9078d5828f7ccc6bbb28255c0e4fa5eee80d559491

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            6KB

                                                                                            MD5

                                                                                            7020dddffd0a7fd606ca7f674052325a

                                                                                            SHA1

                                                                                            ee62654371f8f38e17176b7eb838c8c167ad94f9

                                                                                            SHA256

                                                                                            fb6a496765f4f491cb06f9c0a4d8aae4713a8c3a675756cd37152cd75571ab6a

                                                                                            SHA512

                                                                                            0d3cd510471ad478d4bfd75f16efcffcd33e5f3f31aeacb09c54d47c183e4852cdc365d38b32f46f89a9a04dd28cbe84cbaee3ef693cfea32fa1e1157665dd79

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            12KB

                                                                                            MD5

                                                                                            eb1cbf3b2cf54af9b0cb7188ec253515

                                                                                            SHA1

                                                                                            59d4dabe36307ecda4f6b6c2959e0748112b92b6

                                                                                            SHA256

                                                                                            1e231f2b2006347f966768987e5ffa382c3a7689d5e1340af5c61ed624dc522c

                                                                                            SHA512

                                                                                            330015e2108f243ce9a1c2c72e85f46dea532415d2b010a2eb9a2b31f819aa5fadfc4fea89dcf203725c28988c1c964cb91a9634962f1fa578c522941f8117bc

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                            Filesize

                                                                                            8KB

                                                                                            MD5

                                                                                            c48b25d57ccc3db08db4f36d38341c23

                                                                                            SHA1

                                                                                            b6cbc5fa24459665959e2f54e0c8dff74ef8d481

                                                                                            SHA256

                                                                                            feb516b392673e3e9645f32795e47d0f50a7000bba373077f2674f2aaeb98878

                                                                                            SHA512

                                                                                            d9f2cd46a929961bdd881fb1178dd62c7a0ca98226b222c98f5a53f30f24f116eec8ca0688e208f640ed234ebc2311df66d0c120b4ff86467bd0e1964e497b1b

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index

                                                                                            Filesize

                                                                                            624B

                                                                                            MD5

                                                                                            a950c0ce8dc7e3ede15e6bb7cf6fd454

                                                                                            SHA1

                                                                                            8c223d7ccdc9f4c34e2c448cfaec075cbb1f2540

                                                                                            SHA256

                                                                                            131385fb1cbe822c6fc772b7f6762398c79b8abc9393c2bc96ab2e0ec1df2713

                                                                                            SHA512

                                                                                            1c4766acf5169379dbd0b7d391a765773f0c434924d5db8c8505b37ab073fb3c86dec2853147c1f4f3b5ac3671f3b62479d78158e577b9379bef622fc63336a1

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index~RFe59697e.TMP

                                                                                            Filesize

                                                                                            48B

                                                                                            MD5

                                                                                            37c3dc6dc1a9900dbb750c4af8a69bf9

                                                                                            SHA1

                                                                                            7ee302a3f97d7ac2c91646432db21b427e0208e1

                                                                                            SHA256

                                                                                            e5ffdafb86d1bcb7f719324aa0d579d18726274a18b4c9c8cd1303e353e322d5

                                                                                            SHA512

                                                                                            724a5ecfe4dfa68c6ce76b21a599bdcbd7d715e943161e3251ded6559af6d971e8bad40c69ff0139778b4aefe0cf55b93392fdb794bcf3ef60a70d4a866b1e4d

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index

                                                                                            Filesize

                                                                                            2KB

                                                                                            MD5

                                                                                            12ae01ed11a82d75aca3c0e38b6544f1

                                                                                            SHA1

                                                                                            4f77aba82fd9fa68a14dc6284810b84036157f2e

                                                                                            SHA256

                                                                                            5a917e1432629bd4338e8eb7ab60c4900018c3cf48830257353f96244e99aba0

                                                                                            SHA512

                                                                                            4ca2126cf1eba788f8bc1828107fdd43c1d6a05287882be6e61f19766292c1ada04480e46701aa55b60b74a4ac96323c24dd76039ab51b3224ac8f7e9689daeb

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index~RFe596874.TMP

                                                                                            Filesize

                                                                                            48B

                                                                                            MD5

                                                                                            b2b8d161cb58f27194edc87d0872a791

                                                                                            SHA1

                                                                                            c61edae82a52787a90886d46f7362ec3c3d6fccc

                                                                                            SHA256

                                                                                            70fc797ce80be11380f288460bed07136aee2470f792d33b7552eea25c588db9

                                                                                            SHA512

                                                                                            4cfb51b7ed804e73ccb1dd96574090af74736b40f88297400fe8913b45552b3090aed71488109e38a51c37d5b71b93915c422afa3d26abc87d9c6b98ea3e9ec4

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                            Filesize

                                                                                            89B

                                                                                            MD5

                                                                                            329aeacfd4685718ba6b1841c4a9c3e1

                                                                                            SHA1

                                                                                            5a9662a86abe535bca76026b9526bb35f56fc984

                                                                                            SHA256

                                                                                            7671fbd1e9e29075addfc096d044180282d39c4849167e1663d4d336940b62db

                                                                                            SHA512

                                                                                            e607aa72d702eb5d0a6a6ba36f0d8f32d48fb914cd0df6efc99c3ac526bc18951982f642d7aed5f2aabd51fb5ea16f06065843f9c716cdec954cd5f0d48fac43

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                            Filesize

                                                                                            146B

                                                                                            MD5

                                                                                            6970a9d2b307e8a349fd507b4c96e063

                                                                                            SHA1

                                                                                            86da1c31fd3af64bd0a913f04966c12f04e7ed81

                                                                                            SHA256

                                                                                            eb6c9c0812d1ea7d17b101c29a692a68fabf7b376544209af732f54bdf807723

                                                                                            SHA512

                                                                                            7d0e2c7f46e3a96900f47888929f3c8f4fbbe63534d17200bd0763440d45f2c50085ebc40fb4852724c92932a81c2849e09c7cd92a53e64d2f22303e9853bb62

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                            Filesize

                                                                                            155B

                                                                                            MD5

                                                                                            596ea6f4e25e9655ba0c3d8dfcf6e982

                                                                                            SHA1

                                                                                            603e3c65946f94597ee557a28c504da256d8af70

                                                                                            SHA256

                                                                                            f261a7d88e9232a722ff2c61f794da33370389d1a65012e962cb704b672545ff

                                                                                            SHA512

                                                                                            d9cab805cc12ee612475f634b67ac80df73cebb2e3db46f93b79392771677702d3c948d703d79beae10782e8e0afb71cfa1f5dc7a28f36ecc837e9c6496b58c1

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                            Filesize

                                                                                            82B

                                                                                            MD5

                                                                                            73305382072ef802e7d298479eb6e967

                                                                                            SHA1

                                                                                            a24e7bc67eb97c3fd2313e370bff443342c87481

                                                                                            SHA256

                                                                                            00f1ccc643ee471956b9f9475915de7e5a346d018b6fa7cbe5f767f3ebfa177d

                                                                                            SHA512

                                                                                            c52f730e2a05c6027a57cc65a0c2d0792797326cc7130841b7e830c4196257643ea673768d73aa3579f3bf50f38b7c35392616d49abb75a261886ef97c76258e

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                            Filesize

                                                                                            153B

                                                                                            MD5

                                                                                            7b3a37d6329a780d8302a11db2d5666a

                                                                                            SHA1

                                                                                            2454fdad78ba8b04ca0663950f5946cf7e03ef3c

                                                                                            SHA256

                                                                                            53ee01c86aeb5551023ac692f8198f04083e3aae125de18f0fb8e0318efe47cf

                                                                                            SHA512

                                                                                            4eae4da614a99929c0bdddf5a5a01d772d0e4c1c844a5342dc4e3af1c71a033c3f9795b4879d0ed9987894bf3306d81eb5603d346e06814f75e6766009609a91

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                            Filesize

                                                                                            96B

                                                                                            MD5

                                                                                            d726a669e7d6d0dcac310cfcea017fa9

                                                                                            SHA1

                                                                                            4c5117ccbcf0d9e912449c7e653b2634b721cdbd

                                                                                            SHA256

                                                                                            efda17995f7e8cddc86f16a0534b672b76fc1fadd8b0cc315422d40241a84d90

                                                                                            SHA512

                                                                                            5e8db786d53b8923670bb01afa3bd20cba3845ab6bd0340b8ec52352a98c535c567ed7e9d1d90ca4d8290a9f5300c9344220bf75df1e409902c20958ef8d9b16

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595ccc.TMP

                                                                                            Filesize

                                                                                            48B

                                                                                            MD5

                                                                                            8ad49e2c5c95574e167d3d0c2741dfe9

                                                                                            SHA1

                                                                                            ee4c7be1d1fdafb3b0c881112d77d51116dd53c1

                                                                                            SHA256

                                                                                            83f61fceb1ca8fb7fee3cf31549e43df2c319ef74d87551f42d717454ca821ce

                                                                                            SHA512

                                                                                            dc7c3b9fa0113fc5e0ebfeae52d39568860f586528a56ea8c93bc378d0e197d48394403ee4e567856bedb6eed27526f266bbaa9ba56aecf70625392257cceb46

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            370B

                                                                                            MD5

                                                                                            08dc95453a6a9b6f625670ba7017c725

                                                                                            SHA1

                                                                                            4e28d45de60077808ed107127d356fb633c6ee39

                                                                                            SHA256

                                                                                            1cf295e5fb3969fc71603edfc489efda5bcbc9b833d92422cc64a7e13016a84d

                                                                                            SHA512

                                                                                            47e558e24502b0ed5cbc379c7f914fe9006c2bff48b8567dd745c97d02d49e8525d7fc487a410b095d1c572dfff1defcd4a17efbcc55f3c4de9f4394d0bc1f4e

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            370B

                                                                                            MD5

                                                                                            5047260abbadd4938841bfc854acc923

                                                                                            SHA1

                                                                                            69f2a697c9bf3365c80b4f27b77966b69205457d

                                                                                            SHA256

                                                                                            b794bbcb47e064cac5f9d9f597d9400df4d6f7cee125e9acdeaa79d96b7e979e

                                                                                            SHA512

                                                                                            1b69788c2c08096f2baa57e68ed69732f893dd90ff21f92bffcb4730aed1e92d14ec56c11ddb352c4c6cadcaaa64696b86f0206e9719944fa567438e404225d6

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            1KB

                                                                                            MD5

                                                                                            0df7f8222bf9708aa7c0c39d61a48261

                                                                                            SHA1

                                                                                            f27a41ba540f9b661756551bf6bc712a5aaeded0

                                                                                            SHA256

                                                                                            6131ab1f455a2fd44ab0c554b2b02a965dec01a429abaeaa8b8ba6696105df3a

                                                                                            SHA512

                                                                                            b153413572b6243e06d5e6a6d695a30406650052771c6de552ff2f8cec8c9984f6add538efc4995b13679ad2dd4900415eef3c05d4761ddd386d68039b789cfb

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            3KB

                                                                                            MD5

                                                                                            3f65c8ab7d241182cc34dd8026de23f6

                                                                                            SHA1

                                                                                            a8a5d0591da854cd5d8e79eb1a30e244df1277bf

                                                                                            SHA256

                                                                                            3fa43b4cc75fe606660c7f1f3b189cb3b551b3754b5a5f686bdb1f5801487898

                                                                                            SHA512

                                                                                            528b37669343f4b5c8815668277fced2fe9885c81fea90526ace5248189a049b9323cf55ef21d82744f7d2e8af92fb76d14895bac18b0f0c311750e39425d215

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            1KB

                                                                                            MD5

                                                                                            e709f91d63252a9a7ac5fdcae597d76a

                                                                                            SHA1

                                                                                            9c181fdca346ee57de6e7005e9d79293ae94cffb

                                                                                            SHA256

                                                                                            164c2f51b993590497f938083772575092e0ef40459e8955e348bede6440f62a

                                                                                            SHA512

                                                                                            884d8683edab0bca00e2624095549bc1eacdc4ee54e22d83a91d2ef8b18fe2a6dbefa211a07d392d9657c76461f1cd08db653b01173fa844ad59f6f1be4c70c0

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                            Filesize

                                                                                            1KB

                                                                                            MD5

                                                                                            f9d2f83289f1c768e1488b5945facaa7

                                                                                            SHA1

                                                                                            0c2b26bcb6ec37963cfd8258adef3ac060a64ea2

                                                                                            SHA256

                                                                                            c88741f375fc4aa88aa99cc9d85817dd7a2491efdf6cc0f3497cd77504c4ae58

                                                                                            SHA512

                                                                                            55f5b771c083fce5e11533646536b6997fd6ce8d01613206ed826e037f79aa06fb7a4270bfbfd1e96f0632d973cdf2dd015026c3c3b994f13c20ce9ac66b1f42

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb96.TMP

                                                                                            Filesize

                                                                                            370B

                                                                                            MD5

                                                                                            acfeb290a1583a318f103e12136d5d9e

                                                                                            SHA1

                                                                                            6086f3d2444e55952cf63a0bfd5d495aaad609ce

                                                                                            SHA256

                                                                                            8cdd5e0f81fb42e8a01792232a1be5670be1db5e4cd635e71e1a793737ef6c82

                                                                                            SHA512

                                                                                            3779f11134fd2bd567135358029d647b535cc4791e34c57484befc1b380a751d49d3b94b31e8961c6d1d03d7c36d90f8a9786dd1a39750323f31f3db9e143b78

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                            Filesize

                                                                                            16B

                                                                                            MD5

                                                                                            46295cac801e5d4857d09837238a6394

                                                                                            SHA1

                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                            SHA256

                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                            SHA512

                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                            Filesize

                                                                                            16B

                                                                                            MD5

                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                            SHA1

                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                            SHA256

                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                            SHA512

                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            ed2ca036be52dab97243844f2fc40e0c

                                                                                            SHA1

                                                                                            7be8cf159d0f5911aade86865a17d198cd71dae0

                                                                                            SHA256

                                                                                            0a1c15969fe0ab34d230bc89d47801a46b69379c2fa0d1569b57a495d5a55cc4

                                                                                            SHA512

                                                                                            452d667bd2c0daed7939c2a3288cad2864bde1782304b22231506c62591a062fb0a560a6c7c04f40c394f45df2b5ec1da656f4e1c2f0d7b6b78b2f651195225b

                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            4c97fb2fcef68c081071e8925ce852c6

                                                                                            SHA1

                                                                                            edd9d22b7622a22e88fa6a62fd3a4865448f8061

                                                                                            SHA256

                                                                                            6757d74cc1887cc1fed2c410886977f90a8a99eb509d8e55c43fb523bf331c70

                                                                                            SHA512

                                                                                            ebe29b4cfd41f2b6a0565365565d7a86f5b3ad161fb2c1fca09e0d629abe31c5a188b2fae3c8cf195881b805976cd9d584ee3b21f777d4470558eaa60cbac823

                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            1a4ed7e6abbd0bdbe515c5a9a5095ac9

                                                                                            SHA1

                                                                                            eaadefea3a05f15a48b2f72aecbac4b9ab3307d9

                                                                                            SHA256

                                                                                            ecee9301816e58ef438be402826dbc9a5231c5467b182622b75364a004483871

                                                                                            SHA512

                                                                                            bd9f8e258eabbb2b94fbb4cb08385f9021d1d2e773f9e5ef0ed4c5c59ed8e3404f495a42de20c19040e41d3e531ae7db732832beb5b26d4480cb6f0b0939ac66

                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                            Filesize

                                                                                            11KB

                                                                                            MD5

                                                                                            16a6374c3f724172104848737d339936

                                                                                            SHA1

                                                                                            ea59921280ae14ceb6c20dfe46e5e10b5b7e282d

                                                                                            SHA256

                                                                                            a4d76c7a45e68cd7ddb9eddca8141a9c02c2d5ed92327724c5f8b3d19068a9e8

                                                                                            SHA512

                                                                                            7ea8fecd6a609b420ab2551a6a476d0e06fd05265705fe8c4976ad40527184626609e193d328e73f92a1ae71a7325a152c5b29ec051d4af720172dfb97801e35