Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 14:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s
Resource
android-33-x64-arm64-20240603-en
Behavioral task
behavioral3
Sample
https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s
Resource
macos-20240410-en
General
-
Target
https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4844 msedge.exe 4844 msedge.exe 1700 msedge.exe 1700 msedge.exe 2320 identity_helper.exe 2320 identity_helper.exe 5804 msedge.exe 5804 msedge.exe 5996 msedge.exe 5996 msedge.exe 5996 msedge.exe 5996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
Processes:
msedge.exepid process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 5524 7zG.exe Token: 35 5524 7zG.exe Token: SeSecurityPrivilege 5524 7zG.exe Token: SeSecurityPrivilege 5524 7zG.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exe7zG.exepid process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 5524 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1700 wrote to memory of 1092 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 1092 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4336 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4844 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4844 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe PID 1700 wrote to memory of 4496 1700 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/nrg2AYYC#1PvUlWNQ9oOv3bpF6zh_beBoyXZuEP_ePiM-37oLS_s1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a9847182⤵PID:1092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:4336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:4496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4696
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵PID:1612
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:1328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:1804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵PID:1864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:12⤵PID:2712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:12⤵PID:4408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵PID:3036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵PID:1784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:12⤵PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:1080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:12⤵PID:384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:1472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵PID:4912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:3672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:12⤵PID:3600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:5128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:12⤵PID:5136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:12⤵PID:5144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8136 /prefetch:82⤵PID:5152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵PID:5584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:12⤵PID:5592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:12⤵PID:5600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:5688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:12⤵PID:5824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:12⤵PID:5896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:12⤵PID:5968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17286012870353973066,605961467793589090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:5372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1296
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5904
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HMC 2.2.1\" -spe -an -ai#7zMap1745:80:7zEvent137261⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD58fc79d492cc6dc2eb9b341c1ac23bf19
SHA185f6c6fbdf91b270965a8a5507b5c804397da752
SHA256ba0a89ca55950dbefd6ccae6dcff051e754808322dd4b8064d4e4609fc96879c
SHA512eb5c8e930fb03f7aac8fe3224c530491418879dd2da7a8cd92e3219b79ad4752959e3c34e0122c27065eff5b1ff315e76a8c767a13c78a956b9eeb30b657970b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
720B
MD50f06f502b67cf3ee3570b991601eedb7
SHA1e28e1392f0870208c9b60df1bc6acecf254beca8
SHA2561ce0e0f26dbfb20400b9ee950d695a6c80b143bf6632e49ca32bb9609d1e6703
SHA512a705a99461c5e8bf5abf14e0f77aaf6271cb518594d5da929419469a67d143cd3ae54a7ec58e0e7f87e6b2c7c3e33cc32c69abfe9f051ad8bbb22496ee8ebedd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
744B
MD5b4dc29692e1362128387fa81f4eeb77b
SHA11d789ec870d9193b132fc8cebc7ff69dd732bdb6
SHA256079d073688980aa6552781249b285a5b0fe9ff59c9876c71b6d87f8675010c8f
SHA5128c19a2812fcb7e15cdc9fe3a56527da8887570ac46b234451f2e60ed8a696abb90f6832a23225626aa171a8b7fe6dd58cc16ff86c41c3c0d4103202bb03274cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5e08735d8d04f386ff229cfdd8a901096
SHA1e90c5ea41031dec6fee120cc3dff12883d030394
SHA256dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0
SHA512a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD54b9bab6990c6606c2fa17dc7669b3f67
SHA1a8680125b92fc0baaeafd8dcecf5ec464d3cef6f
SHA256fede638f577be4f6462ccb60cdc8fd915b3c5f6d9f4019813f71c8904b92b0aa
SHA51211e3505f41313d101547d8b099686ad210a07136e7ba4e0ac73595543fa4b8a10d410d3c92269cff5d1e5c215c4aa6df5a6ca22c006667fb098bbac0fda511ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f19340edffbf7141b607b3a94a129b6a
SHA1ebd846705f2e6c4ad90e473c88ea66ba1232a002
SHA25600c1a835b22dab35762a25726ed278e53e558afbb15d15dfb0f9358d47708393
SHA51284335df52c067477afe9bb01e267e64547a9842a07529c4029b9c8ef107d0ff0fb7986a78dc250fb7edd02a5ac365e8010a1b64bdbec471effbcda0842683229
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f67443e11ee044fd4baee1766288415d
SHA1db579c0029d8e5831e637717f2daddf2e349f154
SHA2565cf4982c3a5e4be65e183fc65b36b284f44b88b3a28056c0843629412b5fcebe
SHA5127c48e8e65e076c823b9310586fc7e08412a8dd8764bcd669a33d6c73eb83d0df23b640df65d2db3787b1ea7f48ee3e162a0f8fe4284656b8bda4a50614e89bd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD59d0d03952d502997a278299ecb9a26b0
SHA14fb0bcc84166621de68f0a54c5eaee53b2b004c8
SHA2569e74a07e4ed2bb286bf69c654b4c45a36ce9b3c2639b0078546028a1cf295469
SHA51254239366829e560cf39368b3999cfb2eb6e32624cd74efeb31bc0e68a964169602bd4c72a149961fa506fee7e96fa9801a533dfbbfc4099ec88e9d0c88cdba8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD566444d8b4d23f70419740336eace4c41
SHA12e5eca2d6ad1539821ada4d12f38c134ef418966
SHA2561bbfffeedf9df5e88600f10f8eb7cb5103240205d315c936a0798c199b5a85d7
SHA51268364cfe7316fb2bd8b4ddf6a2c92dc16779abdd445ac9abc367dc7171bcf5406d3b8e743bddf804eca2dda944263835612c67768da82799736cec4f9b8cc467
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c1360bd9912e6830319d45e44a2983cf
SHA1131fd916cc35d13933a7990c3d75c87ea5df9326
SHA2560140552a768e5521b10c33c68bd2697331f84c87a984d6a19f98c20e6f871def
SHA51272faee6ce0f00bc4cdf859711b30f83000b733246bf78f8a640a203aa05e1aa4207d7a1c8a48213e43d9038748bc48f519e0fafafecfca7524d1860c0342ae28
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5b696b027f8b42641b170c54d38fd8624
SHA138b5e718813dec229b719f7df95ea0174e99c11b
SHA2568652e0de6b0bdb77b7ce0d76d410484ad220038dce78e1472f3af861c826bda7
SHA5123da31cc2d0c4d8b34bc26289c91071515f2550bb045fc37f7bd888a5f30dde6efc9d8b7bb7366f96efb038e7d6ff4719cc49b744ab7ccb3f06771809d9cb0bb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b100.TMPFilesize
48B
MD56d65a4be91f9f4aadffa78c26d5bcec2
SHA1ed0a958d20067f045cee5fcd97085a80c4d1e317
SHA25644e9602c8d7a26c385d8f73edb2a032279f00909d644873d812559ce7ff5db31
SHA51264bb4f24507f57b22e2f2870b6b1700260f18f5fbd801fa2bf0267b60d779f1d5fb84e3e2ed416fc66086c2ffe334e70acd53e2d26d7b774bf0aaf9f2fd2dacd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5726369c60b80b438ae2e14233de6f69c
SHA14997925dca6a22b336bc918f73e5234d12cb1c4e
SHA25684de1a06c4f4777d1afeb0ece884f97dba240d3be4aeead6fe3dd2951949e861
SHA512c114a10cfdaf8ad0c5426e1e28c05825a6b8abfeaa3bb23ffbe6951ddfd4771d2169e2fa3074a22f813d56037c87c1e5bc66eaff6cd07a05fdbe1e7709df39c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD59ef794ef03a7f89ac012f64700e5025d
SHA13d7afb7f98ab3b86ecf001ac6e899a72c7457256
SHA256e338bf378d6a90650e2b4ae0e59c56a769ab7008936e96956e1ca454410b9522
SHA512f5c41d4cccd2cf62930355751ceffbc1b94595996269abf3990753d3fa89466132f36866bed11d7646af96fdb6f63b15372fbd7114a6d08d9d2fc94d4f06892d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD58febdae428bb7979f6eb85bfdccc075f
SHA133cf112e7a59f2716c561df2713fb418796f8155
SHA256107ab15d84d607ba7fd8f1fae8ac2fb392fd49f545ca60125c2198255eb64664
SHA5120218750c36ed235b46d520f827ba801ec446730d6ed1d9ee29f10f466077194fb23f8875f3529d3031d8896b181ee81c12a60e4b9f897441d8f329974d0d094d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5e4ef6bf97a481701556dcf332ab3dfa3
SHA1babd77fd9ea573b9471f5712b92751ca16f1a825
SHA2562418910a70198cb222370d18bb6a2a20af1298be9aff0d6e0dd41fd20153d78c
SHA512d74857e80346afc3e78aef0d00d176cc6083a5a7438bdb75655ec975d1bb8a88038b5ae6aa20f45af43dd950aa121ef0cee40c784a06469ef28a79b544dc9020
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b764.TMPFilesize
203B
MD546a940576d9ec84df84cf62b5eff7cde
SHA138c69269783ff2e0c2fe77b186a93fa88f3152f5
SHA256d6fa91f441f222e4979a89e6193c5663037899785b552d21cf4904ee8ae11c7a
SHA51209417d15f510d590d8cb1425c3b9776ceb487fe33cc42085e8e1f38c3e2df0b1a5b5422f78ab99fff1ff473c2b6e9c800fe533ba25f1fe4e4c80c607e786595f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ebb277c6deb8db69e2194f0416b0e016
SHA1c5bab375e48ab267af3ee39a156c1483b0956dd7
SHA256fdb560d2be7be066dcd4a6ba80457a9e62eed14abab8dfb896c11f5cb0a2e477
SHA5123126d22955efdde731035d6a870737fa24bd4c52d68374f0937d5d3f20764966877ebaa458ef19e972a1405dfecfb1aabb7cd0427560f4c8444eee8c8ed9c0c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5d36690af9fdd0ad9e596ad516a01a3d8
SHA185867ce53c64ea5070f481356aea797d201ad921
SHA256d222808262a97330d513e69356c4115e99a3b155ddc20d10dda525cb574176fc
SHA5128de4d678b4cc237f3904522f74c24a3a22897377bd8edd5946f4c18e776ec51790da3a6affc5a099bd1763636fd79f95582db88b75aec465d35a74e72038b2bd
-
\??\pipe\LOCAL\crashpad_1700_CXWQXQDQQFWOJJJAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e