e8227a9f4a6d9f7bfd6d911ca3b7c65fc2e21f4d7c2e09fdb59f35d45ec9c539

Resubmissions

24/06/2024, 07:22

240624-h7nsyatfkr 3

24/06/2024, 07:19

240624-h52l1stenl 4

Analysis

max time kernel
149s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
24/06/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nexusLatest.rbxm
Size

88KB
MD5

4393ed07caf83c6f62262a1fe11f0e79
SHA1

1445d4ed1d91bdf33340ea10855639081a68bac4
SHA256

e8227a9f4a6d9f7bfd6d911ca3b7c65fc2e21f4d7c2e09fdb59f35d45ec9c539
SHA512

cb0e3d7194d8ac9f9f85488f3f6b8c8ffadaa3d0d524ff8c10c040299c05fd048a8c87cf065a17e92881ae0b541e06a994142e7f67015c7c96a58f8140441990
SSDEEP

1536:FAksIWfJ3jlUfNwbvd0MXI84mcFq3oNjz6JlArujLShy8k4:R+djIwmTNFqYdz6Xp/Shb

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4004	ONENOTE.EXE
4004	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
2968	msedge.exe
2968	msedge.exe
720	msedge.exe
720	msedge.exe
2308	msedge.exe
2308	msedge.exe
1340	msedge.exe
1340	msedge.exe
1884	identity_helper.exe
1884	identity_helper.exe
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4420	msedge.exe
4420	msedge.exe
2100	msedge.exe
2100	msedge.exe
1248	msedge.exe
1248	msedge.exe
4088	identity_helper.exe
4088	identity_helper.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
720	msedge.exe
720	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3508	OpenWith.exe
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE
4004	ONENOTE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 4908	2968	msedge.exe	82
PID 2968 wrote to memory of 4908	2968	msedge.exe	82
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 2072	2968	msedge.exe	83
PID 2968 wrote to memory of 3932	2968	msedge.exe	84
PID 2968 wrote to memory of 3932	2968	msedge.exe	84
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85
PID 2968 wrote to memory of 4936	2968	msedge.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\nexusLatest.rbxm
1⤵
- Modifies registry class
PID:2924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffece9a3cb8,0x7ffece9a3cc8,0x7ffece9a3cd8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7510143342781510648,13804987372115376749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffece9a3cb8,0x7ffece9a3cc8,0x7ffece9a3cd8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5073911293597815535,7808733414816828201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4160

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2484

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:1436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:2912

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffece9a3cb8,0x7ffece9a3cc8,0x7ffece9a3cd8
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12427094067084964486,4373007718124410527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8114f9373139fa5f68394516eaab249

SHA1
e8f5871642330c71706107134c5347c58869e459

SHA256
f70fda38c74d316b9a4549685c140b5c1c9147e077f86649ed6eb6be5856cf40

SHA512
b8b2ab4bfebb4f5aaeb4ac6a4da380d34115fb373755d16105c76a1e9021e83d1c897868e511f32ef8a9b9c1212757dbc00f26cc1409226cb6977fc127d7ff18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c27c1f1ff7be0a47ab97c8d67cf0795

SHA1
6b9cb12c961660bd06c1d8ec49e9fc1ff968bbaf

SHA256
6ba7e3543ad4f6b8464c67bf471c21cafccd3d0b774b60dcde890a8cd2d75b0a

SHA512
6b14219d16d235724e2b173a61f01cf1c3005f43b63e18f7a1329301b9585a1f60a7dece81ab481f2136252c474383a00ec5d978d6301af66cef318aa5770dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f717f56b5d8e2e057c440a5a81043662

SHA1
0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

SHA256
4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

SHA512
61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d3681b589cc74a914c33ebd1bc617b95

SHA1
d6b9eb5688349e0e7a29095ba3840c01e3b6656d

SHA256
f745f5caf52877f552a86c541a3592146f15960a0ae701377c3c88b567a5b785

SHA512
cfd8fb627dc3c795b74f3f9b6903584341660cbba75ef5556bc77bfd580d618ae9dcc18fd0928db69286082178f877021147fee113158f218b389c33e478aaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
196eaa9f7a574c29bd419f9d8c2d9349

SHA1
19982d15d1e2688903b0a3e53a8517ab537b68ed

SHA256
df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

SHA512
e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0c30dc94cb3e8d2088bfc293d52e14ef

SHA1
cba059c277cc1be3817870437a60779cee68fe10

SHA256
1ff6611223a8a309e707c5f8e2e7e22f2ac9fd8e72771bb76457add614b00c0d

SHA512
e7060bce2f17e198f7b83a83a6edd4bf77a894739c698576b920ba964cecdd3902fa838a01fb8d9fa764c7f89e003b88221a53056ae1d3b40f815c4e5b2f3cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
13166c2f5675d7745f45531173943625

SHA1
1acca7cf26290444f53b6a30eef79fdf5a7d1b4b

SHA256
30846e47a327f2156d9b9feb8db367f3dad5e68837847b23f1b08e4a1e168a75

SHA512
2e4a609c213d0e4c6ac31df4cd53a840bd6ee05b6e91b94337ade9d8848829887f0d25ad6593d61324a4666e8842ab57bfe848fbc97269dbc2fdd5c1b001fb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
36e2a27c23faba8b8f7be002bf4373b0

SHA1
e051aebbf2c905b3dff24737b1a559cb45902543

SHA256
51812100fb8a7cf48b1e3a9b9713e6a9db747a1e88b603c3c8c5658ef0a2fb72

SHA512
68dd067d7134633f40869deeeb625e8bcec1fb122686421a6c3e14daf11af2fa6ae87f440e8c3045f714b8e9211c20547d1accf097f86160e1659ef4e99951c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
60c42da6f1036762c9547c822a56e79c

SHA1
c5f3a7fe0f99a5b8b8f9d6d0c4b49993adfdbe68

SHA256
14d5862bf18244667d8de0aa304024f82dc4590cb94dd29425a4d3c74f60978a

SHA512
d33fc83696ce3ce04d6b17ecbe976ea0e07a70cb9dbe7cf09057ce1cd32f5ca250a0aaa2423b819d8c5512add0265ab71f4146894f6eb0da363d0bae2d79f4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
395b0a9f153410a6fd2652abd0ba80aa

SHA1
b837e6f4d335555d8beb5c3976cd1158f5f4908f

SHA256
71e5fcfcf92c76df4b241c842d68fc82db0da9005778948206812ed15ba7d8b2

SHA512
1b6b284e925b091b838182c2e429c8203216b955b6060ce866a36a546f2414b26a86acd70843732a6c603af790e280675f15f027b4a9607a648719df50475199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5734c36e5980264a71c11599aa09fa0b

SHA1
65ce3af969b4a2dbba271aa259a768919080a370

SHA256
90032c5f285a00f0aa80c884188b3ef6d0e663491dc6c25f78fe83224fd8d64f

SHA512
c42da7f4ad62ac16dbb6c690cadc8198f4867586c929c9b5f3cf88522bd3f661f2addec7cc5d8ee426a154a92d49d7ec9cab651b765ec9f764880e0eec1dc65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22fce7f800a747d0260f8084b1082dde

SHA1
e4838cf9ffd069db69e9c03993d575154e40c940

SHA256
68a6a5cbe6ef11e98c3f874de1dbd2df263be17c3ca77fb77386527b0e44ddb1

SHA512
5642955843b028e2f9148d27fd2b18fd8d9abef9b791edc14f4e4c5c340bd25e251bfe49996828d3d0c103178db3c7fbcaec3110e41067926146b76997cef8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
501a6521f0818e6573f0aa29e5bab9b4

SHA1
24595a603a2c05fb1e40654ca51e5a7aefe249fe

SHA256
b08622f54951d99b129b2e4d95cbd8a43d86c4b990d5c37e417149ff9edf591d

SHA512
fc60b32f9cf33215cf513b67ade6c2a5341699ef90e229570da168dc72dcc92b7acd669733a4990cd82bb75b20c4d94123b7ddae093f46bcc30040533740c5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bfc8f024632387e6b68cf4272018858

SHA1
71f70954c187ecbc178e724486089981f1282596

SHA256
a3b38f3551ec6e1e7818a3377de50c86eedc1353ba35a12f28838c658ece3ede

SHA512
db82d96ffd7de687cd7960b5aababf2561b044879ca86676c209b7e86a0862255c90818c2adb47dac634887d130acdaa1b7d2bc8b942fcca5da5fb72f12ab9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9402bc8998e5b0024511ffec38910c03

SHA1
5c363b74084cac8f399862a4a56f5508d93f3f55

SHA256
821e7856b4ba50fe806088ce3af947a90f3bf7ded0fe045f4822efe868e116c8

SHA512
30f91978c4dea3eebce900943d88fe31f1e9fad1dfb15b7998e5c532f174ddb20b20e3ef884bf9d6e29a755b2b980925883ba79ca22016f0ada28f796ad848dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97a65e1288a163aa279d057dfc3f1919

SHA1
73511874f5192ccd1086257e9fcbbafc2170e273

SHA256
2e6f67e510ef5e0cacf333f8e570f96f233f31bdb760dfe5a638c3a955a4d102

SHA512
0a5f12f4c9a59981de58143b61dfc90d15367948d2748402dbd0114daed177a49781bd315f8ed3b89a4df4e763b6af30d1406114f89913a7858532e0cf7700ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cedd3921001d772f875165eb11f47a7

SHA1
b8bf81fecfb96a952df77557381b6fb28a93e39f

SHA256
bbf9205a5554b872b8d5d2b4c8e7f98c36b378791d2989c5ad965553559492fa

SHA512
c47bfb847a4e7826cfbad8b3823565fb237f7ee1476b11ac5c680fd31f81b88668dad17f2f7885a9a39cc9215d8830d9dfede213896d8fad7ad2df4ee764b507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
f17a80021a6e1025a1171cc0c555c303

SHA1
aaa59b51f3041939c280f4017c080847e86750f8

SHA256
481b68f890b3820f774e7e48ddde8ba50cd7e2dc29ccd3f30c04e0f0a86ad8b8

SHA512
47a3e5b3440290a2d5c693a95d81c8d9255d1baadd38a09b47a74f4d5799b5d04cf34567c60695b1bd97781b2388da489c261ea529594819b7348fbb5c89b9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
4d5d6326281c8876312f93ff8d883a49

SHA1
bb25372709a725eaec2841e102b65b7256740ebd

SHA256
5f40455e1eae0ee283091caa9b28e4b8441cf314addf10f7a9c2cda32ea1711b

SHA512
1df548ea6ebcfc6da4bb8c5ea273636307e8b49b02fd4f5b87b027c70de50e2002f9ea89b231b727378b4146d499d1455e3addb4603235fa1fd5ed5b9aaeb512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363687222911869

Filesize
1KB

MD5
2d3b02a8a7b9bfb04f116a5b885131a2

SHA1
d7cadba25662b5a08829bd9c1496262c0e80999b

SHA256
0e94b7a0b30102faf7f0447d9f53956ef89151781d000a2a84a903486b3788f0

SHA512
a37098d133d3d679a3743f859500b37cbf095af9df15ab37abf2c65c7ffc66a109ba920f98d24bedd7d454b1d6f1d1b0f59d4342435e0cf90768bb252846888f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363687223056869

Filesize
1KB

MD5
c1809a3eff33cb4ae4c4340ee2d8ebdc

SHA1
86a60e865c509720757f6a7dab7dc65e8ad555a4

SHA256
6684e5f9f652ee10bb66c745a12565ddc4024a289e5a6aeebbbc8975cfa455e0

SHA512
c07180a7aae5c21a9b200e50d989216ff6b44f21e937b2c82e0acd613deb50aca719b848bccb16b2aec039a1a940a3b1ba1a100cc543ed645dcc5a8548b33f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363687244819858

Filesize
2KB

MD5
8f43776a3532458dffe8f0ca6bf9b9ec

SHA1
b941164155a8d377f5e4f9c0fd5c8ffcc2aef38b

SHA256
b49726816de0f0d8c2d1c7758b713e42ad7f690032d79f570aa225813f89eb8e

SHA512
bc2e85582bb9e3040c44830f0b62a9bcbd110437ad6fc1357b6ff3e2b3a029ab79da7f409d07318053719c983938f97534486e1ab6019779ef19f3fc2e001705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e20dcccdbfd117e361a5960d93181f52

SHA1
452b4b52704315590d43a4a74103990b5bfc2d75

SHA256
505fb1fd455a2f502e1c08c6edd264739a41f16a1fc304661b9c3e9a0ee644ac

SHA512
2b28b21a3a17678a195b993eff3ba2694d909e7ed5a1d74d5979fa9243f6df4d8eb7c07887e57f1161319fb96053edfec9b54cef6a17d9105930fc79d9ed3104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
89e93b581337fbea7e028aedbaa602da

SHA1
d773655ee21854595210c39db745cd62494479e1

SHA256
d09bb3c590031cfe1af39b50f837ed959307da9b9126bb54c572a6bd764be488

SHA512
f046ca6322983623f17abf04a456ff5311e0cd70e8d2210910abade16cdb7aef86df05b0b29b1278a8b4040041a08d507d954822c902d7deaf07206dca70152a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
ea9014edf66de9deae0ca75527a5da94

SHA1
6fc0487aa396d9e5574036dedc4a0ad4489bcfec

SHA256
901e1adfc96c5da1ceefd5e9f0f0f437d911b1db793e87ad0ca3c1225c1dadf0

SHA512
7ccaace518ff81ddd665119f2065c0ef1e68b3d0caa6c927ca2951f0d5204df4126559d432e3939918382afdf043f3a88b0eda733cba55fc0eb021a77098a883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
449dcebe43ee3133b282cd7987d5a61d

SHA1
cc9c49456e92b107b720f697ce0d015dbe04a281

SHA256
4e06afd090f28bb9a660a6513a1a3c96ca63a99eddf6893276147029a77d5347

SHA512
de8649e5730647a8b90b803aa6d6908f2719f8e3ddfe181ead08466ebfd6c7f4dbe5f70427cd4bd1370838a8513e854d59b5e071d64bd5894baad0d3acf4ca17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1b3dd08-1988-44fa-bc6f-6d0d82a15378.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d937e30277b0d97263716840063155bf

SHA1
4e91b83c019ed8daf642a169498075cf8e449ed6

SHA256
9d8dc02b8cfe8563ac26c7cd4655171e826094fbb6579080f8a987e3e2532be5

SHA512
3646bc5ef6e64d83c0d8bf85e7faf51a6125a5b766639a1211b0f3694547479a90b33620d905a64e167732b3bf3de9b06c4f1c352db8a8ddc399f12d469ae3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6d27ebaa5444b53884110ff795561d22

SHA1
b81f0e14f17c02246f4ccf9746dd74efffecfcf0

SHA256
80814db6d4197d7d779ccb2944da6b1f2db4e7071dcc61e95882fb8a66c68f36

SHA512
580db66f37b059c8faae29efdfd9a97ac5b844597eecd59c0b31f3c0d8c56f77171bb987543a330dfd61bdeabac5b75c598b934dc2b922664f6dc717a2743362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
29e85dbeb22f53d6e920a8f1d4cbe00d

SHA1
a9a95a0e7666f7a5a2a7e2d43661a40e37b14478

SHA256
000b994c975c0259a1acc9977859edafe35df6ce3032d3e0abd35fcb6020b80c

SHA512
5ef1513f256f4f50d26cab319c8bbcc136479966b225a46450391b4ad13beb7feee0a2fd7b40c249f3fc336cd648d495fb02b9656f0e029e5c17709aef945ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
632aa67ede92663e0b0471b572f40c8f

SHA1
5fcaf55a291491ca1bd3a5906b5e66f1a77526af

SHA256
557278ca839bd8cf9bc727097cdc0696433e1f2758efaa4c1067b30fb7ef51de

SHA512
a095e4ddad6a21bd7379cd2f8e645db512db5d8a5f276a3e759c8dc0c47a5cc4681847428c9d5fcf140a0d41be65bf7b3db9372e0e73970041e00e89d733f74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
53809c5b10bc3702ddfcdb479402c551

SHA1
0a8435aa6b64218b3e57feb7a70ae2cd523af8fd

SHA256
95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8

SHA512
302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
6cba7635aeb019df4a6f8228b548e811

SHA1
515dbb0181d7d87a7eb43c2e0aa62ae1221601bd

SHA256
7c3d8963464af8bf4ea61703211c22a0fb07c7cfa56e2c78b780d55a2c9abe3f

SHA512
9c393c62d0e07b19e47d807ad9490522c8e8cacacdd63f45cd08835c3fb4d23eecda6838fd4f5d359f70c34bfcaaee7e077085f1860841d667786b71f0af939d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
db412a9c27e26805e7b769fdf95d8673

SHA1
9a8c7a8fb56167d928112de419e97176d06980f6

SHA256
3121330a72c97ba210c315906807eaadf268b2a18bda1a59de524f2b2ca019bb

SHA512
313be63d2a93457b422decad47eea4d60bed82afc3242f3705d38646698ea41c306b0abf8f9aeea7ceeac1d5c3d7f2f5595dc0574fbd8857eeb5bdfbc121e12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5f64e94fc8ecea2aef66a39420c3b70f

SHA1
9bf805210f8511e57475072a465355f5f5a7a80d

SHA256
f4977fb0d63f3f1c490c58571482109ed4954dd6d3fc0a34e46894bc14e823e4

SHA512
1a0dd188127e829bc23fde15f94cffcc98aca1fa54c3e697b1a0265116bcda51e6ab6227e6bf0444135f669fb590070185320073ce9f2960afe141815158eb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c222d5abfb182720a086952dd241a700

SHA1
184ee45424d3ca683d4ea89da7aabff4cec375eb

SHA256
f57a331bad46eac7b771fd63f5954cc790c1266567b25f2dd7544190ac02ca39

SHA512
5bb11df03539dfdc3d1a7ae3ea791d9b140f8689184443d4cbd2823759cbc6089464c2a860451a84e301dfecf558ae423bc22353f1de63679c1aed8b0094ce46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
3c4daa4e5ccc282880ae26cd14d7dfad

SHA1
2f9d9f36015e118faf45a0cca5d68e41fc3f1230

SHA256
a730c2965d128f73caa7ff83d53581ecea83c24d6b37589029106e8ca2b08bd0

SHA512
2e885679ec776d0220c77629fd8cdf16cff8e00f7e3c80522082c9054374e781d28e7a49050e72e51a6942646bde41c6ce5a71b016268f26bbe47274b2346e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bef1058dfc9c590b95ef36b07b65c24

SHA1
df6564027b139e3486c3380145a40a3f9df3fdac

SHA256
2dbc269eb205f8950ad0dadcb2efc21c6a45934437d80b7b6bae207281e85d04

SHA512
f114ee26fb586b19fd91e8d3a2ae0ccfade76b42fee643425cd8f5fccd7bd176476835d84f9908ec5f3d99832ab0355d38b44de4444ed61951e45c3eb364f825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
607fbf27640a65978f6d80dd9f7df203

SHA1
59d9ffff487ae38ba8c7523a7c8e63c319edb177

SHA256
3d0fcef78f26595606465443a139b0e861597547993fa517d6f7caa9aa6482bb

SHA512
38dc1e648c4956d82698be805971c782bfae33b1625bf51384e1a851fdefbaf5e39a13a9aca404782f02824fd82a17fb9f917f9933777251ec66f86584a2960f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ab1714b84542be2b7845b77716ad1e1

SHA1
ab7197babbe1b042deab40a11bf8eec797b30434

SHA256
aa303b4345aff083b61a5bda923df79d46e355466cdb08d56df974a543cbcc44

SHA512
db9da4dea76768b344e25f89d0b4dc41cb5cb1912c904da94e812f2bb0f12db5f22ee0672a10e28018173777a46a3e8bce5eb7ec04554c119316cae2a888b9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
50c05683fe31956860d09d32bcb013fd

SHA1
908896d64f607dc062a674c980bb8fe828a25e2d

SHA256
755c65e6d5e1f247f07ec58d14bc77148e24a1344a105f4944c6efa6fb149bdf

SHA512
59cbcea28287e36bcd825c231de607eb2048efe781df04050b9c85ce15eb13c49ddf3a07fb5a897ecb12731922cc194df4ece235070fb81d36c5dd1074a1ec27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
b06693c054ccd37bb7067a436661c037

SHA1
33c5cc300fe1b8df62dd834784d8880676e3a4e8

SHA256
da12c5db28b539062419677743772a6638f4829fb5f1a07f20c5f42404221166

SHA512
6521974eaeb449a4ec948ee2997a837675b96ab10b5a1dbf76473f8548351632657ef076f620bd95a2381da56a7bde2b1ab685a3642a0ae223c7c815305922b8

Download Submit
memory/4004-314-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-313-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-311-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-312-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-310-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-333-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-315-0x00007FFE9B670000-0x00007FFE9B680000-memory.dmp

Filesize
64KB

Download
memory/4004-316-0x00007FFE9B670000-0x00007FFE9B680000-memory.dmp

Filesize
64KB

Download
memory/4004-332-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-335-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download
memory/4004-334-0x00007FFE9DF10000-0x00007FFE9DF20000-memory.dmp

Filesize
64KB

Download