d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PCPS.exe
Size

2.8MB
MD5

483da837d70e72105520ea82033c49ff
SHA1

4339212b959c1ead23bb5cc31dcf12736ee3e1d4
SHA256

d9f553bfe5254e734f2c687a69d9a61f082b87c74fc03af1a51dff715a6d7e9d
SHA512

1501cef6c13fd7285749b27ff1f1cb7bcbd4e75543eb3b3d78da649c3603028731b361a24d724d68dc41737e550ac826baf829806a69d7a90366e1768a58d23f
SSDEEP

49152:B3+xTCM1oVeG0kGj/esU462SJJm0tjRU+hT9Lgr84zMG8qK7kyjF3U4RRGef++fd:BLGefGh

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

PCPS.exe

pid	Process
4204	PCPS.exe
4204	PCPS.exe
4204	PCPS.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
216	4204	WerFault.exe	81

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{490C8D3D-878D-45AA-BEA3-B4DFE4012181}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{B2D3B805-B225-4536-8E30-B5E749E1FCBF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
3976	msedge.exe
3976	msedge.exe
4280	msedge.exe
4280	msedge.exe
408	msedge.exe
408	msedge.exe
1248	msedge.exe
1248	msedge.exe
5688	msedge.exe
5688	msedge.exe
1556	identity_helper.exe
1556	identity_helper.exe
5936	msedge.exe
5936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description	pid	Process
Token: 33	1804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1804	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4280 wrote to memory of 4676	4280	msedge.exe	102
PID 4280 wrote to memory of 4676	4280	msedge.exe	102
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 4448	4280	msedge.exe	103
PID 4280 wrote to memory of 3976	4280	msedge.exe	104
PID 4280 wrote to memory of 3976	4280	msedge.exe	104
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105
PID 4280 wrote to memory of 756	4280	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\PCPS.exe
"C:\Users\Admin\AppData\Local\Temp\PCPS.exe"
1⤵
- Loads dropped DLL
PID:4204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 1108
  2⤵
  - Program crash
  PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4204 -ip 4204
1⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe751846f8,0x7ffe75184708,0x7ffe75184718
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10069296508096277815,8319187562038221476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x414
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe751846f8,0x7ffe75184708,0x7ffe75184718
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,6186838718192825408,8708148698259691003,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61152360dd4155de78e35bcb70cbddb0

SHA1
c19e688af4a0b7c88b4610c1e5908f59febf4d20

SHA256
2a786f6d8d500d31d6fe066ca2029eb05e2ef67210482e4f1b633b919fe13a74

SHA512
6f5b439d5c5d03156c3b7b68995d0742285eb354c4cf90eec40c174d29592db86ac17d49916dd51c6b844b13091b33d909c4675725863c780aecd6a1535930b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c51429cd2212d9d64b0a2f085a41f58c

SHA1
74eb0757c77b4fcf5bec2c52a3873e52dff3f3b2

SHA256
5e1fd13113391bba631bd9718657d92411a94f3e9d8a57bb155c1994f81cdd25

SHA512
cc77aa318dea967594874faab9a3d825af1cfba08d8bdfb5953c9e8100a1548044b24274a79181b95ecd21fb7b6608cfebf3c0d9645e16acad3d142735a55682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9e5e6ec02715ee341051daf02e0c6ebb

SHA1
b2ee62622f59290013d3d5af25bf49c0b4ddd3d6

SHA256
d9fc105f206b063fa2d97355984bface800b8d0dd3d6c2a4a0d7aceb3571d853

SHA512
fd8e7b5ab9d9dd0c0d5c1dd648f5de376b980ce84a821423cac473261bc6d451dbec2f97bb0a39c917726d868d92839d1b0beabb75a9b16ebc4ffde9308be680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9b3b5fd0cd0120f922b9280957a755d0

SHA1
92940b5ec7785718b27945cf79aef654288faf6d

SHA256
3b4fe7a380c2533dcfa51d07e31220cd020f05d11cafa4dba662d785d4c490b5

SHA512
f1787bf4a4d5f32335f5aef94d99bcc1f6ef61d65596669037b99af3a2da589f599cef79705bbebeeecbb29ca0163e15c591947a2b2d9d20428a1da193793c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a5b961b9e830db41bcb9c119b86cbf8f

SHA1
d0c95aa08277c5d754133fdf52c49179202336f4

SHA256
cf540241c2c50786814f6510fa0039abccd320d3767724b3d670b1457b47a93a

SHA512
6e82716f6eecd95e4171bacaf64226506ddd0e4ad5f75be8defe3b5aa4562e1a07a924a6b0cbbad50c2c2c790d4331f21bed1f425abe285e8683336bd404ac50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4845bf92e119bf76ee3f65fa8bc8ffbd

SHA1
3ad2b19f51d4f278db0598472706a1de9a39228f

SHA256
a5609d48a3087c13ad9eeec1ad90f8afba342405faf69bf0c62fbbcb08aa9472

SHA512
c1403c4f6cbef11f375d055e714ee1995271b6834074854266eea5e8cc16f10eec145e17ae3b1fae43ce853006c314f01a96b3b758f0f67e017a3064d2b90c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
234bef750d3648498c8210f54a734f3d

SHA1
575db4668b85b3ed593d64519424287f0f4daeeb

SHA256
28f0aa6afecef0904aa02dd1fe2edd8564e3e2646bb30a07a3ccd8f3f4bd6290

SHA512
c83dbaf3ab7f0ebf9b355fe43e0066dd2295aec1d9828c33427d12c62ee6f1b70fdc0194a60cd59f3695443293467d4a742b9a59efaa448a6a6c56224426d58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
921a7741a76218481aff866c04581e4d

SHA1
a1dd933d3c53046e2fa2c66f1ec1b513af23cf62

SHA256
753bffba3ed761e53644a2e2f5229745fea67ccf51daf452eca6517963040384

SHA512
c562cc0189b4c3bcc04c8b826e302ea3a4d45a1123f5aca8f2194e40163295d97f7da6e1e4d342fc4d5f16a9bec436a3acfad95d92f62b01726e5d4abaa3522f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
da98a4f8f9c79871c87c4a5f3fbf5698

SHA1
f7296b0a7135c194410ec828023653f421899585

SHA256
803effbc0117099c14fb0837833913c638d4c19bf5e378ec138560a019108bfa

SHA512
30f98ffbf67a5c9a842d9a961489280f14fd1be8b8923fc77a205b82a5314144da3d9943dced8ab46d66e5a581f9b17ffea902dfab885eb5817a8c03f073d097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
18aa9e26f207a378045da76d16a6ee09

SHA1
e642f4be6bb379a6f59e64af223368736d3bf028

SHA256
0ff3c8c77c93549357278b0ccebe7df670c670447ee8dd8e5691762fd525cc88

SHA512
3634d79be370da04c622da219d39e77a05786c3eb48c9e1a1dcd71855a62bf89f9eae1a6c4b110ed8d7361b27310bc718910f6a07e844e6dfe2a183b1d15f118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7f42640b8f0c048e0b87d1ae70af6d82

SHA1
4ef98e431af4cf2ccfa68fb521e972bdb8525eb1

SHA256
26dcbafc69054ebe7053f434746ff7d3af4083de9616d4f457a6ac544b276199

SHA512
b20a76843aa685c48899ade74dbb469098ab7852cb0b89238069f2cbb35f2ab4feb53a035a31e08252476f55e5b988e84d5cd385d3c8e6c77d767a0accec6962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
38905904a341a77ab048e1c3437c5dcf

SHA1
6f1479ae0fb73a2656da65d99a15275124ba2fcf

SHA256
4ba206483c7a4ac55c2d428a4b189ea3c81d45cfd5e915fa08d6791b180b7b74

SHA512
518ffe24d8462cb4532ffd8091dbb27c1becfc21be05ce210ea2f9b98833c167af2855d3c8cf5986789a40131274e6c6b36f2cf2f532bff3525d1ef093115fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
807B

MD5
7624d8ef7a8803398cb1ffad82a3520b

SHA1
b6c6888bb5556ac765c8c87ca1bc1df742e8dc6d

SHA256
a00d1839aec1a52e997751442ecf10b7406983c30d7afaec7cf6e69012595898

SHA512
33b2fa3bd82fcec1feac25cb5367cf2078ed87c8ddfc5010624fffab65502173cf00b88baace7d0b6686c03cc674441d97c257586c612e35066cd184251344b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
3956e33b4a167d7b8f697aa73e888a91

SHA1
6511d7bf36e6ee68d170fcc366a9a6cfebf28dd7

SHA256
df50b6785105b260cf41f54a89afc0f22eb1c51b93e2904fb953f958bef6acc2

SHA512
e847fb1482f551092e0da6c69e359273f47b6e087f225ace96d63ab609716094ad47444b67616148e24a890b3881b7f2f163c4601c1377edc56e68418f0aa4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
84786c4396a4470a2477147947e857b4

SHA1
31272e0782f39a1facebfe5fd226d98945a5fd13

SHA256
8b576162771815707feeda4a308f40bc1e92771fff84688d01afae659662e20c

SHA512
8a7642f43fa1b062b7db84bb7a4c3020bc5e99061a5fd89d9e787f4f1724c5ae951bc7a49b6ecdddb23029e309fb34490b9351b20ba1d57120d00bbdb918bba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06baf2478549bb1938475bf2b495dc2f

SHA1
26b45d718a1db23aa77909fc72106daad0fc5b0c

SHA256
0fd490397bf39a3e77420603185224e5edfa929e0ae9371d4a81696db836ab91

SHA512
ee1f2161085601964f763cc6058977ff18ecdb8e8c11c112fda89b2b1f32857d92eb668e2fe1bf147345346a694ded222fd0cf601df8aeb5e2ded378b5e55e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f48703fa4b77085a0b78fa7f1b89a84

SHA1
96e7d4bb2572de51ddd7f1949b19319fd6b480df

SHA256
662ee27c8eac2df67fe6bbf48fe67bd13845b1aa42abf5d41be1b0eab59e6350

SHA512
f16fb66a6c8df24e95bb2367cb40815c9c0d03e6950aa0431a7e588963ea7cff35f9dbd39726cbf9bc5c0fc592449b376a3b1337c3a2270555dfafb7644b128b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b4635f78b44332d0686243fa24de31f

SHA1
5f95f46692fed6d8c08f5cc6f914ff1a70a8124a

SHA256
4fc52cab87e826510bd313370d7bef77ced4276d4f6808c51007b7ba3d7e2fc1

SHA512
038755727d907231233c86881ef8f99524dd7fd5d7c12758aab505500a20e3ab33ad2648a8bdc62574f5c521c9a61fe732126ad7ef20103b21197893b352f102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ef570057c9ef25eac50afe28f25a687

SHA1
08f9131b4e966007cc676cf4f39d61dfa6819e42

SHA256
3614dac0ec838051ee2a4751b0d0ba2f96df4dd51172fbf9cf30fc9814068721

SHA512
272840890b94c3050291d4e0f905ffada799ea72acf7a8d73ac05967a833b4a88eb5f65207f2dc2155ad87915d685bb1eef9ef3c31a49e0a3bd148f2d739dc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf81b19f00755a8dd5b399c9d0c780f1

SHA1
5f24b762f04125b6b251ca3982249f89f269d38d

SHA256
143535a4c0c2136b97d6e1129d77253a0754218139dbfb0f023db778397c4810

SHA512
2b0dec589827fca70d4e91b2aec9a2cc1bf79fa1638271d287ca77606d88bc9248735ff2d74fb8261ceae98fcd3167c36c3dc39cca8ebb2ba295c5a7e8cdb30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3466cb3e-78d4-413c-a79c-b3c7fdeb305c\index-dir\the-real-index

Filesize
2KB

MD5
172e32d0693c184c4fc556c492b1cadf

SHA1
d903b496382c14628d86ee9901eea65589fa0f80

SHA256
1923242a733235b97bcab6c359a1927b0ae366f45085ee0b52fc880bc1051cd5

SHA512
69450be459ed06218ced4b43cbab02a80eba305ddb1df2c2af5a802fa8aefdccde5ea6c8a3d08f1d07a4c4b8cb5f1525d9c7f974aae8f8e4c967d07f0fc4f5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3466cb3e-78d4-413c-a79c-b3c7fdeb305c\index-dir\the-real-index~RFe57ea6f.TMP

Filesize
48B

MD5
e7d84e50d93bb057b113f9bdd61dcfe1

SHA1
917b79e4d9a2153e01aee6b2197dcd7ce0b9ee85

SHA256
37de126ab1e08e8dafc4f5bc8c2a00b94ee7a0575d29852c15faf683e8cefffd

SHA512
accaef854db33546b44cb67c8220808e1364231d9fb0827cd24bf9469d2bb23e62eddfd232b97d93ffece751cc51c282675ab8a03f96dfd5399dfc2d611b78d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
9b0dc8e05c4a9ec10b8d42466b1a8e33

SHA1
0ea0aa89916b6132746961d37922bcdfe0a584e7

SHA256
100274d9256d998e8a485919a3446d860beee609ad2cc5ac0aae40cb8ca93a6c

SHA512
331163c8f0fea5cbe5dcc6c71a49f767839b04fe33898050f1292a043edbdac6a5a2bf5452a976b17a1ac163c9473856b7960ec7106d78c9ca2fc85838dec33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8fb2558a6ee6adb289e7c2c2d986f993

SHA1
8e748ffec151559c905bf27f0be1a3165e2741ae

SHA256
ad182b64382045f2c9f852dc446035d2ceb3e9b3d4168b606a840b254fa0c647

SHA512
818a11a523116fdb9fbfdcbfa558e22a7ccfc0fcea3fdec03fbc7b73d80aac2a669f736e35487b3e0038b4a97bb9dfdbeb86ee1f3e6563631df6066c2f5b4b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
5272c564d27433c40077fbc8fd14c821

SHA1
5c2c4bdfb8193bb31f45f91dfa7f473b83c755be

SHA256
c41c7bfc0f2e7c5162e1a3ea89caaa1a3f7be73b81af50bdb894eb0607a91f2c

SHA512
aa8b23b72bac8ff9dd105e8bd6cf1a8bb97208ebebd0051fc84f96b00d64af495f1abf96c0e5b53d208b38e6acebbf5c5ea83501866b0995eb2cbae472015fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ee9cdc44427c31779576d9e5e8ea5dff

SHA1
cb0a3082a69bbe25858c67bed196a131a60b334d

SHA256
fea5fec521cb84b8c9319f5ef0d620d0fee4d1b33b859450be866522d24a43a1

SHA512
e5e7a4221cdc12d6374cb6b234cbee7aa5c7621dc9762874cfad57fd68cd0d30a60dc32f6bbab8c23e379332fd6da0775a4abeebf08a396e82399c7cbf04b4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
917B

MD5
c4a2374591bccb8db36cbc7632e7180c

SHA1
1953873b988de5c6e7a5ded39336f55e57f1215c

SHA256
3bcf34ebcdd9978c6d4d0de95f3f76b64e362111eccbd090201b7d0d374b336f

SHA512
3de43934df511be84bbb3d7fe974cee7ffef4a885e95e5f50b425e5412bc4854530eba8f1679f24c62259ee251b7d1da34822d54828de0573562dd4774a299a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
65f78b62a5a3039397a14c11084306f1

SHA1
1a5741d575d8c64c416e162cdfe447eff273f6d8

SHA256
67a536d79fe95360c0596a8e329e4f244bf417b62e28e1991a801c2c905768fb

SHA512
9521788469d97a702cd4fa29587afff7d5e940601ed60f354abaa51ee03a85f0073b05f08cae83bcd1e43bf156c85c64189e40453f55b86c0010100253406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c45df78d087b3c811d868e95f5a5b182

SHA1
344f38df50486842338f0c1bab383797d3b6eb09

SHA256
f0cc87ebb5519faba4eebd77852d30760c5337e6fafc564dad21dbd8bb6b21d9

SHA512
99676485f0ff266c9e08b2f2e580e07b96d2ef25787c7e71a5f8c0c16511e6a36b54d8a7882170fb228483be3467a29f221cc457c11465806c984ce8806316d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ea60.TMP

Filesize
48B

MD5
787de738bee55652bdfa80a4d940a0c5

SHA1
449adae39227e67ae3d9d5fa5a354f3b7f887cc2

SHA256
91a3804a3873f0f2947ba3685d218b36390d34aa10a087693dcb7980715cc364

SHA512
ffa8a0725dba661b1a78b834a5808634cd38639299746a51fe155399db9a7a18f17bb861ccb776a4c115e59894404009d21a2a5acf553cca251ec427631e4363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
cf119bac39fb5fc8303328eb94c116d7

SHA1
f82d3716fdca2e2c2ee2239d5c54164c3726120b

SHA256
fc87581ca9fc10d1b40ba6bb9ddc4188ce6252de329d38e05ad16cde5dde1443

SHA512
42c16a99865bd774c13224de1033c020749a11ea5b015fe66f819e187198b1f254489035408b8190a9a270ec226c3bae89ac8f6610c16feddd0196c1c121b351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
69019b94df9bfdd60f3ce2118e75a362

SHA1
3ece4ba8ec81e17f5f87c64d20df43ded2671093

SHA256
88ff18a18787157795ad3b1a8d6fe85e8e681f2581a9542868a2d500328bcf3e

SHA512
740c9b13bdc4a1232689a0949cb8d6987cf68309c84b29cbf71c6c5a62feabb3b04e16167c927960a0752b54c007bc2f9cadb04edd5a74db28f01f458334707c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364072293960269

Filesize
12KB

MD5
3d0b7c9f0767b2de877c8d8d82224eff

SHA1
444ba3371120e610cfc705e76d189f44aec9fe2a

SHA256
402492c4c57614ed3c5ef9ce80532d78b1f9a2397814cbafbe2469f22f1e9420

SHA512
794267f96e618262b22789d364027648142b9dc35e68852fea4d07a221ffd59ca3366460a47f7bd32167e47397ca3b7968f5241aed86c139de359888c558f436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
7a0bf97d6a7411f354930076bcf7e6d6

SHA1
a7fbdbe663c316dcfa6bf2e2cc7531d6fe42d3df

SHA256
2e2f916c811d2058cecc0ec1a9b408e8ea8abd653b9aa324bdfcb247097db07e

SHA512
c064733dea6b507745c06ea067e80c49d3d24a8e7fa41aa17af5f21c1c4438f734c9d5dbc5a78a854d0dc6b0636361c7700bcb1f410b77693343e8a380fb0d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8168d7cd3c9a32397afd9d83c5138335

SHA1
53ac9b77c5e4da297c25d83c3c6d9d9259b8c93f

SHA256
40c63dd328307fa405e3bf6a03cd545e82ffeffb171fc101a20acad22afced48

SHA512
fb14c473b10092fc3d89298652781c1e7f6dc13dbf05ae0739c9c0c45a56c47a28ee3303dd074aca3e3cef4d00285567fe1c8a67ae981fc3e8c317b1b70ed71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
54ae4a88b9e0fa6114b23c3b898474a1

SHA1
92d156d6a9894619de8a104098b37ba63709316b

SHA256
069d756178e74f89546db4bedf10d963f9e8a167ee9c5deba3b8afd2a873dbc0

SHA512
627f068647392872981791a64c597c16a6eb71f0450b6461c2cafa328e823cddd84507b0235bb8b658026b3e80487980d6a9f79056ed92d80ff29d9d904f0658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
51c37f7efd68b8d6a5f7ca74a8dd9477

SHA1
be7b9be3fc9a72fc6b92f6379088b7b112d451ca

SHA256
da12aa6f5a5cc95df1a4d34dd6ca70ce6571e156383067ffb28da7701b6e5a29

SHA512
ebe31571ff8531074d96848153f032b0b72a74bb2ded1b20662b005634563d915e90a09081f3f37ec282d57ddb15faed82531a9a07c52911a1d0b264482243fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
14ca07ab778de4cfbb8ad3bef25b6dd0

SHA1
81f08a3df56f84afafce4f6897dd927a846d45e6

SHA256
2a0778fe1f750dce0c71f35c58ceb3a4205f32fb672e531143a2369096f60634

SHA512
8c647307d0523f11dd8766715018ffe677ae7102d0b502c700d06962c7d71dd78c37c7b4bbffd61f3cf9bc12c10d3626c9d8d9e0cd56e8e3bbe6e61ffd405fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
72796c7c45594f5ad7137076f7ca9717

SHA1
1b85e497e40053fdb7e0f0e41c067826163cbc96

SHA256
be25133cc3489faba5a67282ea9c03e18359a6bf428015e18561d38ce9aa6e38

SHA512
b130d65bea4ee5c19d0621d9af18f27440495dbe5ee1eec96f97929658896c559e4c48b65a6088495884b214b5130ba72f8de54f389bd50c10aa338eb55e4a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
18f606195fab58fa40a17a0533347943

SHA1
a9a5ea360c6a87ea7dceb70346efb6be65d432ae

SHA256
b61a7f8ba2b1bb13cbaa29b41a027c8c04a989c4e9f7bf736c8c5a45d6e0b688

SHA512
5e644e7a2e5514f545b24201fe4ef7a7686513eebeeb1cb486fcaea592838fe775d921cac05a593525960e0f33ed61845849126c4921cc5855d46e2d251220e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
fdecd42cfdbbc6e0bcc0536b039ded0b

SHA1
07279529aa923786310d8455f5d1bbb62d842241

SHA256
fa66f82321097939bf8021f1da6fe3c7d9790957bffe10c2512785a872281406

SHA512
8fe7c7f906be9e8db09f62ae659b12ec587ac1a256248d484d18ef834e6255a6dd7d4fe9f1ba466f9552c0e0c9d315961cc441fe8faba435a4cb6187d793eadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
73f9cbbd092daab59713fa76561c89d9

SHA1
60de4654254e6abb555eb03cb2064cce80cb8bc2

SHA256
1ecc93abc73f75ecefc73eb3a512989b003e595162d27dc6b261c48aca7b5f2d

SHA512
cb686fd597cddb07e0aae0a6928dec2cfc3217fefcbd3b64dcfea597eb24203f8ebcd59cce530f33ca496578f6bec7365a7a15fa7305ddae45f735b096725e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
aee44ef30e2d271da56623a54583c452

SHA1
a6a641e9cef8de77f230ee3481cc4324497df46a

SHA256
f7bf868136974a2c3f87ab95979d8ecc3c1f3c892ecf833f8a86a045f154434c

SHA512
60dca10e94d7f53fcb7281a0d9211e41301e6c746f5d9bcb5160fe5b08ef7636f62636fc5b12418457f709256431dfd45df41319fed50aa62b8369eecb91490f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
8e3ff30a6cf10092a2700c5fd64e4e2e

SHA1
2d7730b11d86acb126054832694bcb820d3e2981

SHA256
953752e3e2cec5b4b792f7bfd272bfcfb9c743d02eb4c7b100e1535afdf97010

SHA512
8eede3dc857601901d72fa9db2a85d5eeb7f6a9032c7d868eaab90b65d6c91bfb9b0d1fa62e7438b7e1320a717a5baf7324c394d64d1986c06c5c2ccdfecfa3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8247390cbd09e21c1dddb841130a97f

SHA1
b2a64d9581a81b6a509eedad1d8006f6d68f4704

SHA256
4f061b3006f0838e00ee24fcff23f2d2022f2ec2bc0e770eff87103801543ca3

SHA512
1845eca9d2744fba4e9921a10a82bd9eac80ddbb51c010d970ff0578ae3c8f06d4de231a87fdeb586e39868dd9338e3865013a50afb538a54614e215faecb97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d3b50c3b43c1c084d705bfdee995099

SHA1
a2c7ab5d33d775623e7861444cb238d3a974293b

SHA256
f5d8b46691110cb75ccfd8c7dc003272a2f53a4d32d654f8d3a1f2b91055842e

SHA512
8f7c4473b8f00026f508eb0da6996c0e207e21247f9b30927b49d72c6cac4081fa5845b55ec8af36bc9bb693db63ed600846c05f9733d913ec4c668881dea430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
b3c5a52a0fd03625457c86e421133cda

SHA1
ae206d14d7851868badb951dd56559e0e291c625

SHA256
526ca05ece95062c896b523abf84c06537cfcf8e1cdf029197e203cdb1126c64

SHA512
f3cc62e232a72f433e656798bcd127c89dd68932e103e0feef4bb3a7c4856e61768f15f6913049feccb4165d77554fb6b609e87c573876979b6f33983d272cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\PcapDotNet.Core.dll

Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
\??\pipe\LOCAL\crashpad_4280_DCXIUOLHOVUPFKBQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4204-12-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4204-5-0x0000000005990000-0x00000000059AE000-memory.dmp

Filesize
120KB

Download
memory/4204-0-0x0000000074F5E000-0x0000000074F5F000-memory.dmp

Filesize
4KB

Download
memory/4204-4-0x0000000005980000-0x0000000005992000-memory.dmp

Filesize
72KB

Download
memory/4204-3-0x0000000005AA0000-0x0000000005B32000-memory.dmp

Filesize
584KB

Download
memory/4204-2-0x0000000006190000-0x0000000006734000-memory.dmp

Filesize
5.6MB

Download
memory/4204-7-0x00000000059C0000-0x00000000059D5000-memory.dmp

Filesize
84KB

Download
memory/4204-6-0x00000000059B0000-0x00000000059BA000-memory.dmp

Filesize
40KB

Download
memory/4204-1-0x0000000000D50000-0x0000000001030000-memory.dmp

Filesize
2.9MB

Download