hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

07-07-2024 19:27

240707-x6hb4ayhre 10

07-07-2024 19:21

240707-x21ymsyhna 10

07-07-2024 19:18

240707-x1a1tsxaqr 4

Analysis

max time kernel
295s
max time network
307s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 19:21

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

NoEscape.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

NoEscape.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" NoEscape.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

NoEscape.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

Processes:

NoEscape.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

76 raw.githubusercontent.com
41 camo.githubusercontent.com
75 raw.githubusercontent.com

flow	ioc
76	raw.githubusercontent.com
41	camo.githubusercontent.com
75	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

NoEscape.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 2 IoCs

Processes:

NoEscape.exe

description ioc process

File opened for modification C:\Windows\winnt32.exe NoEscape.exe
File created C:\Windows\winnt32.exe NoEscape.exe

description	ioc	process
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648538911064873"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "150"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1403246978-718555486-3105247137-1000\{7510A903-41D6-457B-9F63-81B6BC4C0AF2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
3680	msedge.exe
3680	msedge.exe
2820	msedge.exe
2820	msedge.exe
488	identity_helper.exe
488	identity_helper.exe
3536	msedge.exe
3536	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1976	chrome.exe
1976	chrome.exe
1500	msedge.exe
1500	msedge.exe
2120	msedge.exe
2120	msedge.exe
1664	identity_helper.exe
1664	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
2120	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

3620 LogonUI.exe

pid	process
3620	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2820 wrote to memory of 2388	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2388	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3456	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3680	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 3680	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe
PID 2820 wrote to memory of 2432	2820	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa659646f8,0x7ffa65964708,0x7ffa65964718
2⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
2⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5236 /prefetch:8
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18221308143023091281,10432360928622977048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6512 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa6524ab58,0x7ffa6524ab68,0x7ffa6524ab78
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:2
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:1
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:1
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:1
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:8
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4640 --field-trial-handle=2032,i,2582634960003855520,11880359161320272903,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa659646f8,0x7ffa65964708,0x7ffa65964718
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
2⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
2⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=212 /prefetch:8
2⤵
- Modifies registry class
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,87926269106705985,3993788310013095097,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4440 /prefetch:8
2⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
1⤵
PID:3016

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
PID:4304

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390f855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
971090e912258336a91260d2138504e3

SHA1
9f394b7ac90b2a8e42080f89b96e41383842b08a

SHA256
b54f54d975b9a01abdbb0757eb57f2791d1252cd7f6a3e1fd6b0fc40f8cdf492

SHA512
c28697b77b214af482ddcedf41830be33126986159d76114b0c09cd6321e099909f85979df0e93e01801b3f69634d4e55649e4da3efef7bd01c993fcd54d2319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2172b9538d151e55fef1b03b78a04856

SHA1
260c8369719cf84111ac54c650152a1a42a91125

SHA256
e0358659fafcb6a4cf105715c2575a34e8d2c6332e872ccabd7cc029e0d6f3d3

SHA512
152195e909e0d7610cbc5c4d7be475bc83de14f4b6d29770cf7e26e8e0d7288535ea9ffcd89144d493efde8ec5e30fdb9efa31bf7983dd4dedb5220c01dd7f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1c8cb92e496e7e84146d12df22b328ca

SHA1
5536790a9c21e77507e61adb152bc3c256fc4865

SHA256
31957cda3cd0457dd804dd1407debaaf8f11c873a716370f7fa3f7e89f2ccb0e

SHA512
6f19484a33fcb90bda3ea7a2f96796f06dd2c7db93e72b1431d1ae522004f6a764775bd2beccca8af66b4577e17b283abfc0e87fa3fdfcf63b55cf80afc08e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6f1af668fa8273c8ff1b390fed58555

SHA1
508dd0ff7c4ec9ed3d8cd55fc1f6781135590df3

SHA256
f4a097ebfc9e4e2783326b1956a17a2f13bbe706638d0c5d7eb593b9938576a2

SHA512
44d604e785666535474313e7e543f49d8574d0902d157cfd18c0d439094e6147feea01121027b8adab4fee2f6811710222202305d4763fcfd1a338a9aedf16b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e97b18b6dcc2619e8180a1a8a0940add

SHA1
9e9ae5a164d244febcbe0cc070b37b7a689843d3

SHA256
65304c19864df99a1fbe1626d74e340b06e02747803a7b7e639b5724b8fb4254

SHA512
6ebebe8298dc05a31937dabf409b03823db4cca59d173e6d11165c4b8f206c6ad0dc6284ec98a970a4295b0ce957a8ceb61f7fec9bb8f5eedfdde443b741cc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b04e532d0ee60c70c99a94fe8cfe54cf

SHA1
fb6cfffa10f99e54a0eef3122601700d6a417556

SHA256
5b3c191ffc2cf6beae9ed787617ad5e2b069d6b3dbe67d4b348f334f20d84a5c

SHA512
2cd65214c9b7a36d6eab3cfa1730936346b518f0db3049cf2e7004c85a13f35324346e5c2916f223b57c477d2086874808098cae4733a5cf6ffce23f22bcec95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
646ef602a0f9dae382e3cb0c63e1a3e5

SHA1
35c6aeedf63f911eaa35eb6a6d46ce39d6597c49

SHA256
9d1f8df9a8d74736603dc96e9d4af1d43e181ac9418ac83fd8fd4a015a8d6c4d

SHA512
d536addd68de2850918dd4637656efd144d8e94a32ff249c877fd57eaa0f52783eda1404d4778dda71396d8d11d27ead9b7c200c793fe5ba62cb1c8d19671a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8416d385faa3b0baa785612d1c18695

SHA1
727dd10ccfe911bf66fadf3c158013da1fda6968

SHA256
712e660a6737193d7f5fdca41bf2c03b11d3da4442c972f882b05a58f248c935

SHA512
7d8c01ef1266712bdb8919a63ca933943df919fa79d79ea6908892ea110856cd39e561a466c864a8300207c7a51fa05e0cfc7fe06282707e7a4f6e2f842f3434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1740dfb4043b91ffaf058e4656b6067a

SHA1
b686b87b288f7d54184a2c03b2c99bf23d99b19a

SHA256
b25e810bda91295a46b35c4909ac659639ef2c338d3e063ea0fe3406966e85f9

SHA512
c6d99bebecc48a3a6cdbfc7014b96c05b50428781349df71b6a6d93e31d5736fb192048a571da2dac50ebd48aa4ead01c18dbc25453c93d2cff5245b1f61eb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b042e2e3b7bb7c3db1ad8ab2c45b2403

SHA1
7be3430af77426f12325ebe787c141adc89b32e0

SHA256
9fa1ffac8f2eb5b16981e6d8440a68a093b34ba8ca29dc21878ff2ef6d3d7536

SHA512
092ecf9ca1caae9ae32117e4dd45eaadeec0ecb47e1639dbb611466bd68fb48ddf1f470ff85756da7977ae01c582ffb3be168a059e697b54faf33ecd60e43978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc45874f29ba68efb4eb35b7d790b94e

SHA1
0aee25695576dd83e4ba9849eac64af0fd5b5988

SHA256
66688f304059ef32ee9e8e837ea310cd99d4837d9b21bd23d1995c864730282b

SHA512
ccdf07cbfcf3d725348cbe830994a135ed0f1f4e13675cc0bbcde3ea2d94054714f84bda66e8f639cecfb48f85751e3f44b53a3fe839f3c1985ab2427576678d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3935888f7a64c2da40b7a69bf6cb6d11

SHA1
821523faed90f1923f1c2150f052102f9ccfd1bb

SHA256
afc62520fb8feb774c08d041e5f1a9ac95136ca7de3978f064415e08a08f5d09

SHA512
71179062e3d0c80704d7341266d20ce42d12667ea527b45d305590f619f8de238cb8ba3c927d873b6d908e69d81e0565b1bbbcddc03c2010f104a4c837e08ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
13266d9c7a245b62091070118dcae2ea

SHA1
850d55b71f0b2d6f032dc600dcdb43d7734b85a5

SHA256
0e1645ebb77d14c03406f944ef36eab9c6447b31198111e6a667fa5f252893c1

SHA512
5d163896c1fc6119420c19fa347fb6bf2ffaf52c7f271d967cbee6886c714292bade4ff848c5bbcc36b7dac603f10518ca9ca55c0a860cafadc24a77119450fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
9517b3e3949ff5d6768e6e0882a010bd

SHA1
45bc030fb3eca599099d3e2e03c883e7dec3d77e

SHA256
2bffc6869f279d11773b257f53708e4d32fae811099f21194c85da780a8466f4

SHA512
6227d3b86174d1afa0d2653c39aa3729d632c9279b16797760eec41d5f9c68880eed4202b00b5c1938f1a7e452d789af816cc70fee3594312cec8be1c70cb951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
102a0f1a8a1adffdf1deab338ba9ca6f

SHA1
f0c344c80d0c9bc2be0b10a71eb0e74c678cdd22

SHA256
49543de69258438dd6c9455136c04ba5a8aaf47c550cf4510cb5357133d614cb

SHA512
160fc3993fe71437d988278fc6c26e564c710b899fe03e170b994163b61faa40a70ba849aa16823655972906899f8c54d525ad9822028324aa5591a9f9b286f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f2d1d161ec4191a9f4df3c6338600b7

SHA1
78a90f1572ccc89d04d6710d859fe7ae01766efe

SHA256
f588c61cdd4ba08c6b1127167483878eada3129f3eab69af9d704991e0db8b1f

SHA512
b33e7ea328ef21cfd390845962af5a271ddf82457d2b91d8355e59e1c35590da7c22853c978dc2f934b5bbb9350982548015894b64e712578cc881e023cd88cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9ac8b81d6c9223bfcedf53f5bf164ed1

SHA1
1406e8d1094e09036d96293abf6d01a4f6776a27

SHA256
5eedd65905c5d167b90950818027e961b3e0b8cc5adb68610bfc3ec992a73cf8

SHA512
c2fdb0239497e479686165e7f881e6025c7743c06ea192ad1b112460fb69d36858e4d52ac9002f47f1f80a088f2995f3bd1e2383405f45200f7032b9036b01a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
910bdebfee20723188236a64fe88cdeb

SHA1
cf4308b3352ba0b4866bd6e6c8e0c323f6bfd77a

SHA256
7b6d0a299f1998c8adffe68db813e686cd05f44d8aba22f4c0741a9ec6160f03

SHA512
da0d4f13108c344dd2ae1fbd0ab9451045a9c2a5edd887e212a3fdf5da1ec8e309c514caa1b2c0a301c06de3122ea959af69b987adcd45e8ab669d6823be225f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
c88a3ac4ba2284273c7a63f32985bb1b

SHA1
5685a9c2b3febe697107c796b6583e92248bf180

SHA256
d8a48a5f5a5f9de807bedfff5d5c3c4e501c4db74c11713e56b84a4e0ac3fb7e

SHA512
e53627e9a217a3971d92cedd550572cf7246f37778f11355093c48cba80bf9af8e7e846b966651f6da7ab80f67fbd4bd8a65301ade450fe70a0c3a7018d43432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4b7ef15a889e8905d97dd93e11b3ed3c

SHA1
e5148e6cbf05276d9bd3bc3437f52f18a3b91419

SHA256
8e7db1c0e9ddb7f0f11dff6685461d877750685b4f258a58e96c9d149ebe66ea

SHA512
51798df66c1c83922136badb04de21ae140ac5bd9a74509ec903965080a81c58eab1efa1de6e36fc8277e81786c4d21f9373988792807b84e43cab259d995d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
41KB

MD5
3358e831188c51a7d8c6be54efafc248

SHA1
4b909f88f7b6d0a633824e354185748474a902a5

SHA256
c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff

SHA512
c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1.2MB

MD5
b55b8baf9ced2da93c17f6b749734870

SHA1
b7a0adbe14b12fd8f7bc3fbc27a5611693057cec

SHA256
38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4

SHA512
69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
481c6740c001c34187cfd83ce878bc2b

SHA1
f8bab8bc308e9b14334d1c6f5a1a05d07dac773a

SHA256
ec8977f42fd74cb53f71dbfa0ec9db98517b8ea254512b2a362ac2963fe039e0

SHA512
632b5c1ec2c7c463ee87ae518c5569b7cb7353120ece8a62d3cab93346637b206d2f8950205e3957d09d27ba430ed67e3fc1a3c682693d45576d4ebb153e1635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f33ed83748926a6d698375d282705e9f

SHA1
999e16257311b886d11b0f4dec0af0c5f04c8a5e

SHA256
d3b98c287b88d94a90aa7cdb84dc2258d8ad78cfa3c4002db5181009d148d428

SHA512
f684dadd18add5fb0eb53d8861f2aa8d3bd39d3f61884e1309cf8b1c74d7aa315cd0a27ffc28b52212551468b90b80aff297efcb4a5c884bfca9e43c4826644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a753f86c693f38ece79567d3a3c024c0

SHA1
b010326425973b67152f208202746ce4cbd61216

SHA256
9d7e8f272987bbb66b44e2e894864b3c952635a23d6001978adfa651afcd0ffa

SHA512
9db68f81c05dc67c8c248249c76a3140eeeeab3df8005a489f3ba85090d6dc25b9aa1534b5e2bf54d7fd70821c78027d0edf87fe0e53cfb2ac89e1efd15f3c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6ad9b6c0cf75eeaee0a051d65cd16da8

SHA1
8234ef6bac9bde3f1d498b3b3a104099f186c38d

SHA256
d6ef599f18c02ff763f65642dc295a956f06fbb42e705cef2085fc437e241ee5

SHA512
772688a430435296c78a0533ae3f0b790f929936d1ad56582eed92d1a3ff22a10fde7dd4705a70acf529b8dd6b5ff0d12d3f6c2c51259f6dc7d7a8517688f071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
0bf7e50b6d3d82519c79d825c8c3dad8

SHA1
93a27966f3df1ba34a21f2db8aa23ee39e4aeb5c

SHA256
930addfb6f52be750547ee94493c863903ef7b83261f2df29689fd48049d8e66

SHA512
acf732b81baa2677b740718328337b6b866bb773c98a3fb2a5f16311b5c14666e051cb5239ef0007fc69003d51bcb54599f2e5b818e8027d00c0d93e007a9b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c14a5be6ed2367a3e63161c89a89eadc

SHA1
8bd9c19f68c25be64ff8cec1eddc3eaf73929490

SHA256
df9b601a4c785ed5af6756e76501ea385017eeb12e0f0104aeb2f338b9bdd0ce

SHA512
8c9656102959f266ae29c00b5095d756626780c4575b6c9f6de64b5749324c0ba1c19ed79e59f960465a0de8e186944655549e0db0192e0d68d97f352bab9003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d43bd53cfb199929d10f7c3b47fcb2d1

SHA1
1d8ee53e5f2bfe761f4b29cff034a69fe3e79ab6

SHA256
11cb98bc784d2d061af882c6b716a26f8410769061509da92f78abd974216bf0

SHA512
929720f8f5d7d58cfcad6f9a4fec3e0d21abe45e577306caa27a677e8b97c3ce91f37720556220642bf0c81c09b33907cc221c4c8026375c2a895213b22618de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
ef06acc4f055ea4ae8352ad0fbef3aa1

SHA1
c6867e200656ad32137264b9b69ccd856fc1f3ff

SHA256
eaca0305f0191b069456eeb675d95c2579879753c1f292604c6dbe2e85c2419b

SHA512
58ddb2f6a860db5fb8f444acc9f9bbe4aa32cc3cf4e25a867b05afc3ab180c5648fc318d85b57c6ecbc2baf1936f21aa87e54f28280602a0d132d0ba861d7dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
5c80e656ec37c29a850713f10ca43fb6

SHA1
8a360ae860608bc9e2fa1da623494f0de07c3c63

SHA256
35e7be05d756cf121708a9cc89969b555c171d1a578a8a45640543170bb5ada5

SHA512
2063adff4bc18a865939e62840732d6eddd3ed41082bf35de71e251e2cbb059f5d6574254a0f25a399225d2a44428415b723b2cda1171ab7b20b7679523a7bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
6e1ec5590c985db750bf667c05c00e7b

SHA1
fb9ac2665452e9c746ffe44bc36a403de8667123

SHA256
036dd7c0b81ce278f425b4320242d424e6f687b0654bcc5bc1614d5c94b94c5e

SHA512
cde1dc3ae4d89f2b0381c1502bb37e6dccdd301c61e811e90f3ffe03597d3642fba7cafb9e6c034391b38aac031474ab0a19935b821bb5e7fefdca1d7090ac4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
42b5a4e81342526eb6f8b40625e49097

SHA1
8ab39cf7669ae0e4bb1146d62af59777d8e30fc4

SHA256
2a7b38b09957e985444c358e91b19b2b7f19016b78b1f1041f39106c4025d2a7

SHA512
e0a8da2d25d09f3cb89df84b95c90439b8408d73faa5d52101025fa984dee87fdbede98985a40a605332253d2b4160e5bcce010c7eb24446a68e679c3b58fcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
683eaa29b0b83dd53bb7192cc01f5b44

SHA1
d0c37aa1a3dee9765d56e4c4a67e3b75a64c3e1b

SHA256
86f1784f729bc85417378bd94ad25cb6704a27cdd5310a8c65d1974a63dd058f

SHA512
ed3dc84a6172da10cd808e3c755965be38bf5741e5d94d7aa57609f36bed5c8350fbd7affaec6486da470fffff25e5beb35bf92289cb299c197b8d5b8bda3daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba4de128cc19b2a64a47e62b4618c4a7

SHA1
cedcc542e55ad4583dd58d3ac1fc07fb5c60487e

SHA256
11730d1a1f2a0776d72586429d3a9b972d06b054f1cf3135160e0bce756486df

SHA512
1424903eeb6eecbd7c9bf51bac6c2301af11555bd5cacfbd982b10748f1009b69b7c1778da0769139629ec2616662ee754f09ea33ce4846bcbba294c5d70c742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a2d60c2fffe549352a6adc75a892d1a

SHA1
44555b92b122e682a9e81c16319227e1b3b3288d

SHA256
8667cc342c13d5736ab8f0efb3f61d96d8b1fdfaf22e003fe974d94a43787826

SHA512
043baee16eae3627e54afacb94ec5cd67efaa7d17e59fe099aa8e7d6be5a39ef053325bbd5964eb0d6711c68f5c424496b9a7b19c1a5e4fb9eefbfdd7109f4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d589223ada31df66cd6541e479436d5

SHA1
ad11f126060698108c661fa90a10607024aa57f5

SHA256
db06f9976b6da9a58fd350049b9ac6785740b4fe322888642ba30e4f05a4e78e

SHA512
e562e89d9b36ead187562462cdaa1c9f9b2c5fc00db6bd8a2e905055e3eb6326c70c02fc63649f67796007f7c125c554d8e5458f67dc50579b438ffd38f56ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ea892b82fd410ef4db290b3b0e68de3

SHA1
17c408663b6ac3ee28064cc8254c4a652f4f607e

SHA256
9a932347b33839210976a0cc7149819819d615e239cb1ce7a0424f009afce8db

SHA512
ab5aebc5abe73f6a416e3cf8112c9c126393d263ace3c5b3bfbbf31c857bde6ec5f45d050ca388342957e340828714dfa5d8c2cb52bed18a83f2a76eb2d14d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f5b9235feeb58864f77786e9fce9715

SHA1
129113e4a455c67f4d7ee95364d2361f3b0f1045

SHA256
66b1591ab93f877fc290a65cc497a66ae8000c11bc6473b27536f58ccb77e6bf

SHA512
9190b874bd9207190b07645ed261a76e243e5befb4b914064df8ab70769a8b235acbd6f0ecf0c93da78902412958fa2c6b04cf211191dbfc3f8ded0af8872a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e022fda3a267ad1678c4aa0da4cf200

SHA1
36eeadd8d368c0b422f706bd6c3d56de84ecebac

SHA256
e6e4b86179a30f0b609d1c7c3160e51e82d1755a8b26591bdc26dc5fbb5f61f1

SHA512
beff61a74a08b5ad2b35fe268687caa6b5df5bf141ae1cb29f5a318d62ce423aa8dc34192b4fb041934c413570d5dfd640c0397f3c2d2a894f0f7e69576220fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6180b669a4d2c7d27550bf075722ff62

SHA1
b01980743063dc68cffea7790be09b36288b1d00

SHA256
cc20c8593361cdd0b4e1289cdd9845d3284e9e6855af583487f6224261694313

SHA512
25ff8d9d8b50bbb9f64531d393dc97e485f843b5436632f00375472e304edab42f0cd867082e53a7bab9fbcd63b383fc5b204dc60c7a132a4767df0abf2b55a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
32f9e94e0503d78c81ae414d8d9d1094

SHA1
6111f9a05c99ab792d0bb51690ac62f7c912de8b

SHA256
c8bb589323c6ac1b0e10b22b2ad974ce69af8dbd0ca8df3794adbc96adaa7ca4

SHA512
8ca34f71734ecf0ed4c929f6764fa08b230c0ad8fd310d9ddfbb1a044f8f8f8fcabf20cae9be0bb8406f18d1b3dff4a0439d2ddded7b7b5aa6540f98458022a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2acf16de314719beff41d4f4a6b76e69

SHA1
f2c20c365a2cd7624e22519fd1857e8ffabee453

SHA256
ad4bc10f4b250cc4addb8bf2da95dc3c6d6017de05d8ade0e9c9b5bc792689d7

SHA512
6145cef3b5cc7a9de10327f3ddfc0afe14ea81586e87d95d298e366838fbb86cde3ea224d72500c467f1a1b481ca0a5a79ddb8b4f5868d048574f92a28204d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b628a1230160c23378a72a4f3806270

SHA1
9c86c9aa910cb03107ffae55441dc3b6352800a8

SHA256
8786ed6abd8738ea201f4a31b8171758aef80397744cc579d1a144a6b731fe7f

SHA512
676fc5113984fa9e9d2ae9085ef3cc3b4e4749556c2211f3e36b43b71ea950f0ec5691d44656708ced605176eda0545af15ab5f71dda6f5b3c454f718fa897b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
5d5003344f4d7a42bdd377b9482340ac

SHA1
a320df0b24cb05caa88b15886864f22e3d6481b1

SHA256
8d0749a7c4692d083c0719f897e529b4a75aca2c19f01b469c4695206769c8e3

SHA512
2caf0a80144aec67b35e9700750074b54db4958486bbbc38523cb6e73d718ff2cb03663d35ce68f924f4e97ecd593c89437bf2f54c377a35efd3260502db51b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
1cba94f9d28374674d4bb82327b04c12

SHA1
f859f6dedde40fa2777211d3605e82829b7f95a7

SHA256
5735ec1df19c2797941e963e5b12be18f9bb1e4b670a2c98c89a9a745d02ee13

SHA512
ebaa9fcf4dced81bb1e356ae3fad63f7443027e62928c21963b7627598a935f6dfd0cdffc7f855eb7cc20e1f4f4863893b0bf94ebebb7a29eb26a3f2f368224b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364853754340774

Filesize
13KB

MD5
94893a271a220f74e99de954c52dd53a

SHA1
a75ceec37510c52325d723beb3859d75a9ece624

SHA256
7cf5fd5496d4babc1129f2c40a982cc13005234b1ee066950cba7f82a11e1d1d

SHA512
35a17aec7e36f174cbd22db798a8c9c7ae43653f46641309d997baa4c54db5a983c8387f8f41fa72bec7a95a447ecf3a1d8e2899f681f685e919ade2b6e63ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4e1817c7e186b799b7134ff40e32e0f3

SHA1
00d0f8d0e1a71fae517ed35af97afada077f0cfc

SHA256
48ca0158bf4b20aba4a0241641fbf5eee93fa20b430d7e521f33b18a8c19c12e

SHA512
c6dde52791eb076f7207d5cc231a3769652369d772597d329431756407b35a374c86b71405664be7e9e7750ee4b369ee73f7e76d34569a4e795901a4de666b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b51312308518eb52df89ec427089f2d5

SHA1
1beb5970027ee38b02c752e02a2bacbd0e3963dd

SHA256
e3a65cce4fcd06205ade401327fd5612f62dd1abd787d76f00f8aac9bb1bf13d

SHA512
d443a744f08d75f4a005d34abaf693a7475deb500671cb9433a4e3faa343c036cae9b5f1a829082712ee41a3ea1b4d7127e2113d0864d6558ee6b62a95ce981e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b29286f86d3fa8c8d04d1d913022df86

SHA1
da6a9eb390e4b80e2597199db4f1738ccb553c76

SHA256
c90873b78a2e5dd213b48429bd451a246a38c1e1bc35cc04c25c10cf101426b1

SHA512
1affb7bb131f3913c660c3d94dce408dbe491b8ab9b10dd2675b92eb341a5b89ebc1e6762ed489dc72ee982373c83577947f13b3410de284031911b2fc4a39e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af924788b8dddf000d0e480879ce3d51

SHA1
f81ab93f13248f5f64d8e3a60ff5f7628287bd70

SHA256
9901e928103ac776ee4358072db20912811c4866159de02d0aaea831ec827565

SHA512
438e48b7f30af95d56c3c700f2641acafd62f2ad40df49ad0eb208e27fe9002d0024ecf1d512327e6f58f8a3c4cbc671c7db650415203eb3f63bc0e8c4f89eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e4e5eb3f71c40c0338f9d3f5e4b5fcb

SHA1
5c6060cba78b498848bb2995cc030624af8f857d

SHA256
12134f06fc58620e00f77a9281603716b1f43dc05178ff89aabc1a0d7783ca62

SHA512
c46b2ee906fac5118a38a476dfe75afa40816211d7323eb426affa81479e0ce9190c416fd7a092fb800380dcfb5a897fabdfc5b5d79bf5e1d922c8c134873690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92f8a47c2f928c033bc5ace6496c4d75

SHA1
bd24372e38e93e538fc34bf5fab34e8f119847ed

SHA256
63bd7f0a125042d84d42319410efa16aa2efe9f66f957abb34f664caa26bfd3a

SHA512
520830c69e5c9b6029bc8b84a1c75da1566688e99f6a4942c0355f7ae272efa153926d33a7b578660ef258ecf41271762f096b207211ec0c66513af7a83fdba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47d2b153db6cc8222d029ba4801586a8

SHA1
49be3e55788d33fcef50547df4a8f148fa18cf7c

SHA256
84517b85f41d26b8ed0d4df5329b9633a4fcf418ee915d83b9cb2fede9e80cad

SHA512
799cd2f69e443f785c9c7bc7a7c783052c753a4668ffbf6013a324bb698e346be7ba8232373daa843e6c8747da3ce9dec1570b5fc2713715f827dd1b509dbf9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40c3db98788e6390854f3f7cd3d8ef3e

SHA1
489befa82fff7680774ffe9be0495f2b536899d4

SHA256
9b454291e3ae029c6f2be1a6f254aa502572caa1f2e82e4c92e8ca546ec827a8

SHA512
ae1d10099b17995efe523a833648517fdbb0b8cee0db3b3b2a3e6187c070301d67ec3b31433ce762013ef49a061e3ff6b3813bea7df21149c2673f007622e767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd6b632da7257d0fde221ab8f3c2d59f

SHA1
5ec4af51e278dd0d81d632e4f1a035631cd6a931

SHA256
054e4d817286a1aacfc0d612afaa0248058c81b768b8f6a90bd35d6695a1cf9f

SHA512
f2b4e9b9fdf0f30baf5449a3b6c08b477f76266ab04a992a838febaa43ca678c9b59532f6d0a6a738aa091a2b33a8ba913e13cffab723bb7d120fa2078fef7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e274d59ba3acac1d68709413cfbf9b56

SHA1
e0b050157d7508bb6106e582357161edd2fca0d4

SHA256
f18179f928335ae250c4d311767076a5491cfec92e9f0e372194eabd7d70d35a

SHA512
1cd363ad74a8c71da8509a5420df9efa288774d2d4d24a328e4bf1965b9120166fbd4d22003ca3465dc08678f5c8138cd4b909ab69b48941b09e5277a7a89718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c42f92af4cac782eecb2af82fac8827

SHA1
5955764d7d06bd8911d4df987b65fc97e9b5f0dc

SHA256
f876ca07a8cdeb1385fb2175234d07ff06c47b3d18848656876047afb3d29ef7

SHA512
61811b2233169c86b0fe3ea72f4b61b3138c80d388d4c91104b5794c0a045cb04fb89ec2bf5bfc45df79d16a97641769217ad4b547c7c58139696f24c4b96ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8d7d09693414e2c698e7cd96695a12b

SHA1
d725b4174ddf68cb5b2a6fa9c265bc4036bd4eae

SHA256
267e36f23f37e23aea487104c6edfeb7e00d294000164e0975c839db374010a2

SHA512
154792001d682785b7a32b6ffdfc0d6272b6720b8c9cff8a0cbd98c71a37202f9a2df91044fa89454da75fd7022f3f2423146f3d02f86d32b2d0ce393d968e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97ae86cb559d5c601578be9e2184fd3d

SHA1
146b8e8e17f6f2c53e895e8df06352bc0735494f

SHA256
1a10c9b32befe2802a358fbe7bc4d8661de3bd5fc0f31b60a09a50b8a966f1cc

SHA512
d5c7c387a467c55157bbb18b4e8f66448418c1655ea0f9aca5c6650b4f0d542858af85f07266b1853b18e78d13739d2ebf026485d8ffc644cd30370c28660e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e8ea73cfbee98c0a37baf029ad03f16

SHA1
32d36a55bb38ea974f97c198ba1da329ea09e576

SHA256
db64e3c7a1e7dfbb458fe0940b2ecec292a7aa8f7b6e3d74a902a9c82449b2bf

SHA512
b592ca4f40032c66afdad1fb9c4ce793d8a3d0f0b6951026aecc33ebe6d348112f60bff4a8c717a4daa7a984646dff5d4a3d49f6956829266d2629925c482fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ece0.TMP

Filesize
539B

MD5
fad27238d48e7bd8464143bf4e1f4e6b

SHA1
d192b33435b9c7787a3e260eec559944525e5d96

SHA256
3b8a766c84edfbaa15a2020f5516d7e4aa5cf5c73dc528bfab9156f63e4a3795

SHA512
dcfa18c30e35c94ed112348a7c021bb42928eace8fc5e38534dc4461324e3a7f5dd2c89f89c70c75e28be70093470ed21a11d63bcb20237c15e3bbd0a3c11d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
12cd88a9262107ffb988bd9de47bddbe

SHA1
7550a0cbb379be12ac25cccb6d497e80bb745388

SHA256
a1ec6973cf33f422621cc823d6ef6c2282c6cfeb7b1350a328c46348a6f51c1c

SHA512
0b75ad0482ebe7278bf0e402dca0bb00bbd806d1bc0ff2efb1431937707a91490df35b1bb877a1b44faf040d09e86bfb6727f96bdfa67a747a01715fc86ca4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d88e0d92-8b9e-4bcf-84b1-c79345fe69ea.tmp

Filesize
7KB

MD5
7db4b1bc0e46769a51a51ff8ad34c8b7

SHA1
292e07c2d413357940c1f08312fdc2861651fa74

SHA256
c905616c575fe0ae5a90c0129114866a830c3c44e804b3f8d877fdefb620e230

SHA512
fb0d2e086217e70aa4c37df166d7dcb28628c31c71b642d26631223655492bd8000c39216f95a2d73e89ef0722a549e67f3fbd5ee645c1c53cd3be9919c4cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbfc5f01-61c0-4a32-a1d5-ae8b4536e760.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
b7a26ce3f034bdf92688461e46fe82a3

SHA1
c6496e12af7f61674ba9ad3e2767835ac97b9395

SHA256
3741491b37adf69789d71c7b0ed07226080009cda5fb8424fd5344dbb3e89860

SHA512
63501fa4b24fed336e5a6766cedcd927b7153855dadb0384902faf859e423112b451990af7e921be60cbe396ee791294c812a306cafe0be97d1b014a372ce870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
772c8333c4c94ffa2e84a792c8f48283

SHA1
4d97936b50305b0a2a4b8effc6feb6a39e3488c4

SHA256
18402cce01544ffddd0e26d5c3e3064db9fc29d106cbc62366751fd4725df805

SHA512
8e32eea343006a72667b5bc4619a3b634a709ad3d2237773d04671e3b9fa447904cf5341b8790aac1aeab3fa0a412d8cd57684b6c5d6573cb9ad964190708d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
15384f366eed370e12389fd57665d103

SHA1
fccb12cb469b864eacf30f97a6cef517d540f2ff

SHA256
348949f6731a903389fceda03e2aa493314c9878ea55cda82c1d98710e54bbc8

SHA512
bce62d1b17c9fc75482debdb797880627be3dcd3fef84117b490290f60394a20007f9572917944bbce9c5e17473fa31fbaadded0ed0d5c8bfbb3175e4f0bdde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
177d4fffb74b49544bc3101b90c47bdc

SHA1
ebd6d6b6df96a98cf3e47d5dad0186ff8a50bbd4

SHA256
07b43124f2d022753e5968952941218681e147db79b4361695e1028f42b1c576

SHA512
4fe85693d3227745a193da0a643eb13943b1a0a9174ca62ac592728f0153ec463797a50a7e8e71979ae953a237a7f5ebfa7e83528679ec22df152161a10741e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ba91c9449964cc4a77fcfb240022f308

SHA1
b76d235e56e6d7441258d46fca5f8fb066ba42fd

SHA256
b2c883b8946f8224250b736c48571dec4d937bef8f5d00a0deca47901c1e16ab

SHA512
53e5b3cc08abc752258a3223da641a25964524ab77582736b8789d839236a18248a27655718b57fdda8a45b885548baee543c4cd91c59b4217c5d1b9ca7fb489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e8e40f3d0a9b2b94ceee2830deee4dfa

SHA1
bd69e2cb4a153bc8f3ba0528256d8598cc59b2b6

SHA256
b18f5d659520555196a312e7521620eedce872f0a0f9469909ee1e7785555290

SHA512
68f620ee2147748e31ea8cb5695a9c5277bf9c744de219400bd7f56ffe85572feced0cd7b4c0984df40eb6d2d9c2dd0ab97914456f40182de58c5fd1d3e72eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7eeea7ba31dfe963d039af6981a2540a

SHA1
020baa238fbcd94d15be51090a8eba9d2b6a7313

SHA256
ac9a57e6f000d3ab62bb9f28cf8bad92c3121a1bc5568074d63d92720bd6487d

SHA512
cd83f89c998d26f5325c8b5e6ee1a3f51d908f87f946964ca33470878da0eb65f1d9ce5173122835666f5a17fcb65bb2bd86d7a4d515ddf4d6abe1535c79b2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
7b884725ad5c360c55d37010a6fbe03c

SHA1
47b92fc79fe43172b3972a5a5a26dca8977446c0

SHA256
12c423fcda7c3dd9b87540d2ee5319f8860bf5d2c8a6dec1bd0512743c4fb870

SHA512
dc659a254d034c89352725d6d8dbcc1d07a3b756c61caba5fc8ac13e6b8a3ba2c5703e33670b1ac9fd4f648d02a5019518315eb11160d32c66fb909e42cb6539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e4afe6519101cc9437aeaf9037b056a4

SHA1
b6f576fbbe9ffa0b273523601b4541d5ad280ad5

SHA256
87310801ef86e2f6c1fc7edbefcea0db7b5800bfc54eb3e9a74af44191be31d0

SHA512
47e5ccac92de504b9754c87df1b211446d0eaf86feca5c500e6b545cd94256a5020486133157b615d5bd8d11f0242c9a910361abb7d23eefc71c9d07902e44a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d04c1060ddabbf1f8ffe401702e63e38

SHA1
78e07e4073072990bfd0c8af48f4b5e7669a8db0

SHA256
24efe9a98b234f26447a838fdcd7a50a4acf8cc0bc8a1f7fa8ac6810043e15a7

SHA512
95faceec598c7ebc8e81d96e67e0d7e27ac112510999638dc89d1aa874c860f3d84654e4d84575f5b5211986248c7a759a8dc0d7b8616331d4405aaf7c703398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49b850c2c8249c7b00471ea4b0546584

SHA1
7f9730682ab79c2da22bc27e68a081483b245144

SHA256
8ef597ba9ec3366fbb0925c043af4a823cb2f1e06c8fc5a19be0aeee35f90050

SHA512
3fb2486017e14d67060d912d2fe2dc5f3faf3e0e139c0153f566486b99ef24435e886a0a4bcd6c959fe1d07b34e1bd6ec73c1fe26e9017f3462dacab394533d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d656755e7d85e8a8dcecf87e5b81267e

SHA1
fe2db1dc017ff93c70cdd3270ce5e35df6ae3dd4

SHA256
534bababbe3728a224cc8b2b3e55e6587baeb7f4a1406e76c46de1541129a77d

SHA512
822d366dcc1797a23203223e0d082248dcee7c6a952f089f32a9ca673e2c9692f918cb0cb2bae43c7d1c413691b0d3d4121fd40253d44cc52d99f2524b360f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3974b81a60b1fb3611537263daea1307

SHA1
dd9eba04ee0fb0ebfb3be307849da8b4f9871e39

SHA256
cf56cf654d8385201ebf163d42100ce0fb9c8dcefc1fe7ca905bf47f564b1154

SHA512
d5d3535c3c68d7f69755fc5bbbc37a8866c802a5b9c629568e107c28e2984fe3652258291251413098aab0e3d92919979938e23889c0e5231747578dfdb21f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
50fe5b8ca959112559a5641d78664ae6

SHA1
bbef72c8a986b0495e80b0d15a368c19109ad463

SHA256
5ee8f9ccd76f0016bebac6cdaddd6ef5b5aa7ec2bf9b79512d30b822914437a1

SHA512
bf313f3ee8245c6fadfd35a452a61adff809353653b7056933e274852d19eff03e480f4beb977eaf27cfaeeec1cbcaeb14ac30303b06cc5ab57e3d665a2f961c

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Public\Desktop\ᘱ඗◅⍛⛃ẗ፿⛼⶷ᬺ༷੠Ეᣉᕥᇀᨯ⠈ႁྐྵݡ☙

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
\??\pipe\LOCAL\crashpad_2820_CJFKLAQFKQEWOFAN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3016-1411-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3016-1413-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4304-1590-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads