hxxps://www[.]mediafire[.]com/file/2e7dm4i7tv8ymm6/Little_Nightmares_%255BTESOROS_DEL_INTERNET%255D[.]zip/file

Analysis

max time kernel
224s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/2e7dm4i7tv8ymm6/Little_Nightmares_%255BTESOROS_DEL_INTERNET%255D.zip/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{DA3D05F7-BDD2-43CB-9275-233DF8AFB6B1}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
6024	WINWORD.EXE
6024	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
2432	msedge.exe
2432	msedge.exe
3096	identity_helper.exe
3096	identity_helper.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
6024	WINWORD.EXE
6024	WINWORD.EXE
6024	WINWORD.EXE
6024	WINWORD.EXE
6024	WINWORD.EXE
6024	WINWORD.EXE
6024	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2232	2432	msedge.exe	85
PID 2432 wrote to memory of 2232	2432	msedge.exe	85
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 116	2432	msedge.exe	86
PID 2432 wrote to memory of 5004	2432	msedge.exe	87
PID 2432 wrote to memory of 5004	2432	msedge.exe	87
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88
PID 2432 wrote to memory of 4148	2432	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/2e7dm4i7tv8ymm6/Little_Nightmares_%255BTESOROS_DEL_INTERNET%255D.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8099797040867685585,7992538814921471902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4840

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\SaveReceive.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:6024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0dc67a94-a48c-4257-ae65-ac9a26073523.tmp

Filesize
12KB

MD5
9938077a0916ffebf82b2dafe16ec23f

SHA1
c68c1f14ba5c8be6bf6105a9653db0be2db6fa0f

SHA256
eb4e48d854224577311fe2d0d011c41582a8d11c60e181fcd8754e316471b5b1

SHA512
9073876930bbcb535ece2ee82a6ca053d9c8ba8eb7cdcc8af70fc445b6da731dcb3a5227a2ae7f823d9c07e324b20251f9b054f53dff4faebe8affc02db83ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
183113c4a8753a2620b34e36c9e08f5a

SHA1
18a52db120567aace91fb5ddc8360d92ab3bbd9d

SHA256
22422e7887d51815bbcc0f2eb51dca57dc1e6c6a6678cd323e0e161f8fcd4b6a

SHA512
a3a8b17604a441f4efb022fb2264cd6952862ce7481370403b91fd753f37b5e981f772592f80a32d8eef1333e362ea0dd56b81ac6d1b200f73765ee361f23ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ce2c5c2313a9f21eff6319137dfb8734

SHA1
a6d6e17167e17177647c022454e3334306f66376

SHA256
c4ffceabb7ac8a3c6bd725bbb92227118b5850458c15dfe888d9687815ef9f11

SHA512
0b867ebcf3f46294985dc67b5f215c338f7a0acb2ad30656396b997049a8412782af46bf6b5ccc15694058c21dc917fd29c22b37fac381dbde04b3f492207490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
b763516086e50ed3c0cf7d40d36adf02

SHA1
06401f0e6ffa1cae639d7266547a7f68e63e5fea

SHA256
efe44f6b517e6400f619db0005ebd850493574748d21dbf5606e4d4f3e016b70

SHA512
80534ac2207945ddb7ba2e143b2728e9be7f69fd4c3468807114e3ff22126085af2fa8be3a291aea4ab78dab08f66dbada5929e9932f0cfe9832af11209f96cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b10e8248c5ebb6bdc2332bb07fb37c6b

SHA1
ac0d9b664f99b80ea3836edcc268ee4548ca9147

SHA256
2152c64916112b6f5fa8a0f377c24ccf776d127e689c6a37f707f583dbe2f9d3

SHA512
643df4142833432f65fbd1d12564e4faca3640a2f2aed67e5746ceb6b8e51dd5fda52db1eb10cba599f0af134c8346759c154f254e1c959e659258ed5ef51497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f7b09c68910e3fd1fd052ac21b991673

SHA1
4d6117204d2e76b062bc4c2eeafb740e2c69673a

SHA256
4b74e8ac24ef1c8c9db4ba53b2dceabae397b569f893f359f6ebe1429749c7ed

SHA512
99d19abe8f42474229cefbc89968585a9472c92c9e69ead253b9f34b0f2ef7a717925060a92d82cc732c5cd856f8a2131f610f2492a88c3e937f5ae959113d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
321667c90853a9913a69a09a9b54a8c1

SHA1
4dd27081ed6580eb86b230d1bb1bd112394d447f

SHA256
de28958f7109b5ea4a9d69879f4235b8e6bb87242379ca8a9c4d9903410512b2

SHA512
18af98ed8568fa17dbe3b4e0e75cf82189d3ee013a6055fdeec98effa8199c2b72f6cacac8de9a47b70fb228814b3eaaff42a5a1feafc7cc360f27b5a377389b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
97685281642b7bf239493185ca856c6c

SHA1
40417eb14c9f985529743dc2d9d359483522e186

SHA256
ea4a68f7c59b6e21bd5715fdc4cd777c7a66de3128ad2f5c5d0dee074222b9bc

SHA512
571ab19454c13d6a99c93c07a600452f869a0a518e0ced2df055dae42744cf2b4ac05cecc28bd450e01b10387119964d80a24c4b7dbb99756527055f2cbc69ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1e3b7338d9d55ac8b9daa14023c36c16

SHA1
de3840dc99102034bfd1b23506b7db8425df2eba

SHA256
2f6eba5c6503da203798f43112e4ecf4a55bcee745462eae9b1a21af7a5e71ac

SHA512
4d890ba880af4d56bcd864ef0e4bbc3078a02f55be3901c3b28c345723daa3cec09ad987a954d8437be2abdc61465c4c981066dc3e110bf41e4a0c8c9f8f8c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b2e5838794f45a7f11cec15f5251e475

SHA1
5ad6bacd0b80ffcb4141d22e611ad820b7984480

SHA256
d43618dbe7f1625d3005f8b0920d711ce34a867241d20d92d0b7216051793b46

SHA512
b35cb54d76e09149ae2a2c47787c52e98a45b4c639970463759334515a7a96475660ef953e49ce8bc13a1d61c6372edfcacdc84c52c29b9e23395d7a5766bbea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b5a3c56a0bbdf9acb8801dd842791a08

SHA1
861ec0da1fd82dfcfd2fe495b006a6ee4b30c080

SHA256
d3cef7237693453c41b1519b970a9047ff207b670902acf2b284eb06aecde17a

SHA512
cc12649b73bd46aff27e499b5404ab792f282d78809b893c555d68babcbd9f1c0cb6802bd4230f92097fc7fd83e32b5003f32e0ccc0dfce841ee161e7d35b0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4f38001700dd752e923d1af1bc689ad9

SHA1
d4c8cb87f1d644b94be01fc49431187a7e04ddce

SHA256
718f190c6bee190d131522ea709032475dd33a27e2c833d699e1da1840af1a0d

SHA512
e19fcd167fb6dc4359d02f5109f21289ddc273f4ec392173bc839ee6aab81fc4f6366b028c7b04c7b8abedec7a6f9b9b6a653f9b2e0b24b970715466d9f261c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e7fd91588ddc035383908de3208b2e06

SHA1
2b25c129d5b1a05ef763923781ad0520e45479d8

SHA256
d665cecd1fe227ad543eb8499a6e3a410c8689bd33b13b6f4a6fde9b390fff7b

SHA512
733f30aa62e1d30b432f9e50cc05c395dc6d017e380397f74d08cd5a9aeccf9ebacad56169751cceeb3504e65f053c9f0ae5d0c72467373c1968aaef0584c71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cb4d645919996008339cbee21a078e70

SHA1
a6620b39473e4611b94900a8c6066105c40d2116

SHA256
1d1bb48fb1f7cf26aeb0a2061401f5b4f7ec59a2b21083768329210599383ade

SHA512
aeb155ec7a0b4fb15870c70427d6343b897b681a2adcd07843670b3553e791b896369fcabaa723ee56b86791646e43c030a02dc86cc60454426cab5ac52983f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
58ac89026b4d773eb9a6c63f38c5bfa6

SHA1
316c2b832509a66ec5b0ae8c4c1a09c75fc74c7d

SHA256
34300e15cf807750b5f47c7db85790ff44b4627a00cf5e72ab8872eae244fcd4

SHA512
ae3911974c68fc4858624f0dbcac174ff8faacc0b7d6af08bf23033c5d6fef3532948398ed04c17fa34ea5755198ff93e64cecc474c4e2bb0b0095cf0868d906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
04c8ff01bb80fc20c5ff34097bba4adc

SHA1
685740b6c7ee1c459334e1b73c78874a6fa86426

SHA256
939634abd523a42dc1345cf4a1006edfe8da8a7a79ce955d303960ce7d6973a7

SHA512
aead6e5490feb2a5be9f9a1725eff89d0dc50be8c2191405c02dc4c17fc217801872c040a6b83ccdc2636fcb4814b52f913a09c5fccfc3586e93d421367481ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ff9.TMP

Filesize
538B

MD5
892838356cb28343bf7055494ab40669

SHA1
78ea7b3cb5c656e67bc55fbdd38a86fd9ca898e9

SHA256
65f11908cb3a8803f2b1b3bfb49b699aabe2f12b95c73ece4d99150339e1f5d1

SHA512
95ac11d968b143b2bf08524a15b2f3a0a583e961a34838e23cb41b1ab659b0f649b2da223561bb6508bc1826d21d7c357da151fa72d034681af8d5cdf8a70437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2fd46934aad7bf6d3944a7271d22275

SHA1
e5c009a57bf73fec0414c3fc715bcc84501d97eb

SHA256
ebf14da4c071b990ae08b4c7630ef74fb24416d47b4ad42ed77b0b7a1aa44bc2

SHA512
43aa759491501f5301bfb0fb294ec793a0e47f80694841b2d7ffa3f291e352e1e277b915f7e20a0065d5948c8295b8add659d951ce7bb7cd67702e58dd76c09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d54a1adb5284de0ae686d8866533dabc

SHA1
50f75b8afd226e97f90c761ad39d9d3cf26fb15e

SHA256
bf88f5dd11d59b54ad8862bdf5a3468e7871130f18d6cf8dd1310a8becce4beb

SHA512
7e7f8598f025e89f9e392fb90dc9630b320d6028a328ae14a91ffe6b1928be8d960bb0d80f0f475398356958643d4b99531b9bf69d5405e189453af13fe99d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
cd88fc033a075391c04e531820a2ff56

SHA1
571f0417a858c74445eeae8512cca52854aeba44

SHA256
7ba4d7890f2f2f3708220912dc2ade4cc75a70d27a0809555bbdfec45a18386f

SHA512
64ae0c2b59b8d543a5e6941efce280cd4fd9146aa122ef09d388e858a0a80c6e08f542903805cf0d1a896571cb30e8f6c3c9dcabeb932e327839b27454b471b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
5c010606430270cba02264701e9e042a

SHA1
5f9210798d16bfadebb454dd5516ad4c6a3cc231

SHA256
ec47bc61a1791472c52457cc7112eaa0cc19128dd88135d08b81cb32609d01e4

SHA512
c7d0bd22c689f06ba9540be848389faaaaa23084ada3247b7edf81e3de231387c78ffedd18c668a1a3eef9ea05ccee8025bc572b85bb098ce8ec5a91feaa5f0f

Download Submit
memory/6024-852-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-851-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-850-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-853-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-854-0x00007FF9CAF80000-0x00007FF9CAF90000-memory.dmp

Filesize
64KB

Download
memory/6024-855-0x00007FF9CAF80000-0x00007FF9CAF90000-memory.dmp

Filesize
64KB

Download
memory/6024-849-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-887-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-890-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-889-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/6024-888-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download