a41d453cadbe823216083816a35f36b28ad6bd4f1d7daaaba2bfe187d60725f8

Analysis

max time kernel
1777s
max time network
1694s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

coop-compiler.exe
Size

108KB
MD5

fbfb6033e3ed1070b314f27365cd59d0
SHA1

a17a69f9c9126b720024e1c9b2b793987c7aa346
SHA256

a41d453cadbe823216083816a35f36b28ad6bd4f1d7daaaba2bfe187d60725f8
SHA512

6927677a1acd6187a68d3cf4865c2c7c9e1a366cb1ef1a4371c96cfcc88123f709a5a8ce9668baf035e204a94623f45638fc448e0169c64eb064fa82f2499113
SSDEEP

3072:6Hi9oF7BXdUz3QTCJT1j7ZwnwSkMD6tmZAHC7n6Jq+k+bkkZe6X:iiGF7BXdUz3QTCJT1j7ZwndkMD60Z/nN

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
42	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	coop-compiler.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{55B397C5-ADFB-43C2-A3C3-C69E62334ABA}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\sm64coopdx_v1.0.3_Windows_OpenGL.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
1680	msedge.exe
1680	msedge.exe
2744	msedge.exe
2744	msedge.exe
4128	identity_helper.exe
4128	identity_helper.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4624	msedge.exe
4624	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	468	coop-compiler.exe
Token: 33	4496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4496	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 1680	468	coop-compiler.exe	78
PID 468 wrote to memory of 1680	468	coop-compiler.exe	78
PID 1680 wrote to memory of 4476	1680	msedge.exe	79
PID 1680 wrote to memory of 4476	1680	msedge.exe	79
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 768	1680	msedge.exe	80
PID 1680 wrote to memory of 3612	1680	msedge.exe	81
PID 1680 wrote to memory of 3612	1680	msedge.exe	81
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82
PID 1680 wrote to memory of 1372	1680	msedge.exe	82

C:\Users\Admin\AppData\Local\Temp\coop-compiler.exe
"C:\Users\Admin\AppData\Local\Temp\coop-compiler.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sm64coopdx.com/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe565b3cb8,0x7ffe565b3cc8,0x7ffe565b3cd8
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
    3⤵
    PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
    3⤵
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:3336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1368 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7156 /prefetch:8
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
    3⤵
    PID:932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6952 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
    3⤵
    PID:1884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
    3⤵
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6356 /prefetch:8
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15847766905327405625,12368210784452458733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
    3⤵
    PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\Temp1_sm64coopdx_v1.0.3_Windows_OpenGL.zip\sm64coopdx.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_sm64coopdx_v1.0.3_Windows_OpenGL.zip\sm64coopdx.exe"
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\29a5f50b-cd9d-4d1f-9734-e2cb384adead.tmp

Filesize
11KB

MD5
9f258d1f3588356dfd36acae0cad486e

SHA1
e62f503c556ff4ca379eec81a0f1173e8a5fb440

SHA256
80a42f10221388aeb9d64d54f9be97c9a8206fb862f4e657817d8cb71ae03d3b

SHA512
a14d85aafb3d00fd01b99b09966ea8b77a945baa3d9befc001d6c96c5a19ce0b714619ae2c499cf0c424ecbcaa5e0c5af81ba9d5107260352cb46d42a632aced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22259732-f26a-485b-b846-43e6cb9d0b44.tmp

Filesize
6KB

MD5
e1d621709149d220258a5fa75b28b3c8

SHA1
f82b75c80cbb99c83e09700c4c85f064bca92c40

SHA256
e9db2fdd54ef8785e6e2f9c15c74056be8480c6c3cbe88cb789fe54ac43f50b6

SHA512
e1c06aa41d228b6e0cde5d6e90211f4f44b91a165364a1dac259805ba563e151116d6904c03e4df8c865d422846634de43919caf8db616a23ff78620e4ad6315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53770534-c30c-488d-a654-f53e36b3347b.tmp

Filesize
7KB

MD5
a00bad032937aaf94448e19c749643f5

SHA1
ac9444c5a95000c400c56e260e69b07f41b8b9ec

SHA256
894cac36e692193a93ab9a7e4ab60f81dd6bca762571d7e50be51b33afab5ffc

SHA512
ab4eef2bfcd7d2bdc38794bac2321c1b1ed7520ce3a077bdc52bb10676a49e1e2c60d617de54cd3bc97bacd020b3d0c846feb3aa1d292238d211eaf03a775993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
687KB

MD5
3e913f70b54cdb9f482899f2527834c3

SHA1
82b6d4c08ba97fb4284efae6d066077d17c41f74

SHA256
2119199595f17ea3239cae5f5f6fb26d924e464b51053868a6538e99672adad8

SHA512
98bc260586507a3fb204ed20f9248bbc87b8a7dbb53ca583852a589ea8a5840cac51c6775fd8c8ff4ea4eae1af014432e339d48713e4e06c074057c6878a79d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
1.2MB

MD5
54ab7882085a32f5cd524f2d2b2fc3a9

SHA1
53f6361c4164915ffe0280f5e5ce8493b4d8a2a7

SHA256
acfd68f910c785cd62015bed7c3fb922fdc9431329a429691a15078b8ce8b03f

SHA512
1d6980b6e1e62bc24ad4cb95e06eb2309097d6eb5154f80bcd43af26a0e4e12d8099f8602136e2f9cc8cfbd42ad6044c5ecbff2146bf60cf9312d2c8df6262f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
3.3MB

MD5
5ceb67f169525d5e42028c1b0c3d0c48

SHA1
541a3e80a15c6c5e1f1b1f95e150b20669d3e2d4

SHA256
56cd4731165ed39ba8e42a390c4bf76221187555f2c23aee99503af40727f34d

SHA512
5b838a68955d719df36418201bfe4ba4b094231b2da745748ebbaa5441b37d8f523d906c7a3dcd6bfbd150f6d382a576e2d1af52b8287ee9f7b46776e659b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1f629e5189738f475a442ebe2d8f37f9

SHA1
82a3ba90760f09a7378dc3045131bae871154d75

SHA256
74c49a7fbdae9bd2f387c7529b2e396309a761008c0982eda502c083891bcec8

SHA512
2c8039ca5da5cf7dab65a0b224c328f1bef63d0ceb3a978a3af191f755ed9fc5a93298fb4d2efa28f28ecb04d82049ce3182c766d0a6aad47b0f05f5f91b391c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d2c2649219da3bd82eeac64362305c2c

SHA1
2482b7bb177c54fc84320c0f02a21f44e01469e7

SHA256
897ae1b9ecf28184af07eeef24f9608f7f06b1617a55be2f067c337cf3aace06

SHA512
5a62d7e2e482ab4674025e33206da977b7bdbdde6f629f132b7c70ba17bb67555d21d12fc79626f3952a91c5d4c5ecb8a05a1f3526849abfbef7363038bff54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2bc391b4b198efc627de67c61f8f07ea

SHA1
b34550272094dd7c52d0f4af4f12f1c3fcb95301

SHA256
295d14b48da8c0fb38497246942c931ea95cbcce8dee546576f57e09c5f6bb4b

SHA512
573b517ed19d3b7d3d91666a57fc16517d2dd93302f07316b2cfb7016a297f98a49db388406db5dfa1c22924d3bf465474ac190435fb43a45b0643ddde484fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
41ac407ca3b424aab3303db05d12e072

SHA1
5b03d9b5c54443b1eebc5044e667fbcff5710fd2

SHA256
18fe1a8ce69319ef9d358e4f54f7b3cdf98c01aa4404d2d40c77f8d63c43843d

SHA512
8390fc2d80c462180d94ce2b77399754ac57a8b762cce442313f8df8789b323cae8333d67c72ee115383428e589d4a8e0515410217a1b4e5d82544cd965c36f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9c3ac57e24b39103082c1f3076b1e6da

SHA1
ad04307197ec4eb2e3a74715dfd3c588c1e9248d

SHA256
2c84f6e8f23ff8f7d540023d1bcbd36955f35dd6f571590249fd4d76f044981b

SHA512
aac153071d313fbe23e92a314fd4762f0a9ddda002832fd00c75d009b02527aa0c7abb7dbfb53a43e2618963cab6c58b4ad589fdb33268f0627e985587a4a36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3438689953022c173f3b970a427d674f

SHA1
85833b82033ed9c83bce529d22317fa985ae1371

SHA256
22bad47093c65f274e1ceb5524e71ed8f366a6e92ca0482593a7b74028f55823

SHA512
daae14916d25765cb2df925118f034aa5dbda7f577050c9010fac5897ff403f68d2f3d08efb1bbd4a26b724fcd3683d9be54319aa17cb4abdc63517992251dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad8dd9dadffa41227d6b1be4b90b3846

SHA1
db4a9924c09c18c05d8b8200e716f1d5e9574010

SHA256
01424acd4eb963462ab4a5f731f7514ca2e269d66c77e265a38ebf35e50d4ab6

SHA512
95cab55ef5e367f73419477f9b7cae71ef2215496b21aa1559d9b0fbc8db7328bd2632d9933f1f8af7bfcb0963e2e5f471e34b0f28532b6ed8219ca694219b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c68099dd4e0afb2dcf8e153542964944

SHA1
d1be742eaba324b07704dca58c89e64b25194087

SHA256
3b8540bf794091adb4bb031b30f1b1553030978039bbac259441d2fd695259e4

SHA512
3c4dd9a267ba194d0da76129b9425a6332677e9365195ec721be72327268b05a2be3922c38e09d669f7fcd577505c4f742d01c05850dc7b09ba661f4cb81be08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a316f9496aeac8846da7c90adf672a25

SHA1
e6457f0f5495e174538b9835cd217a8e3fe4f839

SHA256
263d7c98e5acb7d96d2fd2dcccc5327ac2d1ce843d077b1e3ad83debbf8cd2fe

SHA512
43fb1654efa1170ad3b3efa36efea3fc9ef64bf1d324f468d491de44b0632a6317097c6ccc80364001de8659f9a0b7bd0d3b542e4ca528e381d7659ab134fa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de3ed4bee193a00ef7dae3e3f9568c08

SHA1
9524d75c7188b4a9e6961ebad9942c443203fe73

SHA256
bd2c919151978c518f59d680cb33f204988105d4713e7d126eec43c27ed9e4b2

SHA512
05df007d6a4de7892ba17bfec83a9e2b50497fcbe47347044d72406b0290b40ccf02d07439271b9232e9b3c37b5f69ee26a9c2ca6856f5d83ba0ce6db46065a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f588fb59e948bac49701f439cc94c58

SHA1
b4c585ac299ae2de5d506f589534b52b1290c10f

SHA256
dfd604ca8c30a9f217db4c94a5235386a25e44281a0002dcc45093e7793efd27

SHA512
9a184bb3ddc81c2be37d3ecd45fe8db44db0286b9bf0e3218586f217c668bdc915e72d1d8cbd630d44946b506549032a659d09cc5bb892954b41a1e9a6269a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
902d1a7055f6edc65c3bb572dd6e4667

SHA1
404d56aee412831bc925c6e25810c25d9bc5bddd

SHA256
d2cab44f9f9da4f0287335883f224da5ada16c6f8daa9fb31aba3dc3f6247f9c

SHA512
e81a33b0cb92279dfc0fd5b7a6b0e19b0eae380bd01fdf5742850e66793beb295e454297430e6d2a5f18767fabb5533a17628c6522caa85030c99eff01d51e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
917a7aa5f4920357a6f2dcf787fdd303

SHA1
4601697137253762de8f5fec334c85f132031f8b

SHA256
17df350d0bfd746975e209bd5272375b616ace2dabd43aac7eb418176c3606af

SHA512
7dce2eafdda9637bb9047cf6e7c04b2fd9b6854c4827ea65f8a0d10fa69aa26871d43eac89c71e9c8eaeac00b1a9bb1766887cbfd560cab75dd65486cd391446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9574ec38330b58e95365cc2a90b85bf6

SHA1
cc08b625f22a7a4860873b44446a7d89e2da315b

SHA256
c0e5e34424d7b7e1e1ef7ce768cea1354c67016cc59b643f65a28bd46f35f5a6

SHA512
d72f9c449bf310f73a6d75e3e0611ad9eb4bed0bbacd3bffffadc9e520a9e4b12095a46ece059dae60ff47e3633c21140ecb819b8e286738b8e170d69cc23927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8642225bd502e2cb89ff6bf414c5d220

SHA1
2316e870ca2c6e57e118948391d222162a488b2e

SHA256
6315ebd1bedc9407c0426246a331a0ac3ef53912523b543e345cb940b2878bf8

SHA512
c8add6824a71e348da0c0c2ebc92f240db3d2480140e1003c21bcf8d050c94ce313267e5282decee7ec8586cfc67ba2b5a25de708ff266c79ab2746bf6a1dd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ec54adc8239f105074acb1f7852f29f

SHA1
c7aeb16f7aa72a812b3328cc9cd4136e98b24d61

SHA256
2e0d10b5be2a60b7d0f068b82f2953f3294039afc1252ad9ab570cc05845e54b

SHA512
d80b9eb884866ee23a21d74d8faf45a4731e0a25c902996e0b248516144893188604930daa911a22a705d883df2ab99495c97761428ba99febadda573bf4c7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6161a983bbbb897436d7a8b41b5d617d

SHA1
5a2ddc7a26f04cf3361d265981e99e4a9da01c67

SHA256
6e4794230befff5b2fd7ea74c1c362c8707943245d46acf83a8aa8b339e1447d

SHA512
d079f1cb4becb231e83f93723567057b95846bf31fe51447db87516cbfe2ee5e5a7043429dad4d9ec67d58a042f8730f89086bbfdafcc95d2d8c8cb9193be44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b633d6e098ba068207ae9991ff843de

SHA1
4f32d19997b96d02218ab9c8a3829dc36a77fe93

SHA256
b066a8ed6ef187cb77c4f78fc1e770b7aa36246f6549e788f3a49bcba407be60

SHA512
eeae8a7d01cdd0e0cd1a57b554782f505cc54710255e2ec06be5eda7fc71a3281a924168ce85c90cbbcfc91082e5a983b5bc0a98c8b913b1db72d8df3b5d40dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e855b36e926ea7be3ead672c483a109e

SHA1
ff87b87466a7f0be9fb01a3de5748b02a3c8a08d

SHA256
3c6c5ac62333c3b044a2271b3f5f20d4389a4b7ae309b3803268a22452aa0175

SHA512
f8b9da7d973bb26248c7cbf7fafff8420d951fffa1453f7ce1f7c166901816db5aa6c988be4ea86cc3e0459fc99c8f493b963cecb2815df0c0e91a72a375384c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c0bade5cc8836d1a1815bbc612530a1

SHA1
c3c32cdc50e6574fb73f6d9a605ae77d0c04b2cb

SHA256
e76372b396e0f4a5fb2403c61ea6bf8a4a8def5043adbee2824f82e33a89929b

SHA512
2985869a53b9e82a83378b8fee5f9fe7ba3df1ac22e7ff2430bc5f03d5a38896eba9ea762f326b68c7d2d521bfd8cd4989d3eda15e85b30f97d2b3a4456f78cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cc31767200b1275dfa56a0df6139a98

SHA1
eb250ae6b1c496051b7f86d0296447947681c70a

SHA256
b64c7b73ff4c4e2975a54b204c99f484daef92af65746f7b02f00ef54043d4f5

SHA512
ec5eef61be59902d4a76db02d4d25a5db986a279c26b7a199a1ddfe22f49afc89e60c565cb6d5e8c8ad257000f95c3a29be9847af68b0079afa5367011b8a442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f658e89fb52efe7318bc0fdb5c286968

SHA1
3ec1bf0d9a43a08dd1cd8c44d5404274668e4592

SHA256
67f129de1b0ff0c3d1b87e5c0ff924774d9c17568f7e61bc096e73bf8af4c0a3

SHA512
6bbc8060e98d33511135626298c45d4165b4e352a43815428b0c69241439133b2783889113f71c38cfdf9f886be739f663a809d86aacebf9d649d45bfc608c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b21d14f07e330f04d36cb4c5c2b3e6a

SHA1
3638d76b05250d0f245572fbd2833a0e67be1eb7

SHA256
c3a969eb356c7ece7eb4559642da6af4ed4a1fbbcd64823f0bfc682d3ae390ef

SHA512
b33a7671d3289cf17baa6789653462ebc4bfa5480792e8d295189166049170a66de594ec081bb9e5f6acb10ec57e0e43e8a4f92550c7564ddec8243d0ee0b906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809fe.TMP

Filesize
371B

MD5
ac596338f5c1b58e7c2aa0956e104924

SHA1
33c3c12ff54da34f7823e4c58c62197ccfec24c1

SHA256
b862a9d9b5dc85a3ba19c6eb4351ff3937306418520274c584584bf0743b2959

SHA512
0c706ee733dea085b993ab16dc945f8c540102b9ed8297dad8a96b2d731a5916b2556694d886b54d8e9230fce950d3ed47548fa91ba34fba42c8e2ed2838e682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
143c004033e599a9033d8c5574277720

SHA1
362ea4f5fbf973118789f394dbdacd18a6486488

SHA256
b79aef71369e0236a35cc44e560ddaff121887a795a92cdd1b2647c3eb4aeb2c

SHA512
66ed3553a1358613535e0e67d5f536a43db95b48937f1be52f45b976eae8e17ccc7eb1bf41a0916fbdbd5d54501b74fd5573e6e2b4fad5eb7a10b55cc7900959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ba8a0a7f6fae955a2c182b6f6a3d1e7

SHA1
4777e03b649114d4da61b92e7a54742c485cc2a7

SHA256
f2ba3e8fab4d9f6be023e586da251b5395645920c60a54aff00b75f6f99b48c1

SHA512
a2791d72ba617c60cfc73210cd1247df33745509bd2e9aef268616097664e639c8dbbbeef577d2b0e4e47ed83a9813e3b0e339cbc4d03accdefdc4358796eefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93eeeb058e68bace87bf143b12d74b57

SHA1
aa9803b371722869f146481a3a058ff9f8ab4cac

SHA256
4f50ad9e69880b3a5eb6b283d227d8dea30e7a4e378d65b0bf9b34ddbee87f4a

SHA512
edbf9bfe1654402981f8fec52aff62313b3c8c58bf7e77314789425b5d27c0e440c3232d7e9881a660fcc0adaf78ff35759e8262a6d9d9d5ec74da3d9b59b1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2cb41c4e9b370b87e188c76a53b80dbd

SHA1
1f06747597177edbbb39d948a261405bfd9c6331

SHA256
e902d3e96a11cdb7fb3b19ad799d9421bd99edf48a52a134565e4ce2b5e4d8c3

SHA512
85fbc8737acf7156adfe6430474b80fc577ff17fa28c2276fff8f4ea385c46bcd6474dade999383318d1d8a3fa99c08e313a7282671deef1cf6a06d4fc86c2c8

Download Submit
memory/468-4-0x0000000074D30000-0x00000000754E1000-memory.dmp

Filesize
7.7MB

Download
memory/468-5-0x0000000005220000-0x000000000522A000-memory.dmp

Filesize
40KB

Download
memory/468-26-0x0000000074D30000-0x00000000754E1000-memory.dmp

Filesize
7.7MB

Download
memory/468-32-0x0000000074D30000-0x00000000754E1000-memory.dmp

Filesize
7.7MB

Download
memory/468-6-0x0000000074D30000-0x00000000754E1000-memory.dmp

Filesize
7.7MB

Download
memory/468-3-0x0000000005080000-0x0000000005112000-memory.dmp

Filesize
584KB

Download
memory/468-7-0x0000000074D30000-0x00000000754E1000-memory.dmp

Filesize
7.7MB

Download
memory/468-8-0x0000000074D3E000-0x0000000074D3F000-memory.dmp

Filesize
4KB

Download
memory/468-0-0x0000000074D3E000-0x0000000074D3F000-memory.dmp

Filesize
4KB

Download
memory/468-2-0x0000000005550000-0x0000000005AF6000-memory.dmp

Filesize
5.6MB

Download
memory/468-1-0x00000000005A0000-0x00000000005C2000-memory.dmp

Filesize
136KB

Download