8b69e0052d3a09ecbcda4992864a6161134d97090605dc13de9f4d17fd5cdef9

Analysis

max time kernel
1783s
max time network
1785s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord Nitro.exe
Size

5.8MB
MD5

8da6d9c15824162f4dcd124f9a85b9a7
SHA1

9dadcad383afd188c8c06add8284695f424f434f
SHA256

8b69e0052d3a09ecbcda4992864a6161134d97090605dc13de9f4d17fd5cdef9
SHA512

36ab99b27fa4a1ff65110c012f8bb704181bc7ef778534dc26002edaf094c9b2f20f724a853ec1dbec71bb7dafce8b761023dc35c05ca09164aa74dc81addf59
SSDEEP

98304:6QIZul/F4DiwTv3Ea/jk6UNyQlX+6GdC8w9FFW6kHG6bExeOyTBUEUKFE1KH+AJu:LIZuVF4DiwTv3Ea/46yX+tXQFI/HfAMs

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe
3936	Discord Nitro.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	discord.com
10	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Discord Nitro.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{F044D211-0699-4844-B404-B103A022DFEC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
2928	msedge.exe
2928	msedge.exe
2280	msedge.exe
2280	msedge.exe
3112	msedge.exe
3112	msedge.exe
1988	msedge.exe
1988	msedge.exe
1892	identity_helper.exe
1892	identity_helper.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3936	Discord Nitro.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3340	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3340	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3936	Discord Nitro.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 4332	3936	Discord Nitro.exe	79
PID 3936 wrote to memory of 4332	3936	Discord Nitro.exe	79
PID 4332 wrote to memory of 5052	4332	msedge.exe	80
PID 4332 wrote to memory of 5052	4332	msedge.exe	80
PID 3936 wrote to memory of 2928	3936	Discord Nitro.exe	81
PID 3936 wrote to memory of 2928	3936	Discord Nitro.exe	81
PID 2928 wrote to memory of 4872	2928	msedge.exe	82
PID 2928 wrote to memory of 4872	2928	msedge.exe	82
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1268	2928	msedge.exe	83
PID 2928 wrote to memory of 1672	2928	msedge.exe	84
PID 2928 wrote to memory of 1672	2928	msedge.exe	84
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85
PID 2928 wrote to memory of 3196	2928	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\Discord Nitro.exe
"C:\Users\Admin\AppData\Local\Temp\Discord Nitro.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/NRRytFFReh
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffacf633cb8,0x7ffacf633cc8,0x7ffacf633cd8
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,17465874708862208614,14212224875335604294,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,17465874708862208614,14212224875335604294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/JkGHT-qky8Q
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacf633cb8,0x7ffacf633cc8,0x7ffacf633cd8
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 /prefetch:8
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
    3⤵
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8248179817180313077,1308841073670573878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6628 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f5b94b7-d868-4a96-ad55-1ed137417441.tmp

Filesize
8KB

MD5
d838efcae92692e4e8bc286c9bca3e79

SHA1
138491f534cd7f1bddf60fe26531d089e162b137

SHA256
3eff4bbaabbaa255d60dacf9d610d8a45a629b3a64eb46e551a279983ac34c23

SHA512
bb0e54f757f052e5b11ffcb0b291105c226df4cf9e44ebc04bdf9586b84e0b3ce99b9d75d7c26f7ffd8a79cfe088f826f282104fc6ac3d0b2069c39a26578760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
701b37db0fae59b58184314366443de9

SHA1
49611e9cb7d8d0c7e6339d6991e6c0f5c17b1172

SHA256
92378dd65d22316ad5035c640d4041efc7b1ee48688c81d19a3c99fd4283f25b

SHA512
039930717b30a60c4d6b5181202c604b200ebe77fdea2e1201ef8dfc70601c8918f91ee4e5b652ba64a6eaf6402cdc74598f69152206e5c309a7bac62de52de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
47ab2d7bb2fe72773e061d84c0c1cd5d

SHA1
d2acf2070129f43fd019ebd847eaa6713f2039a8

SHA256
5d45f54a8b2c145a3a5c36989846f6eab3cd36a4ad5b55c4285c54fd6172cdd5

SHA512
bc95518c7cc166c0f66f4e4f113e009b81ca350630133f826a14a6c2513af34fb493aaff07db6b121d38a32fdb5c63820d8c9a86deee64c293748f3e971eadbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
23d9a8fa374519750f8ade97724a2f15

SHA1
3501436978ae2a462064c0d086b7d2e44132fe88

SHA256
24f97d08fc476a2cbb0ced739b4697a187d7783c8eafb467583a91522088d7c7

SHA512
49db61d32f5fb8d696b263f0f81f0e2b35365e852065f83d65fd4b0100427e4e795a5169d80e5a26208f8e57476cc5fc3849df25fbeccff60f1b0359c4353093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7e9b2922869a1abcd9ef83069717ac1f

SHA1
69382a92553c60a5bdb8af1c8fdb3058d46f6a48

SHA256
4a094c0253d8137c124df1651b3148b3a9d9f45477f189d16d5c1ea4e424a12a

SHA512
544b8be975a765d6f3160c1350792637e7fa1df88409b0e1fff29957efb6117b7c0d0c048e50afd2e12df0de31dcad710bce24983689df07000dcdc2d817fa17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
860b75e7230a598a2a055471e0c13f95

SHA1
06be5be2ae181e75408d4ecc7e3a2a4d1b47becf

SHA256
3113673bc1b46c6adefcf2405ca28c7a6cb54686bad8f59b4fefb29ce032d15a

SHA512
e1a57b27bc31fb1f7657c0354da7d1cf9f687c81740cc3651f76fbf36bc8b0aaedb4966ea5e80715ef593ce5192486fd1c458cb9d480abfe73d0e874749084f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4f583f0368ea672b263795fdbfcdf6f7

SHA1
7fa8561cb449907ec829ebda52aef7c22c05d4ea

SHA256
8dfb62d5498e4114af750af793e8959bd667b8bc313b67e7e53345b109ee8dd1

SHA512
9ef89d75b042ac07639248404015d03d69847acb59cdcfe0e3333082c0323adfbce4934fa508b2a976752503b81639c33fccec85729e683b433e6f369791dd39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
38731d2941801b838f3a70c52bb8e3a9

SHA1
ba3085c406cd7c0736a19c5321b4cc99c0622802

SHA256
f9b3fb1bbaf1fb4139b079612f6ae4ea6400ca117e297da61cb75462bde74f14

SHA512
b726e57eef20a69329f1b6a2924e9a712e217ad9cb49e8d7dda37f282495249b411e6b62b9896861ed7f4ef8a390b83170bf6d440c1cd0967d8b1b1009206d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e80c10542f31b2967ef7dc16752ec7f6

SHA1
b3fffd132dc50a8bdccb56c925861d96c91acbcc

SHA256
0269b55b20f9f8a05adc1e8853ca57571ddf1b94a928270f0e1968b222a4dda4

SHA512
aa3c31d333bc4046e1b6c10d66722719fa0af5bf32297d956c6a8d0050c3ef90ad2242c41fdba66cd060179634cca24694b8411732cb293a46682a31137a7660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a18868fe6561c8439efc03fa0722f701

SHA1
0820f1984989b14fb95613b3b73b07e13ed44e29

SHA256
0c627f13e6fa0532962e569f7cab8c281db746973eae43b21666ea7ce0ca572e

SHA512
38e4ca2df16f24bf74ae617db0628203c3e4569c70378f7ceaef1bf788a22e6161b0d50460193812bb4b0e9668050201a9492188bac8b121be576802ce5c489b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fd51e51391fe4847fad0e8c8555c15b9

SHA1
dce16155a7cdff0c37995c1a2b0acc4aa26b101d

SHA256
0fb040c68472836838f57208d00495a2ccf727b82acf3df1a758e60818a69d98

SHA512
27be33b5d3154fd1404a0233a1e3ac2d248ef6eedca83d58736327e63d20bcdb03296ca3541ce599fe1758862a29f26d36e22b5cf6468dad1ae5bd463483bd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9deb5b7317a4a80cad53bf8e6d04e0fe

SHA1
04b1694870eb011ed743c4f19b9d4316b7406a49

SHA256
caf9812da0d44fa7d4342b550f5aed64de4dd53648c72819e34b082f1e43a733

SHA512
d568b2ba604ad7f67e44cff514587489ffc3bbd39a8539c0c2c2c5c14743f866878b8783943f652988c6698b772f601d0adbeb6f8d18c33b2a2f2a2c2fc422e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30efc13945833f5ce5229f27985b1cd1

SHA1
558dacf19645d2a54bfb5ef2176cb0a106e853c6

SHA256
d4dfd2796533a01ca10dedcf6bb5ea25d3e54b5fc98f229cba5d27c302d995b0

SHA512
c9c69a1f3fbd149182af23d2a626563695b868e0c96699a5dfa74d0775a02aaa51d081da920fc0b64c865f64b8d52049a7c7301472afee1b910c65daa2667ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ef061dec2530b992b67bf15d13a44271

SHA1
80a80996bb64f7d0d89c64aa3a02eb1cfd9f3308

SHA256
4c5d05c04a5b88665fcb9bd64a7d80571971a87d6da165a69dd3156bcf7261c0

SHA512
07fcc66f9219bcc31e3338ee709960d5bf35f4dd8ea28dbff774bb4879f3da110570e709c640411d565adfb8d045e8d5ffd263602e5b68740dc8399467cb6b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f03e4b363f1a1e67ce08c5d9eb8825ca

SHA1
caf530d712f5e9d07fd8a3f15d26530fcd09ff46

SHA256
3190136ff1e9194485b67dfe9377600392f041d559e4deeb52dc7e5be50b807a

SHA512
4d593dbb3d28ead63a856ab0862d83515b19ec5ec6f79099b8ed004ebe45c3023b73ff684aeee165f26cd05239ff1f79490cb6578c72c55ef20327d664f8088d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a2f8274e946e4b9c69112f716ca8c4e7

SHA1
cc843638d2db90279d4acde451ce1636b5b9dcf5

SHA256
50c0dca79a53db8ff5dba512eb4fd7ace54878ff62cc035f3547a78fefa0ecd1

SHA512
fdce9820a44682b7a73bb1917a0eac1294eb8c11ebff2c0fd5479fb9a23ce73f11c53c854ddeed6d309ae7b92e50ee27061cd3320784f7724c8843d16d68f432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5e7ae50b26078e9461ed02a72b60594

SHA1
4b77f5dd63c66a5060c8ed319c6f8b3045119e1d

SHA256
86309289b0db6161951c6529199f8cd3f3212827a844342e299b89271473ef45

SHA512
d31d003db08d90909f0657a0489c4821f3e1d97796ab506a34949b1773a110bbe41aff562656968c7426e97a833002f457c2d8305afe98973d3a6441092c4f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
67a8abaed3c2c2df624093aa3ce19411

SHA1
a2ac5c8c8439afe7bb50de19ce8f58ff910f53dc

SHA256
cea0da9f5005a6404a423936f82bd306e8af1663cfc8208bb299fa4b924570e9

SHA512
e30d65e0b1b7b312b95c66b9ac3beb4ee60aed385d2a80b9825dfc813a3d5dccb27da646e26a3d6f79351ac89b826593927adf7c8d136b2b4e362076f0c2c819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a58df1aa0093f76039d7da24f25fdd3

SHA1
98b77654fc5fa4f8cfe77d2ef9c27a5031b5aa48

SHA256
cb4be3d2ab8d755f90c81867bf32efde02fa873423d106a52da5aedc1156f235

SHA512
cc5ab96226fd855a8d53071846f1c3a135cc3f31292ab0fdc55aa1a687d229dffe5deee914789b35168f85ab470fe74a0bfcb832d34c78cd855de0710c36f9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37fee0e5d6bcdf1cded7149309e970b5

SHA1
bb4e2a401974236e426a61a159b325302240325c

SHA256
ec1250239af4e325f74cf99000cb60a644f268582b562d65d9c5b99116af196a

SHA512
ecb6b27d3d27ddd55769058a8e1d30685ef31afc760abb85f63e2331a91b52b99f84b5ac82926bee195b6cc13b755479c727ee4c1b3688962dbe5777114c7e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
234a76a07f7983e89a0911c5d06d5e6b

SHA1
d082244f7151a58d569499bb078a198d240c6c26

SHA256
14b8b6b715d9ad9c04106d6907c17c98f1266ebd33a9fb5154d8688dd8c7c458

SHA512
de4b5418a39120568bc9b4ead569baed253d39c96c63f24bba2dd086d61c8b3f70d49fda75bf91dc3d39dee74f3b0ffb96632a5f7c1d18ed208519c0ebc7fbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd5aed0a49e1358f3561410fc75081a5

SHA1
640961974f92659457a6da5678072325320775e3

SHA256
3f481070099efd6b87e554c0e7b6f861b00db0b5a2953e4c87b7b48754963dd7

SHA512
973b4712d12a9a1b87fb3fdc37a721fdf5a4f59bf9381871fbf23ecb94cb12b96dab25761f068a3674212bbbc856962a49b82f57fe6e5a7486fe960946136193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6af6a7e515487463864d319ecfff79ee

SHA1
04edc1bf9f6c030b162d8fe9b2e8b99c561dec08

SHA256
bd91c40bc0415627ba192d8d0ba145b2f300a98cff3820aaf238d28c338840c8

SHA512
7b9c5313ffc184c66feaa763e3b0eed1605b0d82bbd43f89f9400f3ec8c2fb27215237747fa3a98c8e78b5ac138731a960281c46f43914e9026dcfd35271c57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7cc2659575de5dd184f863998582b1c

SHA1
b6c5abb9d3bfa6f67dd31fc7d4850d0533b954fe

SHA256
16a2765d8bb2ac3fc952e95d99b524aa657774170e633ed6e22f32cb21e6fcdd

SHA512
0a2cfdc28f008b916c6a5b0b734165823e8489d5a8afb16a327b4609f3c4405616da7735be1b4221c05ac5ae13bb3e20f46773515a534f013a98d000eb48e988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89ecddc7adcf4b15fd39c4affe8d839b

SHA1
ec7574ed741832ca79f9eda7c6882ab5b566a42b

SHA256
188c2aa7298708e6d07ef9e12da9522b99a7d08972fc1a00e2527db31de3b29f

SHA512
d0e4d33dd1fcf761ea2c46f29980c80127d6e907635d451f0728309ed8d139780a1f8586256ad91df1f1c5c4abcff78b3df48415e00d4192063933493edcd0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9654f70-e7bd-4bf4-bf82-1f099d6a2687\index-dir\the-real-index

Filesize
72B

MD5
5e3cb8622e9fe519eebe5923184d1a0d

SHA1
dc893ab6fd31c8d74dd3a2324d3b850e4caed833

SHA256
1c9436391e460a61da35e000f4ea010118139e1566ef58cec3b72992619cdb59

SHA512
b4bece390893d26e69f3f0c4416c4fc026e931e4693cdf3653bbd25625a56142648389355a9836152339a1c7f89bcc39550ed41aa9e38033ef1a5e824d59b4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9654f70-e7bd-4bf4-bf82-1f099d6a2687\index-dir\the-real-index

Filesize
144B

MD5
4d9798808e27a1b321d30d7dae4b009a

SHA1
d7a0a5c9f6fe752db7fdf46b7ae705aa9336b7f0

SHA256
669df6d474fc948446d55ac1f781beae820401db257d703b8633a9dc82ead331

SHA512
e99103d1e36b36e9207dd86e67b6e89d349f2256b52bdd674a749d9125d01b473e2ef4920e4b957c620d1d508cfec26b0444660f95843b01aa754964d02c5e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9654f70-e7bd-4bf4-bf82-1f099d6a2687\index-dir\the-real-index~RFe5b6a9d.TMP

Filesize
48B

MD5
317df6f1ab0f1ebb08c65b25e55db30b

SHA1
dc038bd9097ef94fba9d09e50e11b87fd3cf9acf

SHA256
bf84ea2414c483d3395e4b8e253c1c61d1ad0789f6c6608fdc1cf091fca6d60e

SHA512
03bcfc72a9f8b0cdd1129059c0653c03a40b71586a1e6d525ccf56bb18376726c2abd37e2dba447f91def23294d78ef496cc52e5d9198608b7d878427423aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5f9fa4cfe54394cc2279e0b077fadaef

SHA1
e2e502a36c4c5a3b2524cd431e07ade641c5ac4a

SHA256
5c2cb00726968b25133e4e8f3edfcda3525dcc73ea2c1cec1e9406b13b6100d9

SHA512
3ec574dd1443a937a220a28f11fe3698b9cfce46b188d85e3152961c9e4be6ac59304d3cd68d3eca0e34d212a9fdd2f1ab586b3d2a7be1f7ef82b5069c50b6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4fe0735220c195e05940d713a4361109

SHA1
a597c3a674b2fbd6420c14f08ba3a5364bed07bc

SHA256
58e54efd1482a4a8fc2eaca4bb2e98680a90a3d5c49c1575970f6c58def933e6

SHA512
bb6d7978dd36289ea36f58d1b67a516e95dc2d23474ad4a4118e33d83604b5816ded8b446c9296b564e977816afbde132d2ec50f7450701bebf9dc7f22276d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
917d3c9c9328e5107eedcc6a5c0aff49

SHA1
07bf79884a866429c7c15e089e0efbb69cff63ba

SHA256
17e4a05b5f820cf5f0fccc54039e1de05e01dfee181d657d15ff71baff70398f

SHA512
9001fc59cb05dfcdc6f554a39f8a0a76082d16bd7db419d6a47b8634e360759d7ee0b734ce3a0b67899a27241457ab668b9843761b0a3eb9efe06bfe637752c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
5c5b1b5b2d76186242862e9ad31763b5

SHA1
13398afa9044e765405ed03edf1efb650f1a0b3f

SHA256
dc5bc95ded76c85a0d56b0e557c199e4125dccc9b835cc611dc84601b7067ca7

SHA512
b40ed07e9ab221926531298a3498dfe6d8836cf74348eacdb396e15a7ab5a662d868079c6904c2b05da9777dc0c66197cea807dd03099cfae1ff831925ef1108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587b94.TMP

Filesize
89B

MD5
56281460c6765860c61ed7787d81f69c

SHA1
a87c33728e15839dc53e8408b2eb0cc8f48e5228

SHA256
7e10819e889264fab1232bb7ce699692e476ca9b14167623ded5b84b2095130a

SHA512
4634edc964526d726e0f2fc67f24748ea6e6955f5c63385f6dd6d50e5f46c07582c86c679fd7753babea5903f77129a8615b7b324c6ab57345f556e76ff66d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e520533ba84492b94ef5d801d33b91bc

SHA1
9e1b11e52e976110a560a528fb9f051fa40b2f2e

SHA256
7317337057b0570e5ffa8f10db722d3870872477b39551dc873831bed50bd51e

SHA512
6cba5ad1dd975e24afaccdc8890702976d3691f2b5c6690259ce438cb058f67745a3edf25a6386067aff0aaaea99acc86617e7dadc2fb3d32b87e890d85db883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e99b.TMP

Filesize
48B

MD5
acb3f20444dace969e698125dbf1ec81

SHA1
533f926c9e8768a91b3859a789bfd2b38dc49b91

SHA256
ab7fb1c8b83899093f2a764669a028f20a27fede098b14e6b80ec84ee2312f84

SHA512
eb3af4683a15f82b8088830d765f0e2c0b5c391bcf95bfa8fb437cd2691e938487c5c92530ecacf75ed1bb36da6654d9857c28e5f007fa11a2ee94a283118272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b207cec1b98915578f9dd21eeb00f3c1

SHA1
089527e90c38dfff00fe75760b72d83603d57f13

SHA256
28af747dc171fbab8497f4ddd25ca4c3636dd45b0b0167a0b1db65e7458354f9

SHA512
aa2f2b9c938537caaa2e8236bfc032d8fa0660c918c0701dff462c670121a3c5ff87a6de3b944821cd2aaf2a8051c00fed6ebd5462bf32937b14c591a7cfb4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fdd120dab5c5adb0afd76d1c81e8c33c

SHA1
be902d7fb5036b1177f558a63aebcda5fb3b6ec4

SHA256
91d6cecdac3a88fedd1115e8049b32e8a76e4e3022f16809a95a5ab0d05cd7aa

SHA512
6e4333a143364da6efa9cd64f19b772d4c2521752bb05cdf4f5d4b0bfc61571c70aa012a9f189e07741eb891a40131b63d9017ac612cb37d12670265e9c1228b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c2ba.TMP

Filesize
1KB

MD5
5f77f3589134c54bbaef35c707578e2f

SHA1
5cdcbfce8a05c8a7f881e83d54ed1f07eae75ce8

SHA256
2f04adf9cc818f5cf031d60c9e68a4800a9b95f76880249eef959be12cf595e0

SHA512
a6c14059a27762e21e0feb6c38008b4e92c49f422613cf70f5c2491bd1b79db1cdbc5219583d312979bde73f00628bafdab1ac6fab5748f6475d8985c33521bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0310da805eba976473475a18299e68c6

SHA1
82ce0b5c586e3b36d26608602e3799ed2a8e0a3b

SHA256
629ea4a1c90e07e8cef007e18fe235a4cdeba7c6ca98b7c5e9266024c72ce6c6

SHA512
e8d34a2fd11a5185b9586f6a507405eb52f2d77901d513f64994a2da6447183b1aab3dde97acc3ef2b8b87e0984a0f9101fc1d878b3b95eae5e78caee5d628da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22b8f86f52ef5f0c87905a9b9df64e65

SHA1
085d6e9116903439b580e3f9f0509351722ae916

SHA256
1f44af19222882a71c5a24f32bbe34e7c982322300f7b2e8ca4c81bd31e13d7e

SHA512
9f99a78be008b300cbf3ca830053c3c70ab3f5bb33ce7b836d96b00d0e1212414b47688ddd2a4a54a3bb0d31d8222c7460c52967d0c617ae6f9a692ccd52e0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\GetSetMasterVolume.mfx

Filesize
115KB

MD5
95bd1478d106476c63ed50dee89716cb

SHA1
e0f2ce64fdbd11bfe29792612761a137d61b3d6f

SHA256
5f83e1e1dca0b5937ede1c92db92493172e17f762abd9c5ab38f7072b73c17e0

SHA512
44550c7443166cc5f0d65a69d6d2e39522e4f5226a5801e00053294091e715877243e2927ad7f741e62c5f99998a9f89713854092a6fbcd2e0d1f3c0eae96507

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\HTML5.mfx

Filesize
28KB

MD5
94ba2e93d991571751af1d5d2686e247

SHA1
dfc1aa2eb5741094ff46e14f2a5f2d5b4b7a3a66

SHA256
80f73982c7162d04e95621b11d6a9ecfe0b79f6f678c3f09598d4d7fac72d839

SHA512
57c667b412b2320fb53ecc871de30895ca28f66ad7cdfa2a41d7daa635bf3474b81a1965f277710c824c3491bdca4fd20a8defb99f34eaea053e313a83c1228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\WndTransp.mfx

Filesize
65KB

MD5
6f93111ce72225daab2bcdceee48d204

SHA1
1a5156f6e00b47dd4197c933092578aef49a66de

SHA256
e8a1af555a3d39b1cb0c6bf6511158d4fd48a1e4e2dac60a6f54af4b486f60a1

SHA512
44549a2f29c9b4cb217065cc4f670afe84691fcc9d0bb4898cd8caa408256015b1abc1c29b6ce4083207e56f339f0843757ae07d01e2a2bb945b6ddaa4c8d3f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\bigbox.mfx

Filesize
84KB

MD5
ad6530e01a4827fba383291847e33036

SHA1
6ec72ed182478c050807c0e3270974bf34304aaa

SHA256
a427377e56a804f82a5bcf07b7d5afae920f8bbda2dc5f52ce6a7f84448a8bb1

SHA512
33cccc49302f3c257a3ed3b9d3bf0b2dbb347ccba3b6196a01ac317f83c2bd47c5cb9bf47fb677374b95590d62f5626aaf246a318999a4b07c5ee60c4c4ac863

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\kcedit.mfx

Filesize
32KB

MD5
e0cdbe134b5b60c920eda184853e32b2

SHA1
4370e12c54a4ce0a563dfd2212aec9d705cb1133

SHA256
c229b36ce4e3cf824844931c0dfce165da22c234397cb1e8258d05f86decd053

SHA512
1c88267b0e26dfaac0eacdf6d6e20c336b1d4cf6ba38ed1c46b4c8f8881174364404a138f2ae6851e2968bd2f22b31724edc7598c61d620b27e58af53a4dd0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\kcwctrl.mfx

Filesize
12KB

MD5
14e1d33e5c9db83a0dc3101f712b2802

SHA1
37eb0cfc5336681275b9c4e0badc7e25018336bb

SHA256
2f0f00f42917792c0c3ae4640009dedee3c96408173211e44cbbdd6a04f4afad

SHA512
0c0524b2a2b4f64592bd96486cac5f080adbe8971c8d84d6d240656420c01bcb53d12044a8fab220ab5ec34d3978a81e1d2cc76306153a176a57e88a035372a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\trackbar.mfx

Filesize
11KB

MD5
6582026b7e26357a9e81b285c5345aa5

SHA1
cfbf1fa1fa570621fcda9e190a1195d3f8369f28

SHA256
5dc16eeab508b3c63a24f68c0d751c85f1882c102e09b975a24b4ff9f4d361c9

SHA512
ad900dba76603526bfdfe01e7ee4cb06d90e575f2ee8e7e56c246387b9decf0c241d912bf267ad5453c1f2214dfd17e8749eac60afe93b1753f34ca251f558d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8676.tmp\tts.mfx

Filesize
104KB

MD5
1f5848fb81b9f01651312cb19af966f3

SHA1
65998c1a2b9ca5451a42f26c1f7604e6bd90cb9e

SHA256
dc25166a9f5845deb6e50491f4b4c9e786166b1dac39e8a30603d02faaf4db6d

SHA512
285b2fcf126515e0729bbcfa14306e4469c862497e05390d9eab6338ff27b7a597f46d0d059eb135d5b335f05528a77a5b4bfa7411bcd0938d572d6ef1d421d2

Download Submit
memory/3936-41-0x00000000028B0000-0x00000000028CA000-memory.dmp

Filesize
104KB

Download
memory/3936-23-0x0000000000DC0000-0x0000000000DD5000-memory.dmp

Filesize
84KB

Download
memory/3936-48-0x0000000002900000-0x0000000002923000-memory.dmp

Filesize
140KB

Download