hxxp://cheese[.]com

Analysis

max time kernel
303s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cheese.com

Score

8^/10

discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: currency-file@1
phishing
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

225 yandex.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
225	yandex.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{9E2086D5-6D43-4FDB-9F12-B57CF95B68E3}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 481605.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 481605.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1156	msedge.exe
1156	msedge.exe
3996	msedge.exe
3996	msedge.exe
5116	identity_helper.exe
5116	identity_helper.exe
860	msedge.exe
860	msedge.exe
5944	msedge.exe
5944	msedge.exe
5944	msedge.exe
5944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

msedge.exe

pid	process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5216 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5216 AUDIODG.EXE

description	pid	process
Token: 33	5216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5216	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exe

pid	process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3996 wrote to memory of 924	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 924	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 3108	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 1156	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 1156	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe
PID 3996 wrote to memory of 5016	3996	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://cheese.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7652 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,2593899875574553935,14908328679168970225,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8756 /prefetch:8
  2⤵
  PID:5460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x42c 0x398
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2746b767-42d2-41b3-9b85-264fee0bca38.tmp

Filesize
5KB

MD5
dc130a80634679820b01526cbbb89c25

SHA1
dfdfa5a1e6c3883d2cca7637d9193df063c04227

SHA256
a6b4c97a8fc555f12fc25059de03f68005d80c279d3b644e227beaf3e336b2d1

SHA512
b7eefc2442995817d1b10ee65956254927c27de331ba5a3330d9b3c74063b3107d4bbb51c13688107170d5a5d389428febeb9c5010ba95b199a2fdc74e8aead3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
20KB

MD5
e92faff58b6be9dba9bc283c4f4c8513

SHA1
49588273a413dffd248cd35dd191189ed2c2343c

SHA256
8c6c6736f4650f9bf7af6fe14128a3d173816f3dee2e02c5552240c04852b691

SHA512
52ddb77b600f519eed2343d528b9c9bc03585c82edaa91c63e8850d19be23c2f645bc8faea19c3d75ccffb30e4e69a3605883106fb1783346a8883465051643e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0bae7c4caf355fb347175452b10cea65

SHA1
863a313a6318fefa2dd8796931b88e3022dc3fe0

SHA256
cf0ccb79ac64c9c0b9201c6ea041f4f2e8b3d7b57cd69be8c6e030a74137dcb6

SHA512
82514a90fed8486d160fcb3df237fd94536ce5aba6d407a50736cdcc87c97c5aef2df3d0604f5d45bd51413ace4f6a0e6ea3e47d0f9dba4b55f3f30b98c67ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
114cae0a0db3115de303d54e123d2d32

SHA1
f70186f682851ceb6189839a34a8f68dbf7b6606

SHA256
f2ab46c9bc9ffcc232ecff3f1ba999a784e6f79f89bdfc6afd66cae15407dd97

SHA512
b5926d53839fc370aae313b523b597e0628c42ebda1f4241987b09b3aa646267ed9f3c98d99afa01cbe2fbd877b96b24f89a9b354365a6a8155cdb163461491b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
768e367697683c76ba707dcfcdd19b43

SHA1
12a68902552979aab43bbdd0b8f54b1dee2aca46

SHA256
5a09421d367e4aedd57150782639f550378c133ed575aca2a90519081742a365

SHA512
fdf557757fa17292e2a06910e5ad6b180f3b86bdf729aa004ef4782da3c83aac3ccb0474930476510fc2b2e996a8c307a5d98c9b4cd1457d29ff30422f97ac64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f0dc99aad19947be4b998d73b745d129

SHA1
9ca3cba7adf07941f918df24082b78d9d2ab2681

SHA256
4847e8bff8cff37d41a17fcf493fdcd8594955786d4c754060f34bbb9df5ac92

SHA512
7b8b47c3b5e565a6f1ff3fc5a796e6b50b71780920654d1fb2da3d1f6c086fa98200640da10dde912cb4039b5f43f40f258c54a48e013288bd0a8c4e30372452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_playhop.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
179eb95ab6663409c355bdcbd99829fc

SHA1
e49e41742c4c0129a613efe229c751e047165521

SHA256
476d1ff25d84fe28f6202e7a4c611730eebe0d3ed0f9491626453210dc66fa5b

SHA512
3aa6de995e269acda90714cb99790a2b070ceeea5b8b073f59662b0d02ca8e0e45ae062a7b0d02ff2675db3221331daeb3e249c923708bd308bfade80e108100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
bffc75c356c54950f606405bb02729f3

SHA1
3be5b4b515dd0815c53d35cbcd1e5278ae732e18

SHA256
672d89da8370765695e4e83e66540da94a8daaad65054d2e6d796e7cf0e2887a

SHA512
65cb5c3c357ee47443e19258c27e2540c3e34d2d25cb366b49e4bc23dbe47b9b56535aa8366f88cf5e70938f8b948ec03ff1bb887698a943bf7bbaecd0ba3151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
d916beda501672e23729d4075e96790b

SHA1
43ac0b3e998df044153a7b8345d57ddfd5d72da6

SHA256
400ceb8e001e793e3c65fc439a45037d4a6f6c59d6b702da29c1565dc402ccf0

SHA512
f2489fa4efe792321ecf2c0947fcb669d1e7cb5f3f4890dac29f05fd19fe5c66079a9fc33d4f50caa0e51c143592c9dbcfc878b33d63ccfcd024784b478e2b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
9c907b46898f867d36fc13793bc43e54

SHA1
36b423ffc80b918e1fb33b9c50d1bbec0c60825a

SHA256
f3f79faf3bbe1e24a08d9464ec09691dece1585af94ffc751b971f25b4d61ab9

SHA512
a53dbce3be86ecb18f4c52bdf5a92bdfc5dd198d52c61d2171a55ee4cbe249f8c3583b218e89e0faedea79912ba6446337d414274da56b757416e25ed433da70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9155e3738b63c0e6f2b1ee53758ec5df

SHA1
732f7df761823a9124ab69d2a88b153c3ba31e65

SHA256
4ac7c6b35b45af5755e9a8341adc64aa49f1212ee4e19d0f5c1f471f96018824

SHA512
4e0756579a34f200775dbe2a9f2d41897fe47667dcc653aade6317f4a6338da18c5dcc434ef3c51957d04544fd55ad2c111519270a93c1e49373007cfd8174bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a75cfdb6f927922c8beaae10e9b6c89d

SHA1
b5abc434f6db6bdb5d7f9d260ed8ea58b0d7d3ce

SHA256
7947724c5fca794d39fe4cd07ea54e4e9f3b4bc50ef3f4648b54e5c35ccad84a

SHA512
f73fc414fc7a7869455114aafd527a3aefc82f4b3769a5c1fbc2253aed4c2b03f4b089266fa564aff1ae1118cb8587d95822a2364c5d08fbf980fd6d98adb992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
45fe025fefd271c3f6e55b936cf5d65d

SHA1
9431afd22272591a6e77b17ca7bc4f3b9e0c018a

SHA256
0d67371d3809ae4e8d4d94ce2d730bd6682d667cc4f9a569c5cded459bbdca25

SHA512
10e1220983faf8b501b84369382ff092a9ca7d189b94838f60359f0555f56193e13eecab4ca6e678dbeab4e8b36377e4071d8baf45f0c8e30b56582d97a35712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
266f5d950effb72d72b8ef39a250a9cc

SHA1
ef4f6f6e8f3495cddd0a1573ab1707f8db4c424a

SHA256
51aeaf83e2efcdc73f35763c1ae8b600eab7b43ed9ef5fd1465addc6a21d92e5

SHA512
34427564398e5c9bb9d9ae87071fac89716ab940a25d56bcd1fd417dafcbf6a39e53185b4e582a8f8b24c16b29cae2211b6ddf833668e02e3eedb1a0b5b60606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3ed88f5375e975ffd70af081d44d0655

SHA1
0ff78a0712017397102a4845f0a693ef76a20bc2

SHA256
2866cde3bf4f7f9729242d72272ad6032f97746cbacb126d3ef87b11991bb952

SHA512
8d7a8b601e93650c7b06b16dc4b382ae5bb872ef2671010466f168af234c93ffe3031119394065fcdae14aab5255dcb5f9edf8a6dfb43757b68c13a6872b33c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d25be192a295198bf4c3056e5124fa66

SHA1
3d4eceae0aadffc6d5c94347b84b359de9068ce1

SHA256
d5237ff8ddd23ea3507d18d10bdc997a1b3922c3bc5182e6ce2b47936e0da426

SHA512
2d898efc9ad5d020427bea466eb7487a62f530bc957be5e1342a4f9d3f83ec51b51caae6a74cfbe365f94d55e39ec84d38f1c508c74a01449b978d52286debc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d169a09a2b7a9fb50bc776c4dffa6ef5

SHA1
ca52cec5516073350a758c108e5f09fa00343883

SHA256
d2b9c8539cca44dd7892472674e64d64134a64dc993a7b76a497801581a3e385

SHA512
424f17ecae1412944ecd4bf1578b965da3ce990c4c207522aa6c313e6c82fd6b739843d6ba8844d65bcbb616c883e5abc66d66d19a13925d0b4fc81df6083054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\25a4a6e63ae7ec0e3da5536de517522c195ad150\a39f9086-8689-4926-94fb-ac5b6caef9f8\index-dir\the-real-index

Filesize
72B

MD5
b2e17b3333f9b7c7cb1e7483fec0767a

SHA1
e5cf8a16700aec53a576e3eb2d11f42abcce29e2

SHA256
635713a264b11cd13efb93ff4af3165386c7581a4e97d1e65e13122f36126197

SHA512
cb5d26471c45bbc6bfc89b8370500246dd506b30641026014c262a154b9d53bfd3aac48b26735517f6ecb9c034756102bca0932494e5026a88a9c5f8eace0524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\25a4a6e63ae7ec0e3da5536de517522c195ad150\a39f9086-8689-4926-94fb-ac5b6caef9f8\index-dir\the-real-index~RFe5991f5.TMP

Filesize
48B

MD5
7dfee71aaa63c4abbd0018f9a25a99a3

SHA1
d94b839892395e4da89d2ece698f030d8840961d

SHA256
a623faf83c073b05c58f8ad9eab75c3fb93d2a6986b0c1597afc6c4aea00979d

SHA512
f7ba9a2792f0e29acb126a4c94fa04793d9e463a0ad79585af583b68b6c3442300a0a599431ea12ad6b5e60cb8bcb171d2d7648b13df73621ce957fcc952911d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\25a4a6e63ae7ec0e3da5536de517522c195ad150\index.txt

Filesize
128B

MD5
5b95fc7608253619bcfa55ffac17593a

SHA1
f788bea5a3a1a9886480d075a479ff22cb79d60a

SHA256
5abc3ec5e46375652a14a6966da75849a8df60b87827952003cc7098553f05da

SHA512
e97ffddeac259c9e91704c90d36ff0aa2a3c2622d5b3338ca0ed231d4526b3bd980dc028ebcda4ab5e97be8324fa5045e0363e5b36d9e68867a839c7c708059d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\25a4a6e63ae7ec0e3da5536de517522c195ad150\index.txt

Filesize
124B

MD5
469d4a970dee7f4e561dae729d6f0289

SHA1
0c24ae58c837338bf26154e864a9ca2cdb279a07

SHA256
148d98d136219da33bf5870f5ba22f3492b2527f0b1bea9b5d7020086a9cf5f4

SHA512
ca5dcccc43e9c3c40d2095fe9ace86d4505643fa339764b68107c4d69d9f19b22ba3efb8a449f161d5fe3d58f0249fcf187d012255a227fffc63c7c98143fd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
120B

MD5
537ce5f4af24cb271e70d3ad81dc1427

SHA1
067b00180dc7c19c08269a53704d076a49a797a7

SHA256
14318ed02f4821e9eaeb968dce7a7e93a6e01bd765bed76540cdc8f039f35781

SHA512
ad2d5c8b40fd6d0ad5109fb8bf88b7c98f7051a9750448f1eb548d9915417eeb801f03bd4e6c1ddb616eb4e33cfb03a13da3ff12df9f43a8015679a6622cee27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59aed4.TMP

Filesize
48B

MD5
6e084f5884e0c7c582a1669c745fa83f

SHA1
b3875cc640013af3c245c60437cae9209e7b39f9

SHA256
21e6180ab065eed1ca821c7b84df0ee1cf0f225fdd0c550c85ffd959f7ab99a1

SHA512
f13257658b97eafd370a654145e391a4ab5cd0f7d4e90d525240ddc4829338fc34fcf3c266d6db4be33113efa908eed932799192226cfd1a4df859a67ec63c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e8635f2659adfe92d43198bf001ebddf

SHA1
54b10c3d7ae2978863daff7fa9fa1fc1710c1a4b

SHA256
7e5797d60b50bb4889cf71d7de336634b33d72eb066aa8cf4d2edc7ed3853624

SHA512
6bed6b34aa613b3236caa5fafae682bee73f3f15f810c9ec387d1fdcf940b056bde7e02edabae66021d3704f35d3174a178ae663d7f8154e85acb08d11125184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6567c609c11ba671e3bd45ac9655387

SHA1
309d623edcdc5a20403cfe025ecf61b3c5a54d8d

SHA256
bbb847dbf7b75d7f6e4fd79327eafff88d2bcc97ca7ffccf44d5ee39afed1c7a

SHA512
660f22ef01e1644b00733dd8c76e87630513b739f556592d902101bd4ea1dfdc75c92098ffaa657b747ceb7415522d79332d2f88dd3dbab77358aa02bb241137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0ae2a79860a6d6deee9a948ae38cfee9

SHA1
eccf39315c9c2e5ed5f62f9aa9f63b86efc7cfce

SHA256
eabb7c971511ce766c0fdeb5a137a2db731d1c575680583f2650b6796a87cc03

SHA512
22778a0de51bb10d63831f6ed07cf125a96e7b92345b6a6d50468828f4756f2a7639886dee1c5651029ad7f9b46983b013d6a2bbd282f98154712a58b1ccb6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30879a56ee723ec0495e538b0ba9444e

SHA1
7d37754ba4586e38e9e5e70cb7f24d4467948952

SHA256
71c6e4030a9c574e717edde930f6709a82c8f29191e99aaebf1e5f6b21903cbf

SHA512
ea7b14cf1e6e311b61d2e61aef51962d6e79210e028aec0675869b6a00d7716fb5f36d16dfa506cdea4ea70a939e79f3f1b80f4ff9e133f634a8ef79f0b2e1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5e629154e7a4ba097428c960ce0ff48a

SHA1
6b5c8e068809c0602aa94eea26488ddf037d2279

SHA256
a442f8ba77c9ff96786c906e49f92e9e0ccc56e803e4757eee647069468ca805

SHA512
9a238f0c69d9fe6c7c847210018f2997c3b7e37d3a2cee936ec1f1781b7cd6d6ad4557aa834f13a9be7a6e63ac0a266749d04030488ddb077fbbf5a70bf4fcb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f47b9ebb0db3f1d3face4fb4db9f4ca

SHA1
21a78d591d802e1c0c5905b194148aac68ace90a

SHA256
dbee27ceef42ffba243bb1aa1cce5da50bcd94716578def7a2478bcdc7d0a3df

SHA512
dc63d1d957905b171a022c12d40b3a9615ee269f61bbfedccfc441bd9aa9a99077ff3f1f441baa3e87623b4832c62da7f3a132b087bb8a6a4db60f91c636f58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8dd240f5271ced9c51839990d8df990d

SHA1
2dbf3de1659b48fd8c0a3da9a4b8f22ab1843082

SHA256
747546a164b728e350c1bc9b565c8c6c79076f7ac1344aa4fd7ebe1261048fbd

SHA512
6de39c6beb66027acb60e1a28564bac3c0feb95fbefb7d9c2f0564aea7e9c362decc0cda2398f0aa6da9cc0599f208afb50e55fe4ea100900dc7a73d8f9992d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31923c84b7f1464c013cc2dbc6e9b90a

SHA1
860f49eea33d84f43b890336018704c703a126b9

SHA256
7897b4cbb06d4eb0090c48348cd928facd31127d6ced07c93173e4df5c056f9b

SHA512
b464d029da22f0fc6a639290be9da9ca6db68b3aeeb8cc39f80007d7e1d33fbe077ab69487da7898a6f104105ccb33de2337c011300addfd32d77d452730e515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5825e2.TMP

Filesize
1KB

MD5
83392666c6e1737943734221447ad8b9

SHA1
b89edcd9072f4828762cae1cc6d1991f1e789bf3

SHA256
5ac01c1a6f4ecf93425b94f486af2be0793eb04882a2e5a0c7a5fc2704edf4d6

SHA512
550ef064c5cdba80d83eb2fe9109dcb7d4b4921b3c1e82b920c70fa73b5176d9986837afde9c2597e291681c9e6c866658c16d1b865a23624588f11f5218ca5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd14de4986f13e8b7cccfdc8b39cdd35

SHA1
41bda46d5872f2ab52e7c7d94de4438aa7098d9b

SHA256
d908c5f9dcc06fd186b0bf2986276335ac74ad229126d97a3b2a037f496d0de3

SHA512
e07f0ea6fd570abb7894d3de33be8cda449511281c5cadb4736d714215284b03b3b72bce477293d7bed0766fb8b792318e656fd7ed94a62751585e3ae59a3650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79e6f6e7764f555cc5938810c6c03721

SHA1
ce88501dc1ce9b70c6b43b0be1dd51d3f1eb5012

SHA256
ca7cfa52b7c26580aa387d7616ad32dd0e3abc7f5a62acf34db470bf0803e0eb

SHA512
7fc1cd1a460dd6cc06483f2a02eaea8eae0aff243c8c8ac79b8880cd49f04d5f2c6384221f5275fba41f46563ad7b2af64823fae524938e9461c55d872d00988

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 481605.crdownload

Filesize
1.2MB

MD5
c9db6b5c84be13a43ad23cc204e4bc52

SHA1
94bd6634303205715fd04f8aa10d75158390e4d9

SHA256
77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688

SHA512
9273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6

Download Submit
\??\pipe\LOCAL\crashpad_3996_VWHQPCZYAUPODAPR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit