Analysis
-
max time kernel
133s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 11:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://twitch.tubson.pl
Resource
win10v2004-20240611-en
General
-
Target
http://twitch.tubson.pl
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{6EB0B544-F906-4F90-8D62-7AF1D8464D3C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 2984 msedge.exe 2984 msedge.exe 1552 msedge.exe 1552 msedge.exe 1520 identity_helper.exe 1520 identity_helper.exe 2880 msedge.exe 2880 msedge.exe 6348 msedge.exe 6348 msedge.exe 6780 msedge.exe 6780 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
Processes:
msedge.exepid process 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe -
Suspicious use of AdjustPrivilegeToken 14 IoCs
Processes:
AUDIODG.EXEmsedge.exedescription pid process Token: 33 1824 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1824 AUDIODG.EXE Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe Token: 33 944 msedge.exe Token: SeIncBasePriorityPrivilege 944 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
CredentialUIBroker.exepid process 5372 CredentialUIBroker.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1552 wrote to memory of 4956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 4956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 1920 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2984 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2984 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe PID 1552 wrote to memory of 2956 1552 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://twitch.tubson.pl1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd510a46f8,0x7ffd510a4708,0x7ffd510a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:82⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6540 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7764 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=8864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7944 /prefetch:62⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7760 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4cc 0x3081⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\System32\CredentialUIBroker.exe"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD55bc0d554fd72f024ba5925ee4b5d3286
SHA13f05e4f81d59df2735cac668b95813dfe767779c
SHA25692a07f84eedd43066c30ac93eb0d52ac2f013e43e52e0245e6d0a8092e2548d0
SHA5128c35be02e64c6939e4d58e9eaacadbbaff4a690fa26354e1e733c5b30d420f3c254ea3331b09824c8f28dcabefaa4d52ba95ba66ef26415d1ff82a328f738641
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
360B
MD51c1ab9f107c3592e3e2865d6181cd2d9
SHA1fc49cdff9df73d2de98be5f16531d182473b9177
SHA2560d13d0f96895913d3133d72c7786e728405f7bb6c77e2bc6d5bd4ac0dce63d33
SHA512908b2964792c49960858a4c551ddb076f3bf57bf8421e1d7b3acdee7de3d3649a8c8b33595d070b323e85ae063c503bfbc3ec141ddef8e702e4d5294a9481645
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD542b3e6f7af8ef2c394740c265cb69f13
SHA1847f53ee425e112412e37fe34181818acfd6c7d8
SHA2565539b905240da8ae71b1042eaed19c0399bfd5710be165ea4a1c570d57f75aad
SHA51229db3099b7ef234c685c9ced653fdf2e88af8cb0a57e09765f92412f46ab3ddc474dd8608aa5d1b8764567864daba01a8137a70a31eed8531dc8d467039ddaf8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD508bb41c5e9facc0ff753198795929cad
SHA154fd5ac89f140c5344c39c6bd1ba9ab5cfb880b8
SHA256413e08a30b5b29a86551362e4760cfbf2650b7c947ed5d059e7c23e860ae3a48
SHA512f3855e6aa79eef3b50436176570b432d6deb425cab64b31a374aeb70b60fefe7cc152704076b4e3d8102952d6c66636c22bf91215e93151b3e8af9d525e51766
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54df04273f4986cdba4051f7a3cfa5069
SHA1d6893b01c3bb0aae02da2ca7a9a7c311b573021b
SHA256f9562142b0d6ed13050936d5ee3eddaf83970a36b57848067215e6461cfa06f4
SHA51275bf9485dfdab91a0797a7a4dc17d791b8c6dfb6ee0ac8fe828f070e954c306af9a979540ae53c4904b574f08ad723fc72a86611d308af37842b37cdd5144a4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5acb64dc9ebcfc787ff8aded3ed0f7b8c
SHA1f29175070265de9c5cdbd1c6f285361662008614
SHA25642ba72ec180a3715142b081542f34aa0212530b405bacf1741d1c434255ec09d
SHA512b0645c8753a79f0a527089615b1158365f409d3bcbfcf28841b7e24ae51ed335235b7263c46ac404065bd92e43eba6c9d04aa1b4e886873bcf63f229099d4b92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD531633648e4d09d33bd90518d91bf2e72
SHA169324d8bbd4efcb8c9e0abf888588a3b65cf536e
SHA2568a364fba581eb0cd3554de6c3e508f72f4caf09b3a6d9c9fa4be3c7aa2126d1d
SHA51267355d4917e440e115aaf68878e801a4dd3449de56ca3ece7694a1b37bd1d4ef4527e7b8dbeadff9422bfa52215c49fbc0b8be4daff87c3aa8f9c424e7c788a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5c7d1da5ba9812c5ad33338a6b88ff749
SHA1af1c7f46ccbe0ce93750ccc22fc121f5427496b5
SHA256a2f2a1dd62903a38914a5af19b1e299a7d63f4b414fb8664cab584c2537e9b12
SHA5129dd6fbf760f5bf8405466bfcbb1cf121a1f4c35c8e7a1c6b7ace13f024b5e3693c4d8fb749c034643216184cbda502ef14f3aa7ae526d900971e2e1ddeac48c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD511d7996b69bd2aa3d284d552e95f740a
SHA176a47eb69d48ef26e77633ca983b866ae39dbbb6
SHA256dd27a4575436da733a58e5f692133e4fe1f069e7562b87214bf1ed47942d714f
SHA5125a34a331cfa1f70ce504773fd3ef0f401ce7df8137162712c0c4af126fac82af0579954abd1a941371a42965d07d6d5ab031f1bcc58b89398b169225309a1825
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5d54f4b5027bf8c6d532f735b1a146023
SHA1a0a6bd34d11f6cca779cc04828126ded27dafc85
SHA2563e83468a32c799f69ec1e907a255986c4fac7818149ca399ca51dd4005d57856
SHA51271587d9aea00047e2f678d68861a0638dde221c18e59ad0241acb870888fdf04393115079b636032e9d3221ace65ccca7f058210430ee5ca0bd1c2e0215d38b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5c3a2f724d574cebac8a90105f1041b10
SHA15ddfe8348cdc9e1f28d732573ac564da5f83b3d1
SHA256440b6f1f03b69df67250aaca16b3da5b3a7a4872684709560a31d9b972c0c1d7
SHA5125fc050c9d9ee45dd39a46ffdc657cf64a71ff260c8ae18148814187d1d0e2677418eccaf32f6e4955a7f347567b8d9144c2bab17de4fc4ab987f10b368bfe1f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5aa0bd8bd85818ca9ea24fb66a90d7520
SHA1bf70ca63acbbcd374b6de98bcc0cb263854f8179
SHA256704bfdcc7d56ec584b3c15ce57e61f9ba1746d18fb69b9b65ec120453ee377be
SHA51249838ecd1aa7ebd0773bc76631ccb922af904580a3aecb3caf486282f381797e9b167a78b49dc5de60eb7243d38621023bb87f196b8723389504f607996e1e86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD572e1c354029db72f021efeb794b2b660
SHA1485c97f05c805451fef22e28297211e90e6b59f9
SHA2562837ef831582aae25c3d5805ea7ba745676a4a88276453a871d032513c660855
SHA512425a12c040438da6f03ec5a5128fc991f866d21ce5fdf9270fca32e5bdedc2dcf63591e5970c8e873751ff04956935c078e25d569931f68de0d10e760f717497
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5b08e0ba36f8cd5efe33fcc9126dfb99c
SHA18d3cf504fb33f40b20af967d435634d7c5c57d22
SHA2566ec32ae821ed92d60b01b83c0858b759ec0d23eb441f2dbafc061476d3a706f6
SHA51209786ceb0f42c3421f7714fff4cc7ca295c67e7d0c70e1e1bd0633d9bdf836f56bc377641118dc4e6a03e282bc694b8a33d6d4924c504e5fe8f6448eb5108cc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5228027d7b4f906b7ee9b8fae42c4e994
SHA1d0eab4dd817e5f9195cedbc5a73e21bc864fb826
SHA25632fc5be1c98413bf9ceba838d0dc5d2b739fce4d54b2269ec33a59e0eaf7fee9
SHA512ac9ee44165d8cd2c5a226f2527d594fc4bbd91cc4c9be8ceca68b84fd796c42b58d0abdc66a637d0873af09254cec9c4b4664279ea5d461d774cf9b79309f43f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8ba.TMPFilesize
3KB
MD512e49da171beefe8d502b031c88f80b7
SHA1441fd93d957460a2f8d8d90b7876160112163184
SHA2560005f759350a480cc97df84529b94b9009e47e3ba3de1fdd9613ce647cc6ebab
SHA512ae6c274c46840b074ddab26e9b283c9ed7966a096a3cf3d3944e12bc3106c488b71536af28f9f68bf395db05476d477dc5d1313d16e4413e259b27fb9f9dcf49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54bcd405ed4efcdf4cb09230f0c0e40b6
SHA1c40ab3322c97b9d8825e21e25367ff5c057f06d7
SHA2560a9b9f1ad2808fb4917e55eea02a1c14e06bd26cfd2fe0c7ee714b59c2a29774
SHA5122e44554e74df9884fefdfed55aab08b90f2657a3eea083176003a8ac04fab6bf9c2cde6642066c50c54ebc9523a7cf6a222c90dbd8d231ead4e2b2f60b1d1779
-
\??\pipe\LOCAL\crashpad_1552_EJOGSFUKXKTEQJSBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/5372-137-0x0000021432990000-0x0000021432A2A000-memory.dmpFilesize
616KB
-
memory/5372-138-0x0000021432B40000-0x0000021432BA3000-memory.dmpFilesize
396KB