hxxp://twitch[.]tubson[.]pl

Analysis

max time kernel
133s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://twitch.tubson.pl

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

53 discord.com
56 discord.com

flow	ioc
53	discord.com
56	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{6EB0B544-F906-4F90-8D62-7AF1D8464D3C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid process

2984 msedge.exe
2984 msedge.exe
1552 msedge.exe
1552 msedge.exe
1520 identity_helper.exe
1520 identity_helper.exe
2880 msedge.exe
2880 msedge.exe
6348 msedge.exe
6348 msedge.exe
6780 msedge.exe
6780 msedge.exe

pid	process
2984	msedge.exe
2984	msedge.exe
1552	msedge.exe
1552	msedge.exe
1520	identity_helper.exe
1520	identity_helper.exe
2880	msedge.exe
2880	msedge.exe
6348	msedge.exe
6348	msedge.exe
6780	msedge.exe
6780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

msedge.exe

pid	process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

AUDIODG.EXEmsedge.exe

description	pid	process
Token: 33	1824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1824	AUDIODG.EXE
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe
Token: 33	944	msedge.exe
Token: SeIncBasePriorityPrivilege	944	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

CredentialUIBroker.exe

pid process

5372 CredentialUIBroker.exe

pid	process
5372	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1552 wrote to memory of 4956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 4956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 1920	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2984	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2984	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe
PID 1552 wrote to memory of 2956	1552	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://twitch.tubson.pl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd510a46f8,0x7ffd510a4708,0x7ffd510a4718
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6540 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
2⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
2⤵
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
2⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
2⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7764 /prefetch:8
2⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
2⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
2⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
2⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:6376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
2⤵
PID:6384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:6536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
2⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
2⤵
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
2⤵
PID:7040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:7052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
2⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
2⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
2⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
2⤵
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
2⤵
PID:6728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8216 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
2⤵
PID:6684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
2⤵
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
2⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=8864 /prefetch:8
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7944 /prefetch:6
2⤵
PID:6840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
2⤵
PID:6928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
2⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7760 /prefetch:2
2⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
2⤵
PID:6620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9211886017488037675,8290220873423898724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8
2⤵
PID:6396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1824

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5372

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
PID:3640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6944

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
PID:5124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
5bc0d554fd72f024ba5925ee4b5d3286

SHA1
3f05e4f81d59df2735cac668b95813dfe767779c

SHA256
92a07f84eedd43066c30ac93eb0d52ac2f013e43e52e0245e6d0a8092e2548d0

SHA512
8c35be02e64c6939e4d58e9eaacadbbaff4a690fa26354e1e733c5b30d420f3c254ea3331b09824c8f28dcabefaa4d52ba95ba66ef26415d1ff82a328f738641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
1c1ab9f107c3592e3e2865d6181cd2d9

SHA1
fc49cdff9df73d2de98be5f16531d182473b9177

SHA256
0d13d0f96895913d3133d72c7786e728405f7bb6c77e2bc6d5bd4ac0dce63d33

SHA512
908b2964792c49960858a4c551ddb076f3bf57bf8421e1d7b3acdee7de3d3649a8c8b33595d070b323e85ae063c503bfbc3ec141ddef8e702e4d5294a9481645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
42b3e6f7af8ef2c394740c265cb69f13

SHA1
847f53ee425e112412e37fe34181818acfd6c7d8

SHA256
5539b905240da8ae71b1042eaed19c0399bfd5710be165ea4a1c570d57f75aad

SHA512
29db3099b7ef234c685c9ced653fdf2e88af8cb0a57e09765f92412f46ab3ddc474dd8608aa5d1b8764567864daba01a8137a70a31eed8531dc8d467039ddaf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
08bb41c5e9facc0ff753198795929cad

SHA1
54fd5ac89f140c5344c39c6bd1ba9ab5cfb880b8

SHA256
413e08a30b5b29a86551362e4760cfbf2650b7c947ed5d059e7c23e860ae3a48

SHA512
f3855e6aa79eef3b50436176570b432d6deb425cab64b31a374aeb70b60fefe7cc152704076b4e3d8102952d6c66636c22bf91215e93151b3e8af9d525e51766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4df04273f4986cdba4051f7a3cfa5069

SHA1
d6893b01c3bb0aae02da2ca7a9a7c311b573021b

SHA256
f9562142b0d6ed13050936d5ee3eddaf83970a36b57848067215e6461cfa06f4

SHA512
75bf9485dfdab91a0797a7a4dc17d791b8c6dfb6ee0ac8fe828f070e954c306af9a979540ae53c4904b574f08ad723fc72a86611d308af37842b37cdd5144a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
acb64dc9ebcfc787ff8aded3ed0f7b8c

SHA1
f29175070265de9c5cdbd1c6f285361662008614

SHA256
42ba72ec180a3715142b081542f34aa0212530b405bacf1741d1c434255ec09d

SHA512
b0645c8753a79f0a527089615b1158365f409d3bcbfcf28841b7e24ae51ed335235b7263c46ac404065bd92e43eba6c9d04aa1b4e886873bcf63f229099d4b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
31633648e4d09d33bd90518d91bf2e72

SHA1
69324d8bbd4efcb8c9e0abf888588a3b65cf536e

SHA256
8a364fba581eb0cd3554de6c3e508f72f4caf09b3a6d9c9fa4be3c7aa2126d1d

SHA512
67355d4917e440e115aaf68878e801a4dd3449de56ca3ece7694a1b37bd1d4ef4527e7b8dbeadff9422bfa52215c49fbc0b8be4daff87c3aa8f9c424e7c788a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
c7d1da5ba9812c5ad33338a6b88ff749

SHA1
af1c7f46ccbe0ce93750ccc22fc121f5427496b5

SHA256
a2f2a1dd62903a38914a5af19b1e299a7d63f4b414fb8664cab584c2537e9b12

SHA512
9dd6fbf760f5bf8405466bfcbb1cf121a1f4c35c8e7a1c6b7ace13f024b5e3693c4d8fb749c034643216184cbda502ef14f3aa7ae526d900971e2e1ddeac48c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
11d7996b69bd2aa3d284d552e95f740a

SHA1
76a47eb69d48ef26e77633ca983b866ae39dbbb6

SHA256
dd27a4575436da733a58e5f692133e4fe1f069e7562b87214bf1ed47942d714f

SHA512
5a34a331cfa1f70ce504773fd3ef0f401ce7df8137162712c0c4af126fac82af0579954abd1a941371a42965d07d6d5ab031f1bcc58b89398b169225309a1825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
d54f4b5027bf8c6d532f735b1a146023

SHA1
a0a6bd34d11f6cca779cc04828126ded27dafc85

SHA256
3e83468a32c799f69ec1e907a255986c4fac7818149ca399ca51dd4005d57856

SHA512
71587d9aea00047e2f678d68861a0638dde221c18e59ad0241acb870888fdf04393115079b636032e9d3221ace65ccca7f058210430ee5ca0bd1c2e0215d38b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
c3a2f724d574cebac8a90105f1041b10

SHA1
5ddfe8348cdc9e1f28d732573ac564da5f83b3d1

SHA256
440b6f1f03b69df67250aaca16b3da5b3a7a4872684709560a31d9b972c0c1d7

SHA512
5fc050c9d9ee45dd39a46ffdc657cf64a71ff260c8ae18148814187d1d0e2677418eccaf32f6e4955a7f347567b8d9144c2bab17de4fc4ab987f10b368bfe1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
aa0bd8bd85818ca9ea24fb66a90d7520

SHA1
bf70ca63acbbcd374b6de98bcc0cb263854f8179

SHA256
704bfdcc7d56ec584b3c15ce57e61f9ba1746d18fb69b9b65ec120453ee377be

SHA512
49838ecd1aa7ebd0773bc76631ccb922af904580a3aecb3caf486282f381797e9b167a78b49dc5de60eb7243d38621023bb87f196b8723389504f607996e1e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
72e1c354029db72f021efeb794b2b660

SHA1
485c97f05c805451fef22e28297211e90e6b59f9

SHA256
2837ef831582aae25c3d5805ea7ba745676a4a88276453a871d032513c660855

SHA512
425a12c040438da6f03ec5a5128fc991f866d21ce5fdf9270fca32e5bdedc2dcf63591e5970c8e873751ff04956935c078e25d569931f68de0d10e760f717497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
b08e0ba36f8cd5efe33fcc9126dfb99c

SHA1
8d3cf504fb33f40b20af967d435634d7c5c57d22

SHA256
6ec32ae821ed92d60b01b83c0858b759ec0d23eb441f2dbafc061476d3a706f6

SHA512
09786ceb0f42c3421f7714fff4cc7ca295c67e7d0c70e1e1bd0633d9bdf836f56bc377641118dc4e6a03e282bc694b8a33d6d4924c504e5fe8f6448eb5108cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
228027d7b4f906b7ee9b8fae42c4e994

SHA1
d0eab4dd817e5f9195cedbc5a73e21bc864fb826

SHA256
32fc5be1c98413bf9ceba838d0dc5d2b739fce4d54b2269ec33a59e0eaf7fee9

SHA512
ac9ee44165d8cd2c5a226f2527d594fc4bbd91cc4c9be8ceca68b84fd796c42b58d0abdc66a637d0873af09254cec9c4b4664279ea5d461d774cf9b79309f43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8ba.TMP
Filesize
3KB

MD5
12e49da171beefe8d502b031c88f80b7

SHA1
441fd93d957460a2f8d8d90b7876160112163184

SHA256
0005f759350a480cc97df84529b94b9009e47e3ba3de1fdd9613ce647cc6ebab

SHA512
ae6c274c46840b074ddab26e9b283c9ed7966a096a3cf3d3944e12bc3106c488b71536af28f9f68bf395db05476d477dc5d1313d16e4413e259b27fb9f9dcf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4bcd405ed4efcdf4cb09230f0c0e40b6

SHA1
c40ab3322c97b9d8825e21e25367ff5c057f06d7

SHA256
0a9b9f1ad2808fb4917e55eea02a1c14e06bd26cfd2fe0c7ee714b59c2a29774

SHA512
2e44554e74df9884fefdfed55aab08b90f2657a3eea083176003a8ac04fab6bf9c2cde6642066c50c54ebc9523a7cf6a222c90dbd8d231ead4e2b2f60b1d1779

Download Submit
\??\pipe\LOCAL\crashpad_1552_EJOGSFUKXKTEQJSB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5372-137-0x0000021432990000-0x0000021432A2A000-memory.dmp

Filesize
616KB

Download
memory/5372-138-0x0000021432B40000-0x0000021432BA3000-memory.dmp

Filesize
396KB

Download