a4ae14e8358b428eff13ef8918693860a9e6bba4160129f8868aeb1dbf7bfb41

Analysis

max time kernel
1800s
max time network
1803s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 16:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Google Chrome.lnk
Size

2KB
MD5

3d9ea78bb3d803005fbcb0db0acc0183
SHA1

a4badea61017a46286eec1e9ab862ae32af233a0
SHA256

a4ae14e8358b428eff13ef8918693860a9e6bba4160129f8868aeb1dbf7bfb41
SHA512

6658036eacc4174a45510a3f336f0b5878673b4b50019c44916a6cb118d4e2dcb4631c03c48166860324dcf240e86be2d6dcfd036ff177020f65d875de12cbe3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373672031940258"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
3368	msedge.exe
3368	msedge.exe
660	chrome.exe
660	chrome.exe
4728	identity_helper.exe
4728	identity_helper.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
1592	chrome.exe
1592	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
660	chrome.exe
660	chrome.exe
3368	msedge.exe
3368	msedge.exe
660	chrome.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2832	3368	msedge.exe	86
PID 3368 wrote to memory of 2832	3368	msedge.exe	86
PID 2576 wrote to memory of 660	2576	cmd.exe	87
PID 2576 wrote to memory of 660	2576	cmd.exe	87
PID 660 wrote to memory of 4584	660	chrome.exe	88
PID 660 wrote to memory of 4584	660	chrome.exe	88
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 1468	3368	msedge.exe	90
PID 3368 wrote to memory of 5044	3368	msedge.exe	89
PID 3368 wrote to memory of 5044	3368	msedge.exe	89
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92
PID 3368 wrote to memory of 2220	3368	msedge.exe	92

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Google Chrome.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff866be9758,0x7ff866be9768,0x7ff866be9778
    3⤵
    PID:4584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:2
    3⤵
    PID:920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:1868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:1
    3⤵
    PID:3808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:1
    3⤵
    PID:1964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:1
    3⤵
    PID:3048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:4728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:2952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:1648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:5384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1944,i,9675841608920936141,8076251935043987995,131072 /prefetch:8
    3⤵
    PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8670946f8,0x7ff867094708,0x7ff867094718
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14799754128955460593,806699246166645076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39d4fe6d1a2bfaed6fcffb6b6de1a005

SHA1
f2733d900ae974b6a64744ab27b0ec4d51cf4e42

SHA256
407d3419fd5b2ed1673717bce41230bf253e93db1f8a5a6c12cf9926e2684c53

SHA512
3655b509fceb6441f584453096f23df6e8831930e76cdae126fea51d62c5e01305681476619829926175d3b37e0335accbb9424781b83d56dc1ce747c4242f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
983B

MD5
a649a2389bd8d2ce5ef6368d938d6965

SHA1
63c1387b3b7800cf7dfcd6596e222bd7fca94b0f

SHA256
ae7bfde97d65ea9e2ec07522db651188e40168ee3b92d338fb115fab6b4eeee2

SHA512
be7591d62a1a6780a1def95727303e84f44850a58457ca45929c8956f4c209cb90ec118f71ec14d3dd625700e57f51c1965de15f8c2948557e30dfb7f66e3b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8fff6d2fbc553ed9479b3ef3c6c5b927

SHA1
4ba963e9c44c62667a67c2e2508eebb872ce9777

SHA256
88e8b315e1919ef49ebaac19020f474be061af7b7452cec39a25f88aeeabf25e

SHA512
79c80de3d8dd23b17f6c1a08407edc24921ea23f79708857c37b1213de68385a37d8a991d4b76b95bc80587ef81b4d761ada7b0d8607dd845270e37b08460907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39611a42f12ff38a0568a96bd696dccc

SHA1
3c0ca9b91e578447dc5516b4c3e5a909e5b854e5

SHA256
34061ea58664a63d9999cf287cf00587a904aa6dd73ec60a098db1158b20fc25

SHA512
52f16fb4d7c9e9e41355af3e1929eddd955ec7b66b017214ad3b60d5378eb11fce1ea1967e30ff03fcb4a8f348a826580ffeb020cfe720c391c8f7ccebc077aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6a0b89e93bf86a3bd8508122280a051b

SHA1
9bcd25c89da49973fa7da8d394faec0636e17ebb

SHA256
478db546cae5205807f885e3fc52521df642db1717b599c2e0c57cd25e4ae69b

SHA512
d4d581e4020c95dd3acdef59640c16e3adf5e68a378b6c9d6573655fb9d723b75ab4b8a857f0450bfdaf8017517edd5a0c83d1316f2716b9656f8a0ffbfa0c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16c75b6882e020f11232e82b5ca8e10d

SHA1
2146c764fcc89dc85987f2079abf18ab7d0d8ecf

SHA256
f8535fca5b6221a6809bf272ec342fca869c3b71137e16b44a2a045d77a96cd3

SHA512
28d3641ce2bf03ed9bd80ae470b56db590386b4ea1b3532817e3fb59dbd2d41ffed72bd798dfa36edde8f9d8a1f1428216cd8024552434af8ecca830a92a0f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
56c1b606773859e2e5ce7ee2a3215547

SHA1
30277869974d886dfd367c416da8b2771dc7bde1

SHA256
e55abd5a464487dcbb75d797430d9bc469fd92f116b4e2db56f9b98bb33f37e8

SHA512
3fe68a2cc846094a9685ed90eb8223a7c04e4b800c9d8276b7126e19ce01bfea7f55f7ca4e34965a746765a68c609cae4ce9e7b8547b5b662a704b940bd4d7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7bf09d7443373517545e3ca52dc149ff

SHA1
130b799a98cb23cf61c7b848adaf8f1cb2a4d315

SHA256
5b27d94da07a4cdab99b3033f72dff5a7aa282a66566705523185f6720c3ba69

SHA512
6ff5a70eecdb87c309b3dd49533d3038edeb78115d44dffe95cfe8780be140cde52725fa07621159b3732574ae1ba5237b66bdec5db32128885c322af7435986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1c091ff8bc7d57f4a95b5e2bae0604a2

SHA1
ed2794ef0cd560af2bc2fbb45e5721a84daee1b7

SHA256
4ecef3c260b723cb7ff9e0b159c6209bf1f992ae4980e4e0263894d2b2c4b25a

SHA512
edc95e62356b3ae743d284accf0e7ca461c225c5de963c7ecfe5fb5940a7b167f48a4221e92d656aa1a6b3cf9c01250401bcdfdb3ca22de3fc5483f10270184b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
49f6d4c4f19b84ac4d805457beda57bf

SHA1
552809ae1e2a6257fc710d41e67b83615235cce2

SHA256
2433e1282fe0db31f84d72c63b3c8eb802b0b8c1911860ff8d208defec629534

SHA512
71469cad4b04e5d5010ac2328697d3376dfd8598b20eb0e52f8df8de40a8083d5a2c51de208ce0c6c323a87b8f101ec4b2353d8314fd53d1571365b2454f155d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\21e1d110-c8cf-45e1-a5ae-ea7a2a7ef3d4.tmp

Filesize
6KB

MD5
08bc0e08c435267941651906eedeb9a2

SHA1
2f5a96c1160da358d79a3b824c9b032affe3029e

SHA256
26eb1e2dedde5b66b6db737101622ba34e390f2eb8ca7b04bb855f569e86c76f

SHA512
efe1240820cf0c910fcfa2b1fed66b33b4c073cfbd3a7de007444d88621b280c9af6a4ba195edc646bffce3a6d7c6bf5f4cb601f3335687174d009ae3ba216bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96de9383-23bb-4ca2-ba96-526760d7455c.tmp

Filesize
707B

MD5
c80d86ba5f0d1f16d9082d47b9f10359

SHA1
0fbe43cd43df2886766242b9721091924594648b

SHA256
3fc0d3948196c13872f520d382e10ed4ef2b65816eb8e605ace5ccf341f2bc6b

SHA512
e64bbdf03a3fa789c7ed30009186079f758e70b18c20451a5b2232e30d2451c3f6c76a3faf410ff94f8c861a406b82f63345225fceed863b11364f08d9e46537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9916d4b7-9975-4d9b-b5dc-c67c83fe13bb.tmp

Filesize
707B

MD5
532497cb247ff14d33f822d08f254d2c

SHA1
9118c9192878eccffe71d946122734499063c84d

SHA256
7f4c99fabfe60708bf7a45031e74deca1f239a879cd69842c9a62a1adf88da1b

SHA512
90f95374ee0fa1fce9878d00402c3510df7d042db20772be70c8257817c128f261eaf8d984d8f7b0e9c48b55585df3855b7f3e8a68d9bcd513c90dd11a2b86a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
62KB

MD5
3261c496400526179f7e67f943c711b8

SHA1
e5d35df0e63f8c093f1bb3100f22f3447448d515

SHA256
944f73c7c80927654ef534fa6c3c3beca652f160489ba85327b721fbc65e5317

SHA512
cda9db92a520534942919ec3494a457b485bce722d3caa52df1f12668c7b483602f35c617050a469365b1a7c507a135e23c4ad959e2a99a1d403753d516fdff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ff8bbeabe0d868da2954cd5982dc495e

SHA1
bbbe202cc1c3b4614933e037de5a8e7f8ec7c8b2

SHA256
e4c0cdd640ac75093e28a3921f94f190692e70ee85deb34d7f6b5239671cb4d6

SHA512
63f6abe645b2d87aaf05742f2d88bf70db19679025b5e51fca3d515ca997fac4339a3b8502e392412f2aaa8a4352c354fdc4b231f19f1e1a47ba7714915e5200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01f5bb6d782a9d4230d7e3e9cfdadae0

SHA1
3422199ed298dfd0ab47be7c4d5f607479bef276

SHA256
164dd8f67b8d1e0c1fbafa3ebc7c0a0c9dc38ed6f04dec09277487eeb6a0dfc2

SHA512
8223a611ad29dd7b7d32a02900920096efce0eecf951560f3560d2650faa414406151b98e30e967d63a71373b4c4dafd918e2363997995061025502c21cc58e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.instagram.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
656B

MD5
7d0ad75892bb15c16b15d17f75091796

SHA1
44dbf2b72bd31ab4a1604f37f8d1a2745be0aa0b

SHA256
8589e6659cc1ef733b5c60b477fc6bfc814c6eda8657223564a4cd0798f123c2

SHA512
c20dfd4b59bf6f4d107865e44f11e44a24d37c41a7585b4cce30cab26d20f653243fbc420ee61d39d68fedbc0f4c18fe4e42d871c95036426b2279f4d9bcf67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f462a2c124cf5dfbe0928f7b8b753a77

SHA1
8cdef80b809fb5a502f3542a1e7cbda985fdf23a

SHA256
a3538360405ad07288e7c8e2500d2925a405c294166f0bab48c22089a2164948

SHA512
325bb4b0b49d21d6dce3a1f097a1f1df01d5db8f684ef8a9bbb6299ee5cb61d3851081fd9bcedc62482685806623f18ef1f8b75a6b315b918db62fd57bf62057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5724fef29b1ffeb5934f2227827aaec

SHA1
eed3ad549235339edb43f832401856b8cf10ba2e

SHA256
791dd6dacccdbd272a3183d18b8c2e60adf573fb95d1a04c8e851b8610ec0bd5

SHA512
a4261184956e6158fd83bb1618ae6b7975ba708061a7a8530a7ebc26c407e455c49ad9e8951b720b6ade532d5cf696bc0a02858895ce0decab7eaf53815e4c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ecff295d3caf4885ca1f098ed87fc51

SHA1
4623692183e5bb8c387fcfc59e65cae893c9d725

SHA256
86f6e93cd2e5a9fda2b5f4dde2710af3c85f4e4505de90aafe43d13c92b589b8

SHA512
b855c41c35524092db50d09da56ee27fb788c68b4207cd4eaeff8a71d5ee7f9e036f8e61cd9106134e97da7a5e0d2220e297d8c473ce53968ffa3e0055c3b441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0e58ca73d1429b2ebc70a76864a299d

SHA1
56839951eab2ad0ccf250e086441961b0642882f

SHA256
bcbcd508981ee4464708141ac8fd4476f8805f1104e590748a0c9e095d3c3262

SHA512
89bf6ac797098f2856e6b9fa900375c9d5b6cd77da079e20f9799fd3824acbb71dee7a86a9e46aa93646e83b961b46783c411e04c5e4b8e877567aeaacb8af79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04a30069b6c273db838054855b124a3e

SHA1
386c70626325a512b6ac75060732ce125353abda

SHA256
fb885006939c2a4dc30c132e12b3c46274a882795187c286e8db801202d43451

SHA512
671780243987a60427821ff4a1e199a7895d3cb69f6bcc36b4a01ab47c5ebbb87a6017f09e2d9eaca69d6abd558d3c4379953c4268b447b6d4801df1790b6afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\9807c4ce-98ab-4418-9733-bd93a7e7f547\index-dir\the-real-index

Filesize
72B

MD5
763df52a09ba1831282866a8fe3b59d4

SHA1
f0d0f521b2a7ac3f93ed069c3e61974ab3cb6a41

SHA256
6c6c074773189b2b21f185b14477d2dd864d6773b5a1d8142f5d9ad27825d577

SHA512
571a4366fc33ae4e8b402c87cf2d5a31a3b317c02d4becb3766a7bf20bf7ec37237bf7f381610db9896d2a7f1ad188425eab6424602334e6750233b1634f5057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\9807c4ce-98ab-4418-9733-bd93a7e7f547\index-dir\the-real-index~RFe58a7d4.TMP

Filesize
48B

MD5
96c3c243493f3ad69282ec0ab05991cb

SHA1
1b43aa7789cc3210490d5423f57446bc3ed381dd

SHA256
d296f1d95aa311d36e3c4a380aea733b669084ebbb20e2301137644cdf440051

SHA512
6fd3b3b3467c4076bc1fd3cc149b02285bf6b6b7beca1f938dc11c4beabe85ea886d0dc039ce44b4545981025ec567b394c5e870e4398ab26523e76be708d7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\fc5da666-5049-453c-8c9f-32fe599dcf4f\index-dir\the-real-index

Filesize
72B

MD5
b1359f832463f70899e8733fed1d64ce

SHA1
d3612c20cd59e8e9062c92eb019cf8a893faa8fd

SHA256
dbc9fef67b8fa530c861d48d2ecd31bc4f923ab6190b6abc0b4dbc7dfaf1fa0d

SHA512
b8f42a7b1eea16120be159712b13d79181fe34d062683a1b0877c555fb349b3af611e7045c3bec00cff67ce36babcaa72231790bf9eaca244bf6cb21cd3510fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\fc5da666-5049-453c-8c9f-32fe599dcf4f\index-dir\the-real-index~RFe58a7d4.TMP

Filesize
48B

MD5
c10e5d253597630c35db4930c168c650

SHA1
303b576994d23e52cf2dae09bb3b17df0d5e77c2

SHA256
a0deed134ee2aaa6f6af84c9e53a2cce7672ca5ca89bfdf4fad2450e25fd22c5

SHA512
cfe61776f3e98b932310d1938b74cbec42650e7ee278b30447c944bd7ae53762015f46ed07d7a9d0ab53712fc630578bf0c86ea769b1b4ca62e925b194316df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
155B

MD5
2efae9eb94a9d4fd6b606b288df59cc4

SHA1
d7ecbdad5e233def03d5749f88de9298890f4e89

SHA256
83e3bad720b5e53f12116f3ed77f2bb472a9027464452de12ceb99480104c8a8

SHA512
d77d74c0c68595e4323e5157dcde9fd7bf39d919528b2576fc6122dfb810655b4930bd320d9f6b781671571da909b3e2a811580ee9c67b2d5aaafe796de93fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt

Filesize
160B

MD5
5bcb8f12d6910cefb5aa4cca60681571

SHA1
8bcfb89bf6852210ea545e6b49b846bb56c6aa6c

SHA256
212233899764c2c3a911c977c35592a7e92f46f30082aa19ae748a7cf608ef3f

SHA512
806c3c57624411c76e427c3a89d85106833e86cff210d7ddcf4a89a8d2a09867874c604d1107bb8f0fc72a1856566237c1b715f0e7061b36beeb0f6f031eff6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2348e52d6de9218df880d9a88ad6a5d8c2c9555c\index.txt~RFe585918.TMP

Filesize
95B

MD5
67470a4eed6c23a049201fed8be3d005

SHA1
36db648c5684016f3b8864c4182ca493117cf9a9

SHA256
718450e7bb97526b56fe5f20af9e3169a7ab82449130593e19de499523a1310b

SHA512
a07361fe46eb170722ec136aa455943f58ddf6484d48b9265a2de4cb9d3e41ac631cf448597598ab56a2aa6d9fa794286aac775e91a06c9f120398804ae74163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
858754023c7f12271064318d0f7e8864

SHA1
6b60c28a59e704ff582b61e67e4e9c56901c6983

SHA256
90717d1f551a5aa130b6be8fe1d78bf6e750a2172ff8f27aa7da8696d0a62b95

SHA512
313a936556386e31b1b105c610b3eff7c882349c4a333d09c39579db8b4302d3ba6744c43fdf458d599c59c84109a11efa4d4a738ad75036f94f7237905d6073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aad1.TMP

Filesize
48B

MD5
28d612872bfc2a0efca2a9b25755284d

SHA1
b19bdb5f60bafc68e82eab2b7f6a11a4867a77fc

SHA256
79779b137a88f33d76ee1e410284edd1a899c9d37993c9b29ddb184e8f71e1c2

SHA512
af0f581fbeba97d1089995690a4a36636edcc2f0ff20722aca3d6f1878de53d4a55d5f0c2e412cc5a251b20357804e93105f05933fb77dcf595158292aaacdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
725bee7c32ca488b902a9ba8d4bf7bb0

SHA1
1465183f102b59bb452ae0b64013795f857164be

SHA256
a9b3ad7368a2e0157c7d77e8a88bb1df63645e1b36adeffdee7a292a511877ec

SHA512
85d2ddbb2a0586b0ee8754328951d8cdb4b3bc71365f210299b78d2d571b6bdff12236d39ece7a72b60d484b514e96e4e86741675d72be1ee1f7017386194573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
d5909c9d01cb5b8a37b25a88bc9716c0

SHA1
44b685fc69674b928879c153234cf1900765a597

SHA256
892d3a37523f3f5899c46b06994f2455b58f74388d7c42ae8eff4845e4ef4ef0

SHA512
4b1cbbe4f648e90095f9e7d48446cfd3f31a74c55c3f36a57479c704dbab9665030fd905e218a83f67d1c213b9a71a27759074ba80da5b7b777a98346c71b97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0cfc9258d15871026198cb66960a952b

SHA1
7a238e675c7be4c7ad8af7203ac9b6b3edc37aaa

SHA256
1f608dbce15a827079079e49e94ae08320f6b9efe9e58e1ad27c1dcddd894fc6

SHA512
2f8188651961d2137b9c8157b844dccc746b6aab51bd4a685b5b5b645c65dcdc9a2643a94cd41b9d38f360a0b1b4b0925901ee8ac516270de2cb65efabfbb29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1cb98cb373808432fa5d7d23ba91c908

SHA1
66bb6331d2bd762027ba7ede699acb525d392348

SHA256
b394a3f2ee4560b11e8527221719496ef173bc24414a96367d5ca1120a5bd6ab

SHA512
12951bcce0a8bb830df48cf319205d7bec5037df921221c8ff0fedd6d1cd3cbb3ac7407aa199dcf99c07b354d53cdf352f58d80ab44718ea770b9c5aa4ae472f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9b4dc7fd1eb56d17c52408d29d6751a4

SHA1
ac1af0f911eb81ac258d0cbc5ea19dca7270c0ee

SHA256
ddf6b99d1a2088b484bf98feba332122e9da1b984d45ab8e2befe35fdcc36082

SHA512
51cbbca65c49052824ecd565a37bdd7cb00f05fc665c728220a37fb46dd841d9ba2b934a01e5cc0327c67edde1702acfe466c608d5007d0c9ec5ace943be925c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
03b3836385a3ed8d03636241107b8832

SHA1
8ff631f0e259cec40659ee96eea9eb4fe2bb8702

SHA256
79b0d2884c29292e7b59f0d0e67017f91d30f6db538b22fa6044400ebd622182

SHA512
5d32e5ec8d4c38c81bf369e8cc9a8c2a0a3231c3e019f6684851da9e94c114522d39c63dcffc5dfcb51a6e049618e2969b0a3b879f2ba0c7113713fd5870c863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ec9ec220793f8da3371c19543c0ef5b8

SHA1
4d6deb037f173c249e591e822415eaeb32dc0329

SHA256
c01ee6ca6447a9fb555f726571833e20a521a425d98fb8cc3798b4026089b10f

SHA512
80c79b59af88f73e273c4ace4f737e97e5ea5e4af0e9577a9e6ac0ae428b397048730cbc8b80e607bac76e3712e697e96e3a62b0757301d24e18a6f73570cea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3b677f2b2ca7f421ef51c0ee71114e5b

SHA1
ea35ec964e40170f353ac4adaf2c7812c0e27640

SHA256
53ca34bce05e6ccf1ba555af0570ffa17b13e6ba82e73207f6bd32acbe81c24b

SHA512
100d26f94b8b6d2c3333cc9ef153edb8dca6f4cd0ed8982a4912c073a291d29aa807f8bbffeb6d94da1044802e10cb81eec47b1dc4495453a708e72627d4ff2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4ce9abec402aaadd0600354bbed90dc9

SHA1
e404d35d9abfe2ce93e55383b6608d0c3d943549

SHA256
3b0df94afaf7ae434b7526c28b35f5f787b24512c971932da094110ae5ad063d

SHA512
e248bed3f8a01aac5e9e96a5b8c4d34cbbfc5c4cae437ad418dee7d6d23cc60ef1122af007e091d0a6ddef2baad4ce53f378fe5c4c7389e461261c462621892c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
dbfc5178f1500ec7532a621647f52ce9

SHA1
2ec928b5566b9c7167eba6273896325d04b7a7b8

SHA256
1a18deb4735fbce2fc2780a6a4ae64ccbb24737019bd06293db1367b42663104

SHA512
cc4ab6262960ee40d38349d889b0260944ad25751b9e364c34078ea44c02a611a31cd486f439964288a4ff55668c48df8af4a3247e174e56f57a1f6e4391c031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ba160d0d8cb5c90c679c31764b3bb2c0

SHA1
ea0c16fa7e35e55bf8da26ffeaba149a23219d61

SHA256
2df6400968d3c249fb8efc0a8a80cf0547b8776e7cc14d486dddf8f8acb01aa1

SHA512
c384c46a083071b7ca70816400221f77fa2cc0ca4f570b623132ee464a8cf3515979b633bd2c25e983ba7d180f9137460a068afd183e97a353a60bdbc5209939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
0c5724a353192be8279e723c4e2b2680

SHA1
942530f6fc5578f159c37f911103eb5d4c580db7

SHA256
9e3d990ec06547a7ca252f98cdae94a9eb8bbffe850dda5030ad544454c3d479

SHA512
f2714e5d58268eccf8be0e63b29505e0e1cb003884c68dabc4abcbf23ac58ce85850433f0fd4c1eceb0f2b07e83025a27fb9ac902fea6cc617f7b1ed3b7b7535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
6ceeebb1419bfb26f000e006af63b252

SHA1
521cfc68aad6875cb6ec990adb51db766465a68d

SHA256
bc7ebc9b6667d481f6e8351236602f164fc4cd0b5afb2a7b4bf88912a279c922

SHA512
f1fa2966c5a200f75ade5d7beb58ceb2b7baea835f30c420b6fedaf3a8802dc0004c8d60368a3d6474e3f1ea7373a9779612f4fbab5ec23dc72d768922ecca0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
ef89bd01f1fc7941f28c20e03357e12e

SHA1
901fba9486070598d013bbbaf39f9e2c7427bb25

SHA256
aa4deaca580a10199340729af6d2ce038e2163de78fe6ad53ef3bece69342b24

SHA512
a4794e8d13153b37ffbf42fa66536a5232781b74c5a255d114106d52d04e464da0badef812bd45462c3693b97a7db7a7eec48ace1db75abc4d1f77e1e5f97345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1bc59104d2850c5a42abe64605bc31b2

SHA1
d2122d3c57e4543c57c82cdfdc7640e80b7aed14

SHA256
bf97ef349db0324d823a48ddd82c923664606fc93231404911d039bb316d51e3

SHA512
c90de90b77db092a722362386e8c4d63824e97dc78d2dbada4bffa0627fa3df7332a7344f85c194e21e16b8b3e39ec6c6905d56226b869abf8c0c783280022fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
6879a050a4703b822aff29ebe95c94b6

SHA1
731758c8b66739ca5490ce3af19f76b16a892d91

SHA256
cca3e10a930c92d6d88d91249b3be71eabc5428566f45139779e5a33222be112

SHA512
0299d150df66c30ee2d2d63d5d6b23f0e62628629ed54d27b4648ffdc58bd190c6a4897efa47e63347fcde5f43a2761d461967187dd5c5f6de45f13bfe9fc4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
c46a76d55c1818da85ff2f592203cee5

SHA1
455e1679e5f437a25b6ed6e266898ca1ee3448ee

SHA256
b3aac48e8b3045c79d65c021d6db249e0abe3a5a2c9ecb53244281892e31d254

SHA512
5763e666a06f72348140c7bfb7493f9f348fc9185bf54b763b7cf3db2e2bcc38fbc37bd8e29e336652029b7793368a08c77991e4ab7227737262e9fd60b573c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
126316b425958fba3ae2b0af120dc6b8

SHA1
66b7baf76d237e367daba9f19129c0696e40453e

SHA256
cb0996f542a11d60c234648e9d0f3d0a912d18f77861dce5d49b280f40011bcd

SHA512
5ef94c3a876c99256fe64ee21f7685f1fb09272aaf2777d8f28289eac7c9b27a8d590c36c4585af64b9612212190907f30fad0e604745fa8f9584f157a0cee42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586193.TMP

Filesize
707B

MD5
3e863a2069c35a8aa89728f8c114d12c

SHA1
0a8c56140c8d203b662949a7adfd0e0f1df6b51f

SHA256
97f95b84bb6f8d6827ad45ccf2babd0876bf172cdd06d2316448c842754b04a1

SHA512
6304a337d97d31cfeeb4443d683f988aa4fe390a2b461594776809659c28736de41d8012376bdebbc2632388b40d80c6666159ba93b5a3bbeb4696f9d66c16ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c5c1f611-f405-40c6-bca1-66b111d176dc.tmp

Filesize
703B

MD5
ae324b9c7756efed814654496ab7ff74

SHA1
f6fbbe8a42b5534ef12c1b67f842b450e8d7ef5a

SHA256
3ae03bf820906197eea1c19496b15d6f938e11925cc4ac7bfae172a8345ae13b

SHA512
66247833d10f9e017d2c60660ab03626cb734f74dac79acaf1ee404050e8d13e4dad02d73088f3c7779acc42e20183204fa0b19166f9c8baefaf0bff7ca682d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4083ef7f99c03a01768ccc8aa2cc3801

SHA1
d775a6c602118b01405e241392b526cf8bea36c9

SHA256
b5d879905b17e07548a2e3f431a63a8b031913b165b6dd3e6b11987ff1404739

SHA512
5e63235233a554d952f6035579c6da88672aaab1e8fee1051563048c14ae22fc48b1d30f4a9a3f622e12895cad8707bd6a50b297bf10588d8aa8fc6c476506c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c882db69daa989b1a2fba76441ae6005

SHA1
4fad570c58948f6e49c66b543499d3ca4318d623

SHA256
b7effcd0b7aea42d0829a8856601685bd17d215ffd766802bbcf774da1b42623

SHA512
5efa25483c7390143567ea7f2a2daede47bc6da6ac0df7534e960747711e01d80f1d13518a272aa717dd4e300675a8d6f04700f4d4761c439af4b420e8358486

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit