hxxps://www[.]dibiz[.]com/customersupport7980866437

Analysis

max time kernel
389s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2023, 09:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.dibiz.com/customersupport7980866437

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133382932678955452"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
3664	msedge.exe
3664	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
3228	chrome.exe
3228	chrome.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5232	chrome.exe
5232	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe
4104	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4776	3664	msedge.exe	85
PID 3664 wrote to memory of 4776	3664	msedge.exe	85
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 4396	3664	msedge.exe	87
PID 3664 wrote to memory of 2628	3664	msedge.exe	86
PID 3664 wrote to memory of 2628	3664	msedge.exe	86
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88
PID 3664 wrote to memory of 3388	3664	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dibiz.com/customersupport7980866437
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe652846f8,0x7ffe65284708,0x7ffe65284718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3704770748037737515,16119284478454515462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe53f69758,0x7ffe53f69768,0x7ffe53f69778
    3⤵
    PID:1868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:2
    3⤵
    PID:4300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:2584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:3892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:1
    3⤵
    PID:5012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:1
    3⤵
    PID:3324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    PID:4104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:4456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:1444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:3808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:5532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:5540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:5664
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    PID:5764
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7385d7688,0x7ff7385d7698,0x7ff7385d76a8
      4⤵
      PID:5780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:1
    3⤵
    PID:5852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5792 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:1
    3⤵
    PID:5336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:8
    3⤵
    PID:4048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1920,i,12342758782854494937,4623201495562447896,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20d088ee-726f-4274-afbc-fdbf78b482fb.tmp

Filesize
6KB

MD5
90e86b087627fee7cbbf9043085b3630

SHA1
06d2565049627a6aa8c47e115b30eee24b5fb65e

SHA256
66d9f8146aee0da8de069312dc609a5c178ffdb1e3185171f9869025f969f2d1

SHA512
5ecf8bb3ecf296aa82a61329a15c22c094a0ffc058f2d265506db71eb870c353864b835e22b7f344b47d001def58ec7cca0876808728e2569141e1584ca0245f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
f157b08280914df5710e0d6e7db3fdb8

SHA1
32d2edb9f53d9fd86fd94669824ee5dcb8b31ca0

SHA256
4e350ae83bf9322ecdae977492b65b4c2105928f657c5cde492f8490918786ce

SHA512
7ca10445a582987dfbc4c589bccc7f92b0cb84c4bec83111118a3b6f8cd4db368947f8b883a8918cd53ad36f5bb892a1f38dce41d961b6baafa3ecb351bf5e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f39ad9ed7c6a27b8c9b7ad3236983d70

SHA1
408cafc8bec022d12a6eb360894eb481bd841841

SHA256
2e21643a391fe639b62754419ae74565b46006a78522e02c750e98af57a3b49f

SHA512
8f335ff6b8a91e8b2daed729205402faaeff6806aed469f201bb3f24290b751ddda84adeacbc2baeb5e9a4b6c2e1b731cd904af53f8cac23d7aeaebc866eb689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0845465b1bd3f830b65a070e51997e9a

SHA1
dba0946977e3de6d7718d7df72dc85d05e07f86f

SHA256
3f952e1afe576a60ad90d6f507e2dea89a91bf52ef43f14f5b9701fd160f42f2

SHA512
e0776ab42284c68dfc0b53b365ebd80ffaee394831d2fc4588044c967b96f4dab5dfbf8a77e839d88f2a1a7573cd8efa452e27220bea31aec059866b5f2ab51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
42ec79c490f00bcf4265dca641aa971e

SHA1
a7bd226af2252b85d33e63203d0d465dbf017c60

SHA256
8b1b919f4dad4fff50ba2bccf0163000bb2cad5b9c60cde0168f79aac8f1c93f

SHA512
ad5e6edce6a02044139f9526b155d8550cffaba46277df73a22cd7df71cbe616c203e2c80276685c10bdec2d32f730335c0b564ee4bbc6c569e50c945c4769fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a013c1cee00bd2f3057b4fafaa587554

SHA1
2e23b0eda68d691bebae4ca7199a7834e7ffc7ff

SHA256
391d81a0d96ff16086852f400e3848bed6e2d3cf1f7962cf78239d89852a8622

SHA512
70a2bd160171e4d4fe0702c53fb631e9cf5c7ca9a3767ea7fa914a5e1fac0cd8f4b8fe4e01055fa8b5841444601e397429effd3a0eefa8f5e50c6d7ada7f1e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a90b01b9f9de3cbc6c0a650d5db983ef

SHA1
2caaf28f91eccc624ea1c84473186508f2b4fe5f

SHA256
663e7ac6beb31e097e1c2bbac046ad9db130027fce0e3d18376fe1fa5d814ca0

SHA512
9d1e661c7c9c9b08cc4cc57a53f58f54203b99b682bb002289568b8945563985f5d9ca2f9f67f7d1c237ba2633b5ff9cd0d2d1b05854463af091910a4bb46f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e83b0ebe6015760c54f7eef13bb9914f

SHA1
9931e42b20a9e8710b69a8a924e5c91b1c2b949e

SHA256
bb640abd1be68f15e847c7ede581427b97d547dc2910630b4a964d0abaae5b3f

SHA512
c1e1c654f24b2b46755e4fd83fd24566e345cfb46e0e4750bc59006016034916daed6ed73da3a92dc81e717be0f3305df2a945a45cd772fc61a70d42629904f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca1bb1412d29616c78ff8e36d80b671d

SHA1
a46aa74069d63d05efa2536f475c0674ffbd7f66

SHA256
f1950df83c41b917a792c96630485a1457539adb09d837a1492d4df66538fbce

SHA512
3e339f8e1d1d4fd9832f20b780621579be251a1c2d98c2f21500041b3fc236b5f3d678553f897865468686bdc517c386373a501beddd8fe47ae67d4b4f030adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
800999d10c2dd84757922f8c9216594f

SHA1
fcdf641165f3194b79cdebfa4e829a49f9840d4a

SHA256
f1244d4b03216e0cc2fd94fa8ac906dc77124876dd0b4921b2e73e66ccc90335

SHA512
8007b0348bc2c34a5add7e9d0441a773bbf83488c251cda94ae4210fe298d5ea95a3710aec5dfa644c2f02ed85bfe55f1d5bd247f4b31a9cf23f15e5b5cf7c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
192KB

MD5
0304d654f45d791eff2df916bd87af02

SHA1
9469837ef46661ed4414b7eeb25080d83ca83b32

SHA256
55250e656ca6dfce5b68f14f1c14a0303f94f57e3246bd6480a292a8ba72cc5e

SHA512
0b0127099daaed70e72ffa4a1e21da12ff2345a7a5c85f39663650cebd6e5c05963aa18fa1e7aea904af22ed8152b757cc98c9902c17ec2baede4130efdbfe4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d0a9e1083653b27fbbfa7ab50e6939b1

SHA1
776055c42e7d0d2b5ddfe96a7af65c6e899ca179

SHA256
0696b98edfe88acfd67908caa0f472156b68d77254788c4469e0b75028998513

SHA512
6e26b971dbc7e786585c9291c56cceb81b2e001ae8cc9418cd37f4cc38d84749166bd2b221b87d06e4b59cb151e994d126714227d00a57e2c850f6e1a14b13e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5904a9.TMP

Filesize
98KB

MD5
034022dc28ec41df53981d26b6237fb9

SHA1
d5899d18407ed0ddbc006da9fc438f5e3425dd18

SHA256
20c0d71d337defdcdd9bbb6aa4011de5e77688ce92b0ac3ad01b1a75224ff15e

SHA512
60e21d38ca652b8f4f919230943ae89548347b959162e6c4eda2c667a88740d753418031b05998d85d906332c6806cae97083a693aefed388a286792e46f194b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d686809520430031d6ecf2c8de5f735

SHA1
64e3932e857e1b34077e1b7793f40ad35abaf6b8

SHA256
c5f61a0a6d91e818e9ada3e527de4a5975767d6425823b33ea107cec0c99874b

SHA512
8a5adfc8d90f0752672879cf18f55be8e80e36e2a7bdf281ee3967f9953413dc31c33a0b52ada169c3f628896a28caba1769d8d33874903260ad6c8d5a925e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
36c342a97382a69be7b14ba507b60c71

SHA1
644e572300e5396a65ba9a3ae895c92b4d44409c

SHA256
35e9b90b4a59f4c52f95ffac5bfad341427364f9f1f33f56d8e6dd74faa49663

SHA512
bbc6871dafb2ad77d6f2e9bd51c01406609489dfd8c3d7b240716762c8bc93b7adf77c8252d3a5079b22d9d1a0050959bfac4cbff5b2a0bc8e5cd519c8c3321c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
14c7489f9ae2887769d9a1833106bcf4

SHA1
3351cecc037ed5f3cac06099b995bf15302f0a0a

SHA256
4e69f3f714f7973222f4ed21d9771e23c837c2d7465e8abc1a1c7b9af32bcbae

SHA512
5910f458268f0ca8d930875ff4c71f0464771b3b4cf8136c56aa52bccbc64a5669c2db04912e01d36af0f393e2083e5c07bb43960749fc5d3bacade751a4c2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53f6ccc77a2a392c182ffb901e57b0d6

SHA1
658f11a73bcb9d3aba7352202afef557c923cce5

SHA256
201d0f50358fbba31204d852a4775e412e7c9338f942637888f04cddb3641bdc

SHA512
052392812d5c0d9c21ae0cef15821819e13ffb5c6127c7a18dc6d108afb48ed9af4497fbd6d616ef4626419816b5cb69ac84f0f666c156baca9ed1adedb1501c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fff90017e4ef0553355860e2288cb3c4

SHA1
09e5ab1be1cf2f41acfd45d43c20cee8ee57b910

SHA256
ddb7f87ca99a808fa5a98c7efdcf48e0f1b15d93628a27faf4826ecc4cd67af9

SHA512
321628e2436ffae6b004f05f395e02c57d0426905b0a4099e1291665151c558075a3eae8e4a17dea77e16610662ee0e5ccdb2d2a3e83eb086967e2d35e88fff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c534d1ff6b35e5cf4e5e7cc3edae901

SHA1
fe668299c9fef8a2ae4a2a81787950fa525f5b5b

SHA256
57919952a0a8bb9656a9828b3ca743bef71128cd1a6ef92f14158d96878b85a6

SHA512
9ab40aae99f37b1780dbf962f517a56ee2226316c8a4849560b36d8fa618ef8080d417f8cfc82d3915933f55f130422ed83c83875357c5f47d2f86107d86f035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0ea195b890a87594deb9c6aa963c1426

SHA1
4065f3fe0b70940a968f2ca342bac336be048082

SHA256
c51961b927f80537702a7ff5f77501c1e088cbfcc22199675400ea88876f4ef9

SHA512
59ae3e1e530b5c081089ee615fb5d227a1964068bcda421de1319e958438353bbed8ca275897deb097a564a6a60400e1faf6c3e1aa5764d1fbba15bdc1d9ddf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b6ced06c051bc05e9a57f5f9d262e18a1dfb89a\index.txt

Filesize
87B

MD5
f83d7bb9e79d66727110e9b1c4142133

SHA1
4223cf23835ffe67b11fbbb354decfbc665fc768

SHA256
a4bf678a28d18b242823ba34cb80dfd575785fc6342eebed56c1c12c74fb920a

SHA512
c340a5103550a749bdf4ac4aaa098acf4e372fa276ccb367e7297d7b424a3dd9033c7a64084cde722dee12fb72ea9e22d05ce9613705427522df581dde785fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b6ced06c051bc05e9a57f5f9d262e18a1dfb89a\index.txt

Filesize
80B

MD5
d047d5c150e6240f0d2b37654444fd26

SHA1
eb789a93549854640013040e2e083b0dff1df754

SHA256
291f5825d5cf42ec59de60adf096e2d68bc0f3b33cf4e615d85de5e1c6805e05

SHA512
768620c816a15633a86c1aa3e51dadb590437c6c2a3170710a9e7e29797a5ba63a00e5ec6647b074c6da44d884a61388508c25c3859287759aae04527d88826a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0cea9cfb16c6de7849d5fedecead293f

SHA1
898792403d7e6e7b4607ece36ac3d122678cc0b5

SHA256
d138ed1b7d54730333833b4725623d6e1391cf448203e0d671ca8854de0db75d

SHA512
476c2185c5b758354c0146e5307a96665d4c50ae936343165c686e8ebdae060bcefc7e233c8fc81fe32e93570ae134b2cc85e3c1c7c7c6a22877bd0f3a40e935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec63.TMP

Filesize
48B

MD5
1b73f348962467f19c1d5b3c4067476e

SHA1
abf34ad0181eb62d5da0c87f9243077a2239c4d3

SHA256
453b9e9d1a2dde50e2292fbbad8d609ac56a623ab496dff77d2c8a9cb239c904

SHA512
3e6d5ab1a478f02d91b2d6f38145814138bcdd5740f91254e94d9123321ddc7036d4646869990c910b7876d278df43e74201331341f33379023db90a2b5d3927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb857b143dde26602750736b611643f2

SHA1
0216deb1c959a4cb3e33b5266445e82d1ea4e302

SHA256
253bfe5f3cfdd0d3fd17a382a4b2eb01ae4443dec1b2dca6dda74dcc60d7bfde

SHA512
d9f8ee4ecf9379e44c2da7a74b9cbd2dbf48b50f3118f6f8ce4f49ae81ce4b29487af6667415c6d90633a5250d38ee7e47520b13c0f0bd843e59886eadf08e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58460d.TMP

Filesize
1KB

MD5
e6417bfefeea0953d128e59245ba3b1c

SHA1
75260cc15ab025030433990eb99448ca6f1c8147

SHA256
83254a90751b4dfd53f52c023b03edc62925d1d8afa442d2a73a3da9ad511708

SHA512
cafb5ffe1cb8bcae63b9dc1f1f6da86cdc2f73a43e236a035d64e37e4cd2a653f3a144be71e1274a21a870a273d50f33e9f1f761e9e461e88febb80c8cdc5406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11e691a89871b59770e2ebb1e83329f2

SHA1
4aada94ce2bad3c55d721d2e5eb9474fc473e942

SHA256
027c24c3f78114546bbd0de97155e7836dc9af776561ce3abc053fa09450b4f2

SHA512
8a19bb5678564b113b8bc3dd8d9af95ba0c61ef895810f290653d09ddf1a290195dcbb0fbef13d3de7e2afec8c8faece95151036bd613dbd7d7fc72bdc79bd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9ddba14445219f522c1ab6326ba69ce

SHA1
570af96941dc0ebe4835b58bf7d897b85ee97377

SHA256
384173273a40efcabeec3f8e2945e13d8650bc432db7e67df54af2d1d26a2eaf

SHA512
fd37e2fd278a834a1534a95c36eedc7ad6d5bd11d55707ae15613ab59c3ec220c6ed317bcdaed936a24d79d7ed02ada3ca26f2593bfd24383ecaacad12c3b5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
674b835d8b64e20190d801abd3d85468

SHA1
bcaa09c078174002bbcbdcd5a8c896186a99c4fa

SHA256
5d27f56b4ad0be7fe4039f02aa5a7691de1884cbbf964ad494d2ddf817070c55

SHA512
62f774580f8182ca792a5052f81442ba0bd3ca90f725cbec3fbd60fa5f75934ec091ca82f7d06c3cbb41b4566b177a48dc48b845f153cf33f00ada93e79f9db6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit