fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686

max time kernel
151s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-09-20 1.23.24 PM.png
Size

83KB
MD5

c573be523efe7fa6841917a134efa791
SHA1

48e0eca79d2643680c0c360794c5b3aa23d663c7
SHA256

fee4e840b33cdd9603d779b87317293329f404e287e251e047f31cb6b7f87686
SHA512

09ffd2a2ac504e70dc9694d4149dd4dc0b34cfc4f4c7196246545705676f99a848adc28fc6db6f44056700efc1abfd4eb9b1466d679cde2b9d130f198d220801
SSDEEP

1536:kavkTHuFTMYCMLkqSPzzF7FwhXuAEOQV6W5bw+zmu3bs28OaTKmWG:oTqoSLrU8ZEnVfm+zR3I28QmH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409980155376626"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2344688013-2965468717-2034126-1000\{802E54D6-02A0-465C-A33E-5CF9615DF11C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
5776	msedge.exe
5776	msedge.exe
5800	msedge.exe
5800	msedge.exe
5816	msedge.exe
5816	msedge.exe
5204	msedge.exe
5204	msedge.exe
3260	msedge.exe
3260	msedge.exe
6124	msedge.exe
6124	msedge.exe
6928	identity_helper.exe
6928	identity_helper.exe
6248	msedge.exe
6248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
4984	chrome.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4876	4984	chrome.exe	103
PID 4984 wrote to memory of 4876	4984	chrome.exe	103
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 2956	4984	chrome.exe	104
PID 4984 wrote to memory of 3988	4984	chrome.exe	106
PID 4984 wrote to memory of 3988	4984	chrome.exe	106
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105
PID 4984 wrote to memory of 4872	4984	chrome.exe	105

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-09-20 1.23.24 PM.png"
1⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa58189758,0x7ffa58189768,0x7ffa58189778
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3400 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5060 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5084 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1936,i,7632773383729360042,15998962979943759296,131072 /prefetch:8
  2⤵
  PID:4144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa544746f8,0x7ffa54474708,0x7ffa54474718
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12127938762620229560,11685695006208322967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12127938762620229560,11685695006208322967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x78,0x104,0x7ffa544746f8,0x7ffa54474708,0x7ffa54474718
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
  2⤵
  PID:6924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1448 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10513905579527746806,478370667004144143,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa544746f8,0x7ffa54474708,0x7ffa54474718
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,3398907221644567223,15371661804159516523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,3398907221644567223,15371661804159516523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa544746f8,0x7ffa54474708,0x7ffa54474718
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6768852899434904621,16395088221614225525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6768852899434904621,16395088221614225525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa544746f8,0x7ffa54474708,0x7ffa54474718
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10721366707654629331,13321016352426207550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10721366707654629331,13321016352426207550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1df2b5e67a892d592e927a634ccc1697

SHA1
954e2ee6f5aeee7cd3c8cca5dbeee113618c85cf

SHA256
7805b43c10cb36f6c418d721d02213de51ae3a85778c9bb33f91fc0dce3bc276

SHA512
bbac472cc1869af9c34a8aad6baacb3137dbcd20dc82c600ab32800908c76451e09dc44a3d3a870dc23bccd12c9ea4702eb30d27209ddd4d52fa296aa45738cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0d5e00aa691204cc7c8030e5657b3304

SHA1
57324d042242f320c11421992e6bef568606f7a3

SHA256
228f577243863ba9e5e0d0e40e3d3173bcd1493bcd99086053a358464d594404

SHA512
5c26de1604f67f46d9b03a15b4eb2d486f955af19d56da247241cb4e0c427b311e04c4bf4b9c2ed35d95dd68e95e1cb6623ec74f345bb3aabbe98e7cf2a765fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
916ae16c3952e0cd750a8ccd4f1b20a6

SHA1
09b54e40171a99ac0787047d39086a347a4665ad

SHA256
8f10619e66e4a6ab2a2f5c4b7e1b075a0ee7df6dcb1c8a0d96a62608fd2bd0a0

SHA512
3700b07008bfdc84e3966170f40014358c31cf4a65f183623e64a64acb99ddc0509b2dac250dcfea907233275ade0355a8d96687c453cbc3bc4ba4515ab6c9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf24819bf239595649143e0a99f9267e

SHA1
7a6aac919f7e05abcd1d24f7044f383f35cbe952

SHA256
e717077f3ec6ef0e68f227487be31e2fd425b0e68af5ddd0eecfb278322646b1

SHA512
d67230ecd75fcc68cffd63487bc71a008386f7a4f94d46e509f69daec176b1743b47e611e25e0f4ddf2f6059ed500b86014aad5c15794e432f7a1d20a228a13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af9b4f590378e94075e6fca263cb3bf5

SHA1
31598474de4db058ad9d935fb9e7273c864b9016

SHA256
9d92f5a474e6c7633b7bcbc698d115a78f4036e32fc12e31f3c17ec647e73a5d

SHA512
9c2df238aff55a6c483f255bd0aa9d3d33069b282440c36b54f48aeca01be6b855c07c8cd67ecf76719b1b4c4a241c84c671a8629f44654e7c44a8ec523671a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
e67ea52be7a0829a23b4f55055f08adb

SHA1
e38eba5a0911b5822bbd65b8be83b2f755f61931

SHA256
6d8140103ed32f62cc26f2214bc4d2b0a075e42f92d777b2420701c827f69009

SHA512
2860ef99ec52871098da71fd2c6bee3f2ab94050f5d5b9d8716046fb13d67678af86127c01b750a95c4f1fb9643ed7581f1c68c48f52d96d2452c840b6695792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
2aa47c8b9e4241443b59356259c659c5

SHA1
ac1e397459c791f8ac63b7420fe2b0f5bc7645ef

SHA256
8220b00371dad6864307672d592e06e53bcfc22acbd8a2de2795eb97f1d932a7

SHA512
ed1719d11c9c96cc9fdffada9b69645960ebbda21370488c41c23b02cc969ee30698ff8574b87719a634f393fca98feeb788b8a91f6a805671f30367711bac34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
04001d62bf8f66f7fff5a8a39fce0748

SHA1
3c721fd8d7f6c13f14c23c561bcc3e53170a7148

SHA256
48619e46040f040ba88d4da3203cacc2559470bc98d33a01745206135a5acd09

SHA512
b2662f661f6a5e8a11a899776a4cd955f959bc1913fa007ba182ba5e4f162e1a7c7ab3e3b0490cfd337d7bfa0317c9ba2cac532dd115cc1870fcf5dc72f7a54f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc1545f40e709a9447a266260fdc751e

SHA1
8afed6d761fb82c918c1d95481170a12fe94af51

SHA256
3dadfc7e0bd965d4d61db057861a84761abf6af17b17250e32b7450c1ddc4d48

SHA512
ed0ae5280736022a9ef6c5878bf3750c2c5473cc122a4511d3fb75eb6188a2c3931c8fa1eaa01203a7748f323ed73c0d2eb4357ac230d14b65d18ac2727d020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc1545f40e709a9447a266260fdc751e

SHA1
8afed6d761fb82c918c1d95481170a12fe94af51

SHA256
3dadfc7e0bd965d4d61db057861a84761abf6af17b17250e32b7450c1ddc4d48

SHA512
ed0ae5280736022a9ef6c5878bf3750c2c5473cc122a4511d3fb75eb6188a2c3931c8fa1eaa01203a7748f323ed73c0d2eb4357ac230d14b65d18ac2727d020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc1545f40e709a9447a266260fdc751e

SHA1
8afed6d761fb82c918c1d95481170a12fe94af51

SHA256
3dadfc7e0bd965d4d61db057861a84761abf6af17b17250e32b7450c1ddc4d48

SHA512
ed0ae5280736022a9ef6c5878bf3750c2c5473cc122a4511d3fb75eb6188a2c3931c8fa1eaa01203a7748f323ed73c0d2eb4357ac230d14b65d18ac2727d020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc1545f40e709a9447a266260fdc751e

SHA1
8afed6d761fb82c918c1d95481170a12fe94af51

SHA256
3dadfc7e0bd965d4d61db057861a84761abf6af17b17250e32b7450c1ddc4d48

SHA512
ed0ae5280736022a9ef6c5878bf3750c2c5473cc122a4511d3fb75eb6188a2c3931c8fa1eaa01203a7748f323ed73c0d2eb4357ac230d14b65d18ac2727d020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc1545f40e709a9447a266260fdc751e

SHA1
8afed6d761fb82c918c1d95481170a12fe94af51

SHA256
3dadfc7e0bd965d4d61db057861a84761abf6af17b17250e32b7450c1ddc4d48

SHA512
ed0ae5280736022a9ef6c5878bf3750c2c5473cc122a4511d3fb75eb6188a2c3931c8fa1eaa01203a7748f323ed73c0d2eb4357ac230d14b65d18ac2727d020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a449a8a01cc892638ff1e1d317e72633

SHA1
9f750349b6d1a31d91554cbf0eba199bac01caad

SHA256
c334d8b6e58988373a1e5f9d5d1907b2b7e32a9e6552088931bf70f546485247

SHA512
6400026a869e30f7ef10e160873554f6b14b9251a23a1cc47c5ba5b99bbc7d13dba524bc4389886fee44b5021ef3c524d14aae579e3da265273031acf3664dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bd5e2f8f1fbf81053d0d362637ffbf8a

SHA1
1de122c6a146d613d2d3aef1a5c477585f4ec849

SHA256
a5bec4aed7d76d15a0ee0d5dfeba8a82f388b678d53de2d331b2cff5085fd4ef

SHA512
0ba39df1b5166a6be10a2550974310050111d8a4da9adeabff11029203ebf8f97d277b9d767c5498c76b36159c8c865dc2d795a1448afcf3fa25c8ef2098d8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14bdf0c6a651909152061d0217a5b4b1

SHA1
72bb26210994a42f01d83aad1bc3cc489dd80c99

SHA256
5777348253a3489e82ae66bd477e09ae7965070045ce99aea68dc0fc9bebb289

SHA512
5d9712c99377751fac649626e8a73b6863d5efc8ca79d694608c42d191cc867912c9e30bef368c74b3d14091276b9e26f8e7bf460ff6c86adbb6d84f72207cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59cfcf1293a246d11a0b8e9c20ff3703

SHA1
dc7fcbcb6ccff65ef90c33e4e045a18636c5da62

SHA256
b06b40fae8a8894af92d6d5a7c7a9f6a0a12331a71c97111ae97b6fd6f272716

SHA512
7bb83e33e63329ce6c6230b0c3d4913377e76ebe1531666387c36d1cdd27328ac7649bd1603041b5a6341c1a72908f38fcf4533a301b0be832fd3a9b256e0fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e8e366146be8f8ce9c1464fad1c56a47

SHA1
1448a4ef710b27748a537b246ddaa87b45317b2b

SHA256
acbacb96c8e0bc385c315d093a354b50fa267ad65cbd8533338526433eb6e9c6

SHA512
ff676ae02848a81dda9f57151770fbe4fc3b6377edc83c46c9c0bdee36d4c3d25cd92f279355a6862b5a41b3009e9675bc81ebf7cfee2b69ccfdb492bc50cbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d26cef3b4d2728e36809f7db38f6601

SHA1
f38d914a14df9e4f5c1b4742a0b69583d14edd32

SHA256
abd74b45b3fee87e21c0f5cb901a9b36058fc463db478830c0d84c35e5d7ff17

SHA512
e9cbb4e9e48529c7f315973ffc395aea5f6ed0e9a44b01e2d76f555f8f3934f226710eb26d12f654e3045577f9feefcd18143bc9080c01b1b95a14e59856e74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15edc4bed6a0913da795ad26b4e46da2

SHA1
4652c3db2b5dd9eb1b4493c009604c4e0ac36854

SHA256
f63b0d35b0b32414e81f210376490638a01078fed7d79a52bde2687e94424f38

SHA512
0f0e392c24c5107577b7f695174a29f6a376a752e9f0c28df94a0a985a6771a94106c345d7b881b17111250c18617d41c76018d4ffd54720a6102f6b9815c219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7727c8fc2835ceb287504e26640cfcf7

SHA1
43071db6797a46c27bfeedb5068ec1ae9da7770f

SHA256
4ecfdec0838fe99faf2efb5c3c4e513544c2ff6f87ff5e28e0e703893f69169e

SHA512
83b4e5d192819cfb7b590116978a7ea049c7d7f369d26220971ce4651289c7b82102accc2f0969a017d2c2b96f6b64ebb9215982e7b09bf2daf638c8dcb81627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
fd020fe1bfab82a5159f542af84f6b7f

SHA1
897591b3c42879d6001a00a8f7bd13ffea4e0ddc

SHA256
728b4264d7f340b588fb86fe098b1624f42352c9736c96815f42ef11d15e966a

SHA512
7104e9f048074f3924120e40c11b684ccf8538628fc4295c965c13dc922256144c3f9e2e6552e467dfda0937115df0e82021be4f66846d8d02d24367be4db559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c058.TMP

Filesize
533B

MD5
101071ff6cfa70be2b6083755a396242

SHA1
7b8c192ec173a84efaee93061479cc79efbf4afc

SHA256
5fea48716602c4b9d893f72ba2a7668ae79b625b49f289114be876b1e1e05c57

SHA512
0850f0b6f7262c6c892613abefea0c5aaab4ab9538e165d02fc8083e0b199c14ca2f90d642adf9e1d293e51da5c729ba502e8eb0e64455efffdd557f8d9d81fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1f4502a58b49306a763861404eb4a52f

SHA1
8d6197091c41764bf43dcb01476cceb637933f3b

SHA256
62a9a1f6a60ab9a83768aed0f6629923daec75948497b6cc87e258dd676169c4

SHA512
af2236f726d1a459cdba5aa908b5e4b60722a2573b3b7e202bd0db0f8068b143324368d5d71e0853a34a336e2418ba422e36a4a900e940d8eb742f8747af8e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7308337dbf7a6b86ca0534a2b5a3ac76

SHA1
31b3746fe6d963941441d397eb68a0e0cf801bd2

SHA256
ca12aca120d645f9c0efc2ab0c7d921a606630a8537eaca4c5f9fa860be39e13

SHA512
c5b4a7e710762020b080bda85581a0300f56ad309ba718ad4893f78fe7f788937e43ff11f4ceb095a1f818e96dec7593e20f990a76b49a50f28a1da84cb1c915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
179fe0d3fdf73b786071e56e7414a4c8

SHA1
463edd6754f7fabd2e1b911ffeb0b97c0bf40cd7

SHA256
c3acae7b43d1066165bbf3b788c10acdf9e6087f559e8cb3117f0e8a19c3558c

SHA512
2fb85095a4d2e883f40d62e21ced374adac5839086eb0bf1b36562224fc37904713cd382cd2f3757315b483fa5b8c5cf9d14bc2044d9b62a1669bd0870cce4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e21f4527cb13870593cafd1f4e81f437

SHA1
4b7764a701a3323a2a7063174679c976eedc5814

SHA256
969e1c564d2aac4415ec7cdcb9cdd654f8d6cb8cc5ce7add6cce2d6111bf8001

SHA512
42abd7a5589932c972758b8935b75d5f7a60767a408afef8806aa9077b916b04b16ae61743b08b052593ca81bbd7ed0a5250b6320b5a87183b58d6327bb1abf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e21f4527cb13870593cafd1f4e81f437

SHA1
4b7764a701a3323a2a7063174679c976eedc5814

SHA256
969e1c564d2aac4415ec7cdcb9cdd654f8d6cb8cc5ce7add6cce2d6111bf8001

SHA512
42abd7a5589932c972758b8935b75d5f7a60767a408afef8806aa9077b916b04b16ae61743b08b052593ca81bbd7ed0a5250b6320b5a87183b58d6327bb1abf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
179fe0d3fdf73b786071e56e7414a4c8

SHA1
463edd6754f7fabd2e1b911ffeb0b97c0bf40cd7

SHA256
c3acae7b43d1066165bbf3b788c10acdf9e6087f559e8cb3117f0e8a19c3558c

SHA512
2fb85095a4d2e883f40d62e21ced374adac5839086eb0bf1b36562224fc37904713cd382cd2f3757315b483fa5b8c5cf9d14bc2044d9b62a1669bd0870cce4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d5522ebf6a91d1d24bf020015f5b1bb5

SHA1
cf705b672d678a6293a8bcbd664ce1390df9cf23

SHA256
3c2b3c1f234313869a12aa98e37d6ae5dfe38922e5e250e5c3ce64496d8170e4

SHA512
3cfbdee5fd507fb8742ad7b0a2ca408665db595564aa7593408fc7e35919b65ff087d7eedf1c1e42c7c731acf3e12e77a7f216e2c5d471fcd4c7920ed02440f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1f4502a58b49306a763861404eb4a52f

SHA1
8d6197091c41764bf43dcb01476cceb637933f3b

SHA256
62a9a1f6a60ab9a83768aed0f6629923daec75948497b6cc87e258dd676169c4

SHA512
af2236f726d1a459cdba5aa908b5e4b60722a2573b3b7e202bd0db0f8068b143324368d5d71e0853a34a336e2418ba422e36a4a900e940d8eb742f8747af8e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e21f4527cb13870593cafd1f4e81f437

SHA1
4b7764a701a3323a2a7063174679c976eedc5814

SHA256
969e1c564d2aac4415ec7cdcb9cdd654f8d6cb8cc5ce7add6cce2d6111bf8001

SHA512
42abd7a5589932c972758b8935b75d5f7a60767a408afef8806aa9077b916b04b16ae61743b08b052593ca81bbd7ed0a5250b6320b5a87183b58d6327bb1abf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d5522ebf6a91d1d24bf020015f5b1bb5

SHA1
cf705b672d678a6293a8bcbd664ce1390df9cf23

SHA256
3c2b3c1f234313869a12aa98e37d6ae5dfe38922e5e250e5c3ce64496d8170e4

SHA512
3cfbdee5fd507fb8742ad7b0a2ca408665db595564aa7593408fc7e35919b65ff087d7eedf1c1e42c7c731acf3e12e77a7f216e2c5d471fcd4c7920ed02440f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
72ce5b6d1a437a898da0a8fb9fae402e

SHA1
019ae749f84b2e7577db5948d17a6636fe2929e4

SHA256
4db9fa8277dda1236c4231ab423b1575e65eee8300479cb66349bb0167f10089

SHA512
63e0d5ffc3a8f6e0b430c297291df7c022f103206736930f07405505ac2c2ee01fa9a5a2f70ae13f3e6d5cbdbd4e142ff816690a2ad742e73ef4571b60866b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ca61e7ba-2979-479f-8efe-99f63f75c3f2.tmp

Filesize
2KB

MD5
179fe0d3fdf73b786071e56e7414a4c8

SHA1
463edd6754f7fabd2e1b911ffeb0b97c0bf40cd7

SHA256
c3acae7b43d1066165bbf3b788c10acdf9e6087f559e8cb3117f0e8a19c3558c

SHA512
2fb85095a4d2e883f40d62e21ced374adac5839086eb0bf1b36562224fc37904713cd382cd2f3757315b483fa5b8c5cf9d14bc2044d9b62a1669bd0870cce4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e82d3dcf-aab7-4864-a8d7-e73e760eee88.tmp

Filesize
2KB

MD5
d5522ebf6a91d1d24bf020015f5b1bb5

SHA1
cf705b672d678a6293a8bcbd664ce1390df9cf23

SHA256
3c2b3c1f234313869a12aa98e37d6ae5dfe38922e5e250e5c3ce64496d8170e4

SHA512
3cfbdee5fd507fb8742ad7b0a2ca408665db595564aa7593408fc7e35919b65ff087d7eedf1c1e42c7c731acf3e12e77a7f216e2c5d471fcd4c7920ed02440f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ff71fa4a-b902-4853-8cb8-da2f9fbe38df.tmp

Filesize
2KB

MD5
1f4502a58b49306a763861404eb4a52f

SHA1
8d6197091c41764bf43dcb01476cceb637933f3b

SHA256
62a9a1f6a60ab9a83768aed0f6629923daec75948497b6cc87e258dd676169c4

SHA512
af2236f726d1a459cdba5aa908b5e4b60722a2573b3b7e202bd0db0f8068b143324368d5d71e0853a34a336e2418ba422e36a4a900e940d8eb742f8747af8e12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b915d0a24f433417d00ab41fa6ba96d1

SHA1
4254d0bcae1fb14a41ac2196caa9edd5cbf8e4d1

SHA256
b13c3f03f5cf215f9e70a20bb284bcaf019236134c6a19f510500b8266f14a29

SHA512
6d3c2d44e56a2912bcc385f0fed21d45cf24bb2d8b98f9fa694854dfbe0c5ccae7452860367a4ae3a8a5490a05fd63bf799e04ec4111059b471d95476a101884

Download Submit