hxxps://gclnk[.]com/MrBjn00xpN

Analysis

max time kernel
209s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2023 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gclnk.com/MrBjn00xpN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450170298995599"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exe

pid	process
3612	msedge.exe
3612	msedge.exe
860	msedge.exe
860	msedge.exe
1412	identity_helper.exe
1412	identity_helper.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
4444	chrome.exe
4444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exechrome.exe

pid	process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 860 wrote to memory of 5116	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 5116	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 1808	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3612	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3612	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe
PID 860 wrote to memory of 3044	860	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gclnk.com/MrBjn00xpN
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a5646f8,0x7ff99a564708,0x7ff99a564718
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
2⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
2⤵
PID:472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,13173429529219788278,15978501799018693508,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5152 /prefetch:8
2⤵
PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99a409758,0x7ff99a409768,0x7ff99a409778
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:2
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:1
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:1
2⤵
PID:492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4748 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:1
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4124 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5452 --field-trial-handle=1816,i,7606143953079201488,380594784669927227,131072 /prefetch:1
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:320

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
471B

MD5
27fd9486dd4a0dbfc51e9181d25e41e6

SHA1
e7c69f98be82885dfef18e1c16981429d40c49cd

SHA256
1693c0dcaef77cf7ef5194a076f8258f4459ba83b56d822b2c1184b96dd5d28f

SHA512
a943968a6baf7e5ebeba07b3a92e2778bf9951a4178b3cbc5b7f44f5040cd8c946a7e0515b6136218f214f356abc175e1dc2f438288455eb44f67dbe23996374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Filesize
400B

MD5
337465cb9532e9c3f191eda185ecaee9

SHA1
43f97b399aae2585addfccc9d5e27eb9244d207f

SHA256
31233502a44508e877c289c06f6835cabd98ca357890f2ffdcfccbf75399f482

SHA512
ddaeecb8b0af21d06fdbac8d59358b14d859c9d45ab1e2aee171f26233f13718d066a91794f603db7cfa900436555be6dda0d54be0f486a482bd8d81f6f8199b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
113KB

MD5
d87a45973b79bf3b40c4926f9970c2f8

SHA1
5b4ebeb9c4471a9ea2dbe95a2d5610a47ee1d58a

SHA256
6f8cdcf4f0898b8e642533ee0a02d86a99ed732375478b50f34b7700adb736e7

SHA512
e8aa3dabe7002776d5d71b177cf962739b2504d7123f0a30c6cf0325adcf6506fcd12d454032c378ce1422a512eca9304a4435aae28b9b4fd19b56e752399174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
5a5e4036d0d106051258e57497107b48

SHA1
933afcd532af3c048d2a258261fbe7f38f43c452

SHA256
6d20fd45dba25c6cf32735641130b969dd1ffe0fda1259123fb533ec0b720828

SHA512
d4e30e33388d67a4f15a1ad95fb88f10b6b8a0ff343dd81f2e6439027b6c668a02404c6fb14f2a347612923972af4ceb29cb37aaae0f005cbd1fd4b6c988aa37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
e9294d0676086bdaf8bb384a1435e138

SHA1
42b3f82ed83df0e1e4a416f9f4ffbf918ef046d2

SHA256
d2e65c0dd41bab134aa74af6862a8b738dffc675559fac9fe792d142ae34d557

SHA512
c36b99cc636e6c2fd6c666278d71afd11b4d6c9122869e8fcaa496f71e46e9fd0de9e875f500c4d64481de49d77595f579d7c030f642a5685cb7e262f8c60280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
22d014015444e164f3475a362272c5eb

SHA1
b9fa2af612254f7aed28e2c2415185fb5dfb2e25

SHA256
d228ebfd42df193b333d64c0b3c37774e462144964526039ca5e425bf10759b2

SHA512
d774fac4409797a8f2547b789040173e959f230f7db504e0ff22a0af878dc066eaf8ffb16cfdd31ba72702a650a37ab22aa0baa28aa42287a2e758cd29d3a0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7562f3a927757c6e5c4598aaa2ca01f2

SHA1
2a6cad88afdb031e2eda36bab42e54fec0c922b5

SHA256
d20ebe134914060ce5f44aa04e1bfd8f299d2057b80918a7a3cd6fc4f6e69777

SHA512
b8fa9bd3cf630bb5b55935ff741801357a57067ef3f3fdce338bda342344cb5d9028e604f2d08bc84efd41d8df30112a4c6ca2298ce6f274890c64ba17c3f3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
f9da6bd618b25845d4c1e111b6a19748

SHA1
c765e0bf001a06ed1db3d3de539b95ced483a1a7

SHA256
d92094c0dc8d95a160e3fdba237052e5827da7cc4356915efcd73f82e6736498

SHA512
ebe6a476edb59bd81fbf245a2268bf387f650792ecd104ec0e5b8e0738a3719c30b916b28a2fb3fd088ce7782a0a953a5e111b0a473f4a903ae30a16d175b1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
220KB

MD5
ece7df3d9cca52d9422618cc3b95870c

SHA1
5fcd7b8f6bfeae8c1979b317bad4a07a78b3ca2a

SHA256
0571e0884480bf514fc0107864694459adb259d7dc48f0f26fa00894dac6b625

SHA512
d77351cec4b1f6c0ebdb3f8778d88cf801597c37e0857a354b1ad371f15bebfcb67faafbd897f2fa72bd47e6a7c68b7e0f41a5d0348f4a576e3dddab1f99b2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
88KB

MD5
13a6d74ad6b98b7194ac1e2bb91ebf9c

SHA1
f4e125f62cdfdcb8774a8479ce7ab070c88815e8

SHA256
57f0940477fc9fec40f298c5dd6135c961d947d63375f0303b445d22346c8930

SHA512
155e22e639e7eb54ead79ac114e5bcbcd1169359742decb7a62d1172cfe6e8a81002fa28c1a68ad80d9a6dcb1da77de4030207ce3b756ed7f2ea7f5cbf95ca51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
47cad65529cf2dcd27056b3c264db07c

SHA1
3481e7add5d8c6540848b3bd34abcda8e46eb8da

SHA256
90b6e6459974ee1ba1576edf9badb934feaf04d9ab53209fbff59ed715777893

SHA512
7ba0df9c6b6dbc28b160676adc3454834ffaa595e26b49453156bd2c7adc02c2d8e6b1ee9a6a77971f9594d6eb96acb1d41835c90e2458fff8ebd095ae45b72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
f45152fd3dd5639b4aeb8c2be266cf6b

SHA1
ea3de6a08ec7e28977518a237c4f361b7a319d7c

SHA256
cdf6721a0fdf0d45307d5f285f24045b35f2d884fa3c5f01b568772657d0ee4f

SHA512
6df0725e17fdea5b582a34483cece8bfe501607599de0b56a41e92fb5402a5c19374c3a681d5dd203dfb34e48598797c0532f280a5265658335f7ab23655e718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3bebfc4c561dd8c1ec06f2d998232078

SHA1
c0be449fbb70331cb5fc5e5d190e1cdfee9f2d18

SHA256
54b80f60863b2e01aabe998b03932a82bb28ccd0ae1a24b139ed2ea8be6c6b74

SHA512
7269f018fa8fbcc4f3827e174158dbed18d639e9c12fad5c797520c6a68b7d73c4228dde242ea76de8bbd98a83415755e5a6959af5f3af3650a28943a994232b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9db21c95d417f8d0c89fce4321e9339b

SHA1
7a174f5dab51fcca272f11bb487a7c1f244bd715

SHA256
809994d69fc2a2a2d09dcb22e9b78c7d910985181fe95f2c0293d56020fec460

SHA512
b3045c29e153ac2c859dc56f2505663238605036a190a6cad60d39c3fc59ae14ed3a77877c8ff549521fbf978c57a789534b31a833f493f88bc6a60083020c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
eabf075f0c5cb38f27be3513d33181ed

SHA1
4abdcc1d8cd05fa6bc648f073d168b1086ad07b8

SHA256
1b7cfcc61767c86ed936658f79b3df68439851d7a6220961956ce7b0f7a5a421

SHA512
00e9e0dae15c900a0fcffef3f027c1704ba9d4a86f5043550c0eb67779605f37f4a0da15e2edda5a0ad3bfd77732ee965cc1d0b7f207bd47c0aa7a05eb31268c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
be32f1f69b554e3ed9aad527cede6e7d

SHA1
e82fb3f9537a003c3b0b522b9e8c59ab1f63ab87

SHA256
921799395f08312d89dba7dce6c225cc1991f30b4f4f9478ce2b1456e21f907b

SHA512
a324cd7633ee8360d4bacc7d346b54404e9c659e94d946121cd429ac8ad73ed7ef588dd71b37594eb8afd8018c30c56086f6a05a15bfd3b231d115bf43fdfb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
abc87e7daa5bc5e60350194e67c0fea6

SHA1
8792fe44268104fc158efb2cb613e914e16c0243

SHA256
bf53eb623ef84f2731e8f3a39730c0d16e93c9abf62f89d176e759a4c4783c8f

SHA512
11516c0141471da7e7fd84e361a0551d4637f0d1c9b932ccc9b2bde4b47ded901c5f4172dd58136c942a088a875ee3a720605f1a584af6c774a9019aa1cca9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c2b1bb1983f26040d6273e0e1dd0446

SHA1
a8f871d69c5b1aa05c8b85ecc6053117a2aeab08

SHA256
0fa7627e27e2c4768877cc6da72c58624140b73be2801ba71453f30be9d6548c

SHA512
d1d19e69301557b59f7697e668eaaa51f1e961efb5346456861a5b941e143a4e668f4ba552d5426cb49d9e7b700baf67d99f1321d8ec0c2aae416ba1d93d0550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
11f4617008ebc9280e110cacfef6d41a

SHA1
4584ac4c4f079cb3849b579893f1958e010ea1e7

SHA256
6042b008887bdbc380ec2119dcd5d25b88c66d6344e26c12c1541392de3ac6b3

SHA512
1165fa61bbe46a53902423aaa36a70ff450dee823a4ca861b1337b6fe9ecdefb3c897b54213d8b651602161ada2851bf9e6823558f03c427fc83b95036542689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
29ee025be240738d2511e0c3b8df0e31

SHA1
ad7b3ab22d70398bcfbf7aa8d6032461456bf873

SHA256
9f48069136ba7935593a4a1f5e5384a602a68defeb9a6e2b3e97b2fcce2b7224

SHA512
68afb3ed7d43be705ea29e41c4c5da134f5d76406037ccc04a836a9163d43420778057ac928c38714748323face444328e75a6371739ed3d1cc675bdb681d020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d9c5664a221a4c5296d8e63975f9b4df

SHA1
f1b650e32adcf815ab9a623d059dbe0a9d589265

SHA256
b9223343b9bcae591352da178f2bed9812231286a7d919cd102f488f70f9d08b

SHA512
d29c570f1e4c487c0631e9633539e15151e95ddf0a93786d8795df23a0c4137b7ef793277b04d73408dd8f957e906e9c9757e042378e3a97835189499d404202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b7146ecb228de832a86d753b17264259

SHA1
e33448005a4cebe9194308e80aa98d9198d2ec48

SHA256
b3b6db749db0c5aa406d88149b05d83798bd8191b0048b16c3a98f2e56ffd69b

SHA512
adcae4b4a8045c9897f501c90bbdd5b5c4b4709cd9c40731e5c577419bfa135c5b305737d5819952a25d58b7df43e9532d727de558bb9c4db5bc0a12f9479d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
f13b1016f01897b70d0a6fcc7056799e

SHA1
61bd76734cea2c0aaebdaca909526b5659c90234

SHA256
29a503242816d560dec675cc9585d649732d68add184f00ffeb2b7257e7cb21f

SHA512
04ef6780e324fe0ad660e85d0f9a344d71d06ee75890c4958f4a7dd5f2c70c3ac54fc171af16a474cec7a91d30497d6dde4ac1f982343ab5f10907763dca48ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_860_EKEZJRKUDBTPQSBN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4444_QOQEEKTFBQBZQKJI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit