hxxps://atenciones-gt[.]biz[.]site/

Analysis

max time kernel
150s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2023, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atenciones-gt.biz.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450565061046685"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3260	msedge.exe
3260	msedge.exe
4344	identity_helper.exe
4344	identity_helper.exe
3644	chrome.exe
3644	chrome.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
4488	msedge.exe
3644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe
5784	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 632	4488	msedge.exe	87
PID 4488 wrote to memory of 632	4488	msedge.exe	87
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 1436	4488	msedge.exe	90
PID 4488 wrote to memory of 3260	4488	msedge.exe	88
PID 4488 wrote to memory of 3260	4488	msedge.exe	88
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89
PID 4488 wrote to memory of 3040	4488	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://atenciones-gt.biz.site/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0c3d46f8,0x7fff0c3d4708,0x7fff0c3d4718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  PID:1556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefa149758,0x7ffefa149768,0x7ffefa149778
    3⤵
    PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1762427595623098684,6452965295411914013,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffefa149758,0x7ffefa149768,0x7ffefa149778
    3⤵
    PID:5148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:2
    3⤵
    PID:1760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:5636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:1724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:1
    3⤵
    PID:4296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:1
    3⤵
    PID:4516
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:5892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4720 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:1
    3⤵
    PID:5912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:6012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:6016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:5932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:2960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:5784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:2888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:2316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2316 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5464 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:8
    3⤵
    PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5384 --field-trial-handle=1836,i,6617080715297965793,15737392129073548850,131072 /prefetch:1
    3⤵
    PID:6084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b24610fd87eaa133bcfbd60e79eceba3

SHA1
a26b157e626f8adbb1ec02c1ef4374a8ed068cda

SHA256
4887288b1f4c963a86433b76f652a6d049721f5bebfa1c0ba2945a14bae00e55

SHA512
c15b5df289436348e452a11c9bb341f264c7fa88fb39ffeab301628e23b5824620fc604e19ad6d21914e80d3b3eb27524628f7439b1719cde271f19765bf4d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b24610fd87eaa133bcfbd60e79eceba3

SHA1
a26b157e626f8adbb1ec02c1ef4374a8ed068cda

SHA256
4887288b1f4c963a86433b76f652a6d049721f5bebfa1c0ba2945a14bae00e55

SHA512
c15b5df289436348e452a11c9bb341f264c7fa88fb39ffeab301628e23b5824620fc604e19ad6d21914e80d3b3eb27524628f7439b1719cde271f19765bf4d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b24610fd87eaa133bcfbd60e79eceba3

SHA1
a26b157e626f8adbb1ec02c1ef4374a8ed068cda

SHA256
4887288b1f4c963a86433b76f652a6d049721f5bebfa1c0ba2945a14bae00e55

SHA512
c15b5df289436348e452a11c9bb341f264c7fa88fb39ffeab301628e23b5824620fc604e19ad6d21914e80d3b3eb27524628f7439b1719cde271f19765bf4d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c78b0db79dc1be86be7fd2dd32b190db

SHA1
e0704136a145c2b25231cc9dbd83c533c07ce0ec

SHA256
4106802541d1a15413390b708fe53f3d45e8ef1ebb59702e457fd039cdc26b34

SHA512
059301dc90ddddd92c06291c75badee1f694f9b4197d8394a6ec9d7c7c86c2576fb6bf81a9f8e479c6e16173f834d03d6da55a879a1dcec2de7ed2294d79e79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
029be94c267d59685ed3a51aaa37cc70

SHA1
c86caed68da2889b67a78c87ce22a4ae779661c0

SHA256
6af5eb758c420dd3422d2a7d825e56695ac6022337d4af8491549e340dea0817

SHA512
89c2adf5fdb1b5d738d88ce57fba2f2297bd8eee4bf3928539f253d15e727b0f804b2a29b942c5622d4182f4077c9ebaa90712527e9e652af01253ee4828f6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b8e35a6eb2307201cfc076dee617b5af

SHA1
bf14d0fc1a7cb74b3f7788ce2a7ffc32b589db95

SHA256
94cdd43d26f18f2df1c3d3e1af0cd569b31cc1d2ffcf2bc68a6e939151657b3f

SHA512
f57ac36c53673213da792ead2d8ddd64343b6d373cea168a17535c090a90075064a76e957bdbe07514a4e6e001249544545f918eaca49b5b98f59a9343a98583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
618ce788f5907b3a8394fb7f51046e82

SHA1
38eda7f7eebc96bcb8abc2d438e9b1ff7f0ee9f1

SHA256
1225a28576a1f611af1094faba1c334623195ecf7925753529d0a9d70b3adfcb

SHA512
c68ca187026c1994bc4d6e9371ecbb4676c13efdf0812e6174c79d342c9a7219b00885d987c6ec8ccdb8feb5060fde443570b90374f6ed185fd8ba8a7f27179c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9946f2851d36d2c8c9355358ed327cdf

SHA1
005a9d81456b55013bfe40b8b929cbaf6092e0e0

SHA256
c35a5e8d8abc446adfe77466e59ed5246ea0952df463b5c07eaaf74ddeba88e9

SHA512
f8a37cb211cbbec2ee8679be833d15b82d28b1910744c54c8a9d398aa2e2e88c19e510b6883272898a09895ac505ca5c52fc4a68d9fb48dd0aba979aa6a31b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc9a295079b7ed83982308e814bbb473

SHA1
69000bc260c9f2aaaa0ae32e2d9cca849f73ae00

SHA256
dcaae7312019c959c2198f9bec88d1c0bffe99f30f20a3b4a0f829e4891f30be

SHA512
0e6dde6277aa3efeeb9db698ef4a2f802f5ddfa31792c1daa8922dc921865489e98d2398087dd7ec4a222666c3c880e38c7b3f23ae7b9a41da3d7d2a3f0679e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
435f4b13ba191519feb2c41b64db3a94

SHA1
9c5d942ccb60678ed18d93f1b24f4ff1826d432d

SHA256
522aaaf6bce6e29e66b5d5e88c6178cffa03aa31b0370620d5e6c5ffd168e5ce

SHA512
352ea47df8f1f8c2977ee9d8d3fe2f093f061003d2af5120eb0e5062aa4fd1418eb9b446a2b08b1aa4a6ef59d0cd2adf107ec4328d72fe7e38533d9fc428eb2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5534f103ea8307b8bba1b2be66ba0602

SHA1
159801c4aa31b5259e27b9c029531d6924cbefaa

SHA256
e7cfea5f57fd2f1d7437f74f0ba5c8692d999059ffd2b3fc20143f08097f6cd5

SHA512
d85e1fbfa8d8353e9c44406c6c99c837132a0ab43e75c08979580c7aca03c48359e95be94e6fb83144aaf4b4ae2e1a16de45f0b0782adb7c2c7d391720dddf9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
07055b03318a80f8849ee493cd326a32

SHA1
3d0c191c3bb613c3cbe9c2ef6096f7f7b82149d9

SHA256
44b6705de62c97a7c4b0efdc675e4453d2e9ea401cf83f7af4679a4a5bd1699f

SHA512
21a3346150d6f702d6ab1c845a276b6b16fc9c501be04cb848f4817181f462b4c8459094f541f9647c95485432d6bac87c8e2d5cc4d2d78a6e36fd176d3e30d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
0c1b320fc8496c0694fef8ae4b186d88

SHA1
42aba59c5944af9e328e75183aa088e20c9e7e63

SHA256
6a354a2ea1185f3038e08b1594d54c09f951f7d7913801abd6f98f2e433f4cf5

SHA512
0b0937e4f97d55d95840c39f608bd7e8b2e501e3db45b6ae9320b2cf677673394554d3078793e27ced84fe0fd8d141845c20ad858e961b7be0e2f0d5f9befa20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
8009962af5eac41aaad9ad389001f313

SHA1
622fd35bd7f235747f9e28a3eaf3d7f90ccb4e39

SHA256
2349c6ed043518997c8276a4fc3583e0e1dc94f8dff1902d220285121d32c492

SHA512
4499206bfb8e481bb14cc03be34903e1808b805aeee051cf42dbafcf2b379ed1e4bc0074d6ff29ff845b8ddd061f2eb51eed0bb582537bb345ed7d0cfcdb88d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6e6adf5046cbf2dd9c30f88c78789c54

SHA1
47cb2ac4301a702100d1626db0209231b2277c9e

SHA256
e556858e268188d9d5bf5fa668cc66e667f55b19fe9d29d2913ffddfc22b2f7f

SHA512
62319830362363509557e88f0b1fcdbc42085b2da2e69e2dec498f27374386acff8bbc6fff0ef5cc995e8b3537965e2d25e270467b5169d4ba329fafb9515b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
828B

MD5
e0b2e2628151d6d7a81ac5bfa9958f93

SHA1
ad17d928bcd3978ad673d7fffd512228fc80f09c

SHA256
bd96f514e12d8c422af52935e6b670f15ee23428b9f7b5963d3c49bafd1b3783

SHA512
828ed5496fda8e18c9d0f5d7412ec6003158f5d34ecc3759fe7a970bffffbed5c7b8ca0be0769249dad741455c18039dc572178a07504998d726135ed22144f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77add210909245f6b2b9a1d2a29f0317

SHA1
ae8562d2d0f377b716033019a926a6e6454c981a

SHA256
c347d82414cf839f025c67a06a05a7eeceb800a8efa2ee963c6e991ec7081b8f

SHA512
ff323d0816315e79b8f963e7cfd25590c68ff776c66fc8e27c77e35d348761489fe905fa97a640b6d844ba611cb42f2ee4e9a928dcc7975dfc1780bcad32fc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ff49664a156304dc95a9f7cc94fa52c

SHA1
af29388dd1c2e9a09fed8596edb2725a5f0621cc

SHA256
8783eb7cc359ecb30b5c565bf0c2ffd73a2612cf582e5f78e14ed792e74ff3ff

SHA512
c08531844481da96fa1a35411fad0d4af783c994ce76e70bd82bef518d2e9299686f40133cfa442bc2e238d3457172a5768f4bee3ad8d7205059de3b227248b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df9e796d7b88f24dea97d13bd14abe61

SHA1
7799200800b1353f33318b15370abc5c7417503e

SHA256
69092eb0fadf88073bbb98efa5425ccb0954fed11b14b4371d8bcd3210b32f5f

SHA512
e3daa1a92f09aa9553472f154c1191d60a87cb96b18afd464c2f999ae86503347bb855dcdf5bd4310f073d74e2eb3af4c34045e36122af63a430cded9c2e9534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
363b6e95d2baf1ff26959362ca3efdab

SHA1
cbe426f0ce371b1523422de1ef7c79edfa050f5b

SHA256
8fac4f1f6fec7c6606d4cfad8961bf7c359c5135a2bba240d7797502f09a3da2

SHA512
8eac0c213ec7b6b1248c7d09b04fe5ad12be09151e0ca4142a80ac1d3aefdfc0023601b928ad58e8e00c3058223005c29786f64e951ca8a0f4713fc3d77cb570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bb5d5e7d257310963c9579fe470f322

SHA1
0c30b465159eb6ba6a9d5995a5a0164bfd64f7c8

SHA256
c53952048e4b8c7043231c7d6755c633418002bc99b319490a1535dfb12cd249

SHA512
a6c92e4b27cd70e1331b49db83d88c163014e812de70a14a9b870fef38f7bbd9f94c11c6827fde7e93caddb48a895227caa26bb3f43d071c6214b7704df3e667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c3ab8e386160fe45979be7b013497d5

SHA1
358e28e4dc79ec5b4669c8ce217c06bc743af898

SHA256
32a200e971bbc99843fe93fa58c1bce77c5b6d40cfd6906a9933a7fa7c3de9d8

SHA512
783fbbcab9aaee62b7f0fc904b008bd53291b088a789396cf23be51315e498c3d009b5926a88935a2ac8cae45f1378ba671c13ee95b25d0dba0dd3f402bc7149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
773490bc8ae100ea6aa6423153f349d7

SHA1
70313cc34a0ac0533565140bd6564b873fc9bf4b

SHA256
ff53a46f9e393e3d5a56a4568681d120a57755f1549a5a4dbad25bef76d8d4e3

SHA512
96dc9585192591c51fdb7b3f9a6fd295235ec5fbd6e4e09db229f6cb229c9ad825187a27686af46f0331e71a7850d37aa9f1af0d9d738ab0090281bab11849a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c3d73cf0816d9d077897da1518bab7ee

SHA1
2b9d73dce55c40d13118525f84a14d69e9dda639

SHA256
076fd2e38b514e026b1f1fa9fc027d3fea3290beab1b7098fbc5b2dea365b7a1

SHA512
ec3ffdc87a01dd78201e3e000b96d1c3aedf2a61b5ba5444587f2434a4b8a27f33fc3fb7242b4ec8ec9fe4e0dd79a2e3c70693a025b29251a950554f3c40854e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
317f2f5cd5e2c5c4c91f35d9b4019ac2

SHA1
4b797aee6c944a543ac36ebfdb127873b953d851

SHA256
e877a63c861e3a0141df9360b623c5808c30fbc0035cd44c1fa63d4d683b0b65

SHA512
ae5b32b955813a44020436b12154a4613c568a3b65c0afcb0549f47069059abe1036b32c64934e929307051706299ceee7f65ace1d8fc76864634de1ca880fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a50690ef044bca8381c81ad94d03cd17

SHA1
c975903b814c6e96b75004d42c99d533a9d55226

SHA256
6afae385dec56d3bf99bb0b395c7f848836d19eef9b2c3fef3c83966b2f4d75a

SHA512
878310dd1e124674b67999a3d2fda9cc887bf5ac563f141ecffab3392be7d887d567ef7d7398a465e7e05c0f218e7a175ddd4d28596f008b22f027c8ad8c9eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ea0533e9985c936c189dd7983d604d06

SHA1
3b97a20e2da01732d1909aebec7cabe8549dd052

SHA256
5364b9ee89c94eaf055f4b3c82b45065c971d7ac1aa20759072c3192b343ae99

SHA512
060ac9fb5a8ef9e2f8165b7ebf53a02007023a14f6f10064afb34db1f995d198fbe854d32abbdcc42be40733c5a6614c870188bfa19a40c21b53104605415768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
198f299b2faf38baca0e160070f769bf

SHA1
88f8e90339ad59a8346e6e6c1b4868aab663f382

SHA256
4ed01f9fb61f10eca32f16d93bc3d297a3f91a82d0ba3d20cfe39c5219933ef4

SHA512
ab557e01bcabaa9bd0c15d772b0f63bc2dcbc2a1088f396ef7fa10c61815830272330bc7d7f7e9750556686cd740f13ec0e2e416211c10d5ef9802d7a5bc282f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3b8fd89cc5a89ca331d9bcd7e61131f6

SHA1
eeab08135c40f75957a677775d658a26430c4f87

SHA256
de2306677cd8c593b89f1d0544563594d5ad220bf33e2deb6120a9f7813c2eb1

SHA512
8bc278a38157931edb81fe33a2a9ace4600df5da62e12e206c22c7dafc40be2ef084ef5ad71b1e14a6c5b75c4de83564cc033eef844245f532df57459bf60223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
985ce66beca4e7a70b87ac1a75733dc4

SHA1
0bb2bd5315b71b2761a79b5a88d721448d6d0c24

SHA256
f6337051217dcff9fc124f4dc3686574c29a38e82cf9ced4590bf07572772752

SHA512
fc82f77e45819b9ebdd3ac8a77de9de8abbe30885162a2056ff1cfcf26ef1fc6dd35aed420f580dd21af7d1784e42dda6a592e67bfbccea6fc83a5020fc880aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
fbdb0693c7eac6438c109f29a14b154a

SHA1
a808181e8a472926591651a4fced01538b1c06a7

SHA256
15cbb69b23962fbaf6b0dbe1662f73e1f4d8707d999cce6f0428c9d54a839bcf

SHA512
2cf4e68b6e098d33c43ba46ee27f0e8a59ee3e9fd3abb9810208b86c7eb768541739c38f6dc081ec73e9f53a2ea50060e907384c65e9c586c4f534ffd6bff3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
853f14573c4424d38095568e752134b8

SHA1
611b7b0a7c867ee84993d30d7de192fe3fd4b9c1

SHA256
c86a5c8562f46d91d3a6a0cfad0869da4a41668c9479fff0624fdd37ade95ef7

SHA512
a17b99a8b439a19e777a2dfcac24bb6315a0ce68aaf90481c75bc723b623e371303d10d38800c71aa98f53b6ffbd4c067bd2cf455f1d859521af2d7ffa1bca8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e58d.TMP

Filesize
372B

MD5
1e1b2a9b873f1a73afee716060ca2f93

SHA1
ce29e4d5089904376ae2df536b81593ae799a1b7

SHA256
824261261ffc166a9025205cf81e3bd2dcb2e716f10689f48118b915bc3e746e

SHA512
3d551f6e050c907dbffce5aa237a60416862196c3e64653993b02842f3e7fe622269afa8d23f68f511e0f8bf2c465a267435f416dbf993e403e7fd42852ac87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90757ad1e324cbb65dabe6a613b21af8

SHA1
b1c93548a62c30897b5529cefb9a948a0cd803da

SHA256
98139c93f288163064af2a91ce82b218f99fb858768d6a1c6ed15d16f4293ab6

SHA512
7d466c7810d74692bc19454e3bfeec62dfd86bc796032a8c6999fd34a022a15430ea86511fdad949504115b522937ffdef755a6d77393ae49b044e528d20de73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d085154e983d0cf2064b6b958b56b753

SHA1
a440409e6d0760a0f9b163f707341cb685eff4a2

SHA256
242ee8363a3ac9b109c11d95cd6dc4370ca599c0b85eef63ba7726fde4623bd4

SHA512
8eb6d98f399667774c3de3f9a54011d2d9e6eb855b668d729fc8c7b898b2cdbf18ef06381ffc2d4840a4d5d99eb8f61a99c88585db04bb4006e9147bc90fc535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54572690942083e92ea293f317c5fda1

SHA1
61efc51b2115d2ac8c5681a4226d0196196e5906

SHA256
b9674c57b41c8fa1519bc33fd712b5263e38924139aeeace9107e356f2d04044

SHA512
369eb657e5f9d681c8d7779f52bf590d1878128c173ab674755c6eabab3f2ed33c91b2ce22c42c75b9c14608385ae9a4f68284d65966f93199969c26fe4f3044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff0c7bb1ec9672926c06b7d8dd0a5af5

SHA1
50bfcc9aa0c73d1180e721ad831753d5247bdcc6

SHA256
75d44c1d497797a98e80a66e8cc39ab74bad05fa65699ed087f4a8708bfe7cb7

SHA512
ec4b30506ac0ef09854d5b4b8865ec2c536e0592e75819bc28e28f44d5ff126d9fb4e1f14b6447b88737b99641d9349b0193742b473070707466b79b8f61d787

Download Submit