hxxp://zeus[.]me

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://zeus.me

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529355354928894"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
4804	msedge.exe
4804	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
220	chrome.exe
220	chrome.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 2572	4620	msedge.exe	58
PID 4620 wrote to memory of 2572	4620	msedge.exe	58
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 880	4620	msedge.exe	86
PID 4620 wrote to memory of 4804	4620	msedge.exe	85
PID 4620 wrote to memory of 4804	4620	msedge.exe	85
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87
PID 4620 wrote to memory of 4356	4620	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zeus.me
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9714b46f8,0x7ff9714b4708,0x7ff9714b4718
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9311933788866355265,2243520697029726139,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff95f4a9758,0x7ff95f4a9768,0x7ff95f4a9778
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5424 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2940 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5868 --field-trial-handle=1940,i,2017689486567496191,10049073780363578427,131072 /prefetch:1
  2⤵
  PID:4640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3e30d85d-2375-4366-9bcc-7903706b6e9e.tmp

Filesize
98KB

MD5
41f29cb37ac74bb0665a84f31b934178

SHA1
17148ba9728eb5d4ae1111952035bb3eff1e769b

SHA256
afb7296fb58d6d9f9a24ef9cd37b82f2c8b91b80c349f766a8d9508cbf2584fa

SHA512
30421da82507f47745039b243a99eb19827579d3d0e8eae9b1ccf52be6a242f6b6b3857db3b7fa3e7ec826d413329085f140384d517a6eacf5c98156380e7d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b3d984731817007dfdcd1a210ef3999b

SHA1
29c696defbfc791200e126e8a56cfb717038c433

SHA256
bb61154aecf985dc423007c69a7767e37dc83fbad89f57426f1e9e4c555885ef

SHA512
cc9649713b7286885bc172c1015ba35acfeb43edd8885ab6d565e9db3158621c4b2e11982b21ef6bd63df595e169c46e886987f8d2c03e616ac7250408c0ceca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
745b0991a5921533947659d04bd8ce9f

SHA1
f025b65be9ecf887d32a00096bec9652505e9adf

SHA256
440825e5782ce11945fbf874a0383d5c6c7ebd78885334e3ca42801c6980c27c

SHA512
d374b4acea8ae9fd1f22ab7756ac583897e3d8515079ae880d15ccacdd82828ee9696dcbd9071af8cfaa7fa3bae092230aef0db043c63f29060b96f944660738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
74c3cf86001cca6bf238dc49ad9c21de

SHA1
b882760f2088c4bd6ee6a3b17392af0db7dc52b0

SHA256
da701c6f3606f4dc4f27f17e132cf2a875018dd35426968161ef611e3ec4bddd

SHA512
26982dfec1436461295c00ea26ebba648b84a9da8c6fa625d13f52935a9249e3082aa6767a23070a40e0f15551bc5db2a244061c06b98ce2602ae848faf5dcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b38052404f26d4b77a36e9842d55424f

SHA1
a6022c030a713a40e4e86f4559485baf7f1a5fde

SHA256
741db2ab394585282cf44911675353f28813693ba550c7cee09d8df0102609d7

SHA512
cb502e335d492852fa6e56e69bab8f6a9bcf897f72a4726aff2930e8908d20eac7818e7b9a86fafe1a15da0f60eaf6fcb364d686cb6f72ccc068e704b0b1ee49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dec2ab1ceb465bc0de3d3b39663acc09

SHA1
2ce84b5905e4fea9b3eef6ef2373a64478f210c4

SHA256
da037db6d9fc1a66ae3e779d93969a55d8616dbccfafe4d16321f34ae8baed59

SHA512
7fc1683faaf11bbce65125add6c896088625be4e99b8e7edfaec91ebe56384e05f8c382ac84099f4b9a15a7a9c49b4e847f62af28f4a4075b385d9a4579b7cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd30c4abfcb65ed59089276042dbeaf1

SHA1
81d1bb301e63880e9187cc3e1f0a9270853a8741

SHA256
d96af2295d331df462f48a91f21e9a6c75d7a359884ef4ed43a5dd9bef5c8b0a

SHA512
c360e4d5b22ebea8cfa49f480ccce0f263dd2b6ea4fc487b458cb463c8257d0ed5f9d757028dc5209466d4db3bacececd769fbf0faaa89d066e1e61232b8a778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2db067f9f1b08c6291fca27b40959b3

SHA1
17ea25cb3c83f912c678c9a80a0b474575cd1486

SHA256
2dbbc2a3eb5bb1dfff29cdbe612a36f6afd34bb6fe29316775d3e399b152be03

SHA512
7731f2a4800d0d8bb835c98b5a78535e45609366baf5eefb87aa8e33fa3a92df005093757e3e10d396e5aad6f0164a58dfe55ae4929f30b9d8d2623faf643761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1a87d206ba7a00f68a7f6b0d0cd5900

SHA1
3ea8369ac8718947ab528096c4e875e089376fac

SHA256
d656ca2eb4003ca3343d2145fa814eaf5a59aabac2b681da454edffb6c87aef6

SHA512
ca96c18bc1b88e86235d77a41dc49f5855d8b892392b958dbcbae2871ed4a73381492cebd09cdde0f7cdaca1145c403f290e8816f547ed93a296d9b6ea8619c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa222190d0c12fc7adb9acf63f94896e

SHA1
7e709905116577b3bc9e4cc2c081a8302a80175e

SHA256
574ff4024f24c742c523fc1d1b8191d2fd945d2c8a6bb5394626580dd7283fc6

SHA512
6fc10cba9f711fe108ffcccfd72a4b9dc6d0e73078989f7559254999ce702e63fd3f6039b6891217729a266aa6e0b15a76aa330e8364c8a04e340a7f8704be1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c366ff931d69dbc34859ea8e821365a8

SHA1
8a07691a43461f0921aa43812840bf038d8ad916

SHA256
5d68437dba1a5bd02c7037d6eac7e10b2dbcd191e1bbc66f3a12fd157c890d34

SHA512
aa0d635c29ae9dbb652dbd197df868afb1efd6911de06002204fb9634e5040ad3a12d2dabcfdb21fa17b6eda3fdfb380115ff069c1a696f3e105b2d72d9a8549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
7f90fbba27257736da9ff6657cd88862

SHA1
d2f564b3f4ffcd3f3bd5f74fa10ccfa15f690e3e

SHA256
d057bbd986ad6f51e1e502a0a2ac9b22148f965920dae916f11c93ede461e45a

SHA512
1d3feff09afdb371a79c7f26fb76a9aa86114000ce601ae36762c270d383ef3b38a3362b822cc7761c71ba5deb6e7d743fcabbb5e0eea097ec917171dc91e9e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a67c.TMP

Filesize
97KB

MD5
ab3500322fa830547928aea94f32c76e

SHA1
618732d59f43f66b3fee81e935f619b07422104c

SHA256
ba7b5f3f359d695c435b028cad477b545a838e9e97bd43b56fda348c62f3837a

SHA512
f4f95bdefeaa9dfeca8ce5514cc3f0b714d4bec08b26a68f2b876139ddc7dc5e41fa1a96a89a16577213d0a6cb372767998ae3af0d5db97e1191a892c04283b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cdd6ef6-c1e0-420a-9596-86030cce9dd5.tmp

Filesize
6KB

MD5
4ff47d54f04ab6e52eeaadf3face9a79

SHA1
76b4222bf45ba9b773d51e2172ab2bfd51cdcf80

SHA256
a829ea54eca29e11b45dbb976343228bf0a12441019b512977a3f5a82d207588

SHA512
a9f3bcaae5c670de10b2fd0b3d50ae956cda08a39b7e4102f0991943e29d4b0b3069f18090878ed5c6c1387b3b5ceca5eb5b91ce96e808899a2a9b2ff5e0fce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9f0282b32463f9d09d8bcfdbde4031f7

SHA1
0175856ef035128f780078c7d59c4b6ba7155ad0

SHA256
0c86d3822ffccb9d136912ed28af3cb1318f28d6b8bb7b8122433ad5d6fe970d

SHA512
3eecadb5fa1eca929798060c16303b72fcc44a825cff43e45a1975ac5335e2053408e63b44d71e407a150799688745eed2fd8278e88a3c9472fcac816ea817f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3bf1a1488e525f2205c2d9c3b5a1d397

SHA1
9bad5addf438969d3067457a09d006ff30c503ca

SHA256
f6bec28277e8b9cb5700b01785056272cf0f0be218f55c1b16dc4aee33f0401e

SHA512
b21d6fdd5fee1d57a005a56cc40f737a59e2c6c464846d6a5f276cf920b07e70078d99f272388dc309a0b459b3da818b360f72c1c1d6dcc7d79d5f9b949639b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80002104e5ec02ddbe8d7ec1ee4ec162

SHA1
526bf513fd1e98db54a6e99ba94c4b1158728688

SHA256
229a29baeeb2aa093d449a90fe28bf000ea55ad3f2d4390b5152282bfe4eb5da

SHA512
890b41415b11a85072f53f9b5e2db73d82e5f57664430747d4d28d028e09722da699945ab88404b7a311274973e811a86090100d4d07bf13b49a689829ca9f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d157b515be638e6362ddaba7beb8afb3

SHA1
a640e68185bb9b893d67d90c598ae323c2439ef8

SHA256
14d6893420efd736ec663166be4aa89e535938a5b67d9599b48d7469a0b45826

SHA512
9bc26546a50e7278e6325f63761633fdb1bae01ce720069fa0905bebd58cd6d814860a2761e8a1af1a8e5cbe83f2ff5db15c0386d67051e485b2294a87f34057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcade718da2dc3662cbb9aab742d99a2

SHA1
fe93df58faae55f5881554cae549316c0c15c744

SHA256
5a776600ecd860be5e6059195474ce9a7b81b130e0d3fe7022f92ec3ba6b569c

SHA512
e0a1bbb38437e36152a5b3d79f7fd0919f7ac8dc081908d74763e4f33297274276c9ea938a866d965c3c98fdd4761517c73cbf33b66b251c9b7ac2a6208d5d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9e80b2e2767154436eeba2701e7cf62

SHA1
c8c53c16fdb153aea8a66da86a8255dad808dbd2

SHA256
f8dad969db23a43bd2015ba412398b53fae16fe2c576557ece59ae44bffe6c95

SHA512
8c961ab3e2204c60170ac8de105d375af47a0e26f368d22581ed5d7e300bb4c94d8a036f1d9a908bfa5b367e483f484ca7356e1886e28ff9db3f4cd288ca0e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
297facadd7d09a2a6593933c092321d3

SHA1
58d252f54290ca191cfc03c8d1952708eb7001bc

SHA256
eff02356464adaf54387df03863dfd16ebe2aec2fdd846797a989e2f23411658

SHA512
7f9189c3a00e89a950a393691a0ce78cc6a0d8a218e57a7b75e46c3f7a7c7537cf865f63d0d4c2c05d6ac04f737a7eda03db4584450b37c6dccda9589934c507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4aa93905eaf2832e2338fccd3e5b8166

SHA1
815762aa2df260a894632a622dfc98daa2923797

SHA256
125452dd26a860789f8b13d4494c6a007bc01ebfc58a9416382846e7e95a4f9c

SHA512
9e55c7a5c1ab16ef7751f89dd61361ee7e0604311d8bc225a42e3f9dfac718024554f332d8a2da5ee3fca75dde2402f9df41db6dc18bb7119f6e91482b4f9434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24fe72bc359a97c0af42fc4f489c9fb3

SHA1
49e61d21da31858c65bd7f1b0a705703ab1ebbc8

SHA256
2ad05446d96690ed6f21ab0ed56ae9a5d4de7240247da786753cf5baf4ccd4ef

SHA512
8eb63c198c68ee25ef201e0535e53bf8d52db25a88343e5bf427dd5cd0ccdd6f78aea8e048f75fa3b71d42d6ea7d9b0bea46f0fd90c07ee9edccb350ebaa2a43

Download Submit