hxxps://telegra[.]ph/Adobe-GRATIS-2024-FULL-ESPANOL-02-24

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 19:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Adobe-GRATIS-2024-FULL-ESPANOL-02-24

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533623638384698"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
3796	msedge.exe
3796	msedge.exe
4796	identity_helper.exe
4796	identity_helper.exe
4624	chrome.exe
4624	chrome.exe
5908	msedge.exe
5908	msedge.exe
5908	msedge.exe
5908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1916	AUDIODG.EXE
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 3308	3796	msedge.exe	42
PID 3796 wrote to memory of 3308	3796	msedge.exe	42
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 348	3796	msedge.exe	89
PID 3796 wrote to memory of 1960	3796	msedge.exe	88
PID 3796 wrote to memory of 1960	3796	msedge.exe	88
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90
PID 3796 wrote to memory of 3684	3796	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://telegra.ph/Adobe-GRATIS-2024-FULL-ESPANOL-02-24
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff917c746f8,0x7ff917c74708,0x7ff917c74718
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11258586330621639394,8131967399800930627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9065b9758,0x7ff9065b9768,0x7ff9065b9778
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4124 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2352 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5260 --field-trial-handle=1820,i,2241654432419877488,3593518467248716286,131072 /prefetch:1
  2⤵
  PID:6128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8ca8aaffef8fe126d7914bc98d44ae8b

SHA1
93238c02d9d71037cf3ae1ae84ab3313db8ed2c6

SHA256
dfd8948775e40d0bb89e97f8bce0d2a97e613a4e1fa502df7d36334f89c5d857

SHA512
6014b1ce9add1f1b7bfbe3a3f03602b56202b6c956c35a0f7647d9049bc4d747e37f5987dd7340445a02fa60d8ef3f355f3b35273868dc3a5f6c9e4a8629daf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f05637530e86a5a46a2b0275fbae457d

SHA1
ea7771d4093cd865b582c101b5a0d0b3166a8c19

SHA256
cb98ae6b8dd7f4e8361a7c22e785b7d4143b52095eee7e0d30463fb23cb0cbce

SHA512
69a1f8c15f120bdfa5698087b5e56d05f179b1cd69d5d7750adc31bf0200a2ded95691e3c07d96fe794916e334951d8e7d1555d3ace49319e07607a3943e9042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e30a493f155376d278777a4e7ac1f354

SHA1
4fe1e18659d98bc859160c47a5167fdc4b50a79c

SHA256
19f1a60d445ef1f062e1a17d4abaadbcaec2ac28151c3be951a5d3da42d394eb

SHA512
b834b52abb6f4055a6e37498410534e65b8ce54e59bf0d180aea6fffccd924f37a8e2ced09753aa57d09cec1bbcb86ed7f33d20c14a5d69732f4ad490f7ffb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e3f6285bf8baac7e9d6f92e6123ccb28

SHA1
d2497a069d5633a43318300591abd02228c2afac

SHA256
cb457bb99def93b47dac281f1558f9d7f8d562d1763769b1fcf6877c7fcd61fb

SHA512
053a5115743672a8157600aeb63e4a3f6530bbf6b95b67c9636ee65cba02215ef7969c32db8da2a8a65ce3e52a1de3aa1566882846797b5dc7946d7095156431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3f5bd9b44bfbb9c331968fa1c9130aa

SHA1
154841365a08e93daf945cba5253dc7f79d22485

SHA256
dda60abc77a85e627b621ffa2747036124e8a9d86ad9fba9d491bec26b70d4a8

SHA512
3f93f880c2b3624f3bcc0223305457a2ec57ae48c3c711e8f76563b056ab20c5f6a1beb9123c2675f8794568523e29229871c14a997f55c449675b840a63097a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53c8b8166cb53f3d2838d66c46739395

SHA1
54606f362d1e350620947e28eecc750689ceda89

SHA256
912201daf4a9011538fed770ae0d62d018f853a4668416c847836f603784a793

SHA512
2c6dfd032de77a87eb85c7823dca100d696f33ec69af31e46299e5f197e6bfe91700f587bfd1c391f910dca07dc63af1efcc14867aa996db56bd0a86c7b321e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54d01c495fc03d7f0ef14ac9a995c933

SHA1
79d511e7fe865a57b58efb787452a453e200e885

SHA256
a9becfb23a734245b3217e8cbe3f6c46047061e9e1d5712784218dc98fa7b6de

SHA512
dd3617b76b0e6ce9e36c141c0b36c9f8622484fbf7b1f8741b36a79fbde2064f03b1dfd3f9a91a67e27bc56644d3a21e0f8587e11fc5a39bac54a7701d62d547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b29e90f03a946578749cbee214c3ca1d

SHA1
2a77e94bbc2a69b5b0c8a89bf90587658fb53c1f

SHA256
dcb860325afee7dc28726cd4a2b0ff15f253502a485093279c69d10f3c65d7be

SHA512
c084664193ad4a439ab9f9e6b4ad642489fc5d9bb6c3373d01a27abdc20e4c684f1667db3f0587b03f547ac3bb4b88a67e335892578cc658b97dd55dd8a47fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2e1cdaffaf90ee074204d74ee3b90ab6

SHA1
caf28cf56dd224ec3fa2f08fb2c734abf3deaff1

SHA256
57392bc6ca4cbe9246e088a6a9fe8d26da1cfb9a852dc481d4cda20c4996e6c7

SHA512
c24cfba0ac166c6927aaf7b8130183792645ae9f8a6d22dfd52513f637507f87c991eba1047600a6d134256859f2f7bb3e2f8cc847bafbadb2140ac150e56af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ecb450863d9a0283b369e2ac556cf2e1

SHA1
59423499b7982383507bcdfc36748dc2bc5b2d8c

SHA256
2fc1b9fa1ecf5b4908535beaedf19b35057c476187e5a1dd875d9df053f23d1b

SHA512
a4f800145dc06268a4339e5a6cba54ce1e3723b85a46771408d95800ac65ac196ff1570c31c4c43a04fbac758b0946273fd11681820afa00c1403948c8bbef73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
1b9c3ee95e0643e20022bd8cfd7c4f00

SHA1
933a6302d90a9414ea680219e146ebf2ec9f0b60

SHA256
7626788c13c53a4bff7042d6e5891a716dd3ea95fe80179009b1a92c31629c22

SHA512
94bfdba3ba38974ba66cea2b2595ee4aaf9cf284ebaff8141ca3d031e9d6daf64924b92f8032e3c4df324bc5adc7e7a72ad99c9b3a0f32a06d6c5b4ca50e5643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5907e6.TMP

Filesize
98KB

MD5
66673188159fbf7670fbb6a6bcbd655a

SHA1
c8ef9ba7033cce3a000ea5751ccd70db57cd6816

SHA256
242e116a10ef5aec73fa672ec0912eea78623a80e78348e4f5561ad43c239611

SHA512
e3feafb6b150f032d2071da20dc9a2647a722acfd37587560f66d3c48ed32113952a1ce805d7cb4b4296ce99e15fd113b37bdf9110a8fb37d56a1e4c0bf11602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2c6c85508a0c36cf12a5a7e5eaca8f4b

SHA1
ae39b3e900218771235e358d56856af823d2e75f

SHA256
515331a70824654c4bc51e80dae7931cb48b712729e2008699d123796b46b285

SHA512
688d1fe29e7f01ff4becc4210b4cfcbf7bc8eccd629726a3387ac5f453893e03f0a9e17f8558e388f734b61272ad202bbfae8298be77ce67fe39e3e1092ecb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6b50cbe9-7d63-4a98-aee5-c25eea089cb0.tmp

Filesize
2KB

MD5
3d1e884cfba6b844c5ebaa0d611070a7

SHA1
a1ff4f9d91bda406651d11144e416905665768a8

SHA256
b73ada91b38aa9715bcaa92e137efb94d2adbc9216a610f733991c52718e6c2e

SHA512
496903ebc9317dd4de2e323ff3a1f83e7ee6219874ea5784f64c50453e9de7038c376828ec7212fe4d317f5c0a5a1bed63a40fc9cad9f19af6aef72ba43554e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
fe00e5f2799b57953f0c79f4120f622f

SHA1
b149019f6d512edc6862ddfdb66619a59e406e88

SHA256
e52e134579eb3a47a4e45662eac8b26e67867b44822589a2e915d78b13b2316b

SHA512
6de4057e99d367ff58e54438d1bb85c2260b487011bdd1860aa7c1e0dc17311169c5082030d524a0e370d43071f55a4f04793b6590d3f98dd04fb4df4991c22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
639fc6219dd4a2a800abe41836b7e8d9

SHA1
e33b0a0edf27184aa146a3319879a4d742b75c12

SHA256
1183646a4d82f507cb78a9484db5535319d60707498000e6047cd6e1f95f6d55

SHA512
2055a44b603cdfe11a6e0b1de1b4298ece220a489db10f87a8334c525838ecbb0ca003f27c7f2978c462c3929d87205c26cdc81d9e0c5a8be2ec4c8edebb13c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ae0b487cc5ac7f0bd88a8259ac566df

SHA1
31895329fd2dbf019e79bb0dcfe25aef7d53d9cd

SHA256
2bf7f4de86be3ddfe58e9804a662f5b11c8d390a567f87e04d716a8dfa1ddfc3

SHA512
d805fbbb09da32afcaff82d5a07bd7c5542b656695752395b0ef87780ce09dbc67694f2a030ded493c6455d560f5023fb50ebb050aafb01aded3dac1a73af383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d760425070ec4db239aab404af7a709

SHA1
88aab9f12ad4281da25cb453e4f8f1fdc2a230a1

SHA256
db405ceaf14f827750d9df91b3b66b77054357d9c00ec07903dbb7068684f059

SHA512
ae0c70c3f5e58b47f3eee36a42b3ccef9007be34cb3cfc5f7fbe4c3e6859fa7e06d605e6840c226a8ab09d508024f96ed20e8c0f178320bba8413b07990f0ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
389b9920e506ef38c5abd44f85031127

SHA1
f0328a9c4f7d6df7fb0e855bb08933bb3c5dc66d

SHA256
5bd4b61adb4ee9648245678e0055ca658e9e64e6043e5b7a12a0de4a14c71a4c

SHA512
9a0bf7391caf9dc63fc39f068799966cd104df8064f0c1635e9d108e16111698fe27f8eb62fad274456e9d9b7f32afe7c744ab1ab5979bab47d7049dc03d8866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a08ccdfbdd14821e689ef44481fe596b

SHA1
072d2b09b172ed124e259c6c6351ebfce7cf7173

SHA256
4ea541a137ed9a5dea186aa730d4f5c9c55fe7825008eed229d012d7d49e4e0c

SHA512
5f20ab0f7d50212dec575b00bb32567098c494aef4b086f7946dacc121a68843f3708254fb6b7a394f88f81e3dfdabb1c9453a32a6ef65db5f0cf1790cf463b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
289c8ea60fb0b801008ab1003d2673b0

SHA1
161337772cd496efad11ca6c84b4147a4bfd2fb1

SHA256
da78f07b0790a9b30b121599f4083bde666d6ffa2eb79c4e5adb15f7aa9b980a

SHA512
0123e4ee8823a34a84aa14f61b2fbce8b76bc823c735f229a55115e6bc17f0886a87294801c502444dbafd60e2526cdfeb7a9067131a448957d73bbb55da119e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6ab4e00356a5f1cd9ba4723ec0fbe3b

SHA1
ed382a8651629617e92bb0bc73622a2f5a4e4358

SHA256
08c1bb7480bce4a86f721d67f4bcf139854d9b3e3cd9c0a897df6760a40447b2

SHA512
9da227c3d217378c9f55c06b73df95d81468b36bf4b048a5986194502c355b9a37639518f32abec050bd2a660086b83c2b8688cac7265e058c532379c7d74430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
54d09dee51e5c1cac0f0618e103eaf19

SHA1
2c8a5b26846f0919a1e491e92858bcb3dfffe38b

SHA256
841d9a6922ef3099e4eb9ff633413e053a6b81b6b71b32a38ebd122554b44fa2

SHA512
26976081d8159e8d3a2a5014a910f15b9070e67e6a78d608692fc349bfefc79fee014cf4dd9c8266c49d612e710b8c0ea060cb01779707d3215c9d1721a8a4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b0fe7fbb30a855bee662e09650b48c99

SHA1
b72763335547d7e3064d6827b285c23db3dddd95

SHA256
b07d57b363952de31daf2658f474b3622d411c5808b76c4d455a639dd30be186

SHA512
78570a877fbe01fe4a2b360c00f11f9b6f7ddd3e969a1696f163480a0ba5096e5e5309eddaff7b41aed82108878d5070fe840bc382672023c8bee90477fec7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55a123a93656f3e79d1990cbccaf1116

SHA1
9a4075969b85cf2a577dfbe9965a5104d2960649

SHA256
3c2b11610e6e4a169565d3edc36a502fc88b6078c842d71516fa4603b4caa6af

SHA512
4c453f38dd7297e39ea59c2f5b856282e1dca7f858f825aa8123a9ecc56793fb5bc8a75992d54714d1e31dea41ee55eb28a1eb5db11776e518c0b34dd82a587d

Download Submit