hxxp://google[.]com

Resubmissions

11/03/2024, 13:25

240311-qn8yrsbf9s 8

11/03/2024, 13:22

240311-qmf7csbf4z 1

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546369786863231"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{DFA081CC-7FDC-4687-A3A9-3E3154722A8B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
5060	msedge.exe
5060	msedge.exe
1688	msedge.exe
1688	msedge.exe
5816	identity_helper.exe
5816	identity_helper.exe
6140	msedge.exe
6140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 4952	1356	chrome.exe	89
PID 1356 wrote to memory of 4952	1356	chrome.exe	89
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 32	1356	chrome.exe	91
PID 1356 wrote to memory of 4812	1356	chrome.exe	92
PID 1356 wrote to memory of 4812	1356	chrome.exe	92
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93
PID 1356 wrote to memory of 4596	1356	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fcc9758,0x7ffd3fcc9768,0x7ffd3fcc9778
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:2
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3760 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5256 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5460 --field-trial-handle=1896,i,5830728843837682160,15513047258960647670,131072 /prefetch:1
  2⤵
  PID:1420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd3eea46f8,0x7ffd3eea4708,0x7ffd3eea4718
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7551266548372855560,12273325485183841383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4a8
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f1c25ae5b492bcd8987acf51a94e2756

SHA1
5787d683393d5409748631fad2a009536c8b2d9b

SHA256
26006e1f950aeaaac97a1f0560c335ada890b1b10b45b4815f639103b18f32fb

SHA512
0e645ed5b6603fdf334f5ce7eb5e246479e6d0f3788f4fa7afff897682202c0f047a8addc762baa2694306b999bd888b1b38097ade4ce7f15bbc236e5c48f29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
183389f6f46adf4952017329f99860df

SHA1
5a00bfb96dfd18bdfaa991ecc1e4b26aec944fa8

SHA256
c9b30908e5de9d3a13823a9a7029eae7b3d1388cbd611c790b77e3ebc7bb52d3

SHA512
23caf02a9afdb6e8f3599e368c32b28a22a3f079c855dfefa1b45e945a8ce995435b100a604cb601a3280e807ff5810c7d6188c4b72977db06254423f80665b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1007e6e771b9c92a4658ae764e72ad04

SHA1
fd29630aaf47ba3e98882723af88d39324e0c28d

SHA256
b1d1076e84f6681255719d0d3af6fe6e890d88a238a251815475ecb6387a56f0

SHA512
22b45848c5b6fe2bdea4b9d20f36c2e250caba754ccf5348a772eb6c90a2bb3a712512dc77d34e09e72505be8fbf534dd1f6192d5e4bcc7f7a6b2bbc6ed5a4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
bfc7b54c134f56d13d3a6f6cd389b73a

SHA1
b4835d8e5ebbc8dd3d8fdeee5be310980ee74e82

SHA256
0bf67dde0eb17799e6b15990a5cabf4db44beebea397ddef1a04f5a46265cba3

SHA512
4b3b091c456d85d6ed42a6f32e7e6846de3968422402008258dfbecb284f68aa28590ada99c343383c96a58b0b73133c0b58a02c2e08a904b5d351eafdaf13a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bce3e91c8d2bbecd166b9b53af44010b

SHA1
2f99c48e8e84fee21184589ffabf27b2ba873718

SHA256
693228883f46e80f7f818cc4b5f7b602fbb9aea0679d90c5109d985d79842d74

SHA512
3a059aecee8738e760f72add8a874be02e62b84b82b23684d002668e08c7e055c8ed489132ca7e632ec68e318a4d516d9a3c226c6ba9afe2ab1c539ae36a3a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de2cc64a8ed3a5c3cdb25449fba00db7

SHA1
d45e2d202035db00d02b3c364c4e55c073bc47e4

SHA256
edebb0ba7cc00e07b0ff0040f4d8ad7356df88e2eef020efe892c1689e9e8a23

SHA512
cd9287c83e3ffa79e2c555723f38060950ded4c37d6508cd704009d671609a8775aa0a4e68312d61a5ca3ca7e2f0d745f6f20dcb7eda06e2a7cebd03cdac54c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f8d139ccee93319702056f6698a5c59

SHA1
01a5cb154b0c0112ba09eee5b4178a2a2febca0a

SHA256
2f4db8940c8a3e98ca057379d49b79efab4784637e2f17486cc3da5188d5e9cb

SHA512
4c61f127e6849123bbc546b57228053ece095ed2ae05d1c9c15bd63b0b5aaee271aa899d48061fe1571a3f3bc7f8379cc91fad13ebc8d1fa212474020c14098b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e8c1d803c002e9732af321049da69948

SHA1
7d0de177713d2e401404b256d99d0a4ed22ff94e

SHA256
30c28b57ba7aae5857e28b316e37af08857a1cc94a359b1f15cc595471159b5a

SHA512
9ca7f437e1a6aacb34ba630bfd9db5231b36d18aa39f3d52c0d2e110e613de4fd6e88263ba5f8698d16647e3836ded9940e160a164c5e9c3c5514665517fc12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
4a7674ff974b8fa34f5e8f74c85f19ce

SHA1
68e3700db21f444bf24f600d4b8d81199b396ebe

SHA256
6ff64d7dde32e8adc58ff03d0c497b401da37c0bbaaaa8a2fa9728d16f6b7b7d

SHA512
fad10e50a4ed778125298210b4d3351bd43015f343a841a781b356def23141a615390e5fc338ba7d1d82134a6e3737351aa2837b5cdfbe67882a978a8a05c658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
c41d22b4e895b0c1734a6fb5427417b1

SHA1
24726d1386a0b9316c408ecdcab18a1cb8ab4ce0

SHA256
f3419adc5ebb873e847d893ae583ca2ea7544c81adefb405f86780eb9dae1b65

SHA512
32ea120dba79a55d87067f030934296e4f17923e98a4a8f2b1718639475f1d0a411db4e4fc520a6988af59e24507eb30e0116b16dbdbf3e346961a40bec11361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
aff4596d05cd05f723efff48380b1ad6

SHA1
18b59da51bc659c5e2f673bd679a457623fd68e5

SHA256
bdf5fd291761e92203b6da43e3330d62b722db12f35000332393f032060b9740

SHA512
3e5907cf70cf1471d365dc8dbb555dd966b7cce76892bb606c4e0106c8a6c2f72be9656cf74d15f18729a5a915daeb0688a31f92c53c5b69d90a3ae9f8d1f95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
1013KB

MD5
1223be8630984c8fc02207eeb9610ed0

SHA1
44ae858ae92dbe7d47e4f16560c744b73f323fcc

SHA256
0d7cbf694649844e09487e3b6b55a373295fc8fc70d63968558e76fc8c3c9a10

SHA512
891db297bbfc4dbf15d3dad5957ae6951fbfafd53f4041e9058c06b183efe660da3605a82e1e1e560a2a59b1143fa7723a3df7a9f0b71ec593fc2cd388162cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
521KB

MD5
21d21cce740d107dc45297f94dd13657

SHA1
8032803af911e7db44f705f28f865651da7f933b

SHA256
346587d695abab1d1beefbea02c0490130c6526585947c68d21577fd5f178966

SHA512
d54a3b2400ad6a71ba009f824fabe280e6d4e11264943d3201ee6c5400fe32a608c0159d792d5c8770fb1c06db41215ffb399a713430df4c40dda34bb7b908a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
1024KB

MD5
1ce5653f257c1ab5affe6290e702787e

SHA1
e51a6fd1878aa7528efb8895dc5590630f48c920

SHA256
e2ecd4464a26cf61087bafb61a76147ed0dabf4488fe03956b7b2265f26f7597

SHA512
fe3bef4e338d1b87edfda4228a72c43fcc088dc669782b9094a1dcc36c7528d8da68427ec38d9165c78313c92ba65f944e6dda79c899402706248f815e099c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
1024KB

MD5
1948d0a91bf7659d31c544cc1f8a18aa

SHA1
775073406a73dcbe4b814281ec8a79c760d97706

SHA256
be4dbbc8e275b7e9b3593803f6807fb4ea587e1d4f6e24a46d55c429f9dca64c

SHA512
83f1b7a625af482d2adafc50daef049cb05ec355e075e87a28047ccea22fcf1093e65e36740f4990bccfaa5b8ea06bbec0a9b393a9e7ed09fcb8ebeafb914d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
992KB

MD5
d9532449ac6636f941b4331cbc86d5f2

SHA1
570ae96c451e6034332decd3333458d46664829a

SHA256
4a21b92e48063338f3f2fb39abdac5e1d861d97d87443766981c2377cba73790

SHA512
f9f872889a95479647b2f0e3dcc777edafbd4a43ee05c0341203fc9a53c3757b34c563ce40ea44987a319657fdf137efeb2bd8e62cb719bfefc72e6b4f370980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
1024KB

MD5
98cdc4656d1dc1788c66ca73c80cba3d

SHA1
3f62a25b6de6633df29c92df3ba362a54bd84fda

SHA256
b7655340e49acbfaad8af4e0b66d3db19d6f2e9c239ffc2a85e024c53366eccd

SHA512
7227cae0ea138435da9595a7c9b25de553de5a8090baaebc014a2e3a09a09439c44f0fd3f38fb10af2ac633c7b947bf6946cdaedc056c4478818f6182ccb1958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f53976a3af5982252d3f8530a8adc797

SHA1
bf2b7dc5bef0d96e97fa69d6ff1d4be1f1b8b4d8

SHA256
d6e20c90467be4b166e27d8800b59a1e65458cfee082d3174a719ef3bd7079b3

SHA512
1c0970c8669cf83a92e454e6b42dea1268e1fb6324ba02641b800da7208042a66ac4b8f9209544e8ec7123c0d9fd930c7526aab4b8f30996f666d0b4a5f7f9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2fc3b04d087d42f23ffedc3a9e049494

SHA1
fff434130ece9112ae5f60b287e63a1fdbbc5e85

SHA256
4c618f89a67e92d163af6b82b3af54fc3f0dee7030dde5b034bc13c0cefb2e3d

SHA512
c976589fcfe5bde0d345a114daabb6bbd28d3b854abdfb855bc1a5887a7f0a8eb8bb91100b930c00e7df69ae4c21b6f8e38c866e038b2bd77fa1c9031127a3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f48fd9da6a92bd942c608629576fbbe

SHA1
9da720a247dec61b39b7711b9f7699404ebaacb3

SHA256
496afb7b020db5dc751fe8b7e77c644396be8997138efb6aa96dd24d82d75209

SHA512
0fd9fc2b8b4669a1aa8285f1a72a6b5d576b89ba7a362c10fd3eb3f6d171ddfd4fabea907e3485dfa764125b334da1b1b2110c0525eac427dc860921eeb73243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71735e836f2d1da884f86cd58893c6ed

SHA1
1502e50d16095f96a8e1de92545287d8f6cf490b

SHA256
26ce7268003eae63a56a7792634cfcee4d1174118da96f75904015f4948709d8

SHA512
b5c058f6ba8ec1e38325a83dddfe9540aa1a3bb5c5ed1295b1af000bbc59fd4590cf7a7be9cb17cabfeb358bf5fde667c97f08a60264697ed868df14367604c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
889f843dbcd7cdfe99b8c72e79ba8cd1

SHA1
1cff0b64f4838c9c07054e8d491ed4cda415107d

SHA256
21a68822acbb6ec1f04496d195c9d2653ba75f03e8b11ac2be7e7eeb6c0954de

SHA512
0cb62f4f74ebd197b285bb6cb0747a809ead530382987605f4b602b5e2e1a60e24d2fb43e3d0ebc34ecc7aed7da5eaa3f9d12c5bb2732985a8bac6e0a7958a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
451b602d2e08d79ddbe6f55f11ddcf7d

SHA1
002bd91c5f22f4857615702cb1a3f1a7e502a9f0

SHA256
912c53006a8527be4628042dade7c5bfc189bb5d218bc29b7a1f97daef969aa4

SHA512
27823dd13f0fbcae35c52a49ff26a949d4f83a30977090e276fb289c5f568d997188b80bb8a8a31c8e4c5763eb1b1c5ab6b027a020005892aa46d5ac698805ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\1d0ca3bc-2487-4cc1-913a-95ab2aa1d3ce\index-dir\the-real-index

Filesize
72B

MD5
09e8be38068ef523bfca18c0a26da95b

SHA1
ecf806563f7a4a037f8977b8108d1f108c2dd67a

SHA256
7ce71eb4fec0e4f1c7d907674597d454e3eec50124aa248a6c98dc4b50a24cd6

SHA512
a37141629013dffcd6caf5f5645ed088f9b179eca5fbde633e60ffeb65f053d310692f34d4a7121412c8729a88e4a4b7d2e788cfa92c073942432c762cb068fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\1d0ca3bc-2487-4cc1-913a-95ab2aa1d3ce\index-dir\the-real-index~RFe58a44a.TMP

Filesize
48B

MD5
ddf091042bcbdd4a740307a2c16c8225

SHA1
35bd371c0895784af9c48ab2344687afe71c9360

SHA256
9e0c9167f2cd2841634d0adc3de4ecbbd208f1b6ce7909bc9b8033ddcf08c758

SHA512
6a92addf23ad8f7e143d041a418b7d9a75c5f1596e7f14cd6755c91e46b997030bc020dcd3b49cf7618897fcfff7789ae0a662d0ed43e824c19acb683423d78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\afb40bd1-7533-4288-a762-3302e74198c9\index-dir\the-real-index

Filesize
456B

MD5
7c8e7dd918771a8a01ad4924191584b6

SHA1
d772375bd7a9eb39a912a56d4e6e876ff54b7e3a

SHA256
7c61b99eae61833bc803eb990e1079d571868c1392f8834de4d7c1de1f750439

SHA512
ba9f7426d2343e5a9a6d2f4e3aff7934f2ea0f656411ffe43c30f6b8ad57395cc7be0dbe8c9df7c210c9a7422013192dad178cf859561dbfe8f7eba8c546f878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\afb40bd1-7533-4288-a762-3302e74198c9\index-dir\the-real-index~RFe58a786.TMP

Filesize
48B

MD5
a2fb20a2c3eeee4096f27865a4819c40

SHA1
9e1850adb1fd1f9e0d16d55a2ef2173e2ffcf021

SHA256
79c0e60f62716929008a2a7d036e90704f8eb24304c11cd6d92e1d04af571bbc

SHA512
6b49ecc3f432835eb3c84f42ad828fa52c72760878750061dd23535dc6333326ec08c9b5242fb089c611963ba8bcac1bdae41414616a581459a24168ba2d3ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
06355e6e473531d381b71692faf1c1cd

SHA1
95c1c4d3face1c62df964d60b3f82e606d1af0e1

SHA256
2c2e6de83843598fb45ad541140401625ed6d17dae64c0bdbf84e8c6164b76ec

SHA512
07c8b7232758cfaaa0bd1b80c68d05d0be383cf3282faff3e52eb5629347a841a5626fc3e0527226318fafda2a0cd5d8282538c031422578c05cf5b6798e682f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
c59996d16fa62d0513c53bc423b35c56

SHA1
0ed22f2b6919deed7d3105e8efc4f4f2a93050a5

SHA256
2f4a45675563e775bb79ba2b4241a2d94dcab90a4ec0831861e1feecbed76531

SHA512
1285a3fd4232b1920edc141e63b467960319100e745856ae854a4c867e29de31a713872279c472c401e77cfd75bcbaaa65d2984d47a7a2bee129c766464159b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe58560a.TMP

Filesize
102B

MD5
1f8384ce7e8ae7a5e8b5512efc66d288

SHA1
c14753efcbd3896bde6f6f3c758460fde789927b

SHA256
4a4dfa2aa3ff48ec92eaabb2a661027f9160b12bb29aac1fafca429509265230

SHA512
3ea435360c3e5e62c5dd47845e19346dc01dc8eafc94abdf5d094deb36846d60b3aea77b9be87ad06935e5935852487806c8a53541cf4b15bd0af84ce31f0698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
ed1daa8841feaa2813a3bb6dd4e37277

SHA1
6995e07f6e7f9dcc030133a837bbffc149fcb22e

SHA256
cb4c4ae5205faa65473c020a937dddddedb457ea0433cc6e24de981cd246c6f1

SHA512
a8e0c8f66f6679274f5b5e2e7ff1f8b7b39129e3d339650fbfe1516359069e658162eba6e30fe2df6e99f9653270a1af3a1c2c5e6cfc9c5638ad100926dd3455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a3cd.TMP

Filesize
48B

MD5
3f285192ab4662feb46e7a8a79759744

SHA1
8c8de7379d9766f82f60b4cc3c923c13491e92f8

SHA256
21a5a7a2a4080b043a1faf39a24d6694f340ae2f9f58d2741cfd043bf56923e9

SHA512
8ac610ce56e148ccfb9713d2bf395390d6a3f965b46e32e178c181fef824ea431cf95b12f6471704454f0d8d3e20a074a08253e69529aa4e41a711bd58ded619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b2b6c5a0c83b2be51cdb50115195910

SHA1
9b7eaeb694eb41c3f95543d464431b117f705b67

SHA256
5630668ba4e258daa4b0c8adb1d3d5e64ff29f18743d3a0d0b6e6d3af1285326

SHA512
f3e908eb02fb56a2540f91ce2313d09e7aec8f12f82a0d3f604576e334b74d45f0c95cba0296131dc845e8fea13c74fa417eb1c21ada0fd43369625260675ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4658566fcd7bcac8042a085f6240a12

SHA1
b9106e7281ecd174bc3db68a02d8ac0f6994fc30

SHA256
320fdfc7d24f18b29ee9d4bbacf6e94dfd04b408f5f9fb609ebe1fb1d3010d4c

SHA512
61b5d0c99025ac312831039562e36083008e3344c206ace24789eb68bda0f89a1b841e9db8422f2f62b00e7f9498041d404b1d338461488cd9a375ea5ee28772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a2216d02bdb83e0dbbc87f5f23fd09c

SHA1
6199997b21772082bee24d3c5d81c148791c2450

SHA256
b7bd1c367f0a652debb73c1c7067d5e7b4cdf7e3b768d2141c1a50e01574a8a7

SHA512
86d310edad8064637b9ed7b948cd86eb7679c6bfaecacaf2520e86789ef8cd03988ea9dd86811197da881446360f47ff9fea7cb459ab8951b91074ab5998e0ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b2ceeb6bcd84a312cccf2553392729c

SHA1
d88652c29e86ad6bc75b99dc606a04905e23099b

SHA256
635745742952414bec2dd4908242421582302c69eec6802936732bd1e44af508

SHA512
a6e30a06b5d94e773e236107b6b65ce6277c704d8c16c9af65aa39650ec8920badeaa90aae63eb943c3ddb3ff9d900e8601f0352782054f8f4a68be388178a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78854cff719d87135290aea99953c53c

SHA1
afea34964022241150e5174ee6ef212d90866552

SHA256
d79ad5427291e39d6876035c15c46e16cb63e0b58ba5e1e15a259d91da4dc819

SHA512
2bf44cbfcb95e416c1746f2fe98e02aa4a821fa17fbb241b42aae65beb96c3d4ca2a2d9f9b8f444489e2f7153a390e0fda0c79aec9d4bd2b5ecafa232945d18e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f31cf5b4509c4873cc90c96113ef8a1

SHA1
1933c6a75a4b6f8e3e9f2c540fcf5970f37a475f

SHA256
4f5a3e5f3a131e0b7f57cd868f9bdb74ebf9133d2db51c7b1c0748fbc2b1be66

SHA512
f92b458473cf731e508d1c646082d152502a7d3b02d26da0e6e6c72d9ed21a1eb09c7b06a1e1d3d066929ed626d7b44e862b2fb702b07664b62e1644bea5e438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5917b4c6f197803abab9f619084142f9

SHA1
78d7e988e7661584e162afaa9369c6302129de0b

SHA256
035b90a19bd4d76d6dfe4ce92277b8cb2b966fdb9e7a86c902df56908835d53c

SHA512
bb507d86c6262b3ee6abaa524b7a271747d169270e87cd538daf107892b1781b5d52716bf0353cb8d3521535f293808298717e69195c893d757095e2a31bf484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4dccb117aeab47fe5b047674e2a7eeda

SHA1
27c71c10b6d1b408744dd027bf19cc09da896a4f

SHA256
a60cfe9c4a976ac50c628f4755d610f7191eaf6b33bf71a6a24afb11d0ac92c9

SHA512
13d30e425e6c239c0ae02bc2e8a378ad5f75fc2abb1b006b618026212bffce99d80ed9db7546ec8e083a26b50ee210e564ae17194ef8cf362f7c8cd36f751bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588393.TMP

Filesize
1KB

MD5
12aabe7722cf75b399ebbda86714f5b8

SHA1
83dfee80ce4a08f2a95ce8b84ccd0a7aaa25c5ba

SHA256
c8d3bccd5769701eb677fce596c17f63dfa6aaa4f9a763fd0da3cac59f2d2e55

SHA512
3995094e03ed7bdb3f2223b026ae65aa476aed05f7be587a4db6ccfa6399b05c26bbb86b348233e93637d47ccf607edd098fc4bdc82cb03bb5e2162bde9593ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eb06d175cd166cb79429192ae1520f4

SHA1
61ff9ddd201be8d37f152f8230b4d408e78e9f08

SHA256
e622966fda3e71bd0b94370fa8d6f7e6277337a144157c57c313c6f3a22f245f

SHA512
e6015eac996dcfd9385e75170b7c9dda7efdbb384fbb3cafc81053ced281002691217898c21a0796955c4d4987fae871de2059bd9dbaa7139d220aaac8edc587

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit