0a411e6a7f0499422b355db020dbc65be2cd2ef1fa297b752587080e66cac8d5

Resubmissions

17/04/2024, 12:21

240417-pjjbwaga8s 3

19/03/2024, 10:24

19/03/2024, 10:24

19/03/2024, 10:21

19/03/2024, 10:18

19/03/2024, 10:07

19/03/2024, 10:03

Analysis

max time kernel
114s
max time network
116s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EEEE.webp
Size

29KB
MD5

9485ce793d80b28b1f1a5041df199f36
SHA1

cc6ef9708c3d31f6285e6172745f3af032d8342c
SHA256

0a411e6a7f0499422b355db020dbc65be2cd2ef1fa297b752587080e66cac8d5
SHA512

e547b8ff6d1b5c54740426ad387530acedb1778b2d79f10ce793eb4adc8b85b02078622a188dfa0428e500918773095a60faef4285059ed43418872e555c478e
SSDEEP

768:iHv2vZr2itn04pqNFiFe3QCtVJ1b/7z8Vi7lo:F2Kek4QC7J1b/H8Co

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{B0E937B6-5066-4DA4-934B-EB7D048D7D58}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe
3476	msedge.exe
3476	msedge.exe
1316	msedge.exe
1316	msedge.exe
3196	msedge.exe
3196	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
5584	msedge.exe
5584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe
Token: SeShutdownPrivilege	2856	chrome.exe
Token: SeCreatePagefilePrivilege	2856	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
2856	chrome.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 2856	4756	cmd.exe	80
PID 4756 wrote to memory of 2856	4756	cmd.exe	80
PID 2856 wrote to memory of 4808	2856	chrome.exe	83
PID 2856 wrote to memory of 4808	2856	chrome.exe	83
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3176	2856	chrome.exe	86
PID 2856 wrote to memory of 3544	2856	chrome.exe	87
PID 2856 wrote to memory of 3544	2856	chrome.exe	87
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88
PID 2856 wrote to memory of 536	2856	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\EEEE.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\EEEE.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea7279758,0x7ffea7279768,0x7ffea7279778
    3⤵
    PID:4808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1800,i,3432921518428681154,11360744126237765471,131072 /prefetch:2
    3⤵
    PID:3176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1800,i,3432921518428681154,11360744126237765471,131072 /prefetch:8
    3⤵
    PID:3544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1800,i,3432921518428681154,11360744126237765471,131072 /prefetch:8
    3⤵
    PID:536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1800,i,3432921518428681154,11360744126237765471,131072 /prefetch:1
    3⤵
    PID:676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1800,i,3432921518428681154,11360744126237765471,131072 /prefetch:1
    3⤵
    PID:2100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea4d33cb8,0x7ffea4d33cc8,0x7ffea4d33cd8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7310796108944775987,17988889054153553592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0a8610e8209c8352376e7d05af31c58b

SHA1
196e411aba482e59705d41f300a8910b964f0c21

SHA256
a444b21bf147530caa2c5dee6a40a3b8db7050ae60bcc79142f1a209982aca4d

SHA512
df2b51814938b4b4ad858eec06007d45b5cccbcf8806094e548cf251d0744c3fbc9804d5e4e05b812159e260ff49b7dbd5575b843f9c8ac8d7c6f5bccbc8c088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a20e8f15471568d4364bf3885680448d

SHA1
2e4764c428ad1098c400f07bad0291cf67c3585f

SHA256
1f11e48502abc53439de7d8499416c6e6ba0327f9c49819002e4768122d40f9e

SHA512
ba624077a316547c853db1e918517c8ad771738de653d6917e6f1481d7762d13eabb466d82506a4c5d1460f621365042766539b3574a5c496fb5a8c83380848f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42af43c675c86806242155d5f2f16984

SHA1
2d5048fd94278f9171ae47a89da278dd108c72e6

SHA256
a502985a31f49acbe5e0bac3adeebd85dbc73e40feb5cd92c4f5dfa79a9ee3e8

SHA512
6a064dd5ad408eae920d53743b1245b4da1b3e54096644d9f6c17bf3ec1cd597e5544a65c32e8b723cbed6fd90916dda2d8278f1427bd6d07c536cedc16f9439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a562603804e501b7d003e6375698ccfa

SHA1
6e92a6cd120d7e3463ef087ded8f2ac40311d322

SHA256
75d9b38fa61ecc0da3b5259ca3e2ac2d7ca70b8d4ffe5a4e8a7e7f409a57f927

SHA512
4c8037a180c4ad3c3179d97cb7608843299954debdc1bbeb8fc02b524bffb76cb55f1021f1171c0cb0ef03202653c779518209f71b490e81b9aa520a5b883a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ec5518985c91a55fccb0439e21e3c479

SHA1
f9926efc16ad8581591fcff4cf60ee14c35c6fed

SHA256
fff9abd536c94b59bb7689adba303eb9856e8f147d0672f26ae0cd662db1e3c3

SHA512
b969472bf17694976723d6009177729a2055dc17368844ed9466c0c9433976bb0dea074b65ecdcd58e41ecc0f9802e487ee1e6ee0347fc3a7738cb8ecb00c661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
2a9f5985b9d40a5b68c43d0a46e7e76a

SHA1
4eab44d2ff69ae4d8af2f01dc257fa73a9595fe3

SHA256
e8c56a1d09740f23a2cb3883776fe28c2f4ece0acd1737e522e09b60ffb1dac7

SHA512
1b20cb8690b282fe11593dc3eb9c5f57e0f5e6a5b09f88e57609b0d2b147f101dace362f81b6ba0886c5d701baf636197464de85aa3aaeb1beb9d75741ae91bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
a49671f8ef056c77f756e3d997d5fc82

SHA1
481cdf5f87b344a2dc35870984f9a827ec099c77

SHA256
0459b10a30bde862c4b4594adb5991a087cdf643fb56e353c25272d44503f0f5

SHA512
23a2edb8317ea45bb263644e28b9799fe41d1c9a7541916db57cd422758e8bfa8fe5c732d5dbbfd235a06609751cab31703cfcb89afb7b0fd60729a5533ec5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
34339508e9ab9313351c705093940257

SHA1
227b926bc1fec411fbba8e809a5e3fe006314778

SHA256
80c94d403f07c5f97776a8c55e041b19148d7245ec7d302fb22e6310dcfb5851

SHA512
6a132340af9e39f094d1eb6cb5efbdb1e08a7c8c4375f19109756a7bb84bf4c5b15501aa66a7ab77c95e8086ffea202643a8759c94a36375fd1cc332d511858e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
865ce9ba452dfb32b7a2835fe08fec75

SHA1
a8940545437cdcf8f0a6e4229502833cbd4aafa2

SHA256
8ad2f2b3255e2889ac8afc6658e0a11fe82d5601b8448b08a543efdea6f11cd3

SHA512
dcea589102ab7457ec1d4bec54a9f32184f813eff2662f3ec85fead7d804949a37f353c7ba07143fc31b4d06d066621869ee71a3581c7cb2ae9d1237bca830a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d40ed2c88c85972f6e903cb270e0a3b

SHA1
8190d3ef2d0b8afa21471759252e57dc25488a85

SHA256
3423f68bb2212cc94709292c70cf45e4487eedc241af93e727df5612506dc6dc

SHA512
9ed3e9c1e7c911a3a351e88abc2c4cc32ddfbe58ce6411321a88e1aa881333197c2b1f083d4b250d9b2958181c4bcc481b4952b071e113a8b3284db55e16edd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
569B

MD5
7b778c2e70a866c11bd2ee4836792250

SHA1
2ffd6a9c00a07e935f8f68bc58c07d729e751b05

SHA256
f6943de53fbf92f214296fe12948dafa1f908eb1b573e182f45270af84da0f6c

SHA512
b72e7e28fb812fd09bcf9b15232d3846df98b219fb386b11362abda14a275027c07162db1022f7015835fbc4a210a82c73360cd600df0524a3bff13cf4692e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ce5e7b91611ff34f11c13957da99b85

SHA1
1ea0702305611f6af5e4851d487d902cbcea7aec

SHA256
ed55eef82d92a3872cb75df63233c880b89de92c373fe0719d4813c57751adca

SHA512
83af8f27a9497504bef55906175529eae6a24d6f21d0dbcea2febf118d94917c5c5a6ef419ddf4769ccef3ea1923e437958e35ba161a008a6a3826975a0bc9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ae7376816584835bbf0d3ffb2debf0f

SHA1
294ffd61d4068591769bc5cda0bfb9e4123452b9

SHA256
925e53c81b19fcf0bda328165e6bbf93671acf01aa1e88a93703a554b6aaa763

SHA512
b63123dda02896f8f4c9970e3451db229bb2893b3516c81b8ef0aff5c9b2243abef31b4f6b0d20a0e30e17edfc4a0e77e1f79114e21c69222e9f923356908642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
870d8f34a41c90b7a22c0774bbdfa6e3

SHA1
2ec98e54d41e99e00910d7f9d4cc1e559861498a

SHA256
21dccaae418b27f1e06e2248e1b4109d7300ff4760e8c47574208f20a4c3435e

SHA512
43ecb0e8a3a2df53de423c24ae26249c7e768b5bea21f6f24d21444755ac35bc610d2c1097f0e2cd9d4f21a54b753f35b39c98aab9d1213873ad922310d56219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcde2b08bf5d7d3a32aa6960792f7770

SHA1
3c5cd6087311f758ef0dd1366131063f3d173b75

SHA256
ace02764ce30244fbc9bc79444459d4b90523b98f4f94a40a56d8f48ba365e2e

SHA512
ecfde6f813a02b542718d53821be2cd09f34cb0814e87fac005f8281c3619e9df23344f39d13f7c57ad413e5185d15f0405cc360ae9b0838d67fd3212e4cd084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f316cce8ad57559a09625a03dde7e8fa

SHA1
487e1ba4497fed90bb20c0d60faf3c2b7d9a6ef1

SHA256
418eef374cee46f8a594d0423a2634d047337aa2d33d11c0047c40c4764f420f

SHA512
acdef197afb050616f9ab2fedf9bf9ba17d9f3bd5e75bb5f64d4019fd63e9bad70b5be6291f6735fe8ce16185afa36df911c5d1c07d95153cb9eb1bd7a13d754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87ab29d49f3a3cc1b3ba8fcd49f1d0c3

SHA1
361f525a322fcd88970401be61ec7522ea8f5d8f

SHA256
fabe9b33d03b7c59eef9cf3eaff97b7177ff8d56bb5582460bc1211307eeb630

SHA512
89899e4da35c17c8dbb2a3314a2ab943b0cf165558d91abf5a5b8e82cd06d5bbfa6b6377368225c480bebec4038e99b940fe0a738d7d9c45856b9ccda1bd3bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9651b85cb4bab351df34a5c276e24412

SHA1
3227f2490e9028582359353e91ed6e0e3e2531ea

SHA256
29f30f41110ae97fce7b8e2484622b719ac0a4a47ceaa0e8968654b86f29d222

SHA512
5dbeb32213c8ba8c3eb3a49d17c5d8e4e867a7a7656e06ea5e8840951ebb4261bfd1abc3936abe1df90fc07e578d97441b68e5d4e7ca008fba65548f2af3d17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9455f392bf9c84fc1efa71d68620c855

SHA1
c4fa63995f08f8d374d63ce3f3454300d9664225

SHA256
c17d8f6497774ad78d7f68170f0865f54ae79054d13bb3c1795f484728dca578

SHA512
9d993068916e599f466d0cf7ba5c6b6d1939106a157bf8d8001fe53e3462706f4ec31c28f51952d16438669254486304655af16aabc576b49b0705b2250a2fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9ca3693ccf68b0c07da1728082826cec

SHA1
d07b3e6979b8a6dd9240abd3307ca80b29c3fb83

SHA256
601b162dbfefb73ca0183ef03104953a63f602225df363a9e7ed0aa3e3c46da8

SHA512
695a16f7241b7fc414b611337e5f3b0b5c5a42c483fee1b63027393ce6c1aaa4bbbae419fd345d192c0740fe8a39851c70fbf8ddbe9a7512a4694d91520d318b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0407d08ded09b257ac8a680079010928

SHA1
89c720ab5d1c6d94cf681e008cb4c2b9310c8f64

SHA256
ca0c8177df3edcaef982943d63459b93780356972e7336213e92ef579b009c17

SHA512
1fdbef195f93b5ae2e91b7e34ad41f616ce67af2c40434256caf476218c5066dd511180cadc3ae5c8f64ab9544b6e657378e2b9c157cbcfd4b77737fe63629c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25ecc1e06eab5d108201aa2527bf237e

SHA1
1634a4e9a5c793ca997c4951c6ce7c02249108cc

SHA256
8770dc112d99f81bcf1fd214f58c045add6374ced0a93da8bbcdf65be9ecbcba

SHA512
1ad96b24b70470ab32238532a246698668b813c055538ffb400af67a4af76bc4ced7fae7987bb7a4ebb5c020aaa6fc54b20f0267c5ce8ac302e34ac13994a611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa2f.TMP

Filesize
371B

MD5
9a0613ade2c019fecdc03d659c551c5d

SHA1
071d436273142fb634cb6f36d92911dec5db60fa

SHA256
352e45f4ea36a62836e6105617feb74dc98c77160b5f7e8465b590fad3d09def

SHA512
b85181038231c1748778ec8ca34d4bf644dc78de6fde9829e9716be51e4bbac918f321f67db2cb9b17b74e2d668718ee6fc76af169f3c14b99bcf932ea72df08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc3a5250-eba4-4412-802f-9ca81c456289.tmp

Filesize
1KB

MD5
1d04c6383c24a449fe079ecf642c0480

SHA1
5d28c2a10f2f53d1cfef3548403ac33d1cf964ec

SHA256
45fbf2221d3d2a50ff3d317e835b16eb1878c1fc1ee94b5249b3add79230d688

SHA512
6fc280d87e02a8c12be443a0c6a214f5267ccc6f5de2f284e203ce5767657ce736dd152005c5549e29d1354d3d7479cad2a87c39162e24f0a64d1f14c89c54b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc1c38c8899a1700063754f0dd4e4251

SHA1
cfc2622e3e2eed87092a5e9cf3ede2e56cbc07df

SHA256
1a760ce3e983ab0a85fbe3fa44141d08494e54895b72b01f8f1c1ad133d0f338

SHA512
59caa3c85f467c8a504bee70999bd360301bfc05f3f70db7d06cb3db4fc7e26e65ec36850fa7327d6a64709bc5ee5b9626a0ad71bcb8891a1bc053797baaf7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
108da0fa9ed71c9ed29833823a5f28c7

SHA1
c9d88147af811d5b7dc7e9f5bde385d6183f8216

SHA256
cf46c0add5cb253dc50c82656d77d15cec3821a939047a3e8d2f3def3381b503

SHA512
74b1c25063af816314887eab1020d289f43ec397b0eea58585ea3f9eb13bf07de2ed43b89f00af33358fb5d52c51f1c040acecfe6026ab95ebd899adf010463a

Download Submit