hxxps://aspminube[.]com/temp/Chrome-x64[.]msix

Analysis

max time kernel
1684s
max time network
1789s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aspminube.com/temp/Chrome-x64.msix

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 23 IoCs

phishing motw

Processes:

flow	ioc
139	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
131	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
138	https://www.google.com/intl/en_uk/chrome/
91	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/
90	https://www.google.com/intl/en_uk/chrome/

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575960931635042"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exe

pid	process
1168	msedge.exe
1168	msedge.exe
716	msedge.exe
716	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
1932	chrome.exe
1932	chrome.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exechrome.exe

pid	process
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 716 wrote to memory of 4808	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4808	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 4984	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 1168	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 1168	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe
PID 716 wrote to memory of 2796	716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aspminube.com/temp/Chrome-x64.msix
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c9546f8,0x7ffb7c954708,0x7ffb7c954718
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1872 /prefetch:8
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6693560131627221456,11058491982418987200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3372 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb6a67ab58,0x7ffb6a67ab68,0x7ffb6a67ab78
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:2
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:5220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4616 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2444 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3172 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3132 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:8
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3172 --field-trial-handle=1860,i,11300873834039457175,1441593087125410379,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2970f6b0-a970-4370-9ff1-9822e05dc88e.tmp
Filesize
7KB

MD5
919bac83529ee52ac8e68618f1cb5d2a

SHA1
0f4bed7610f3d1a192496154fbb762055d8746b1

SHA256
8a58f3ac3046df0462bcda6ec6180b5897ca3bb70c907fa046a17257d7e0637b

SHA512
ce4fa8385c007a23c769cd47fbb1c5019ab93036e648a9b317a67fbace4b582bf2b6fd9e056bb5e3ea69571438d0434d2281d9981a6e1e0d91f6d1d6a14faebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
65KB

MD5
1bc21e853bcf61dd975ed9f8b0674ecd

SHA1
c134ebcaead4840a2eb35f49ee955bee24791786

SHA256
f925086c18b27775b350d0c023fcbb6e3f0a5702f75007bc99e663557165a49f

SHA512
55ff90cec724c92ec9d11721e3b576f8daa45898fc7c96c324ca1444ddb63802b95ed0c0cb3f24692087c22947cee0ac0a38636bf30c5431dd3cdd67980c4be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
168B

MD5
afe14608b5c3b11bb89f701864059353

SHA1
729f99dcff6afa1ef102ab93eaba0be4f435f508

SHA256
59d41640e26f0dd367cacd2fd580b15a68b5a54570a0c62fb365633ac0d2d409

SHA512
e1cf92e8478c875256880f1a7445b586d5c09f00b1ec14682239a9340228d924494c76292b4590dae85124a37d229b837c3ec72fcbdb152ddb6327e9f65ff8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
29adcb585079a95e0656ed0c63ec25df

SHA1
bacf9fb738ad8388f9627e3014f7ce14d7f6a9bc

SHA256
9708937bd039e613e771b9ccde9dc285c89b26b0695f6594c91d3e1c5d5f0beb

SHA512
ecc33234799ae96ebb572d9873424be73c29c9b12695cc9704beb94ae44f7999bab420ec15a4d910428308083b5c1f66eaffca3f938e180e91dd398b057b8e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
e10f1b3fdc134d108c36c3f32d538d8f

SHA1
ee723110f93b9c1357fa34751b97dbb78ba3f7db

SHA256
7486034a7456988c551cc66f61a3508a66c02263deb801d8482d678da2ceb445

SHA512
55cf0dceb8fec453245812e84c009957074a3b910bd5ad8a300daddbdf96e1f966baa4b9c8542acceeea63d5beb3c8dd59587630296ab27b53a54f3bf377e4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
fac9535111bb318d5f155aa22e7dc094

SHA1
0c9a5db6afca4dd34bfbf1b380a7e92255d1471f

SHA256
e8b31fd6542031ae74831d23c33da2e267b6492baba0e45b197c24f51a9e0065

SHA512
e3b3baa3dc01a065ba4927801641c0b218873ad01f6250a06d150a9d3cfac2d08477a5a102889323fcabca13c51c317e36752285e84e938541a793dac5e55a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ed1f46756a89aa9e83c5ca758553a7f2

SHA1
a80ff7554f4054dbaa584e883dbc7cb4eb79fba8

SHA256
451925bc044c86d47acc3328687d6d0546863f75a7159395f0176138fe4defa7

SHA512
2536c03287c7de6316e2427030d03809ea792ffa9b51d2895d44ba59c8910cdc1aa46562b74cebd2b3e22677ef811239043f673e1a715a8e4500c5a64b5190c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5ad96dae593604d044a913a64a6b55b7

SHA1
0121540b6957b7d9a1de17f6ac9c1c9bfa0c8a99

SHA256
4339f260b17ecf3e165ad342ee3ec3333bc99ae18349df24509d604be48df79b

SHA512
b71766661206ed33611d56b0cec5d6bb3514a97156b782b8777f0fd220ec5beeef914ba04081b971dcea709406d3ecc2fc0fbf3c0c31cde0d66856644dc101b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
64de96aeb03c711517ddebad6425a6d1

SHA1
8226f0b0610ba4efb7aaafcd2bec6ef77986d4b7

SHA256
dde735d91dd696de148cf8477115b67b4e52443eabfc0e8d651f137a77c629ef

SHA512
7f05bf069d118f18d7b13331bf2df8505e9c23baf8db23f615c133691048b245b359804941dbe1d287981b54f1edf9b7167b4a2a9f4ebea12ac2acaebfc7ee24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
feda9900f1178583effeaf34b8453a20

SHA1
ddd07b24ada6870bc80e1b53da797de4e4b49bc2

SHA256
9ceace6c918918ce47741249c1c1c087f860a346ca3dba46deff5e177af5b46b

SHA512
7166a62a0be117bae2c5c6efa1551f86abd3b19288923ac2e2107bd6aae2eee60534ebef2f4e4a48cdca277b0206d60586659766d31503ae08401304ff6614da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
addfa52f7e5dfe441038180097b7c1e2

SHA1
71699982357ed778c3d329523fd73a7c51c41eb8

SHA256
27c26dcdeaef4b0504c41fb5222bbab4d3db3850ba01607e36537750457bb4e1

SHA512
f6731f3d710df027945e596ad55f9e4ec8729e5e15d92cf813605c361c721aa534f0e14007d54cfbbbb199a653f61e99ff557208a7dad00d8016b018fe5fe4a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f82d68af43de6e33cfc26f7eaf9ed815

SHA1
a0347bdbfdeb604624a96114b564f5a4eecec085

SHA256
769458c958f5cf741cdb20610785811b3797558de1488eaa24c56ca107c733c9

SHA512
46b1c00865fea596da48c57e9bd063ddef3c8b4e0d80e0d9138c5ba5c74cad42ec67497cc3f7a82cada44057ce562b0110231fc2059139b5d26105d1bf8becd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
46e7c93ed49f6185407bcaa47f68c561

SHA1
e6875119f5f866b46b44e9553160ddccc45746b0

SHA256
2c5aadcdf4abbe9ed6d0203a9e98a763e2b747cb85d904764ed64274724089be

SHA512
424b92ac889e2228bec3f37201478fe225b0d97e6a73ea0f6e4c4e736192d76ff2829439d89ef47285a7a908174edb9d267e8eed78a1981cd60efc5a84ab4a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e848b527743f4407fc762a6ed4bd8da4

SHA1
a37edb0b5769cb54016ef4f1d63936b121acc9ea

SHA256
40976f1b4fbce9924cbbb64188d7df0f89d12b27cfeedcd413726f1cf1e6b718

SHA512
abb18833391b9a245dffd90005d1fe37524359015fa5d94eb5472068ed1c25e8b7963778c9d30866c2a05c0e9f1c523f06ec0064107ff0c8f144ad502664bef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
4c3abee01c00dfccd92613309258def0

SHA1
08d2344eb7b6899820991dd0552da35cd1b393b4

SHA256
8670e8c257f58218a33bf1f2893a7a8167cbf1d8bb99d610f3704bb5862c1c4e

SHA512
49f0713d2a31d31ff83e203927f1406737cae3fc7e9c34f7df1905a23d28dec120b6b435115904dc7920731d7ea75e44ad518327067c860c5e56faa7d7c79c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
251KB

MD5
66277b0b9f68fd46bed1822b208909ea

SHA1
a02cee03254dccbb91af9fd8ab1cde984793e598

SHA256
efadbf4d8637d5981c137b3304d0fd284e0b772f028cabfc22b99e36d86751a4

SHA512
797983aca83613cbaa4acc1abebc1458c0413c7e7924c6b50cc521e87ae4f45356a70edc887deeafdbddef0ccff845f19033367ca9733622c4c5968a59d0ae5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
251KB

MD5
8f25f7c1ba39c18025ae45313d2d113c

SHA1
fa0db4c8104d18ffa2ce6210db8299de595c75f1

SHA256
08c2b9bb80a4d310e4df4cfc94cdf795245ca622ac30f4de5300be6e98c19d8b

SHA512
5ccb17fea90d6de6a0e59bfe99231e94129bb8cc1113fa99af73d9d656af8ccfcfb9419726b2753bd19a149c258905821d7ac4a4c1d2dbba90a86739bc165fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
251KB

MD5
c27215256582f3896e6a058aa910dfaa

SHA1
bc655bc492abeeed765ea64cea87818681b344a1

SHA256
bdfbb854ef184a159bac778c443ee582ea340f1768b15d88ac93445c609a6b38

SHA512
f0258eae458c8fcf89f1000112d11470b55c7eeaa2dde01814df8fce75077ea9e893ead9633c1a5b5d6f2f632135e98fb652fea105b5a34458bc4aa03634cc5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
c78353e1e4cdc62c1c8c0804590c470a

SHA1
5b1434049c23205759212f8e24d9cf41b927d851

SHA256
2ed07cbc83bd899709e10b46c5f93adfbeb7285203463632a6a97ce49064ce97

SHA512
cb6a1fae81f078b03e0dd12055897ff709bae73321d7d64d6dae44e002242fd8af8bfb21d5a92ab774748c3a63cc1e852fc942c82a275829de0ddbdb27984d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9859c414-9619-4644-ac6a-fca626ac1412.tmp
Filesize
7KB

MD5
ec3f7e9f211df14c568c0a7dbf8cb3b8

SHA1
22e4654aaab8d4140924a33214ba048f79ea91d7

SHA256
504bf8b87a4677e70db37af45eafa11aaed9516b0ccca9cf263e02cd1891dad9

SHA512
cc604509777585d8d49a7c8fe2e1a4e26eeefedff49d50d3097901c00034bc0815f3b46dc0b15e886eb84d20b6f3ee3d719029fb914d5a9d3fdd2da84be9665b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
926779c5674b1d6116e32c16cb573324

SHA1
079290f673f7c0e791307a97feb32e85bffee6c2

SHA256
aebd4f1dc209fc50fc19e1c8c08a6bd813a2529fbd2029559064ca08162c50ec

SHA512
f843dea386346d3fa52ce453877ac82e17bf7d624bca6ecb7634132bbfaa3984a8c0d33d7d01f722f09d1f16c4c48377edccd49539fd419a36c69dd32eade0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
5dea69e20eb6adc4a52da37492119b5e

SHA1
7c2fa24bb8b2ed3082954767471211318e3980ef

SHA256
6da35aa9808bd595962261be08b429107eb6c37f71dcdd3cff98ef9b6cb0e5df

SHA512
7c38196548650b5cc029820121a7df2bc46b6432d179a6353fa14347dd163362d03fcc2cb32f7ac2c3aac228de88a93fb819e5bf0b6fdf428eeaf2db789f8ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
181B

MD5
7f3f3893fe53cf851a150fc13e0d0d99

SHA1
31102655e48510fcce8e675dae98942e722bcba2

SHA256
c7d97c4093c6c9d4a9fa2b496b18eb633d0489a8fbf0ace20ffe21e68a8451f5

SHA512
fdf07c3aefa8c157f9f0ae94326bcfbadf6df30ee223f8ab9af477e62365edfa99cad0b3cb6c98277f16815631cf3a7895fc026fc4809d9148c65fd2806d4db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d125223de03317339818d3c01ff0cca4

SHA1
c30f7e73a17587c85616c790b6966e8a20ae353f

SHA256
59b6de5f700ab7dfdb7f7be0cce54248a5a7c3f013f4a0b3b0c68f03dbac8649

SHA512
cdb69359114616e11706afcbe4b25b729aecff25598bb0729761c8e8d2b6f8708b355a343d2d32a334395329fff149e6f08a558c1ebb84dceea0826107ce4266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
edf7af5b4bf83209c91e119d5df78822

SHA1
c42ecb6196107dfec640a31361d25c1dfe94906d

SHA256
beb0146f9e5f890e194841c5bf56919bf59c2fcfb6461d31d8ed80be1d15e272

SHA512
b7be50f34710612ef7ab73fd37144f858d7aca795cab33e779b75cd8e5bd97b995c8dcb9380902f80dade7763b63c81a6a99ef29b9abfd642a88bb997cc6fed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
49b347d260ac9c57d8d74635310788aa

SHA1
88bcf390c2880a4d7c6f7180a28dfcee128cf65a

SHA256
75fc85543e21a389a2870ce57f61d00bf5fd95872a9bdc2a20cf65329ddb4ace

SHA512
6cd111921ab0ee8e847210696ce1ad945960020d03fdcc9fc561173f9337f764e21ba9c71b973f0bcc2b51a2e3d57987a424e6b3609352a89aed8f3696441256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0e1528cc3106a6dabd986e08a17c4cc4

SHA1
96b343c892059c8e0ac08710077909ac6e508342

SHA256
c49b914c6a4388a77da7d036bec535c52dfb281bc70ea273482452ad2343666c

SHA512
363e6fd7a4cc4ffc7ee3c5397e98888c4668b8f141c7ac455631dce0eb9b77ad220c6823f5ad4b09e4d8f86a95da82cdd19a5af529883fd62fb3bbffae64ce3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
824d04f3781508f9731f9bed4a9ed0ca

SHA1
005838cf4cbd01a051342959f02544a10f708a2e

SHA256
1a03d32ddadf8561c1da754a59a5a170f1d5f789d2f8910596d6c9f1b76d759d

SHA512
3b3dd2b41d8bbf32aa896fc42aebbdbf246ba829c4408b0aa6de879d6e0eb6b4af2bd553f4b8dab769d71e46f715edf5f22718739798a64c640a539ecf78ce60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
71fbb367ddbfcd5b21959ec44c4f6d95

SHA1
3abdfaa77aa6f33ae5bb3a67d75b2c5d87d659d3

SHA256
52a2257322492eab8040ea460eb6be98b4ee8c580cee9d371241f37199a3f5a9

SHA512
fc7d3b8a6372c54874344665f982ef7e0f6ee3d2734ef6498c83f013a8c6d7361ccd3af12eef81631a07d3bb30c32c5eb7b787bfee8b72ee1ee22a287203b0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
764415745c1098f6209fbb2e3397e4e3

SHA1
15cb188a9b77fdbeafd564d192939b9418bb9153

SHA256
89e845f1b1b76bd968ac4936ba74552d74926b75b8eb59d2ed37f532eb400324

SHA512
875da677ffb4977e2f2d6a9ad6122b6463d7f0985ec3d600c62039e48813b1c5a584ce901985f30d193e94b10d9f5841dcec858900d3f6c3fa1356b99efb585c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
980ab33049b6cf3df2018556a88f6a5e

SHA1
2f5d59cefef5a51936307ee27d01e3469b753c49

SHA256
b7b4c47755fcfd113d35f0106556f638d1b9f4e3ccd5ff1f6b00804cdb844285

SHA512
c5579cba197de997e5ea59bfd2e9a437904526d357cc67eb29966d599e10979bf63179cec54d8f3d0819dd64aeb5f3b49550a24f127c996d3e76410c6dc63447

Download Submit
\??\pipe\LOCAL\crashpad_716_HUCIGKFEGLRIYAXB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit