hxxps://mymainstreetgrill[.]com/minecraft/get-app

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17-04-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mymainstreetgrill.com/minecraft/get-app

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578449246422662"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4216	msedge.exe
4216	msedge.exe
2380	msedge.exe
2380	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
4944	chrome.exe
4944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 3860	4216	msedge.exe	77
PID 4216 wrote to memory of 3860	4216	msedge.exe	77
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 1736	4216	msedge.exe	78
PID 4216 wrote to memory of 4776	4216	msedge.exe	79
PID 4216 wrote to memory of 4776	4216	msedge.exe	79
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80
PID 4216 wrote to memory of 4296	4216	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mymainstreetgrill.com/minecraft/get-app
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff843213cb8,0x7ff843213cc8,0x7ff843213cd8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,1462454518834932173,12120315684578586974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83ff0ab58,0x7ff83ff0ab68,0x7ff83ff0ab78
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3492
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff79227ae48,0x7ff79227ae58,0x7ff79227ae68
    3⤵
    PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4992 --field-trial-handle=1828,i,9145846668892665285,15890161432903869630,131072 /prefetch:1
  2⤵
  PID:1648

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
56KB

MD5
c913fb782ce16ec5722bdbe2ea4693b5

SHA1
b0a98bde638d178894749abdfcef3141762d09a4

SHA256
0806f9679af2a67f4cf27b11050c68b230642934d3c5c5700adaaeea25e1df96

SHA512
9f00a396f5721c6c885ffe2cbe0189bc879ac1360555d2e13006ce2ee6c6ca691d85af9b26cf7fac89e554a0f1ca621dad6959339d58dbeff66980c7ab6cc8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
87KB

MD5
5450cf9e83ef213f0b09760c995f58d2

SHA1
eaf9a85f8bc87079572ade161e67027dd7316436

SHA256
5d1b675db8e976319a2a6bab9cb952db0027a8018a4faa403f154216f4a9d807

SHA512
ae9d9638c104d35d7029ded032ea4f0c30a93908dec53d0b1752f6dd9e69917bd568d989c15428eadeea34faf219f5c708f0a92a4a2b166095dca98e5c9e5de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
28KB

MD5
873a2e504ce3fca43f62af1bb62b2113

SHA1
6ca4d2488a29caa38061fea894e5ee4212474517

SHA256
a09638c67c72c2e94e582676fef67f6a12c854d7c7a80fdad8b1ce9e7b0ae8c2

SHA512
722bd2232e24519208c27fb23b72cb6cd1f171b0ca21fd7c7c7e08afb760a375e898ccdc779df7d7aa637662da8eb21007e7f8218ed1e461eb0846f26099044b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
25KB

MD5
7960ebf276f696e381b1a223d139a266

SHA1
24e31a5a35eb65fedd0bfb3c67f7ef7d5dc33093

SHA256
8e50fc3d4937d297c3cfab95b1be57a1f57e491c0493600fb18c60607e31838a

SHA512
ea061a44a9d84972a0131b0b28e229ea879df14046150fb7100c5f7a2955f476ca87bb5c24b1221ebbee3f6008131094ace693f556c9a7b09240422244ed3016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
139KB

MD5
b8704d6b1bed964a0516752826f4a183

SHA1
a34884954c588bc78cc57564ea74db164c74ddd5

SHA256
75987fc3f1c1712a3e19e57fa7772b853e4021d71c650a3ffd7e11405ce48d45

SHA512
73bc3c572c8a630da56b3496e4d6808b7cc9723ac8207a8cb1efb95de3e989c12f69ef64e29732ee2435b3d2463d7e5549457e10a19f3f04e719d3467d04aaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3721081620419c9302460be7a6da5c26

SHA1
235d72d090102bac939fd2b73c8a15dee13a9a08

SHA256
0bdf04740197b9547d0ff346b0d106903b4ab5ecd4a86df8eb5f057811e35602

SHA512
9cb575da709b42b7ca0de74b19ef525c356be22dcf71896c44ebbc605fb9b9e3bc665fddfaf6d7d1f9b2879386328b5f7e51e204d4a13d5f7f10a7be1dbfd699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
f1d3e5ac341d47b4e062a58a31da510f

SHA1
4cc1fc9208be11f5d59f6ee38490effa1195952d

SHA256
60d63921a25c4c5de48520abd5febf9dd32a51b7f9308838fbf19b4dffe96311

SHA512
e8fca5be4f2868b54cfcd9affc93e2c34c7d0d6159d590fda28be31a05254dad0a2615a70f7b690103b3f9aac0c8563f3e711bc49d6806bea9c4433fbb8b82fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
76e6e36d96d34a9f600ef66902e4af5d

SHA1
7d34386d246be52bebc9d3c27c49867c4be1a53d

SHA256
6823e3316788f4c2ae047d11d8db01fcf1e6ecac59f0bb1a74a2172f04d705de

SHA512
35d07a609460fc2889c97334a197365eff1ecd8ebbc29d9f929176ac55294af461c84030b48285bab2720efbc42d0d2a7c99b522c36245dea5ae5777aac9dc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1c978587205baae8fc3526bfa647fdd

SHA1
bda8258709ed01a4bcd3c00297d93389b42937e2

SHA256
7c3fed753bcb9e86555bd85f3e42ab1f704561e3b4dedd7a37bda0d44acfcaaa

SHA512
b9710a4e6085799fe878eb1242262948502a0435c980097222f557d93c8b91f9f0de81270dec8b50f390368dc15c1426c5978c7e385d5a3277e3ec3cb0d010bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1dd6ed85cd0db1ea2d21ece6dff03d30

SHA1
a2e25162e6d3a0af64b5a44ee6f50c553919f78d

SHA256
9f9066fd35fe993a566e9eee13aeb332fb4b87088e15d5c86fca07604986b4ca

SHA512
d91416c3989ce25f772dddabcc663fe005617742bbabb665a74bd0cc1758182a554b5b83dca160fda780b07bb84e49e7aca880636799484d76cfa0ef467181ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8f167d448aec62bd7c710943cc3e8376

SHA1
305cc7019b273a6d650f0c86aa039ebc4b0775bd

SHA256
1bf99935d9862ba86482a120994a44bf0a8308cb82a5cc03cc10ea97b36ddb23

SHA512
a669fb4927319514bd6b389374126193d5f2c43be10a53a5fa1fdfe10729826377d25f3e565a48b48f7b6fd5a5a3e7e3f1b809023484dc8d02fdc64c4b174379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e93172fe-1931-4eb3-949a-1d821c5f7dfa.tmp

Filesize
251KB

MD5
7803278f97a1440afbf91a3ebdd3dca7

SHA1
1a90d71ef1bb9436ba8a4b8ef3f983ce219dc4fa

SHA256
68a047e5fa22e78b6c6e438f61775a9cdbc8116b839840616286c2f415a01f86

SHA512
a9c0f341123170bb91b5afb73544c52155eb441e5b481af1d560e34adb4d4bacaaa916e2ea7ba20f868aaf132758203eeefb19922c4b32a0913f1daeadb302ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1a9c7fa806c60a3c2ed8a7829b1461f

SHA1
376cafc1b1b6b2a70cd56455124554c21b25c683

SHA256
1eb39b1409ce78188c133089bf3660393ac043b5baade7ff322df5a0ca95380b

SHA512
e1cb2f84b5cbd86b107c0a9ec0356ab65a54c91208f9f8e83fec64bf17ae89356a09b0cd39d2726424f4041d7b25b962c23672b8645c2e10f11ff4d2075f4afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f3f6e86c8b7bdc605f5559df800bfd34

SHA1
862d05bfba760ae8adcbb509216dc18ead59a6b2

SHA256
5dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78

SHA512
de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
66c48552be23ed05305f0f4d5488dfd4

SHA1
b43569477153a2760c1380e4b8487949de732bb1

SHA256
12009eec0a1555d19638f570a6bc5f93873a2e904e9c84cb1f843cb42629f458

SHA512
85bb0bfbda07ce49bb35169c6cc3493e45ada43824767df216bc05a34d3179ddc69b7e50acbb6eb22a3447570081b1f32c8dd63327044d4bda620745e241236f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8690d9efdaf56988e76a65388e96da88

SHA1
3f6968a48483fe367b1016c5c401eba66565cbdd

SHA256
2f79498e43083eb7d967dc63d051c35c23c260a82e13371ec840fdf6b094f1b7

SHA512
83181646e3450a8ab8d06f2fe3ac4efa73026ba0ec0c200ef9a89f43c1adbb06d813d6db76955a215eb57d1d51f6705ae7a853434bc964b4a29da801d960d996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
547e283748525e3abff59a531f7b2122

SHA1
262f3641fe3b787aa91229d43b4a4139a26fb864

SHA256
6aad7d31bf9469299834c6f13ffaba2439ca5f48e5e4d2e9f850f54a67435604

SHA512
d4fea6df842ece00d9ff1124c7bfdc969bacf23b63a0de7a13a99acea9ad1690dbf8a1281a4ef83606b678c5b6d194a023c8d5096f30e1ef6d916a18ba65040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65b44dc6d954a92c94726cc13b760b1b

SHA1
e66f0648d5fb97369228cc8ddd936f880bfeabe1

SHA256
24520834a9b748c411678767e9ed78ff2b6f10fa22de6195451127f1e25357bb

SHA512
7fb558f1d7e01fe914d6c10d9e1c763e9bcf048eec9199a9da54a132dfeceb2b03a3f545098ffc99ea9078c3079bbf9d97346ca66669dda1b14e6021c54ea8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed5d6780d982bb66818757180bb59049

SHA1
702d6b761cfe7196ba12f2a7d59f3357b0f2bd67

SHA256
afe2899512aab35c7dbf56faa90c0a3ca59e55e0e159133dabe2de016fab3c47

SHA512
6e2b48db31ab10e0c91a5be764c1503e53c2c339738081fd9cec0fc045453dc865dad735c5b388874e14f70fedf32787eb219f68a4910d02f4407225e7d1f452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10d9013651a5a39e2639ff778c960dd1

SHA1
ce26ccea4c8687e68527f857b27a8d11eccc309b

SHA256
3364b03a520807147769d59e04389eec7de358b65076128590c1d7f8924efc54

SHA512
d93cc78b9f6978774d56f5711db8a37c1d53eeacfce2a02520d6b390386568ebb9ba625189577ea6754938ceaed36ff07334239b32d63d88f01d5b4a496b9424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
1ba57e6008efae9381321a3f96566e65

SHA1
9e0aaa668801f54812ef04035ec6c1332c3346eb

SHA256
32bddefd677a969403bf5fb82bc5c6bb86db22db737a323b5c5a841ba6f07b4e

SHA512
09f636b51b8ccd9fa588e1cfa5ea370b2ffdaf438299eb2df9cec2e97bc01b28ec1ac629b86caaa7531a4410868da85b5e756cedd734f5040c6882dd311ff504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cf3ec64a-3f9b-4857-bcd4-85a46778fd22.tmp

Filesize
75KB

MD5
86c90ad48e91721510bd420a3251e4e0

SHA1
fae9c3eaab11c7d8d1502aac558aacb5aa3b7768

SHA256
2a5b4b597a2274443d96be556f57d56d64a70d9f21de753a0d7c510424b6f1cf

SHA512
9b0876463ec561ece2d223c5cf310983cc0af1f818080e7c6ddd7dfd0d46731d0914ea7835df98d8bc36b47deaf26e914af25121bb7fe2f12db7966f38455e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c535929603b20e1b49a3d75e8820cf54

SHA1
5fc4569f86975d210aa235dda71bfc1aee9d976d

SHA256
f26366fe95dae0cef820ebe48c24ee1b4be44faa9315ce3e5faec82f36649d18

SHA512
63b4f72313463106471f3dd8c52dd6aceceeb86a9475d2c2f3cd3f576eda75079d93edc356ebc74aa75ebb58d80f0bcbc4eb78bd51aaae527efa24f118673853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
50f33e11ece41d97f63fcd14ed51132e

SHA1
a3d36a5a906600b2fc7fe44dd967248151e9efb3

SHA256
6865749649184cca813d414fee1db772b6053ec99c2405c59b09436f5f1b09bd

SHA512
3139657309a820928df493f297c6ff26e4fd28d9c28cb2d55173ae639f098a2e571058cb406d62a9fec3b2f3833d3042f3916738e2fd9c8db958fb5bea2bbffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d806b26e986a72acd57cac3061cfc407

SHA1
c5d91746d0772920186a66c9b8f0586fc61d9b39

SHA256
b0b96572e8528dcfc70848c6c11500ca00eb857c6184ec430700c2619a24afbc

SHA512
3c951f3a57d3ec8b45a6c709b12875e5569f3b6350f3efeb2ca39f9aec92f83e9aa596d90bfcce202da799fc8d75450dcdcaa1da18d07f81fc7786da95d580c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\8333ce77-2878-40cd-9311-a898b37f5953.tmp

Filesize
25KB

MD5
d7fef0d396568b098107bd20840303c8

SHA1
ec33d085a894a9b3dac818948b1adab37a250ab1

SHA256
e15c2aeb7ea7057bfc002673da799cfbfc1a071ea65a469666d59ab860fab30d

SHA512
ed6c67a99fc00054368dd6084bae523d4a420b2cba04b45936f81a52a897bbe79123d28381ba528d7305df842332e22f979c5735497326beb59ad3c5cdede57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\8c8e0837-d6ed-4400-ae2d-76080a0e5b8d.tmp

Filesize
4KB

MD5
5483d03b83e24c15e23a713086514097

SHA1
ed3c8775f01b2d746b7cd1d32bd58bba8435144f

SHA256
f1068a22fddcfb93305505ca8c706bff781adfa9b94ad2f7d6add99d5e6e6c77

SHA512
07b45c01dc5bc453430a1119727d10988173e74423d93506ae8590e6997f8fa0f2139bd1f38d9e7c1cbc2b8da35187f02eb432390d1f214477770fa7fc2521ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences

Filesize
4KB

MD5
b0407e127c10faee99eb512024c34dbe

SHA1
83ed8a4efc7956673ab3fcb4f184bf4879d66853

SHA256
2d9793c84f2ee00e594baec438b5c2de6f5bb3b8012058f873f3e47e0aaa5a77

SHA512
9f74b33f5c77e7a42ec440e2747c447dd2d791f1ede8501e8bab84cf19299daa91c1b4ff14c7c0c64dfde4b54cc1a072ee77b4794290d891ed19acbb6e84094d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences

Filesize
4KB

MD5
e975d6730ba61086ee2d94e70b82c990

SHA1
4591a7841e595fe79f980a506a7eb94ee1dfaa9d

SHA256
f4ece5ec97d56cfafd38d811d40319f836942262fb1843a693615eca2053cb6d

SHA512
e3514c4080aac942a1ca111a8d1bc7649a121cbe99fe37b007f8b1531bb9183f0ae7bbe7fc6e0e58482896af3bb9a1aa1979c031c1eeb449428e33fd4352fd2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit