hxxps://zws[.]im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3

Resubmissions

18-04-2024 17:34

240418-v5f2jabf7x 6

18-04-2024 17:28

240418-v15jbsad94 7

Analysis

max time kernel
188s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579350688485742"	chrome.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{9DB7974B-54AA-4720-A9D2-7E5576AD138B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exe

pid	process
3204	msedge.exe
3204	msedge.exe
4596	msedge.exe
4596	msedge.exe
1896	identity_helper.exe
1896	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2996	chrome.exe
2996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exechrome.exe

pid	process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

msedge.exe

pid process

4596 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4596 wrote to memory of 4552	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4552	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 4344	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3204	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3204	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe
PID 4596 wrote to memory of 3724	4596	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zws.im/%F3%A0%81%AF%F3%A0%81%A7%F3%A0%81%AB%F3%A0%81%B4%F3%A0%81%B6%F3%A0%81%AD%F3%A0%81%A3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eddb46f8,0x7ff9eddb4708,0x7ff9eddb4718
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
2⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
2⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
2⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4862750045712766396,1208416892511154619,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7160 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dc4cab58,0x7ff9dc4cab68,0x7ff9dc4cab78
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:2
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1720 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:1
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:5316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=2056,i,5395946463164372120,7829898760397673683,131072 /prefetch:8
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\670195fa-c0a1-40d1-b4d9-9c6f6d501bae.tmp
Filesize
252KB

MD5
b4adff8be4e700e0195b0d7d6ef3e8e6

SHA1
fe254f42c13f50016ca6bf4e402c0a87aad849f8

SHA256
ef97e2539da03050bd4b1670eeb7a82759ae446c4c2d902686baaa8128ee7d29

SHA512
1b7ff4c45a71bdd4b3178159d8e6a8985c742c322e8022ebacd01595783d67f1a6bb40a8e41835a666fc84b1098b2b7b171b12055a0f8987315d279b9c274c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
8a52153ac63defdb39083b17ca05ecbc

SHA1
f5f46de4ff5b10f5232b3f9862b4ca361bbeb923

SHA256
6e6257d82f04e39536977ebd2c73acffbe63647f0cf89b284318e40b6241ca48

SHA512
ec8957c6ec117f28de5cd2aa00084d78b4395aa7c407f72be05b173eaff10d9ef34c115a7a237c2fb716b6e4630d720408c5e379d0761e276926e846ece465c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a948a83ab8ea49f2406de0b2c52f627c

SHA1
b45d0c07b8e873ed33551c2b92906876a8330fff

SHA256
367b9a23bf4a47e49c6a4541d62369348eb0525109aec8371f891cdc62eee4fa

SHA512
8bc46c93c3daad46fbba4b03b66f929f4caa09790347b2ab0363fd909307a5287b15354bfec756ff98acdb7318b8cbd36d72d1dd7fd9326f2b9b79de433e1f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
8892418fb6808a329b212343eac4268e

SHA1
7d80e7391a75fabeee3d9a9e4de9ac14b1fdd529

SHA256
faf4c1ebcde952e9cb654f03c90dd8d4fc479c6c6e13d430dbd281a0d1c7ee14

SHA512
d36504875e573166b4c70a26e15bcfe643a3eec5f9d7ac70e1a921f9b31f7905a3b68fe5e298cd047b0ea3e7b17f44c2e5199a43817583c5cf9397e5869bcc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
85KB

MD5
51905554c80db9e4411c6ccdc2e74569

SHA1
dfdc75b35b8e5a15449d1989ba0b07c50ae5d563

SHA256
76e18be1160601b291167bf2f4eee0684f9f09a53c80661b7d2eda79be03b1c3

SHA512
0d7e47fb6e24ee6f610139551b1cdecf40873c54f6e1c607cd90861bf853fb55490076b522495537ac77c895d87002cc2d1c312d6a647da0559641231a1dbe8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
393KB

MD5
dfd1508d18c21c5c3556be0eea8b3932

SHA1
ed593ea418ab326c2f7fea094cc52860082e852f

SHA256
65fbc3d692ed8071cca0a87b565609a1a1bf2d73d8d3118ae08d3aa81646704f

SHA512
65d94e73d4a8a7e865fae21b2d3b30da664d0c8ce32c53336797fd64cbd9e62d09d103c833b15bc64de0377e7082b460ce6ead92c44741a5eff056a3c6bfe660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
30KB

MD5
b87ad279d629ca094164330ee4eb23f7

SHA1
975984748a7b80c1397f39ec80199a244df81ed5

SHA256
b8d0ee58145d838a933a6ee42eba7a19b75010eeffd248057a17a417e9a1ffa9

SHA512
378809aa3459d59235806234304e4138b18c7a1d7edd7c31a4d6ece9ad3568b365416b364b27d226f1fdba504be0f123aaf8c852e1a13538269a0c95a1e67cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
47KB

MD5
c8f0b54f79a9fd1ef60ad74c73a1ee1a

SHA1
f47b48f1bb9fac21e9887fe55eebf56abf454eba

SHA256
8ae8119962b9358ab934ffb612e634fa23ca462c720c8915a8306c4c984d1cba

SHA512
bfff435361af16752d6fbd7c7c84ad92d70472d75244150cdb4ea94240b5486da82e99fb1af0c04f108532a61c736b0405ef20c2a45abac2a4511f2cd025635c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
31KB

MD5
42d469300bf0784f6e8d169387c73ad1

SHA1
3ca001fb476ba58cdac8e03409d5b318648a92fb

SHA256
81a5d3d2e0b1ef553d62334ddf35ed08648081c19064496ebc802e6f007ed226

SHA512
b003debfa81ac75bc19c23040b69de8c7928395847fb2140e9f8b6149a06265012c6ea8432fa2f2482709ab17b8efc2f313252a3e2ca53433831a44e161b47a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
29KB

MD5
cf78b8af33931c36f7f6227ff674697b

SHA1
74787b74cfddb0b2314403ec3682f5c5c7f5626f

SHA256
66ebdb4ab017779094131641075ca2ecc126eeff882ccfc0768c74868c109949

SHA512
05438704f597901fbb180ef24561498213f5fd7e37c454e5bac1317d71bdeb0b2515f5a35c4c512e22751d2b9778185105dc1f2f7b08249a110144b2a6128488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
27KB

MD5
5f40277ce38bb10df515c854e3eb9a58

SHA1
769a71264ad3a754b2c2cf4933323ea39af630c6

SHA256
544ea03621b259fb8c8934eaf28959ba9f040eb708672abe1ed99cd14b0dbf6b

SHA512
d97d625f3f02a33b494dbfb031b9fe55a331158adbe86473a376ca6b58edb527f069e69957bbafca6382c277f07a88ffd53a78c12f3080dbcd4293e043fa116b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
c1310095793c4c22fb69a99f5c3622a2

SHA1
efb9c6da48c1ffc5e0bd1230ee898a6fb4b764a2

SHA256
73f966c36962060f7bd9a78fb9e8f26b7f636506dca79966fbf5ca60caa839a0

SHA512
0f020f9006573bc0bf773ba21d46a17a9eac076204009bfd60e2f0f7f196d44005e2e5f962f2fc2caeb0080d3285bff7763183cb540398b1e9bbf91cfc6ccad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
b7f5263fc5bee197497cecf4416aefc5

SHA1
9825f202b04091572a6fc8c9eec25ea2fb2bffdc

SHA256
61cd1c34a06c58a77bde24eabbf14fa42c1c3ffe9bd9af315153ee7be67f6ad2

SHA512
8d8e39ad015af424afc3e3c9b5a4277582a8f793fcbddeb28199aacc5a89060979cb4861441ccc9ae14673d13e9168d141e8bb5b1b8ff2af672cf834c035d8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
6ddb1040bdbd82dd0a04c076b844c214

SHA1
c3cd58af175081ffe7eabafb390f27a1faed4110

SHA256
9c5d0986dc1ca3e7b7fbc0333e4e2e9dbb7879b88944e786182028b744ab3f98

SHA512
5616b49f43befd8bc500344845254c260f450a190afb58cf2baa26af019f2ac7b2495ceaf6ad2c9bbd7ca0e5bf7cafc3dad613447b83842390c27ec9a0b6a947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
eae250056e59d254a9a8a4e6a9e6bf47

SHA1
3723b9ccd24ddec811ed3e1094c6805d0a1da2e3

SHA256
4af89658445b373250d828361fad53d0798d32909e8d94630a97dd6954684825

SHA512
fc206e616b1e4e107c2ad63475c32262aac09a94811af1d424950138043f939b9c4bcfe3322baabea6e054fd7273bde1f27ac7c68e93fc7f00662b9d628de5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
970B

MD5
096e64a4cfc0881d739eeffe2dcdd89b

SHA1
4e57dc8370883aa52b4c3d88333447132c726c23

SHA256
d53e08a77d51a6b67604b71fc8bc3d99e72db0cb8f7396621cbbff5a8ad23351

SHA512
1dac645912317b20608a013721f56bf5e4c0fd7580b8b1b005f0e91584962cb418b7e27ee5580d98a5cef36e03b22b8c68035e97e97f25e55886a5f84076f97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
970B

MD5
a8dcda71ae13c66b9b84006c86642811

SHA1
d75291f5121d9cb09658ba802f8e0e790b1328f5

SHA256
fa95de61bdec4c4d2ab05e97eb7fc399a04c9c9f3542af57f3203260e2746d95

SHA512
559457a42c71341464cabc8e610926ef19dede6509229e5590ce9cef490a273b8bb2b1578776757e800aa6a5deba9f53c9e1ac9e1bf454e8e592f7e8015932a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e452a18f25d25be8d8887cef951e552c

SHA1
90f999fb8bd25d9125eeff8005f2a230801b8aa4

SHA256
595a75ddd6e2db0d194b5cc68a9c0578f9c8f27b2f98c70e286990e2b1db26a7

SHA512
5d4930d82ca9e2b3bf0a4a19aba653f4036419c8ea9287d9fb97d6a2339cced37536c7f5ec5dbf76884c24d2803cce6bddd0efc665388cbfce05e5143764a46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fcce67b47c1d5bc43740db428c92cb40

SHA1
642ed3c2028419d77a9620675677084c8b671bcc

SHA256
fca40d57edadeb6200761fad29fc7133badccd6d878827e8ba49c97cd0ff3b99

SHA512
b007dca15e07331272f8f2f0acb9da346baf3c35a552bb29707f7d7c89156c469f0593a79b98b446d6e2dd8beb2a3e67452c5ea377f54e219f00292639a804a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
56a14c3b336a873276c4727f4701c8fd

SHA1
1aa8328b45a80e096bd4d2a470dbe5cda9a209c5

SHA256
00fa6395c44e3fc75ffb185c83797f788e981ec9a035ed233e64f5e2f1a01040

SHA512
9e6c08ff282984459445d8e072d6a9399067123535972791bf5f9aad0c8607e16798931e866dd7b0e9c283891962a341b0bca47e81aec9c17efb047cb8b7526d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
772a7016a4a7c74409b7f2a1852a9b6a

SHA1
2f83f866bc82ecd0c45faad8654dafe00c784d56

SHA256
509e91bdeb1e6e6ac4b5a08f88d55ece2754ef94df58aa1b119a6b0a6cfb58cb

SHA512
7cd05daf31f3aa44f39edd0cce0e37288a59724627de8c22077cfd70a9283dce8a574fa0ddb681a51fadc3d6c2df683eec0fcf103b6c1a2a9b00f6f2a3f98644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a5dc260ce49d0fb9416f1f70e5740760

SHA1
0e8a14c1abeb462f41cd84f21a02fc7ad0d29974

SHA256
543fc179138917b11032e13e13a8d581ed1f50ed727317809acc55de2208269c

SHA512
4ceb85319381076d0c60774009475634d1b6f35016bc6698acd37792944bd6bc55a24f6e0601b048ea9148e237e2aa921d5049ac0f0636b9f0a9735730f62858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bbb36f65a828cfcf19f284475cc47482

SHA1
ad0b5e76e216f2b32650117810282a2b7524713a

SHA256
5f238209fb8d78614ca88524c08ab1feb77ed861eb08ead154b432f9dbbad4c6

SHA512
ffc8f0f1dee80bb05be9a6a6dd3ffa6990d1b227ac21e52b4c605d7598427bd5d411339d40e52cd1e63cd10d8e9f48d5801463def9a87a1289e6416c88b30504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d1f43f66508329ad4f1ff7b1e6599656

SHA1
d6fb85454e14c6afaf3886545de39af1832a0dd9

SHA256
28f47c1e94a7511c7203e22230090d09aaf111db30ee08f15ab61dc3dd857df1

SHA512
d2bf6f2f40d5a018e30a00f0ef88cceed36fccbc065831da659b9fd741c314fbec55a4630011aa6ddf0168da8126f185f6d7b8cbb8abed6551d0eb69085f894f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1d0965f8620717801d696666c265c0b1

SHA1
c57148c91c23dd895ca01aa520e3a6d3d82a2aea

SHA256
9c2d54a1c4146f262f9618717fc7884754ee983c15a9cd4bfed7c53a0617be7c

SHA512
0418989bea9401740092eff12474ee4ee3a8d45566a1c771ec4f4850194d67a3989fd95641f9363587208f3b552f0eabfe3cf7b57bdcfae134203b194412e92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
e76d6943dece3cf9938b54471ba7b112

SHA1
54ed11753cb22dea64576f84862b4d4a8d4e92f6

SHA256
8d5bf7e337db0b35046751415b878d7bef35f4776f4f7d61c368cf9494388bbb

SHA512
5c5bcceca2104555a0dc5a876d4341f6fdbd3eebf2db945fad36b5da400d536c8230b57474b65eecf5c16e61bbd7533996f9b6b87255faa2452c4c4d7aa26815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
aa672d2805c054e4b589425c318a9b1b

SHA1
c75d5408c6e38191bc0e3044671347e0fc802d3c

SHA256
669984866cb5c40abfed48aa82c8662ff295644980777ec5abc52dd1dbda8c15

SHA512
69870cd16b6861990fd48492148d47b4a611e0dfdbc9aa1bdacdf5d63b964a1cf837381a9a59946a6dac054c652b4bf4d20d42a6132e3e85ad1888e729644dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
ca607415d33e4fe96ddc5bb6a3be2623

SHA1
1fc4a7d06412348c28390295ae5fa94710f1b3bb

SHA256
f2b63f24164eeedc81611f7fab1f8881f8d2c33a8d5d990f6dcf0bcec86e74e3

SHA512
a27d0a6d84cb4ab572c5ef98f89776d73ec4f03d422c4e44df6a68d7cfc47f452fdc379b96092a377601fe61761e8fcf15b815723fb9d144b8a350343c7220d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d33d057e908ae61ab0965f4c10e90af6

SHA1
f2ab21827a71084e732f24995fbf346ce348c2f1

SHA256
c5ca8b8f7bf0522a490106d8a395a5278c335cce9f0d647e6b81a5bba9427579

SHA512
3593a6eb0c386307f617f1a53b93b07dcee0dfbdb2fcc9cc54d70cef08ca663e48cd46903a87dfc2b43ccf93ce0022f20e81bfae5046d1c57d4406f35dd8bc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce8b.TMP
Filesize
371B

MD5
5328d654e984ab70a3448346c59e3829

SHA1
8d6ca9093aaf933aaa86dc4e4695c256ff2481a9

SHA256
3a24457c4225a6105dd625a0a9600c26b572986841f2d7a4b4ed1d33554048a6

SHA512
25ee6df4ae6d7c31992c8a115ffb27947572184cd733a9ffdeb4056ada5ebd9866e1d79990cf6e73b21cc503a565eca9efa8eaa8a1fc4040d6f493b3707d5513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f9207d53d9965477505993369ea9bc24

SHA1
75e557a3c5fb5d48a607170b89dd82858f55e8a6

SHA256
d9d1292935b51a61c88339c384e8b4cb23c4243c80d6c130bc12375f35eaaf02

SHA512
dce628af68164f485dad1577d6700ec6fcfffe4647203199934e5db92c923dc2bb7a993cb89da9757816de0aa01af72c4e4b53f572a07fcba8accdaa706f6dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7d567d81486e47f6f27920c79094ebdf

SHA1
77ccf84a50529c4fa0c0175950a2abead3ccd7dc

SHA256
c59595ca063db2d9270e2620a25048ce314731b19504a149180c070c5878a5d4

SHA512
8017506c4f9fcb3c1aadb6625b43f0c0d88a93871df0bcba5812e054f3002d818bc656041b9a3f27370e838581aa851b7a450637c6e4776863a5c0f4a0f551c0

Download Submit
\??\pipe\LOCAL\crashpad_4596_TFYPUQLOYFDHKJDM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit