908fa581acff994ce0e309a890685c61e41eb8f284b8c58654f0ba137edd5767

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1st-person-toggle.exe
Size

4.3MB
MD5

14af9158d543194c6ae4a1e61a64e9e5
SHA1

abde8fa7495a9d4bb298e9de57bc1a1a0e82d108
SHA256

908fa581acff994ce0e309a890685c61e41eb8f284b8c58654f0ba137edd5767
SHA512

349c064c3cc6f42cae72953e1d327ca93a2b4c8bb6432255651386b497f37acc35a81580bfce7adc79506d3b0b8e41d95219d8a7360b3d7eed7dea49314ea82c
SSDEEP

98304:xFP7XHirMWMJPfW4O/7JN+GGJo95d5BU6TDynHDIxd0dQg84PJxEqJduvx:TXirMWM1fw995dLU6TWHyd0dj3EaMvx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe
852	1st-person-toggle.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584740152779501"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4352	msedge.exe
4352	msedge.exe
4256	msedge.exe
4256	msedge.exe
6044	identity_helper.exe
6044	identity_helper.exe
5392	chrome.exe
5392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	624	AUDIODG.EXE
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe
Token: SeShutdownPrivilege	5392	chrome.exe
Token: SeCreatePagefilePrivilege	5392	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe
5392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 852	1104	1st-person-toggle.exe	86
PID 1104 wrote to memory of 852	1104	1st-person-toggle.exe	86
PID 1104 wrote to memory of 852	1104	1st-person-toggle.exe	86
PID 852 wrote to memory of 4256	852	1st-person-toggle.exe	91
PID 852 wrote to memory of 4256	852	1st-person-toggle.exe	91
PID 852 wrote to memory of 4556	852	1st-person-toggle.exe	92
PID 852 wrote to memory of 4556	852	1st-person-toggle.exe	92
PID 852 wrote to memory of 4556	852	1st-person-toggle.exe	92
PID 4256 wrote to memory of 3640	4256	msedge.exe	93
PID 4256 wrote to memory of 3640	4256	msedge.exe	93
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 3332	4256	msedge.exe	94
PID 4256 wrote to memory of 4352	4256	msedge.exe	95
PID 4256 wrote to memory of 4352	4256	msedge.exe	95
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96
PID 4256 wrote to memory of 3728	4256	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\1st-person-toggle.exe
"C:\Users\Admin\AppData\Local\Temp\1st-person-toggle.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Users\Admin\AppData\Local\Temp\1st-person-toggle.exe
  "C:\Users\Admin\AppData\Local\Temp\1st-person-toggle.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCN8LRd8JnX2FkelKfnfRRfg
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1ecd46f8,0x7ffb1ecd4708,0x7ffb1ecd4718
      4⤵
      PID:3640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:3332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:3652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
      4⤵
      PID:1608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
      4⤵
      PID:1232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3596 /prefetch:8
      4⤵
      PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
      4⤵
      PID:5864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
      4⤵
      PID:5140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
      4⤵
      PID:5144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
      4⤵
      PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13826872159514325895,15542826166033369193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
      4⤵
      PID:5548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x380
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb1facab58,0x7ffb1facab68,0x7ffb1facab78
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:2
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4920 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4780 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4248 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2904 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1964 --field-trial-handle=2040,i,11866280059691719277,4406748101199462820,131072 /prefetch:1
  2⤵
  PID:6132

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\93451d90-1046-48a5-b8a5-eb39ac1ab83b.tmp

Filesize
253KB

MD5
a096f98fef852c4c4efc1507082a9f29

SHA1
4847a27b65f0fa15328c9eafac014d057d50fa58

SHA256
070615f49f5ee3213817bd8107c9ecd7ecbe94e838449cd1cad2e36363439f71

SHA512
be4176102e2b16f907cf61af188f2c2f935cfa798f989a9427751fb9910d151c91e257f01bb03a84c5f8506f3861357b6efca5c070652df952830e8dfab4fdc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eed739d54d1442fb3e956b86d84b7703

SHA1
a0beab7c391e13109a44a1058f756f0abd49af24

SHA256
026d86cbd95b98704c7e04bd94aae74c12f450434fbc7e87e10893278993bdc1

SHA512
23e168b27c824afb5b8062bbdbf256130589716c8a651872fb9d9798077d1130d66e47390c0343bf621cae910c6b8f379285c8a95396e598b47ec7347d490b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7fe3bd7a4dd679e1b0b8e488c74004fb

SHA1
213640410e52d807f4ec00876bbeba31396c55db

SHA256
4f578131bc0691a76d9560a873408a20fb02d540256d6c88e5c41b6619ea340b

SHA512
0d07525161626d59dedcf2ab9d8a7b379da9f054fea222077a774207a3e33a4d0377017c523c082598a020ea378849cfa7ab3eb959989b3b800e21f5c8e86683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7eddda2c45181230d175312938689fc3

SHA1
2ec929d59b1fd338e09393e976d588d6d6a7ff2d

SHA256
3d55ecfaaf427828d577388864f402e3c122876f2539362d4bc99a947b348aaa

SHA512
47acde9baf31a4fbdd1d7fcd540043177838d80ede2cc5274d6a547c1d51c0e62d08ff05e6658410ae5bf57cb63e5241247787cca6e568dcc6705e8df71e713d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9016b924db154834a64aa81e55233e97

SHA1
d0b73b0dbd028aca91fc63222e8fb7a3801665ef

SHA256
4399aaeaa7e46d73ffed18d7d011e44155d24c98281397fd00af64f374a824a1

SHA512
f5ca72138a6431804e6c13228fbbb2ecb7530d73042bbe1578a3ca23ee3e0643d8e12baa0784d6e6c3f0ca87c4692b00117900a8898fd1e36d12f0b1869c49b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f17844350d27ae191597faac66ac6bb9

SHA1
2388a67514691f48db57f59bb8521b9766c77550

SHA256
23085a485f8858b01e1cc6bf2f7410dde85a1b381fa8608d45514105f2519812

SHA512
e6bbfe6c45c0663bd5d4fcb6e36eac7d5d6d365ae027cd3fc5a06cc1e434da411010fa96205016fddb208d051e0322271e45f04f266b792960a8e385083a99ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
49d00a6f926fb17c408b103bb198b26d

SHA1
c42e9327a13bf30e42ee42fed46afdc962636717

SHA256
5e92b088d6d690a627258a21496a33c7dd3feb2957420ddb050f7b75e72d66dd

SHA512
271d7b836e41c55bf4bf6aee3ffff0442c707e91a157ddb6bc2995edee4507d4fda4bfea341ec215ba18d4360d7fbd32bd3c1ef222eebd000747ad4b9cd6cb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5fd64837146a026e2667ec599a9ecf4

SHA1
7563e7a82516da29775e353e50be166df1e35dad

SHA256
0bfc72e0e6a1eaa66de34c141edafe7842a6c768a9e23c3b4d2854154dd25ab5

SHA512
b45a21d5e274a75e13aaf6dda95b33e280a462dc01a20b5fd8295a4479aece01666ae89a2c3e789be86e13420400179fd6132ba4311fbde67c6837a494762d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e04144b443dcadf7cfec5817c0b014d

SHA1
43808313441bfeff96ba1cafee46c284124009e5

SHA256
5877975419224f428185634d47fd3884bca12196500788425a5c0e2b08cfc7a9

SHA512
925f82bbcf1938e2f7a010a1048093add8edb8b02ee58f5f541746cdfbdca26b4ac8bc6e1a24374d7b7dde80120f7e5a957756314fd0cdab2c31f11adcf6604d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
030b193720ebd45616c91738bd634cfb

SHA1
346c6382badb1b700519efb109b7604f11d4336b

SHA256
617eba6470f2acba514c87d39d94c62ac411f061696c1f8af8679fa9d9c174e7

SHA512
2fa9a79be569e8b5ea6980c646df55a0c6037498852f1bd496afc5b87c43fecbf10319ceb4e487703b682886cb681261b76bf1a2860bdfdaa0599aaf1f276d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05f5f518-5fc1-4f7b-a735-80760c5a3de2\index-dir\the-real-index

Filesize
624B

MD5
8e7ff9dbbfbec573a41157c0224bb21d

SHA1
3fb77da8c4a0d6b20754257eb81c8f32ef64f431

SHA256
09c0083b36f7af5da296881e4c2dc2cb8eb2ff78394975f4691b25db9d32ed7c

SHA512
dc1d864339bad2c531de7c2255de4ef60dbcca866c5bfb7a99522786187c5dfb25631a54717b44bedec72ed01213f4ac3e5f7d3dc43317afb5da928ccda8a423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\05f5f518-5fc1-4f7b-a735-80760c5a3de2\index-dir\the-real-index~RFe57d188.TMP

Filesize
48B

MD5
3941cb7445a0eec69b9ecd15d6783f47

SHA1
d36cfc8645251c365d4f728cbb0ef319a6663da3

SHA256
b4418dfc536272764fd2280a689178b0152e553b29e92b02cb4a0d1ef1075494

SHA512
f2476699f2b16bf5f1cc88ba5b2e33324b53be9db975109183cc8f896af7f8ee6e9d5878ccce463843e1d964800d1e4386353f92cf44914170d81be80119c56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\abfc6a8a-a18a-4d76-bd43-29e13876b81e\index-dir\the-real-index

Filesize
2KB

MD5
85d8a712fee2b98c076ad6316722422e

SHA1
7fa6359f6bc91250b71d4aa36bd32218c9f7903a

SHA256
c9857ad52b3d54c863fbc606d6ddd6bcd90ac464caa256b81b3e7b63df08c0de

SHA512
f75229397d9301fa1a1256887597e382867cbd5f5ffb2df041ca12df9efb57c95afb9b8cbf01fe777db8892c5514ba64b9f45d65c337675baf4637461384aa5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\abfc6a8a-a18a-4d76-bd43-29e13876b81e\index-dir\the-real-index~RFe57cec9.TMP

Filesize
48B

MD5
9188bf93098df0b4c5da0ad71b86f39d

SHA1
a1c7c06d8b2ed4c7847c674828ff3c3cecc8a9d5

SHA256
24eef46a0e7a166ee8bf4b9cea1ba7af927c077bb7f515c617cb548aae10515f

SHA512
47aa69f6a7f1dbb36beb506428c186bbb9bdf8d7535615d22e411f25fa8c1d2488eeb0d65db9ba1172cf2f169d2e841742f2d44bfd51ca5e3f232834ef078fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
90d01356c777ee567317eda582df5cfd

SHA1
dbbdfed8b07d4c2ec195a18e7a7e09991a1d57b3

SHA256
20c4200b0a71a49955b4f3659225747a69ecdaf892082d88b2c8002f2fcfd3cc

SHA512
d1dbf1b22f7627443f5372be32f7ebf207ec076b039278e129e83f4d2025b3c368ce6e229e666746db055a21c9a1b7a3e9620f6b3ecfdf5310d98b5f0981c388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
4f1c42748f8f009808b10c41becac023

SHA1
7521a56f4b3a0326d249d146dd1c2a49e51a84cc

SHA256
20557c7d8f9b0fa2eb2bc2bb2f2a2d1a1faf388d534fb2e628d7888a9582d5a7

SHA512
1bfe788b98f28ae8255e1371852dd97aca87ff2c87b1cacfcad294ca900f022fe1e566b863aae74cfe84d3a692104a1b9f7fc65db2323cf1950c0e4174e7fe51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
25d346c2cda75511ffe777293bf33d06

SHA1
9358e6706abb199ca879e418055c52985bf96184

SHA256
2e27e265fb9fa42362d8ff4ce61015addf8f3869bdc524c5d2c86666de8b8888

SHA512
9e37881e0cef1c839ddf4240f30682753979bf71d3383b1c654fa4bc8c3f20f90e9b8b651130b7882498ac2337e6e0745ce2c508f96b68635baca28bfc8f7320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
cec954dcd037a3329a4287f1b35e0812

SHA1
8b38169cab889813cfe992e82dacec9533fdc676

SHA256
31bc4b18e7093692cffde1ab57f9dc14cc26350454b34ff7d9839e9ca9d8ed6d

SHA512
0021ba59367bb3d39e9078ccd558fa0101b898410064f90c3bf85300f57245fd36787daba5d824f2ed1fc99893ccbce9aa1957d15718c9a14c1f4c14fe07519b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
f1842e998b20f8a44b97222841539315

SHA1
e0678a64e2911f4af4d8135a9f8d1da0d6a7736d

SHA256
4a025cb864f43fe3beb90aa30960674ad87f6336dd9da5c788e918c5a55522b7

SHA512
8cc73e6a134943b6eedfa6093ce8fef852a5a2a388cdd216eeeb72e0ec197e4380ba73813b087f8a83b704059768b272a60c5665fd683956dca232003878ab68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a8feb88ccb63021649f34bfe55768d23

SHA1
b635b28eefecc382dba285775fadd766ef2f4502

SHA256
f9cc226da1ea1711b6d7574fab5d2939046cb80dde20d32cedeee69c94fd0d36

SHA512
e8dc1604de906572427d438b5056a2fb44ee604d47d0dcab2e6aabc9b6d4006eb21581e7a814900b5d60b07d085c8950ca6701faaf05d9850cbe7745b43cde88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c8de.TMP

Filesize
48B

MD5
f2d24d486f6cd97b5f78161e44435391

SHA1
90042be0a80d33576202323321e2a8851e3378db

SHA256
e39764653ac4afd11d03f73ed4c181a70a5e6c368fd80a6207799afc08b71799

SHA512
26a88295f3bca4a6f492d6aebb15cbbaca590e91c7a1f66325af24ac24c44d99b96149c21f4deba6af59875d466963c8e1ab66c07ef719fc1ebf3c0ffce2f4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af93ec8de78c10c724191b480d6f5258

SHA1
6bf512ae6ec5ae44bd0aafaca305833a2f560911

SHA256
4dd0c1ce060196a94b6605eccbe46d11648b647a0cbab64f48d8e54af1bf3197

SHA512
b07b81cfb3d2c035d953961ed9e95dffaabb34d90b898d6effcb2430963a1880a5c024fb075f1e3f21dd06c1d115ef1a226dfab12328b43663cb087af595ebd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32e145a70bb380d24c8bdfda570ffd47

SHA1
ec24ecacf200085028bbf53f76ec087ddde32e97

SHA256
70d517a0c6d06457c5313ade7502c5551f001b66918527d3f8b7e0f55c084218

SHA512
fc0a4623e190a6099af26556f3af61c4090eb6aec60471bf5efc2bd12000ae4a34708e8bc083ff2681d4668c12572dd118749fb022003b7f2e75bf45d437b4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_bz2.pyd

Filesize
72KB

MD5
852cac1ac7232c5788cba284c3122347

SHA1
377720ee26532775b302f28f27e5d7a26e8429fe

SHA256
94d02cbcfac3141ca0107253050d7b9d809fea04b42964142bed3f090783a26a

SHA512
352cee5b66556d2ea87873cbce7b04b22d65288f3df24e9c162dff465ec7d31f3d5e283edcce7bead4f3892ade009c629860d21e59bb2b6c7896371684bc9b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_ctypes.pyd

Filesize
108KB

MD5
36bf6ffd59c04075d50f245ef5de2ab9

SHA1
be48f0e161f2c4c3aec50f46ea8f4dd030aa561c

SHA256
7c11a5b8cbaeb0cd34544a7e4949c1b2a61cc78392c0155c0156306e6ff602e0

SHA512
da3851bbc88d16d142d9401b3c0eb238405b711aa047d183f02b4991880f7c33eaf6f5f137dc301cb5505f7aea849175987255518086e674b2964ab153b92969

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_hashlib.pyd

Filesize
36KB

MD5
9aa769efac1446db1d2e4e1c39500a20

SHA1
8b99c60f749fa83bb2ab79fde561a119c0da8d3e

SHA256
de7c71c90c7f58dcdc3da159d08dda7dc297e39c5f309849290238baed7e230f

SHA512
cef3c7f56675c85669d05b72a9dc5abc3f5dc3b82c5c648c6965a25fa6e013ddccbff5adb57423b2bbee17b09ffcc79d29911d3dec73011786fcd65d13a9a237

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_lzma.pyd

Filesize
181KB

MD5
52e990da9f33d0ef2b83a0b52d42dcd6

SHA1
bc498f0cc9056cb0061d96559c2e3b4f7af95e61

SHA256
17fd3a2750e61fb164f3a9e8e021a0a3b5de107a3cc4c798e127618034e09d6f

SHA512
ecf1462e6ca6422a0d405227aff615ca8876390cbced54c3b46d5c94b0e55f63bf0f99b9bc2c684d90e064fbf52a62f27f96b2502d2c2ba1511c03a280d3f34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_queue.pyd

Filesize
24KB

MD5
bcf5440a884ef33df02ce124557d0c2c

SHA1
dc2e7e3c1d6f730b1b5e3f9487ceef755a033282

SHA256
2f2f30a6b697b7ba7c09db16ec04517c85cdfab13f142b9c810fdf9983522129

SHA512
fc2d9b6c6b3c619cc13b24021dff37f94c057ded40630938c2b3777d9e48d212541c58b6f070af65bb1d0185077b360143fb4a86e225c6ab052a1841f8d0f204

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\_socket.pyd

Filesize
67KB

MD5
f7d2fe8cddeded1210b06af09b0fad3c

SHA1
1c54bb73326dc04a34e81c10efab52e5a9a485de

SHA256
c56088832a09820abfd45135ac3874117d0cfe669e982314fdc3fe73ca195dee

SHA512
a8e1391add36b29968be7dc8500bf1c7cefa301e2a45c88cda2158e9104635fbb00320b25b142c1177abd3ba7a6d2f27d7d257d07236067b5c0b0be4a3f62c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\base_library.zip

Filesize
821KB

MD5
a3aabd122c0100e172a431b1b1b1b4c5

SHA1
470647b419a8060c532f75807ed2512d9ed813a9

SHA256
1cf02be67852d09da401de5d78243aa8dec00481729853a0e8d3d0ce1444139f

SHA512
26d3bb1351a7bf1d7694ddc43b0046062e88a288d231f8d5b39c00dd14961e34e4d829800b2663c3f851b3288f02d1d2535b3ad5ebd545d535a32ffed100eff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\libcrypto-1_1.dll

Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\libffi-7.dll

Filesize
28KB

MD5
64fd05751201bbe3e29fa3a8aa600b5e

SHA1
9e069feff5e961b60c2aa57f0e5265ec898ccb7e

SHA256
8f88c66fd8e046a57deb7d263efb9d79092b1a55fd7f08df7f430654b47ace09

SHA512
79eddef381db46d858a211a9e6167a0504f880a0207a01183834ffe5c762ccd4faf436e55fba22a28a4fd0c8ccfd0e63534fa971a8136e564ed5f7206630aa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\python38.dll

Filesize
3.7MB

MD5
5eb4227ca3526a3c287a3fecc9a91b92

SHA1
35e1cb934a88d1fea2a595b1b48033804d9beeb0

SHA256
c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31

SHA512
515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\select.pyd

Filesize
23KB

MD5
92e930e2c79c7eb898a9843c118cd20f

SHA1
027faf19a7fff169d4e1dd4ff6cb8ef33713b9d4

SHA256
a32041001a74d80482a6f7fa252bb9ba916435b09cd60d3700f6af049b819500

SHA512
a1edb95bdcd847940c9640e346b4fa757acc90b96e6d7676a0a68d408dce612be61ca2e16a7bff6aceb3571ca831f609100e8531f94a7a2ea085fb8d7b62f23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11042\unicodedata.pyd

Filesize
1.0MB

MD5
95985535fb076ace3b57f55d0131b741

SHA1
3e6e2e898436d75c05a4b8aa2e952271a64ff877

SHA256
1766a0a24b3ddd0bfa45f2c631325b05d2b3102a61c3ed73a8f6485d18f6fe94

SHA512
c10e196a654db57de8194baf181e23644945074cb7e86fba4d0675545b0f139b46e4af0ab0e96064fd5ed0c649e574eb5e8b2c16fe592a4ea41b68570abd07e6

Download Submit