hxxp://temu[.]com

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://temu.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591604312441817"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
4416	msedge.exe
4416	msedge.exe
960	identity_helper.exe
960	identity_helper.exe
4264	chrome.exe
4264	chrome.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2300	4416	msedge.exe	85
PID 4416 wrote to memory of 2300	4416	msedge.exe	85
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 2400	4416	msedge.exe	86
PID 4416 wrote to memory of 4024	4416	msedge.exe	87
PID 4416 wrote to memory of 4024	4416	msedge.exe	87
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88
PID 4416 wrote to memory of 800	4416	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temu.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca25746f8,0x7ffca2574708,0x7ffca2574718
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4192394766711555258,8081694271509074061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc8ff4cc40,0x7ffc8ff4cc4c,0x7ffc8ff4cc58
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3172,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,1913046928247807700,5431261807987832884,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:5220

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6364973693e6a07a76d57df4ee2c52d4

SHA1
6ceca511b479b4b080a4c8f5f4a30d58e96b4cc5

SHA256
278efa5d67eaad59dd2ffb776e03b75712a17938835fa2fb391a19121358a9fd

SHA512
7347118fd69ba2a85cbf1adba6ded37a7be429abd7c90536eaf70cd17778ce944f5b796200d1d5bf24ba852fcd1f9577aaec3cb095dd2b90e4449d4994a971b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ee5bcb61473610a67af9ca9b4a02a8b7

SHA1
55b2911ab2e4f2929b22353ad3428a5c9062a98b

SHA256
a8e4b5b0ef3d37a7c25df39b5c20f115b0a2a4a9ae0bea887876c52e124eb9e9

SHA512
043aa3f9e203ae37fbba5985e35314810e0549255a2c867b0cff5ca68fe64ae45ea29069ccc8f05f50da7a2b38c79dbdd30b2fa989a9b709da1e274076b4c980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b9f1b9aacf1a9474869af71f9308a265

SHA1
f21296a8c608c14c23b5084ccf5dd946b2726cdb

SHA256
6a2bc27cc8f6d16bdc064eec69536ac3d6a19721ccedf9e8fd59c768b97776f2

SHA512
32684793302263fff8e944f26ddaf6fe86f6cb836a3add61e68a76fcd5dddc2c248e17b0d432b40ed4e0a946b791ca672a8d1bc6e12d1a0520ccc21a679f90b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fe2a387a3019dc3c7b1b5b823b3766b8

SHA1
ff304975207594ef0a4345b6d3e00105fbbb43ef

SHA256
6f306191857e0d9066eb58aa94a51c862d86fc1191d7af8b0bf412d3c58fa95e

SHA512
bd7889ea3e0dd27ea99fbe953208bacae6399fdfe963c1c52575170274ba6a5fd7ceb11d2e6c35488147d3302400e53f19304ca3e67d365b08a142e138eb343c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a85420d4b8da75d5826cf185a0fe717d

SHA1
d4bf85155fbd4ef583c1a60c792f3766a747b117

SHA256
95313e390ff0b412b7fe2fa0429d5d2dfa28b838d9c00750b36406987bd2eed2

SHA512
3a2752cef7a7c01b85b1a925be9f33f1a386c276d014e41cbde636ab2a6c05fd587aa52e21a771fead4c63261855fb7117d6f75e49e6483dcbe71df897f45644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cac62a2542bc0f5a8190c9495c5027c

SHA1
ec7969bf4bddfe3cc3ed013e3c2eaf532c1234f7

SHA256
36b4ce47de3181ecf51af3e7754e57703063d7aaa502c8ce68c0b0cddf5f3051

SHA512
7c48098593953b4d7c0bbb3edf81e30ab9af5669a27eee4e07461db62b9400abc0c0c44668c61bd27e99f946b363e36dada97a1a063f5108e571554bff6e08c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5753aababf772e795291206da49b1e26

SHA1
6952b228e0832cbb9fa1a999d21b0cc3e3dd7f07

SHA256
05a1f25ebc26def32a4bea372fbbfdc7ba4e462c4e32e49d816611b644bff30a

SHA512
1287a8c4168ba8f5599f4552085a4b74a4de96d3531e20b33251bc92cdf573a3caf9bdbb25041c6eed9ec4c01aaa10066ac60a90fd5456c6d7da6cc141154b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce807a658795edca2a9b78a83089840b

SHA1
eb768b74a67379c5cc9e3970e61e5bc8806f488f

SHA256
17ace59cf944d5a06cfa832fc708f369c98feffbbe0db88bc4626d639b0e0c6a

SHA512
429754264aad16dbcaa4a9016d479531d3e61ea84ea256100da80e4e3731cd607ba09d961eca9af4f6b736ac90102f6ff5aa3900d139eb34ee833b3e8c28c8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1116c82a08e31a5bc9ed39b3c00d6305

SHA1
c0dcc061059f46bc5799770e896fd5d6eec0ad5b

SHA256
173ead1b028fc498dfe306598192341f3402b185c197d8b24d9f955d4c1e5a0f

SHA512
cf5085e1ad37307bf9078c59f6beab340b5d7a3d0d40195baa87c721effb8f9834187c99cdfa1090d8452a7d4da3f5bc09a201b6b2094efa2e66a5f3fe73b9e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6265676a882943e7f91c927411c1d3ea

SHA1
24041906f63261f9dd8df08554f1bd4e5197c8a8

SHA256
78f9107d14f5e430a2029fea4e21ea2f8713602799440ceefd1d451c1e93ef38

SHA512
48d43a88a42636bcc4ba887a3f6736a254cee5a33f7f3a1a0d90e386e78fd1ebbb305e7cc2a81ae5bab6036885e50019f5c71b5abd65a2ae214fd2aa4b9046cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
7b33d8751e381f1a71534ef651e65707

SHA1
82abede10c163e9c24f24590854b826d36f60c24

SHA256
d3c4a94ea72e07c08a99d87fcf44dd5f0d00d8bd62fcebeecd3392c24c53b323

SHA512
d8f5ba45b1d54ec6204c20b224be96e2b7bcc4263ae9b27389e10561963299a17d09a8c82001290763cb365c235b54a13cfc42c7fddcadf8223c34b2d96e144f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
86aa8a871f2b79703a7e317e95234f64

SHA1
ae21ea180d8600cc4303efb4cde7968853de8f37

SHA256
12c6a874d9ab53672cc902dc596cfd951748d109e72c323e692e0c05aa5cefed

SHA512
716b9b3dfcaf56c717dbc6565c4d0ef9b2454717d46d3aa0d41a646e149600aea0474db111f4b9daf21bf9c7f668be207147ccb14273874f328faac51b4ec6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
16KB

MD5
d26edcc90efcd957d6c0cecb09bba13b

SHA1
398b0409df13c402e913d9caf5fce84eeeb0423a

SHA256
9e50f7118d02f2fc45af374163bf05bb6467869ff0333751d2e0d9a0401e8b5e

SHA512
334d823fffc06e55c59f8073d247659dcb505c7e51ad5f322bcacd78443f38ed01a938895593cd073b47dfa8fa08ce1d87065272eb948d791f9706b555087cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
bf442ad22832be66b326e0dfcb14f23d

SHA1
c6a16dbd4e2293442e77062430058a81aff82540

SHA256
5398c0fc69113bdacaafc6d6fba4d258486d44ae305b650de628ae2b78d4e5e2

SHA512
b66048f2597a7c8a6c84de398df48c3e07f967a282f6e076dea6d86c9569f667a5ac88017023a078c50175a6b2916d8883554fb0de34cf3e416799bdc07a5465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
373b3687b24a7f75a055b53d82ea9678

SHA1
0afee4ee66c0d89693b13db6b3d76d19ce669a57

SHA256
f161fcb1a7d17f9b08dab1f075dbfc6371d1cdd4be7dc9b06af06bab4f8701b6

SHA512
dabc267c07e88a39b32896ad30e4e04a9442253f5a584126e309f3809e3a8fcf02e6ffc53cfcc3855acc0ea8620e0ab5e986c42351d673dabdea4e1c9ed491f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dd52408bb6da036650d463af68b8b043

SHA1
1e00bbb0cbc9c5d2c95e5439de26d86660007b30

SHA256
4499cfb945be393f3ac2d1fd92ea1af74fa9104b46a150ad5844ed09b3dc4cbe

SHA512
42b0f7c1c115095e9aecc35c2c06d7336662848604ac01a6f7af9561648f90b250b06f884c126f271f1453c7e5ddabfc6b321f85cf79d2e170b3ee1223d52616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c0b7bc21a710b615e715115b0118bda6

SHA1
1ba56a6f334d375ddbed4a16c14cd9696609958a

SHA256
47b36a8e6d886ebca7730e3cb437f9d1fba0a2469d116b3d58cecfb0b62be6b3

SHA512
1aaf48827c8de284ea92dfadd1ac10d126abe4c73fe64b071567a75fed1311e61e2637c8fb44eda37e29e4cd060af9e1678ccf8e612f2dc4aae4b276c58e200f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
280bacb5e3ba63011a33ff4edd146857

SHA1
efeda2d8ebf0db3223a50cd53e1fce77dd141199

SHA256
3740c567f08f0c495668239f55d3136bce75532955301e39cadc8653b8bf1c17

SHA512
a62a9be076ca7c380b5fbaa9f331bef6120c9f1428b21e77cff8ba3ac8868277a59e221fd5102b150ec72f0243e0d14040bd0a3b2d32c1c7d42f813e2d29079a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ee9f4590e95f14de6ef3bbca970e611

SHA1
a31eeff28c097a8fdb45a0200b8e89e2050fcba7

SHA256
366d303285ec4b89dd80c1fd5e21dfd76cea071712f58cf221c2e39e844f2eb7

SHA512
1e93255aff9613afa27192a10799b2b26274e0428eb8a21e5567b8b9fd71b4171696d4ce2c8da47adb58b0123d1589c2b0d288d8bb8ba3271dd11bfd53892fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6f9b52da0a12cdf9751a50b84ab9d5d

SHA1
f677c73be576ecb57bb8eecf0f8db1b09d5f5a8c

SHA256
2a7b89524e86d6d54c9496dffdb46abe9244d6f1f5ccca7b3a43e37c1c6d78f6

SHA512
396181cc4333f8afd700bc0ec8b8f10c9e1b622c56472f9c835ba42caaa833cef6e931eaf477a48d4ba1d58c5ff63ac35f0c076654dd36facd58ec5d73d2ed2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5de3dbed1335ef042b93f550469ea89e

SHA1
d57ec1720a98cd2795563e7aca5c5d7e6ffb53f8

SHA256
ddd8ada75dc6c802cc4c9e5aa75d895ac20e479dbf784038a2590062a11f29b1

SHA512
a1b669d6600fb0f4de4b964438e71c9e0accd501829936c1fab52ed3a5724570e32ab6c08ade4e2f448314f03bd187b197ab302898bc4d1c4319c4518453fbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f602465cd7155e06aab47a132459d9e

SHA1
4928bc8cc0c569d5de296d82f8315e8047da2008

SHA256
bdd0b4bdb8ed4f62c98f1d2af1edf62680a7185c443806f0ddd4fbaf2f119ee8

SHA512
e119c0f9c87abc6369ab06cbc9de90aba23e692b85a7db4a95ee57e400939bdc509070a6954626768c45dfe0f75154c888d82438edd177cfb8799e127d1d8c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f10c6dc24c0044adceda79b35b1fff1

SHA1
c38c407e3a04461a7ab4b446ccb3fd857f8bfa7b

SHA256
92605196a7c5bc61c7c76f42a348a37da5c939bde9e1ddabfb9316c6eb3dcafe

SHA512
7e68fdeca3fdb174fa3e07fe6b90f1830a1ac76890d2d10e703f58ac3a031adf37e894e8ca77aeac75abe44ca687b92685476702337362a0734b74a996c73eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6b6073d7f3e8614b186f93d3f7d1561

SHA1
04725b70d1c203dbe727c4069edebda0f1bdf75c

SHA256
6f64bebc91d3c48200bdfa2112c6830f1be826d663e3a50f194d289f22980fbf

SHA512
2a1c26e97d06a254fdd6672231c33481dac86cd34659ceda0360ee87e9d5e6ba162aa9b0ddac8832371f5554589568341bf035341902decbf0257e2d9d72d8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64930b07186e1205218e54feaa2e0fc0

SHA1
3bd34550923ea37d62e98d498aa6640bc7bc44b6

SHA256
3d7b2fa81e02a5a802764f05eb75d894e84b95aeddbc442f81a9dfcb67c555a3

SHA512
06aedd0bb238e89d0d781e479ad977aa0c7992dea6748820b77daba02cf353f263aba0368b53bbab59390484f3a2b91e20538dd76dd4ea577e5ec451a35bf9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579bf2.TMP

Filesize
873B

MD5
a39c55e76afd7d5584f8df75f12b02b3

SHA1
42e475be45cf3136afebeafb0be4b3486a7e9b0f

SHA256
97c7a3fbba9ebbbc557bf0ba5b76a0dcf2ed54637c71f25a900797304f22366d

SHA512
a0a770dced88480bcab31ec4e89fa38be2699708f2528e466ff212d758390a8050907196f1bfe15b7c26d03d38f9a7e14624ad0615ed8ba8b931417247ae3e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5a9151d326dfaabe7969f4bccb74e03f

SHA1
aff01868afd0e99269d7169afd4c8e66de0b4be6

SHA256
90cfdf953f9f879578d3556d26dc8444bbd611eb333fc432daefa1d8cb114606

SHA512
deae6ebb6785af1e11c9b30bc96028a15c2af0c9e5520048611ad8030d7728e3edd2d897e8c8efd4cd8eb5bed429c4dc785948c0d6411211d3ce1ecbacaf6052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c4330c708a27dc3179ce2196958662a

SHA1
d2c28ef69d6176e94a4c2aa6a3c66a0d1733c788

SHA256
3883532783eb9dba5a115cd8bdb0bc76d788eef56c97196750384f77c6d23d2a

SHA512
45368739f15aee10925ebc458bd7e04fbf01580cdb73486df207788dd1dee33609804871f9395e9ab2d9094d4bd2c06de1e3028a7ccca5c0f17c3122d83092e1

Download Submit