cff34aa0ce13b99f8e3b1661a789df1ee37ff5b56cc4fb2314d743b413359dde

Analysis

max time kernel
299s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-1.html
Size

14KB
MD5

70c8bdad6647527ea73f6e1c0ddb56c0
SHA1

597f2786eb54e41079b071aa0f99f574884b14a1
SHA256

f9a702ad1ef6a1f62a98263ccffcaf82906ebf8d707075fc9d1a9f18db5f32b2
SHA512

1d87c934dc87fe792dc263e8bfd4db262a7c03378557309d6453a13d584c6c1230e416999fd9e9700f631ba6625b9eaf07771bca7ab7fcc52e79408b74a78517
SSDEEP

384:7rBroNbP8gqP8YrKpQf2PBjP8SqP8CHWi432Rc:7rBUP89P8YsPBjP8fP8CHOGC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591265681955606"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
764	msedge.exe
764	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
1624	chrome.exe
1624	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
764	msedge.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1900	764	msedge.exe	84
PID 764 wrote to memory of 1900	764	msedge.exe	84
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 2384	764	msedge.exe	85
PID 764 wrote to memory of 4852	764	msedge.exe	86
PID 764 wrote to memory of 4852	764	msedge.exe	86
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87
PID 764 wrote to memory of 3212	764	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1784 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2411310121095447305,15788433598298457056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4136 /prefetch:2
  2⤵
  PID:6052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd2052ab58,0x7ffd2052ab68,0x7ffd2052ab78
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:2
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2052 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4004 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4640 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3604 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4308 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2012 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4884 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3120 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2660 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4540 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3516 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2044,i,7989513453341022537,3637735662408867529,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c54f01849888cb9233a97c007dd8c915

SHA1
e1c626815dc5e73e7c1ba45c70a1fe17b0581791

SHA256
644f32033f4aa426666979d5fc196a78929809ce71881a3bfb45dad6b85c7866

SHA512
ae020f12c7006311fd573b111fb8f60e29ad3318fda9b0c545226677d39c858de80103adf52eea158a6c7a2d3f21f11fa41957e93fe4300870ad7fa24332d874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1edc23fb3618c57e757f4d49b502a472

SHA1
aa368d0c3ebfbfcc6d4bcd55529865832a7b5c51

SHA256
99c3d608c2eb2e1c03b5006c9ce820e304abf0fbe5ac7d6ec91d9fdbe12d960a

SHA512
ffc39008363b77548ac235222e8e9699c37ad78a2c3513eee56697e362041daaacca72dd1000af074b67da85228283a1d6805183c4b0dd94e7cbd532e61d6a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
529363e8f3b3f5b017f84c8fc584b406

SHA1
0c3e212256f7414ba7255bdd3c3bf87b80fcbed1

SHA256
1e14bd3992e2ada08429801387bc61b4e5e6444ff304285156346461f5273387

SHA512
1ed15c8920a3205ec222ab681742daae2389f88e0397bfc03f1fe5f7ea68cfb13c40eb4558f1f215941f433ba878f9faa44c5613f7d8c3f432f549f6b100afb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
15f700dc401c35503be848cf812dc146

SHA1
bd9442e5c5e9d3bf39093234c12fa68650d40f57

SHA256
7a3315627e4d8331cdb0195d2654bbd1beba660f970024a892b1ca57b4ba342d

SHA512
dcc656a3d6b0bf065d73130b2e7ae8b7ac0dd9d6f9681c0a817e7df76d4021d96a5e2d45bd925df1ccae2b7db7ef01e34f3965e09dc24503b146f3a534d862da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
85fe1a870a631ac554704f371e3dbef5

SHA1
aff65c718375538054977b8f8644050700c5e401

SHA256
1a8da59583765d76ec65bfaa1aea84f318e2f08decff12f36c8574169feedf1b

SHA512
68545e99672dd5771a0e5f811ca06c7bd984a05abcd239ac3ee563355733ea661dbfba0c2f6bc036726d217ca2964b22d5d84d2ac61aa2c04e116da29d41a7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
619cac7fdd93123a0df78666e0d50c07

SHA1
0f7b28da69bffa48bfd9b9fd098b6a8e549a263a

SHA256
c5fcc4095c782abac6aa6c4a8e42864e65b4fb4529a052764a6cdbc75585fec8

SHA512
a2f606ff5211680bdaf8db77a1a0190fbf5a848d0fc6c3c1aa968f3cf26779c65e4591b57e40346d217f97e86952e466a5b0be67bfb7c08931ab4f5e49fe4de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
71c0dced42e091a5954e1bdcb86cb112

SHA1
60f1ffdf54473ca6e7eca0fadbac58dba3aa6176

SHA256
2c0fe60adb7072e4af487acc25bcd3078d7436c8938f0b9caefd565042768719

SHA512
8c98d0ee34e6c412f6caa590aba4fc1365b8622ae0a54ccacf491b5952a1ee2747165464c6d6fb9672268cc42f1240bc09004ca2026df14662970d52d4c5c423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2284f1da1c8620fd09a588fe8ca12b3

SHA1
d964162f47802cc52762214c649f7e3b75ba1726

SHA256
09e3c0c8c3e6a210d78db535b52d88913f8a8d3942f94cc231ef6b99d6389ffc

SHA512
a45cdeefbf307c9ff5cfa98c8e565686f55b20aa532bf2fe277fc44a5d2a38412d7e12ef4909214dc81726888bc0f8d37119b176212b247b9d9ca2fdd5d1843c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3153184a501b0bbd6811f0221d1e5b6

SHA1
13e68beb97c3f1e9dd4e7f60156d5005059938bf

SHA256
00958dec6efc4b7700b873d62f3da77afbf9e9afcd7f39a2af2ac1d41a428041

SHA512
edcc8043a3718996ea75638cb20c9238aa3f0365c1cc56390805ba48ff384d6cff28651e91187762631b32287cb6fbc12e5dc8afbe518137f16af4a8e92af440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
95ad42edc779bb2570c7afb65ec635a8

SHA1
87f5f22f9a328d0fe6bc2d01681eafd018445383

SHA256
514aefefcf2583196f2a36a994ba0a97a0d3bdc511b13e52430d600a411f4d83

SHA512
e0b327beb404370971acc301c314ee3ab05f8f6af96c242803d02996600bdf0d12088d0b242862969ab17cb35ce1bf62df93403cbae37b0e30ddee31c87307d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
fd02b33c2bed6881e5dd8b8e92e09325

SHA1
e1e416557b5812299d741956fe46b6f5b2782709

SHA256
d3b5616112e20090bce411ec8ec0c48f074b2a21d587a047f7c204b46d16d195

SHA512
0950c70fa74288374f144ec37d4e53c0f7d542ad33520f395f3e983daf50037f795cca72e889a807641d0007ee10c072aca04bf5f4892e3fac996d85c8ebfac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e22fde4c-654d-4186-8dff-e6e8f6678e1c.tmp

Filesize
255KB

MD5
de3acb4cc772d12d0206c23a7dea731b

SHA1
233da62cd49994eba0a123cc182c2f6b4d154c2d

SHA256
a4bddc975e0aac4b90b96154f9c837352dd361c3ebeb5b696aa63d097c5d1ee8

SHA512
f38d3952a127d27d3aa8a5438796231fbd8ee0294156988e76e6e45050866954f89858c0777e3504ec1c8a96385522c6928049f5103484e5e8047a5c9857f45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
b43d9e1bbff22fd664c81db86bc04b46

SHA1
4f6c0e15a088db93545a7db99bd9fc92396736b7

SHA256
4cbf9c887dda5e1b4abe5ade0b41d20bd281abeecdf82d19a6da3c7008fdaf4e

SHA512
c3744e752f6b122959d7949fccd0178b3cea3042339eab87470e75115dbbc1b8a031a826d59362e6548bb835dc8aa7f1e7c4d758ced4043e04f44869efe32a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1e63141f27e667ca9ff00cf53c87d92

SHA1
895adc73b65f7c9687afac2fbe794875f3fd8316

SHA256
214a38c7053b842a27929d30b5dcdf357c099d0aee2b74a98ded63c190e4ba28

SHA512
bc9f4c839b8ed33094c83132397fa6c5d2359c453656238a4c927c2f24c801a55dc81dce012ab369301c374906c41475e5981af56c4b5e31de9f4b304fb02b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60e3a4b6118e69b377ea9a35b3c885d2

SHA1
cb51583de8a2d7a5a170b9fe24fe916da1dacc12

SHA256
c5dc5474c99a834c7ca88c41c3366602f0bd1d169f885aa9e808fe4b471653b1

SHA512
90403f94d2eab62ac97b7c0d96ccc4ae5863193a7a44adf0e0c2d0016b0a642d6e5ea858681766f81f49a213289a86756a117e057d2dc260fe82a9b0c3111a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12d2b2392801ab4ae546236cd136b229

SHA1
3acd323a66c959d97c1df84a349994671e83a510

SHA256
bc65263f6f0eb4aa54ab43f20967723bf8dbcfbc88d9471a1550f92dc31b5be2

SHA512
6eb84798526331dd6066fef173ac395beb982029eeb6a389482b3e7ba75be115b6a2f7717996884a14e343b566ff922aaf6507ff261430bda70eb4cc3e532656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a3a098fb4d5aba70445096c148646a0

SHA1
84cc77bb2e5ef3c0570f5e2e72d2459033efdf7a

SHA256
22fc48a6740fa4f913caed10ef561c0259b67dc82a6362c58daa0c5e0c121c0a

SHA512
8c52d60b4c3b49ad8bb735c8b58c2b28149df5046e37ab2b7d0f655f8f1f0d951732519fde92654042923e75e1f0bef92ce97434b89a7201e793e967e7234bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8c63df7553d8c497429d055aacb62090

SHA1
2b950883db1fe740314fa81362abb3602f827c4c

SHA256
92bbf60101c1062db23d4b6c0129500057d974de0ba31a87f60e895b4d17228d

SHA512
e6124f6f0e91809339f8d9cb8f8b818f3a97da89eec1af3a0ddbfdba0b2b6525f4dedb7e526b29b5b748fd76f0a772e26fd17ecdcb8a85edc45764735f402f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f865.TMP

Filesize
203B

MD5
eb64d4b0463c60f4f96a4d69ee83c36f

SHA1
17af742d638e50582bbe5d7b23cb55b620446244

SHA256
dc28f7f4b6bf44a5a50c4791375228d4e02c309b652700a864881a8fadad6cd1

SHA512
52d7d2db6a6eabbb500041206b8ba62c5bd2aac2f00235c5c9a6ae916818cab43ab784831cb75d2e1dd86fe1924e248f1daefeb10661227aa43e6f98e2f39041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e6237597e9abb751745435fec01b6faf

SHA1
8436324b65e2476ff9db8ff373fa59b028b68d54

SHA256
8a8a22af81c6dbcb50cbeda1cd030b395b78d0d8bf767b333cbc108140ee901a

SHA512
cb3c7983f919618249cec9c0ad32cfc5aa0151889d8b452e61dcc3a0135f97ca0ceb99032ba491e7d1e265112ba140ad1b6ebb102c0315374d50d9b715955a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aeef8995c7e5ab4f596a8ed8a4f36081

SHA1
f9d7bd36b73e1a56b40722a120cea0b4e6d55c9f

SHA256
c29bef4a06f00f8e7439ea7d9fdb7a3e11df0913ed2945ab1ecf0173935a7c8d

SHA512
3a62d7d6f0b9be8e4762636e3512d60eab899ebdddb013ea14f2cd329968ff0294b4ad09715429b76e5f76edf75545be7059a7541e28b8edf8c7c478b4056416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e12ddca5-3770-4835-be99-1cb207467b20.tmp

Filesize
11KB

MD5
a2384f06635d456c4a138f3ea6fd4829

SHA1
60e9e0a79c1da2edeca2f1e344fa88766b1cbe61

SHA256
09cc4adedea8f076caaafe880d428f91429ad7055f10427cd2cf50e883a2167b

SHA512
d47226da500bfb1f81056da372861477c21376d048c9771b74f9cf291470d5ea163a3d26d1a46ea0bcee995b6540a9e6560efce8b0ee89209b9c78efda45f976

Download Submit