hxxp://asf | Triage

Resubmissions

22/05/2024, 23:05

240522-22ykqsce26 1

22/05/2024, 23:02

22/05/2024, 22:56

22/05/2024, 22:53

22/05/2024, 22:49

22/05/2024, 22:46

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://asf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608921395476040"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{50DC29DD-0C8E-4358-8984-A4C62F02C2E5}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
1768	msedge.exe
1768	msedge.exe
3992	identity_helper.exe
3992	identity_helper.exe
1724	msedge.exe
1724	msedge.exe
3552	chrome.exe
3552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 3488	1768	msedge.exe	83
PID 1768 wrote to memory of 3488	1768	msedge.exe	83
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 4368	1768	msedge.exe	84
PID 1768 wrote to memory of 3820	1768	msedge.exe	85
PID 1768 wrote to memory of 3820	1768	msedge.exe	85
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86
PID 1768 wrote to memory of 4932	1768	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://asf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13219293891750100373,1063405513356788794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc24dab58,0x7ffdc24dab68,0x7ffdc24dab78
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4112 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4932 --field-trial-handle=1956,i,8262515621104924843,1779370249330384484,131072 /prefetch:1
  2⤵
  PID:3596

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
6b2cb80ddd58429d23ef9d7be30034fc

SHA1
783032ade687f42b7be76dc2ce0911c3f411ce05

SHA256
e8f4af1f955a5887a6076022496d49d979d090c7f2a02d7ad95accd59a411ac1

SHA512
9576fb82d0bb14a606318e8ced5bbca9ab328e1963fab09d73c1a49a3d7c576c5be2b34c14f09887dd44ab3c376528931482da426bb94c6bb276a98e1da8b649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0010bf57679cd91f7bdc048d4110dc3a

SHA1
cf987c2a910103f23a68562cf2bb2768379f5535

SHA256
70e2e39064eeb73681e0ca6a460fc21c81f48a94ce1a8ff2f4f15964655ecdd4

SHA512
e910c9ef090051b2be1d9a911664af81632df28ce2482e6f38cb62a3111a1d0a941ee9474898516a2ac54c3dbab6720e040a1a12353d4ab4b5aa077caa9f8172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8e490e6d331c4bc6d0b9a62536e4c2bb

SHA1
ee7c27b2ea44a2b06fe165bce2818b15a0e26fca

SHA256
b58c9fc03edfbc2ecbdedc37f5baac9bb4d6026b1bc21f536f763a8e91bd9b86

SHA512
242974e048807a860042701ee9bbbdfeca0d869a4cab0d861cdd1af4f65acec9ceb5a7ffee1f269bf68fbdab687e31b90573777b2786c8001c629a3277df8d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1dd8105dbd8504e1e820923698d04809

SHA1
3c5a0ee51a9a7f1c12ebd14c09bab898bd1d22f5

SHA256
ef1a95051d49a6670eeeb3fea934aa88ed7fa9f39389a7c32f5217ce1efeb80f

SHA512
389195ae4cf844e94f63a707fdabec5217297e22a7a0dc46350baf489054f9fe335901824ff8a27328e841f8d951a17b600ebf6de5367bfa0603144bcd641380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9e1e8583e46b5cd82e7f70a2afa4ba2d

SHA1
c9b537aa8d0eab206c0383fea76622a0bfc35381

SHA256
2351988da5da34e589c4b35ded8643916134710565366f3e39cb067dc5b22a3b

SHA512
020d6030bc0402e1ab0da65bdae2761b514ad9b6894be312aac89fd2d7e9a389bdfa74a3ac5e4f95bd5014a958a6012839c3b542a0b211868deece89db69183f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c5aebfde79425ceec7a1f46d6ab8a059

SHA1
c5f462bca1b87acb345919b9f2eb7d67cafd6d49

SHA256
cc5afe7595f2b7d043345566014c2a65006627473c5aa442d4575743ba8c4249

SHA512
8adf9a226cd91379e8c689f55c9a97dd4c8b57e9111fedb53aee641232c83885d3c783bc3af39cad2fa073d53c7f148d881b53a1444ff3e2b3d6c5f49958a155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b2fd1cd17d3cad3e177e9007fff1a01f

SHA1
b9c26bb3d5e22fe10781aa58038a37a8b5393f0e

SHA256
32df1a7b5d9560cc5a228b7c564f792979640767f317c252de0a0ecc0c8085aa

SHA512
bcdf9b6992cb5ed7918697433db36e366652a93bac8e810bb850bb24425ad4480ce3d279b7492820401520eb3c59c5d3c18427930d85fed7be51a8a6d38449c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
3cd0a15c19c652b7680436dd4879ef3b

SHA1
69beb4e700da9120ae84713d7133b3d82e83a12d

SHA256
a65b2631bfadc01fbc313f8d78f2c55bc877c57011f45265ac7dad44cd58bec1

SHA512
0b9499d4004df0c2af909e78a7f41e76427037ae95e61dd801431a70d6628dfdd1708149f8be6ee5c6f68232eb9b88fb8ea5d5975ba25e15a437f46cd6bb107e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8ee7616077ce3302b36a01fb49c907d6

SHA1
e01d845ced48fa3f3d4f77ed31e92ac0bb4aaceb

SHA256
3e7e2260970d12504638b53065980da23af02139b57f2d52a470f95e64dd083f

SHA512
fe6639ff138501bf452e1bcf8cf673088bda4cb32cff8a03fb8837489f3300ce51b6e7a65fcc7e2d85241ae458a3be8190e40103c6d4b644a0c1ac88ae407867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b47965c93f6b1e903f6df720be1373ae

SHA1
30f4f29e154f0541ba21454ebdc068cf8359249b

SHA256
9116000e722436c0c1e297c98488bea236f40eda711f57b587834bb316ab0b78

SHA512
127961c39c2ec8a87c6b8940959e935dbfcc7fff7f83d0755d18edd7b648b5382c76784fe0dec591225408d032e109a70754e6bbae34890d9e29d8327a9f216c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
793B

MD5
6af54bd9388ca38ad784a12f0da7348b

SHA1
f0c91634072a8263d331916db2de73b008aba2cf

SHA256
c9e465846e5381009ac48e8e01f2b6933a85ef1c0a1c0b059a1cdfd7fa48ae32

SHA512
80585fb64ee2ab28d78129938ad5f6329f2e16b78eb8e2414292051a5c2d161b084468d0d590e61cd812d60ef5c0c87fc034b170664f8e15b0cf6119582b0bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
348a506b68f2cf73a0e888fb20db918a

SHA1
3d1f0393b1a0cfd4a3d73b7e64ab8b349f2eda63

SHA256
7428187e50660bca409e5a93df5a5fc8ac37c7b0013fd8e3c3248b2d18a24384

SHA512
46096307309faf553a356d9c62613e3b8f63c1a26a173274a41f170e9301629a24f57a96a9b1ae2daed5ef28f6dfabbf9d7887ee3a2c149812607bdba2563957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66c46f95f1b0b5955be4d7120b20412a

SHA1
308dc7177493da7c1774bef2f2cedc21298a41ca

SHA256
2404770d300e2adc175bd4378f61120e84fb2ce2d8ca19b8049083a31e30d3f4

SHA512
ce8ef4f8455275d8083acd62d1ee545e7d712587f33ec8bb6769d03a654dc77c2be2e6511170614073786712f2fccfcc51800964301407b8f5ebfe8a3b66c851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acfdcc90c85ac9f5a06f03b33ca296fd

SHA1
c3050155c135ab873746ceff67bf5ea5a032c3b5

SHA256
e345933a9b19473ac5d9ec506b69674645d031041592ab488f9a8e58ec3155cb

SHA512
85c3fe2278981780986d4c3e79a38bcb975bde2dac7d2d303cf3e8ffe135034cd1eaaa6f73e329f41f59989bafdb1d83fbe190b302bec843345b9c50fbf26c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6eeef1950e39998ac06f088b9eee4c0

SHA1
cef75ffc82637450ef35ec56003397d60866f63b

SHA256
b47245ed16a86681ae4beeefa686f3fc0049a17b8d0bbf6b1218805c13e77c9f

SHA512
69ff7156f310a8afd701aa4fbdbce015a324b09bd2e46a26392f02f94ead08930b9c3a1b889f73c5ec59ce2443e1dd7a3440f76575b324b3acd8e9d7cf1617ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44349813e16b6d610764e05ad27e316d

SHA1
417ce3786e333bb1887894fa5ccc06946bbd1bc8

SHA256
c0a620e5468244a6450d1b16e1567cad3287e7fb095e98ee48a4b49d145bd01c

SHA512
b7319b0ff3ae8a30fc70c5dc48b289e7ec9bef7ae6305bc68626cecee35aed23f6180033c566db99187e226c2deeef18dfb3aecdb5a4def446607efac9b9ab16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79bcbbcd0e97199c1279944c290d1e51

SHA1
d23b0bf27c5e912fd985b949300d35f0672969ee

SHA256
bfa127d964b1b585d5d0b5948485f6005ac0177ce381e872d540e0cdbff04fd7

SHA512
7fef7ce4084eaa5aaccb54b1cd62b59c7996f0fea531ccd831c1fa8009c1d5649af6ff9dbc3cdba16e3b2d0ca690365fd943cb8e71f4327b2c4746363c5eb949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6af6aae9dd0674978131fb7d56d9699a

SHA1
993a78f195318cdbfcfd192ae8f944df7152b915

SHA256
7d7ce0f0bd29dde4a477defb843079b8ccbbfe20a095ba8e1f2f1582b65b9463

SHA512
232cac609982ade2691d558aea8dca6409d53f48a15f6718fb06061cc510a7861d4ff1a814d0009ca639c9074bf432e03a7739089455c3056eb60e5a637aeb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b96a485ff8c82d4a3c3249c57500629

SHA1
97f2fe269a5f8d091f4564861e8cd7d31a1d33ef

SHA256
f01d302efc8025b2076955d305d54cfaa5c67513cd24634ca52004a040f2b8b4

SHA512
d4a1867be4a2c461d0f1c9267d9929c3138c53282036746905f170dcfb0f1e120b3f0126af3db9225ffbabec44aaa9a4f27cbaa3c4822a2c3faa7c4d15d2c6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e210ae3f-c57b-4a89-b0a1-b956b5f94c25.tmp

Filesize
11KB

MD5
12cf8a7dc8359e7f961452237f9a2669

SHA1
5b82bcc3d7edfb6e3f0ca2fdc8ca534811f32bcd

SHA256
64837359988254eba377d9d3cc39d9f8ddd8352056c747c640e3aea6ecb36f63

SHA512
a5cd0bc07536bc393f82ca458ca0173324de901f016432e3faea385c227d248cb5bd9ef07b62dce5f76c7824275c3274b00a81ab4848b5ed5339611c651f9e70

Download Submit