hxxps://wetransfer[.]com/downloads/f6261d5f5a675ae1f164135eae96f4d820240520054446/0a350e272f84aef9e99cc9ad80247fd820240520054446/c716db?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/f6261d5f5a675ae1f164135eae96f4d820240520054446/0a350e272f84aef9e99cc9ad80247fd820240520054446/c716db?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608164641694847"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exechrome.exe

pid	process
5032	msedge.exe
5032	msedge.exe
4788	msedge.exe
4788	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid	process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	4684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4684	AUDIODG.EXE
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe
Token: SeShutdownPrivilege	5568	chrome.exe
Token: SeCreatePagefilePrivilege	5568	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exechrome.exe

pid	process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4788 wrote to memory of 2796	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2796	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2940	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 5032	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 5032	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe
PID 4788 wrote to memory of 2912	4788	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wetransfer.com/downloads/f6261d5f5a675ae1f164135eae96f4d820240520054446/0a350e272f84aef9e99cc9ad80247fd820240520054446/c716db?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb846f8,0x7ff80fb84708,0x7ff80fb84718
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=180 /prefetch:8
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5816 /prefetch:8
2⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,246808090003180798,8588510768151355542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffffd9dab58,0x7ffffd9dab68,0x7ffffd9dab78
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:2
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:5864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:1
2⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:1
2⤵
PID:5972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:1
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:5164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff73da2ae48,0x7ff73da2ae58,0x7ff73da2ae68
3⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4852 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4444 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4208 --field-trial-handle=1976,i,17277552962545324086,1945846950045096815,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:984

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240522015425.pma
Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
b7a21406d0d7a2b50e5212506d6abc35

SHA1
08d4b7776b5b5646bf704859375e7946cd18a33e

SHA256
3415b21817a208a3d096d60191b915bdf283fbfd255cc3a111b658f7750d420e

SHA512
65d2496ece9a4c1cc724804cbb679d04c574c5b4307d86dd8bd5138c022439bc1693376391431911530468c9da42ded3f78d89d6d21479d4f365c125e6f564b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
45f3d5a29bb939884ad408cf689d52e5

SHA1
4ecffa1f3c2b448dc8f811147df12dd1a788355a

SHA256
6fda4091cba1fee920572fbc5c0745814cc4ce1df0a3e9834278beabfe97fb10

SHA512
fc1aff18340f2b0df61b81f6f5f8e8a731726dad8300ac68da8d2e3b129bd46cdece9c5265fb5ae107a6ec026586287f0fef0c7c9c6c1b378bbdddebf7e432fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fc884a208f780699ed46c81dc413b036

SHA1
c80b85f46b66213049489bea5a56489e132a767e

SHA256
9dcacef55fd3f92f472628f19d353feb59ea6742e81d3951d8ff8cd8e1a17d57

SHA512
6a4bb85b11cb365695fbd5df93e70e4dd26a6b58c6dc3b4fa9af6b8c0c0b8e87776a310719c1e775ee2359d302a8c4cc14e415eeb1d401182439ee03848109bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
729a5e779b90414c30a08a35c6034132

SHA1
ee8dd7e725f6271b8f640d8746245f096ac43b96

SHA256
c7df98203ef3469332b42605481d564574d8d88cda146e2f8f1dbbeff5347c6b

SHA512
c355e5af014f8a02361fe71fdb5a1da826591f8d3566a91c9734a330f502d150ea4149a22a1cce22502134292e97a1929bd58b193cacdc8f331b6faa4ca30219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9efabff267fbd6b2ab13f9c79383feb2

SHA1
2e696041e31075b3bdad41418265eb0f7bf72c5f

SHA256
12b32390944b200bd946c6197e8c34de87a1118bf19346dfc5c9e35b4835842a

SHA512
0febc22b47a39917016ad5f5a21069c1511c87717f18f8f0863db2d202c67f072c0e6ba6345e9bf5b2576dd0aee12f454da2019f7b806b76129914becc5e5f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0954038bd4b6d51e5b8983a9c1b3127e

SHA1
3a2a3b795f5c9288dc6e71329ae10125a2a5d93a

SHA256
b3c196d32a9cdfc801df3725afa76e70428a4a0cdcf83819a311fc44a1cff082

SHA512
22860d0220a52711d0354751aeb5eb0d8920ba2f741c68e387813e2bb3e7fa646e4f30d480105d9a9de7fe536ff9d1f22dd3a7da6600e6bc07fef49a660d2fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ee91e2b8f58574fc7dab9119cb2a7b18

SHA1
51be0ad3f36fe26cb18f40083f6331bb5456e1d6

SHA256
7183dafb5678ab1ca52bd465353ce83a5849a1d3bb852bcd4ead4091389c5bc2

SHA512
43a24491c55936f551699b491d04dc9989ed95f617b9567336458640dff41787799e923864f0981f89f805dabc871aa81e6afb2964f6bb1e1298eb98e99a392b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0fb0dbe2a3530fc4b4301b777f79e1a5

SHA1
47f19d31d08ebb0273731ded6fa5ff81f26f9142

SHA256
df7aee54da96863d7ac0bf231a0e45506e4c36acc93f38c860df742409f49ff2

SHA512
d18d573221d1d167d687eb2e7cc98ae302bf583f2b550d19d93980dd4198a3efa29ffc6c4b592e7ca0e12ba0c61324c795ae6d0f0a499a1623e4a4b83684d64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8b495404e05fe6d393b3ed6586cbd1e6

SHA1
5099d7cc5ae58703a3c47a3799088852288b9f10

SHA256
f6895e84a3c96c5ffaaeb72a9c76826d05148dd500fc542b2c091da2c33280e4

SHA512
7e277e103ddab38ec656ef041e18745f20d97748dcce2441b4d961df44424ef041d0000e198bf0b8fc11deec65331d12ddd9163f58a56a1ba0eef8bdd580e1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f92b095881314fa5655384883d8be5c2

SHA1
b0c77163d8e410339eba9e6680748add62c3abc2

SHA256
a44682b06f8baf5b3c41896da0c41741f765eb499907f5af49d0c5396a8336b9

SHA512
29331272442695c6117b3ec0172454c0443cdafb3dd8b5bdd2d18c913815d739d434e8b62090be424a509eca6afc0eeefa9e6e3bed1cf076295fb60b2c2b654b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
57456fcb1f09d0d8c3af8d1845b18492

SHA1
f6a37e7469ec23ad17fbeee75dde4383366dfa86

SHA256
8f405f07b00ed6199d8c44ded5a0ea6ce7c4b9615e68261dcf68f2eacd06a0ca

SHA512
505debf0d2eba87c5011f87dd61e2b4d49d98d95daaa3520682817b7b485cc2c42b8f1b66b1ef0d060e91fb9e91f85060a86b39d14174e3d7e19cf52a314bc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
998483132edc09a6fabd480d47c52b17

SHA1
9da69ef28d9bdfdb9bd95d3657c3ccddde36a456

SHA256
fdf6c7cd5887dc3e3ea3308e7017635fcfa3e5329a01737f8a73ba5f044057d8

SHA512
5a74d74a15e9f93dbbd9257e268785c05d5f308ff654349c5bc0635b92bebf9a5052e8616f73d8651d729b55a516889be05517b572e4955ca9593162a0d62a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
7dd47c1a10cda7e11f2a04676fd92fc5

SHA1
03d24084126344d0bb17f791938a9fb96ebda169

SHA256
9de672bf8f10e05d42f24ebc8b7dc57132f8411a9c0a760409ed207241e0dfd1

SHA512
7698f1513a98f36e0d13483e7f9959680194ac0c9c8d60c1ffdebad3f82cb1c3714a7fd4d866fcec7a9e43975594381dc3889a89504e783778d6f6a82c4d373b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
41d97def5134616fe09a2aa1067e992e

SHA1
692b55adedfc623e162a46da4e6b05a484495b94

SHA256
d923ab89c12b871b0a8e9f89a79991eab7400ec0ba107f225749e3dfc7636675

SHA512
810d6d3e68312c972cb60b05f00b3973c5b0a99435c265d3631f2c231936273efd3499e39d845f493eddfac30a1a2e52d053ad7aa0ff734f15c92c0a10ca377f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
4b2b633a49ac455375fd0d2b86b51d20

SHA1
283f3c1ffef2d3ab5db7679892723e8e6d0e02a2

SHA256
4bf980e2e3d3ed6f1a0c217d4581b1a8a73f019805269a4bb6164542a9ea80c4

SHA512
8d15c049e7722a3c8e37dc7c72694b151f8faa058a7d93c0d49dfd611c276fdaf95d6550b10db450705692c6b748796bf320be1dca7a73cc1eac7359af04958d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
eab2a61d0e8d5a5b57e7935e1226816e

SHA1
be0b76bd7284a0b79f5c83c3b6cadef5aa7f2381

SHA256
e09eabe0ceaa4fd47ad7b4707b5d5cd754d7e75f325bcd87cdc1c4dd1c6c145d

SHA512
a972fb2f7b10249f8f57bd418f230b74d5fcea7ec5144be87f7a6a7d0c8dc542dd31d51feed980a75c3a704c080556ada511e51a7379897d08d5e40fd4fc5345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58650e.TMP
Filesize
89KB

MD5
0aea8bea00e4a68dd08da85c7fa151f8

SHA1
503e2e1a48302bbe4d74b94d296268bc9ca66097

SHA256
13ac0e1f964a3f5746dd02c4b9bc8a6db818b8ec5bab66cdae9c164672024c2b

SHA512
8acfd351a71a47cf1a5280c782fea6ac9fa88c7552e6a5a63d64c8fbbdafc09223437577a022b861aac206244e538db6e5a409478f4c31a909d6cd1f4abc70ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9bdd4a42-0707-4390-b5f3-262e05622b8e.tmp
Filesize
5KB

MD5
7d8d6a907b0acacfeff65b4c4204b512

SHA1
05cddaf75314689e1a2a00bc944c1c76429de9d3

SHA256
3620368554e92160ac56c8656992306196ab11cbee31bd5e44df49eda05c04a4

SHA512
7b365296f53a86c9e8d7583c0ee245d145d72d5dbdbb4badd0c2d182d9f423649aee499b4fe53dc034ccc6ef446ffcdf494681bb9b62deecc034aad65185b0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
7178436562ebc00eef894944b635d5e5

SHA1
5c662d5c48ea0fc7a5bc36e12debc32aa1058299

SHA256
29ccce6ee4f8e83e0e97858588a32bf1f6e8a774c5534168a57f6c63917123db

SHA512
b3c096604e08b0236d6a956ab961b12158afb5f3c05e3092776c98cdbf0a566abc640782999dc9cf798b516075d655d3d6b4db14e893a962d05b62ddda003393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
430ce0a88b3d4ae8a94bc207ebf1ab6f

SHA1
0a72000a49807eed6b25f8a94d6377de1b416a69

SHA256
4d99db2989c784ec2daaabeaca841d4c1857c8ca5d9875e851b986be11275c27

SHA512
a95c5467d9102ef76cb2175095476497206afcdf32aea08b59479fe1a26751130bae4278e82d80e6f8b06dda2bef557b8d64463fd9e9148682e3281fcfb9b47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
64a70a630a2c6df2129572c604b60b2c

SHA1
958ce7b98f4da95c83ebb7c8c87cb89487a44cba

SHA256
b812f3534074c598f21ca0593c287ccde817127f0c42a791523eb966f94081dc

SHA512
8509d909053c27231c41c48e3b440b0fd21dae638047f75d094b6e25efdf3cbb56d80d954da2c58140a7bc3fe21a28e92f83ddb57d8c41fa0a4210a0647170e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b8e3587048015ff01c3d7516fcf3d75e

SHA1
4692ac4a50e797e2535f22d18daa83674ca8e428

SHA256
c07f2b0c0075913dad7ba878af65faebce534df762a2fc13e70ced466fab7334

SHA512
64b12bb29fb6a6566d68254e2986e96def47efe80432bd31112c45679ad64c7fb92f21264c5ed40081aa0bba0911dc54fcd976fece160651d309f62567f5e46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
837948b61210f2b4429932ddaffbf898

SHA1
60bfe4283bb7cd410298f8b4834ab9ba67779e6f

SHA256
f815c2d2234198c26c66395fdd3b8a5191d8114fc68555cd85df79637267fdf5

SHA512
9192fd51ac857b528bcb7768babaa05e79379ae65270dfc0ebb44c34f5502f031c0f28e02c3d36bf4645c8dc9f45df6274a9ec9c02b4b364d4bd1b737cca4afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f184.TMP
Filesize
1KB

MD5
78b0f8874831c5e5880f1cd2f0fd4c28

SHA1
123e6776cdb64fcd5a0677e68dcb4ab19aa476e9

SHA256
661119b2f24dfce8d397a09695a6f8f87ac2e6cd6735e229796e6d7e22b14114

SHA512
8b95fc6a0cab819048aab5ee7e7487da249f964a7442de0893f8a4dd5883a9d5087b4a391d621683b32e0753c715a3b7490bc2ef5540901ce11fa258927260e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c04b56396eb977f9452b5e6094df1dab

SHA1
34280ba7b9b142f9c95394c0a4b92e87a00cffc1

SHA256
77e9330e7f26794f891bbe429a617caf7fa416c020053c0f37720e6fdaacf4e3

SHA512
fe72248f008fb56f6404cff2082a3d9b20182d3745afe48148d61b13ab2defa9fb3362ce14b5a8627154fb5de0e732dc718558d3c948d40cf452f9b8855f9baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7ed48475529b183f047c0626848e7e4d

SHA1
f5bc0b4b522bfd13dd05cda6d1c6bd04d299c686

SHA256
f4def841a6f57d4db7d5ee1102f4ffe45f5f2608998f0102f94e0cc5735194a4

SHA512
c6c4fd446d1e776b372e08ff412ae183c8f95e09a9879b26c380ba970789f1a49ccfe26a98e79b856240c1aeb86727ad5703f8990b5f6aff4d01cda650c37113

Download Submit
\??\pipe\LOCAL\crashpad_4788_BSKJHMCSTDLJPVWG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit