8bcd6a9ee8e4c396522298adcd54c1aa97bf8610e2b0651481b87f2a2f153497

Resubmissions

29/05/2024, 21:01

240529-ztxblahf8x 1

29/05/2024, 21:00

240529-ztndpahf71 1

29/05/2024, 20:56

240529-zrenrsad39 4

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29/05/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

20KB
MD5

e73bbce52f84572587eefa8ca20fdacf
SHA1

6447ff8dd98bee04583635c91e6ae8e5a9b2f113
SHA256

8bcd6a9ee8e4c396522298adcd54c1aa97bf8610e2b0651481b87f2a2f153497
SHA512

f1ea5dc6c3bb066c0428c223b40016ec46e9a59871722d70000932e9b17897748d6d182ef41b06cd3a93873d1dcd344dd939e3fedd432eeb0963dd901d39fe6c
SSDEEP

384:rsrWp2rEDpmReVoOs4mi9ylKeGMQUKlHhhb4Qm7Bo2paWhOwob05A+N28JCdJn1:r/pGEBVoOs4mmyI1MOBhbJ4AWhOwob0E

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614898350811468"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{EC08ACFF-6431-4F2C-A57E-7AF16FA81199}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
1540	msedge.exe
1540	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
996	msedge.exe
996	msedge.exe
1952	msedge.exe
1952	msedge.exe
3904	identity_helper.exe
3904	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4808	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2340	3024	chrome.exe	78
PID 3024 wrote to memory of 2340	3024	chrome.exe	78
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 1744	3024	chrome.exe	79
PID 3024 wrote to memory of 2224	3024	chrome.exe	80
PID 3024 wrote to memory of 2224	3024	chrome.exe	80
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81
PID 3024 wrote to memory of 2720	3024	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd2ecc40,0x7ffddd2ecc4c,0x7ffddd2ecc58
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4728,i,5649872108916090001,8356629406704961201,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1108

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2660

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4040

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:224

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcba43cb8,0x7ffdcba43cc8,0x7ffdcba43cd8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,502330128818001765,17616935265650906451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9804d679a56a82911b84afdcbbb9c6fd

SHA1
34b564121d3213ad375af08358e46c409ffe7558

SHA256
564d90f2dfcfaf5a3f9045e3361cc7e1dc6b2569974a337344a7d5ff07bf43a7

SHA512
f419c01df7ffc65f28c975025a68b05aba512f86d2992beb653d20b3812b89ae56679164338bfa5b7d785814e8feb4d4467ce14283b588eb6ccc4b973d5e48d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0164fc67d6ccc5c0b8b58b8136dfeca6

SHA1
c1a01bc153406e8bc70d96c930b8648f83963808

SHA256
a502d9b805b93261e3d43d2344d879ce5be5f85f56f1f4984ddcefa61307dfe6

SHA512
8bec349424f3195ef52daed582aa8f9c4d056730589360864eff19ce62fc9e64e507a57b12e8e799b2d926241023f049c868a9076e17527b1937c36f3e204782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
136417472e078bfd894539e88c6da7ef

SHA1
03e16f3feff0359b1976b51d949b22a0d4726bc8

SHA256
bb3998596ab4660e3f1bcfeb7da5eace312740fc5808057075a3b77334dcc00a

SHA512
6aee771235566df225de128c9959218a5bc200608468012e01ea41cd1fcec87b2a377684ad0ed0aeba9467f8568eefa3267900fd3aa900147af75b083aeda06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1957c8cbe9d05b6f057d86300b8c7dde

SHA1
4efb3a2c0ba1876d154b112f7fc17febc82624ff

SHA256
fa8037af69da947050ddba4da40a3a720766ddaf7014b0c2fba53eed71eb468b

SHA512
1dec5dc99ede04cd05edc1953722279daa4aafb66f93e7212e78aef9581702443e530f0d0154d9239573678096df6e86c24e1bae96b5314bc1468edac0c1b1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fc9f8eb47c65ce2e5e8f40377cc9bc5

SHA1
ccfc757ad60f6d78eafe6cfb8cf6debfe6688cfc

SHA256
736c6c53ea666e30a9068f51b94ef640adcb9a331e8804ffa5a7ecbab0970c2d

SHA512
516b5ade763110bcb8c4ffa9b56ea7c8ea416a5eaab60ab6b736bb1a5ae7c15fc4713a0790a56885dc5deee61089c1a660425700daf6df713f09667f95bb9efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
71eefdba86dd27c2fa16ec3a1fc4e9e9

SHA1
30d14c2a6cb88bc8baf4dca9e9223686c1f96495

SHA256
ff21974047edd7c9214e8d972f1c588074b5f7edb4d2b44e78305b70c974562e

SHA512
1c93508541090f124083bda911c8c9090f84ab63f1456b23ba3fa92522f89a3c80607746c08f2100bb3257ccb91b6bcf687cbc735e37a86c85b8ee726ed93d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e2a9d02b7d13ce9cc7be294ae32531f4

SHA1
b04b6da79688926d83422b1895fc986992237547

SHA256
57b33b7d1b638784752e271efd613371b3da16ad20e481d42ff065f8cd1fa0d6

SHA512
23c9426aea12649d6fd67f70a813a35e8fc46a934c651f9437a70081fc47d4be961287093a10c3892a9d973dc274594232780a6f8f49a198b842c5ed70aa33ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
62d887c63403b874bc70101baa3352c9

SHA1
a4e610d07ce83d69e2736bfe639396ff60ddde3a

SHA256
92c778a38779f01c541945cbb1d11b7b3073ed68772081e2152188474220a73e

SHA512
7730e7ce43702d6b437a6549cc98f4edb84f7835e25de74dbd658fd2235ab48ae930e2b4af32f67a96c20d6816cde860811ed4ce220d8fac4aa90f125561cfed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e9bb2b5efaa189fee6382d761dd5a819

SHA1
ce2a73441e77354e001ed85489fb24da77eca5be

SHA256
a327877d56bc5575840053b4f608101e299704f38e3319e306c67b552fc93d10

SHA512
fdfd661a94f13cfbdd9314063b91ab56f8c5b433fe0652d7facc3e7346f0ee4f3de5a7612b6bb2d9b3c0721ff0ff2e6b5961d1ea410c094bc8a1eb0e1ca91481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
c0b23ab60efb763d27f9f92b50b6728f

SHA1
259f669d1089469b1485ab4c07942c8f32431267

SHA256
c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f

SHA512
0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a1e4e81b2e4636094e4f655b5846a59b

SHA1
edbdf8100d9c488b6495c5a45bc9f14fd4f90f22

SHA256
5d8958a5501ba7e0c3718852921fc8c8a40abc5cd86f0a4cec4b39e41faaa9ef

SHA512
508832448d9a19fe36942040aa0ad64357bf462b5c83609a6cc59aa2a316a3c2933431eaffa35b101bf2a31639d4a367739ce581b4a89328c6e47b7c5b23a047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
635efe262aec3acfb8be08b7baf97a3d

SHA1
232b8fe0965aea5c65605b78c3ba286cefb2f43f

SHA256
8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

SHA512
d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
625dcf749abf39eb093ad013992d7eb5

SHA1
819519a535f3062bff6d78160a227b19b746cc3f

SHA256
f51f553a6638e7381c80129f0f6e8d14a1fc6314d6e9aff562bc1b7b9a7888c0

SHA512
82271305e1f640c3c6e3a573b05d9e199c05b73893055f30b55f9804ba65796df2f598146275a289ad53cd35ff83b2a05a15269193dc28f21eb56e369dbe8639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
f7c0e32a054c3cd01031b0fd27754927

SHA1
107441264051a9079929ed661a901f9601386586

SHA256
928e8a9bb9407148b2ee34c6a1884647afcb19664dd04c88e73cfdf05e24819d

SHA512
2f0c49d25b7e88b56ca378931f23b35d09c5d4bee54aec92212dc36563b1fe7bd99533557d6b11ea8170c52b5790c755350eb499d0ea965028dda5ab982bd834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
74KB

MD5
773647c3c088ffd8e3f2d6381df83b24

SHA1
78dfbfc2c596cfc908277167e146270927bc3dbd

SHA256
fd3212ee53caae486cb2674aab45c1c93fc69fcce9c3b5d5983a0640ea6cacb3

SHA512
14f0da16e695c6fe94e066468637ca332788e473518753f2595ad26fabd97fa22a9f4735a655f0f1dd3872cd6ad4afeca38b560ebbdc0bd3193fa317892d9eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
40KB

MD5
5c5ce0593ce37e69d00fa21456e1331f

SHA1
ffd96ac558db7662830bec20d67027fa7f7d48fe

SHA256
f935e42a7913dcb41c9b88778746a8f87c53a9f87dfc5f5135c49da6b142aa2d

SHA512
97a1b0f041bee36bf4cf40895889231df426f8aefb1064e4ead4f879cdc9f6c4e2f9d3f8ca975a7c33abdc045afe84469601fc3073924cdd8acc139ec6f09445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e5634012b77f9858ab92109a83c4022a

SHA1
e20ee9d84e177825d8bf1598a70905c050a37e81

SHA256
590268699da793670bd7e0873b2652ea6ff8f3e0949b6025e7286d34d9380316

SHA512
ef459563f09df8a106720bfbc125cc7b89bad03fef76db3bfeb2d9f11775ffebdb99fd712f31843c10764bda7e8c7556b6b8fae363266a99c87d5a23d8d580ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
3afe89e5d880c04758d9dbeb945cba07

SHA1
61f1a5d4a1112ce26c0d2731bfebc0d2e3bab56d

SHA256
6c028ff13095386c526f56159c6cccc6a9d33c0b1ededd9273bb31518e66244c

SHA512
445f63744bb9b86356d33c8908087bff08e773f210960cead5d214f26076659637c3a22396337677cfe0f4425bdac24564eeeaee3a8b46028f8c28d42135fbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2df99f6e6c12d1220b97e94888a34f57

SHA1
aaed0b944b52ea24a678773a075ac3a0c81b885a

SHA256
eeeb0718f284b6b1927e78f1d4a809823efc4f791b72243eb9cd98f6a67211ab

SHA512
ddef2ac72c1cf5873e156b1dbc0e86d1b7a296a0af42a593e5cd1e1cfd74bb1b28accb2105335211bb4bcb73918eb931a8e1a35d155a0a8c4e668a2d04fb1d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b88e46a565517e31c6718cb20b5af72f

SHA1
08d7415360e852318fec3fc0902c960a7e41f451

SHA256
a40ba9c168e522eff07766a54b017488562d87a3d387d31c96b2c2cc16d4fe12

SHA512
2171f44f41a9296390d0299a72dd79e7b3946d1e0a63af6c593e3b8daeae7464e744ea27a16ca8b2210cd36cfcce78063f39f92a4446b83226c51830a46ecd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4814ee6a56b064fd549be73f7c75ef21

SHA1
5ec924bf9d324ebb0339fa6f1ad8943180753a85

SHA256
5db80f2539415008458e78bb2169c9cbdb861ada00b84ffeed163758d05c2102

SHA512
889ec453872370b3ab86b6445f718070db62c6f0d24c07ea6edeca6b88ecfc2745b1c9ec0f280ca48b4b5cf9d8b8d8d8bdb7a86e2dbce333d2d5dee544ece519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dc5cb421457125838205e6fe27656b9

SHA1
5339a491083aafc2b4a45e51b7172aca8f71295a

SHA256
209b0e7c99f5c6bbc17e0484909709447a715ac82fc76c6d99d472079cdffe0d

SHA512
c57ed49175dd60a71e7281c51dd90a96bd46989a93e8835981df450704acfacaec2e52c744eccc60d3611d0cef6af4c0744b9d63a216dfc3f8e37d0ae127710c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83ecdefaa7702d7b7eafd0d1753e3f85

SHA1
e86e21ac603a78f371d5f091f600b10300deae4e

SHA256
6553cb6df3bb8e65cea87bf479e7575fbc601b742dc8b04aa73a16c3b523358f

SHA512
1dac5c070583984c5f90de1ea64864a1f4cd688a31da894a48405f06fd63ef696312ddaf8ee58441b03f7b672f7bdd58d636ebfd45b4b6e5b01f12eefd160299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4ff4649688085fe6996ce35e30a480ef

SHA1
99ab99a04c272168ec264d4f102b4f6fd63def17

SHA256
2eaaf360087794c0520c249e870fd3f928a11a512749b8d76e74ec83059c2fe1

SHA512
2023d93c31ef86ea35fc55effed889afddf34ae7d7475847db297399b724e5b99d2a6fbac77787b43daa69c865ccedd6b018e473e6a79e27dbb551a2978df43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
2b3a2758cd77b957d55e8348103136b9

SHA1
bfd03ec4aa5f4c26b9474f885c7308cdf18ec7d3

SHA256
b8d98cb0ce215226936f43843df1462a0448530a7cd9164be0e4dd35f5c970ea

SHA512
46681532bfa99ae3979bf42dff928e89bc29d14de17b84ac63086e1d8d99a551499b3b312d2f9e1455e232ac43c11a0b7ceb29df6734dfe800a765067d741b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59330c.TMP

Filesize
536B

MD5
905c1a917c72cb2100defd78af752ae8

SHA1
69f90b4640477d688cf10741710236c56e4f20d9

SHA256
b902aae91b199b7a74df919c1ad0698ca79ba569fef3c588c1877fb924e214c1

SHA512
6ba115effb8a192d614b540b3edf18f427b4dbfa3b03ebe25c7a29fe128a0c8c0a4e6d487d8d23348b1478c31fd7e6ba0c1058d7b59ef0c8e2b6afc376a8bb4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e4fed3544f43d8c979f595c58f076d2

SHA1
a2d680c94d9eb05914abdb49822f5d041e7a863f

SHA256
9f1e39361a651562ebc307c10cda7c53bd693331cfb082e635592342f8707d49

SHA512
48e9c4427872a2e0a0229925a4a60a27e4a7a1da88ac2ee4c8265148a5920ce3cedec38d1a6a98c46d657bad533725e8202b445e4d9045e248690d0df49c1a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d82e923a581e9387b579fa96bde5601

SHA1
b9bbc279bf8b89daa63ce53fe929b74df9003d02

SHA256
7a54d0a0fe89daf22cf53ceed95c03d8ecd64ae98a6c72b2465c05438585991d

SHA512
4850aac782a0e6372729be6fea6109190fcabe091656aaf5be44471858f261e99edac5d4342b962c0cd73a9d0d0aa9433a196a20d8d05f9f2d9c5a2099d9bd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
590ee1163e677cf0bb82e7981ee46184

SHA1
87a74b8a79f90af7c49dff3c6f4aba8868f65025

SHA256
5bf5eef075df6e05870744f337b0084c34d20f1eb242c582e54e00078982d675

SHA512
69f102e1e4fa62ffffb95bcbf384bb62d3b21e12fa2938eac789b8ad373d22b6fea89f02593bb3a73b9ab218f23234c39af241f56e954f7a561dbe08e5b60ff6

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ee87a5df2cec41353233851e9956d539

SHA1
cdd287b4be58f5ee3464c31c9f073daad13f2eb7

SHA256
2c25ce8141d1e6e601907a4d54f367ba7f6032c9596d24b30a245d94b719c880

SHA512
3afe8451239bbfa4c7cd6ad4e123d8558aba43a570998ef76834dd12b8b0266a4c9dc7bf57dd9a903208a029f3a0ae54822f1ba1d29414615bdcea963b062379

Download Submit