hxxp://fxp://111[.]67[.]194[.]235

Analysis

max time kernel
256s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ftp://111.67.194.235

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632905689799856"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{AA734FB3-0EF8-4B3B-8B5F-C1D951098DBC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
2300	msedge.exe
2300	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
3496	msedge.exe
3496	msedge.exe
3832	chrome.exe
3832	chrome.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
6080	chrome.exe
6080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
2300	msedge.exe
2300	msedge.exe
3832	chrome.exe
3832	chrome.exe
2300	msedge.exe
3832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe
4400	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 3068	2300	msedge.exe	84
PID 2300 wrote to memory of 3068	2300	msedge.exe	84
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 4136	2300	msedge.exe	85
PID 2300 wrote to memory of 3296	2300	msedge.exe	86
PID 2300 wrote to memory of 3296	2300	msedge.exe	86
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87
PID 2300 wrote to memory of 3024	2300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ftp://111.67.194.235
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4c1a46f8,0x7ffc4c1a4708,0x7ffc4c1a4718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument ftp://111.67.194.235/
  2⤵
  PID:5640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b67ab58,0x7ffc3b67ab68,0x7ffc3b67ab78
    3⤵
    PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1944527529171137136,6317255463979465261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument ftp://111.67.194.235/
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc3b67ab58,0x7ffc3b67ab68,0x7ffc3b67ab78
    3⤵
    PID:3588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:2
    3⤵
    PID:1716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:1232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:1180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:3252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:2728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:5260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:5364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:5472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1908 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:3576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4952 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:5364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4416 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:2080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:5656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2316 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:8
    3⤵
    PID:5632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4928 --field-trial-handle=1916,i,18309605229373042226,12837122108893476482,131072 /prefetch:1
    3⤵
    PID:1660

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efdf336c3d3a1adb92b2ad84b9e0ddf8

SHA1
d12684bf46d8efdc7fe65d72974a64f8cfc83aae

SHA256
a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc

SHA512
d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a395ea6bdce0523398ee7253d5af0d37

SHA1
63f0028aa1b14f8ce967edd034040499af3d64a4

SHA256
f9e70fb939821077d7812afaf9954b991f356b1667f890c8daab57003ee1c4dd

SHA512
3480aadc97bbd749b649e1fd5fdefab4b9a10a19efa038a99ae4d3afdd2a3fa197442b4e9d8a1c4cd3cf768618716ce2cd44858c8393623a1652a1b3d2943bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
784dd769e8dedd02d19747e6c1ba2a49

SHA1
d4f5dffce9c43521c335e29e2b9b36c87f4ca4c6

SHA256
65dd874c518b6eafec15bb598cf523f3a502ced82d9e67a13ff3e3bb23869d2b

SHA512
e833af4ee6250dee9cdfe2fb1815cd137e0c27ca98b8e6485f1cc8398dddd61531ad7abe67a47925dd830575e79480fd3abcf7653dbbbdb5a7c06e4118ea248d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
50597da435877178497f13a998c3c4cf

SHA1
d838d39772c9eca4ba6de2a9e610d7e6b2a701cb

SHA256
9974ce29147398758818bf0841e0c2d892e9a1a00e8bf0c814924b13ac83305c

SHA512
3935d636e5e46e243bd1f48d1ca09c0e14017826bf9d3508910e926afc0c2bfbef41c73441053539a66fae2de8b3477036c41d15978173b99ffdf9faa812fd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c320d55addf4734cd4c778eb3d7e1b75

SHA1
4c3492c22295e7b2d529b11498d94005f9032567

SHA256
ed9f8faed77d519fdd1aab026ddcf06c6a559ada717455a98870447b66d214a2

SHA512
d975dfae0bc92deaae10c39b29c7124b4edcbc82a19354322bf8d8071d9cfb85c8d07eeb9e49241ab2499e6a70911120114a2b3a409b2dc4448d998c120d3fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d4589ce2a62a4ab175a09d22263cdc66

SHA1
4cf358aa37771023639cc3c7d066273092302c13

SHA256
0a801b4a18d12261ce4ccaae781b1104c272020e1f631836d0b083f367ba3dcd

SHA512
f1a272cf30bcbbaa5c650fb0ed6e5e07c0898b87da64097e8799aa30638978dec14dd278c45c213bb545bbb71910bb5c49be1fde3ce1c3ee1573aa1979665bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
737e95282683ff67a2b7eb43a9428cad

SHA1
d348ccf3bdafec0973704e50c4eb631d7e7d6234

SHA256
c111b320e0fa259dff54a4f5af5ba9d00971a0061efd8777a45dcb12ce82193b

SHA512
06df2f6d5f8a2a6543fd044fa5282a4a2cab7581ab91b1f63f29e0719814d973c039b9019b068743ca69482c0e40ebce020f367f704faff3ce8f926c419a3340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f69a85ef7e774b0189dcc321ac4c3108

SHA1
bd97bc2981af67a1159947e8b605cd3d6652c9bd

SHA256
8e3e9f97ef15012890f0f0d84f0dc084d35790bb1a707e00beae0f1d7fe9fa3d

SHA512
d2c1d5fe5d50dab7e0148a25be9a1aa618667db896df5711d477378cc627c83e192bd3fcaba9f4eb9ced665811839b1d446d206dd4a4c177d8315ba2c98e7d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce9c8d35db13018cc1dcb5f4848c41bb

SHA1
2537b864db2821d48607b9ee94f8228dfb54fbd1

SHA256
0b63c747c1c5e5d2aebc2be2fe2ad76afc0ae0a091e6aac15adac194f33719a8

SHA512
641620d4b00b24fd2c83e0861a10e61ed4777be93c194ffdce04376af10e8370d9040a9e5b3f4a55ea47c219ec6c4de239b1201e5482f4d6bdfb15eb02d0b789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
134b656218999cc1cbc8d91e76c1b010

SHA1
629ac0624850535acbebb9b1b5beb196bd73a5aa

SHA256
e3730f0436891fc11d8d3362ad36cecbb40ef9d76eeba4f64ac43500434fd1eb

SHA512
f98f96cdc3e4b7167c0b38cf94d2ff641be0aed75ef06cd17a9dabcad3eddcfbbc7ea7467194e97bdec268370bf649efedbc3d90829771a3ff26478ee7a26d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
09379771593372505a777aa48494831e

SHA1
92d618558c656573d2f118d4f4b183f234bb1708

SHA256
933e4994d80d7195b12ece9361f53abc5f4914b7b9b4b8bf3b6ef3baba341031

SHA512
02a259dde111c188780a1cb771c96c229bf215cc79a6f454020db98ba91489b7b3743a522d58826832e371d0a1e25c84ea877ab475e3d526859a42d96f49bb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
4cdedad6f7f109ba6eb6d3a43c5bdbdf

SHA1
356b41ad86e3aa4ef3d56476c7f90cc20ef8eca8

SHA256
befbbdd2b4b852193a6487922192217c5da7ff4799ae89abdea9b1528f05bbca

SHA512
13df856d326c4d73b9e666a7a3ae96194d1ec707e403fa27dd464b9d1e5f8d5d53d48af190e63f34286975d7d7f58e9fe7652007154a0ed199f7b0bb97f7d4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
0f6e72d4ad0113bf30b175b258c788ee

SHA1
c0770e6158a9e68d9edc6d3ba9d5fc4a96109c0e

SHA256
0c688f392fe4b565a07a4b5cfb41b3ea8373ff2a2eb4cacd4a47c9ba14a009de

SHA512
c7a9f578d2799970f8f5b928f4bd97c38832003b34c6c7910d82697f97035c5df0265b1f0f4d903b73490c08b3bfc79155009576fb27b621c20ea7cb61ff0877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8070dae6-23dd-456e-b181-fc57f113a7fa.tmp

Filesize
847B

MD5
02abc98c7513644ecb45d713495d16f1

SHA1
0809372e33941ba0bda76a0bd05362dad0546607

SHA256
4aede4af26421713e93c3e29e2fc34881b003c3a4837e6afbf133e72c5cb1d44

SHA512
bcf098069a660008dde07bd5efa8e1359373b3befa27831d15b90dd4db4f54c16156e08c8dd4ecd06cf0c70207dfa6dd287419c635b65241a13e9896a07df15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2ad5cf04c57bc6afb9ca019b985cb764

SHA1
ee36f5ecc5ca1afe2b769d14af252be3b54c358a

SHA256
5c05c1eb9f0e7a0656e9ea7f8d738c1dd0edc28986d049e776eca25957106d6d

SHA512
37a233750464a9a6def05c23d1820fbcafa40dfb555aa09d7f81523dae883847a9f47ed1f0953e524838f7546279801cd67c0be2dce5ee3e15130720c9e902d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
905bc08440ab1d6714bf389b99426ef1

SHA1
a7cb51ad7260813452938d0524528e46117ec8cd

SHA256
9ad297b09b3b20c1a476e1c99022bba995c9e2874d607fddcaf819b9df61e8cd

SHA512
6bc1d11bfa69bb3688d3c9e90f5bc94a76bf204a514ae2a655f07468e1c97651d6d503cfc783c5445f8ede7fcafdaf671c05bf72c02abbf695927b2974a9448f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbeaee2b7f97c54fb5fc4eefe4f4d2bb

SHA1
9f1ca7c90aba56d54c7051768abdd8598ac89878

SHA256
17eb8bf6a55e0a8660d6401926cfa910d602b3d78e3d20d2ca05c7173cf4992e

SHA512
84a3642679b2ae8d46ea467fe314239cf832b6e9a6059c755268c9b19b52b080be9b0fb5e3e847beba19dbf511b8000709e70aa0a1b1291e16c319c645ca44ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d37a7ea4b7a927aa8937ea781549ccd8

SHA1
4c26785d1774557ea5cb9aae4d4ba8fccbe80606

SHA256
f3707acfac65391a594f99ffa3fad8c965fae742ffc7ce2344fc35ab57261841

SHA512
a1088951343c8bf3e0068419026d07e78bef521870788b431cc8dc1b18aced2c35649610f41203b06a85427f75ed416fdd3646a3c69eb88347ecd9ff252a507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53120b4107e6ecbdee8c69abe639a728

SHA1
a5bf40c90d8dec27f5b151551b1518cef03092ae

SHA256
effe49a15e4de9353e7111fca4627954d603415de2ec9d9f67609d5c3ec09de6

SHA512
9a7c507749ab9a58f7170133adbb545e479058a4b42294d2b190ff4bd52ab259cdb85e91c22acfeedeb721425353ab9967ab2362a90cc8fdd48908a36272cc44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bf11d8c8e57e9a94b0a7dde1cf47c26

SHA1
2f8ebe56d42a375e81d9540b521a311cb08e91fb

SHA256
a85e0291d3c83efd6e1d507796c6a171390435802d021c2f0cd55d733e365544

SHA512
2c5121c3e926466b956ae741c75e091e5b41d972e09da0fe1ef85fb3986b53ff81360f4d4ff8089b76576afe2d296540e33946fd2ecd91454a97a8cbef93683d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbf754df8464d4fba61201313f89c2f0

SHA1
91245c13a416826c27d2278d77f3169a91bcaa35

SHA256
b4312fcdb422883787a9e4981eef2b77fea3fd653914323f52bf2777b6d3ee82

SHA512
e7fbac2c3e4146f453d90287fe670e9c563a9fdb25e3e3a4cc66ad3dfb144ef040eec4299a06069f5018fc37923340a8d0a5af2650401d9bcd96dd9c6d94fcb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b52e0376112ef5e258e477c725feb4c

SHA1
5ce42f5c116d2c7d999c15f0c3ee3da39eed4246

SHA256
f01397fd133b833952fac363984779cd05e4789136a49355956cf2f3c64d2e2e

SHA512
b488f623daddb8bd57c695e391be4fd7bf8f16bb99e93bb29c5f4e2407690b84afd60f9a2193de5a436afe456d5bb753f36c7de042007b65a21fed25ca1c5d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efcbc94421773faa9daa1563b63cce56

SHA1
ed5908c1d85c7a5036dd3de7f4e7c94c0f040da8

SHA256
ed72e855b4ba6f68f0d90b8c81374fdab5420011bd1268fff42e1491c91435be

SHA512
e863b7e366b4701b9482c01d4be8df0eddae9aef5b6558a892762ecb1f2e96b326ac8bee24376d138bc6ae0a9af28bcaa07e14f8c92c9590c8faf61c6528084a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0ecf0c1731ac7a7908c88fca2ba391a5

SHA1
6f0e70cfb99d54938fae99a25cff23381c4e9c6a

SHA256
a25483945f8c31655c4610be8387d5fe9d199704851410772bb36dfa64a9b1f1

SHA512
4203230dca6c8eb774cd8859b0af80ed43f393d6e73ba1bbf1334c50e930ab14c2b59142b6dc1c10e9de83253284b97a05bef61e19bae330dbc326cbd489aaee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1c534d95e297312b97d3e71dc56ef580

SHA1
78e0e70e2d239dc0864c8256d25df18f04a546cb

SHA256
39579389582eb7ce2e5b0860e20213ee65e1c6c45c06284b723cf612f4e28175

SHA512
97f1742ea99cd8b6d0b111e80387aa3b0d1eff098044ebfb9714cf9f3edf0e9ec992b075624db7a6bc9574562d0bb2fcc78a2de4fad3dd55393e56870986c728

Download Submit