Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-07-2024 09:21

General

  • Target

    https://vdeokompany.com/Installer.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Detected potential entity reuse from brand microsoft.
  • Drops file in Windows directory 8 IoCs
  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vdeokompany.com/Installer.exe
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7e8bab58,0x7ffe7e8bab68,0x7ffe7e8bab78
      2⤵
        PID:1828
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:2
        2⤵
          PID:4440
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
          2⤵
            PID:844
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
            2⤵
              PID:1048
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:1
              2⤵
                PID:1792
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:1
                2⤵
                  PID:4144
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                  2⤵
                    PID:4520
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                    2⤵
                      PID:1556
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4636 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                      2⤵
                        PID:3044
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                        2⤵
                          PID:3096
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                          2⤵
                          • NTFS ADS
                          PID:4620
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                          2⤵
                            PID:4428
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:8
                            2⤵
                              PID:2152
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1800,i,15614032032908297842,17974600827527714699,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2744
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:1384
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                              1⤵
                              • Modifies registry class
                              • Suspicious use of SetWindowsHookEx
                              PID:3976
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                              1⤵
                                PID:2960
                              • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                1⤵
                                • Drops file in Windows directory
                                PID:4680
                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                1⤵
                                  PID:492
                                • C:\Windows\SysWOW64\DllHost.exe
                                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                  1⤵
                                    PID:2828
                                  • C:\Windows\system32\rundll32.exe
                                    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
                                    1⤵
                                      PID:2164
                                    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                      1⤵
                                        PID:4520
                                      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                        C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                        1⤵
                                          PID:200
                                        • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                          C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                          1⤵
                                            PID:3260
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RenameTest.cmd" "
                                            1⤵
                                              PID:1776
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RenameTest.cmd" "
                                              1⤵
                                                PID:2984
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:5040
                                                • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                  C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                  1⤵
                                                  • Drops file in Windows directory
                                                  PID:5028
                                                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                  C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                  1⤵
                                                    PID:3128
                                                  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                    1⤵
                                                      PID:4912
                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                      1⤵
                                                        PID:4876
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4752
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:2984
                                                      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                        C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                        1⤵
                                                          PID:4548
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2041153
                                                          1⤵
                                                          • Enumerates system info in registry
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:3036
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe67cd3cb8,0x7ffe67cd3cc8,0x7ffe67cd3cd8
                                                            2⤵
                                                              PID:4408
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
                                                              2⤵
                                                                PID:2768
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:864
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
                                                                2⤵
                                                                  PID:1376
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                                                                  2⤵
                                                                    PID:4200
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                                                                    2⤵
                                                                      PID:3444
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                                                                      2⤵
                                                                        PID:4512
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                                                                        2⤵
                                                                          PID:1464
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
                                                                          2⤵
                                                                            PID:2364
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                                                            2⤵
                                                                              PID:468
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,255474475938024204,6975112904940622086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                                                              2⤵
                                                                                PID:3672
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:2156
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:1056
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  PID:4752
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe67cd3cb8,0x7ffe67cd3cc8,0x7ffe67cd3cd8
                                                                                    2⤵
                                                                                      PID:1376
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
                                                                                      2⤵
                                                                                        PID:1212
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
                                                                                        2⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:4880
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
                                                                                        2⤵
                                                                                          PID:1380
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4432
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7244761138084754929,628367245876040193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                                                                                            2⤵
                                                                                              PID:1040
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:2740
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:3232

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                Filesize

                                                                                                929B

                                                                                                MD5

                                                                                                a681ee706a01ba22b9a9b55ea644b381

                                                                                                SHA1

                                                                                                6602804f1c0b03f56f64119369069bea5fe6fbe0

                                                                                                SHA256

                                                                                                09f3b075a974b368998101233c219223c5a957de81fca9743b955739b56ac453

                                                                                                SHA512

                                                                                                e5e7670dea5dc753818d3764af95d927d7be23b138e916362f0e564eb5f760738310fb11e40439ff80e722f287dc0ecfc90d53c3e96028d38f69cfbfbf9911a6

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                Filesize

                                                                                                2B

                                                                                                MD5

                                                                                                d751713988987e9331980363e24189ce

                                                                                                SHA1

                                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                SHA256

                                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                SHA512

                                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                4457f2b68b3faf0c05a7ae06baa17d33

                                                                                                SHA1

                                                                                                f7b211a086d46e997784ac46ec30364c5f8e2b7b

                                                                                                SHA256

                                                                                                67093a85777c0f40a1494c96ed1b29f3363e4a2a6e27bf8dd70849205ac76955

                                                                                                SHA512

                                                                                                5d11494c4471e28f55e36d0d5255817f1a009de4356cefde2b9f9ef692e55ffd1f76285388252ac05e1e6b7a66e8a6d8216867b1fbd6c031bdc7adcf3b1be34b

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                dd1be06b03550aa3db388fbca5e94064

                                                                                                SHA1

                                                                                                0309fda4f7d64656c1d6a5b7e440276e42b3f689

                                                                                                SHA256

                                                                                                96ab1652fd9ef8d7747dfd7600161f17636498972224e26883164ec1def7713a

                                                                                                SHA512

                                                                                                471b9ec077b90e269d522726d9436785f724088f2f876d02d66f50ee1583364f82e3b1794a62952991de91d2145d729704a3f7dc65d605c2b29eb595a82e5d18

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                a574075385e59c892ee6444f0c765771

                                                                                                SHA1

                                                                                                30f4b5d9733b43e4211ffe7a2927ced58a5c7886

                                                                                                SHA256

                                                                                                61e23a54658a0f749a958923297b83cba6cad8c63f29b9917c0abfa0ce8e4602

                                                                                                SHA512

                                                                                                9f4f6baeb5d5a3cbffe7b307a7167d8eeabbadd098b2a005bbf8d9337a677b5e8d57fd380f1e301d5073f227d23aad7f0fa87ad8f39a5708039d131c7dab2ef3

                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                Filesize

                                                                                                129KB

                                                                                                MD5

                                                                                                3748b0ff46982e4353e7b112fcd0e151

                                                                                                SHA1

                                                                                                07c0d7f27d5be2bda76e8e795d957557738ef014

                                                                                                SHA256

                                                                                                db5da97f0906ee42369bc1e7442cbd4df834f87ee6edbf62153a4c9b6fb810ff

                                                                                                SHA512

                                                                                                e06591d9ea717446e78470be51d23fe14a0ec82441f4b83e6744d5ebe253c26e968f51a07a0ce547164bdd9237e7c980980548b194f7f983721e5e3018382aba

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                c1c7e2f451eb3836d23007799bc21d5f

                                                                                                SHA1

                                                                                                11a25f6055210aa7f99d77346b0d4f1dc123ce79

                                                                                                SHA256

                                                                                                429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

                                                                                                SHA512

                                                                                                2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                6876cbd342d4d6b236f44f52c50f780f

                                                                                                SHA1

                                                                                                a215cf6a499bfb67a3266d211844ec4c82128d83

                                                                                                SHA256

                                                                                                ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

                                                                                                SHA512

                                                                                                dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                005049937f89717301bb1d316bda777a

                                                                                                SHA1

                                                                                                6d527416cb5e0ab7727b266c46860dc36926a6d5

                                                                                                SHA256

                                                                                                5cf7f3bcbf768a5e0b17f1244e3c063e8b870897c9eb197b71b02e1263879f48

                                                                                                SHA512

                                                                                                112e01944052f30662ab4bf551aea8636339c75134b51fba58a9b588ba3828d387d6f8edadc537a603b6206ff3141bc9dc7ce55f851a0a1c328a2a8c3d1db197

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                0fba3fbf88b10f5a5118204e2a14a60a

                                                                                                SHA1

                                                                                                55e3b99372f124d2e3d8385b90f5774355166b28

                                                                                                SHA256

                                                                                                54d15e8005b239ef169bb40394acee352c031fb77d32c35fb583542c1e57d3ed

                                                                                                SHA512

                                                                                                8180bd002334ac5cbc1cf98c97e443174544b1c94ac23e9115f61ebbc7909f5c69c6a606527ac2a3b66672ed64cbad76536ee9ab24e718521a1978db1aec7d68

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65f23cbc-355a-4557-9b5c-2ce1e6410f5d.tmp

                                                                                                Filesize

                                                                                                1B

                                                                                                MD5

                                                                                                5058f1af8388633f609cadb75a75dc9d

                                                                                                SHA1

                                                                                                3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                SHA256

                                                                                                cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                SHA512

                                                                                                0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                                                Filesize

                                                                                                44KB

                                                                                                MD5

                                                                                                bb207a804bf2f131cce691e17c601c6e

                                                                                                SHA1

                                                                                                a79c85e4ef74680d6d42620a3e488b44846f7cb2

                                                                                                SHA256

                                                                                                e90dad5799110e63ca97098601ab8cb400852d6b7378d9d732194b0d448e3385

                                                                                                SHA512

                                                                                                66be17d5b131b19f8ae80d150774ac0562da39f128104a3eef65f920dd1d9adafa7a7e29e55ca128e55050a62a365722483ce37152cede9106e2a73d072ed919

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                                                Filesize

                                                                                                264KB

                                                                                                MD5

                                                                                                d05412f022f3dea643adfff4b76a0fa6

                                                                                                SHA1

                                                                                                34c1cd03853940d982ede68c743a8da1995d7da7

                                                                                                SHA256

                                                                                                41392e7b44aaf4d7d1427e5ea02fcfd2f881f696f57005c5117e113fe79af1dd

                                                                                                SHA512

                                                                                                e7fc70b06d8faeb5c0a77c37c4325e243ff3b3a3eb1a858ced627be863a8e34f17f85a506675e305178ecf88cc1ddc418ff9c5949dc715d8491b34201190925b

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                                                                Filesize

                                                                                                1.0MB

                                                                                                MD5

                                                                                                4cd4001b3817bd552543d55437d43f4c

                                                                                                SHA1

                                                                                                5a82b8dce2ddc71b10f9a0602476422da710f832

                                                                                                SHA256

                                                                                                2c269e03450087524df3ac878e293701f0d1d68b86fc7ee44dcc472efdf33bdd

                                                                                                SHA512

                                                                                                0cbc08e6d71e85b2cf37971f73b434524e3785c92ea736b4170b0e91566911b40e62f92e7baecd2385ed76a8a8f1612437010d28a770664c024f27c58f399d27

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                                                                Filesize

                                                                                                4.0MB

                                                                                                MD5

                                                                                                7f20e612f30589cc6c53dcb048b637d4

                                                                                                SHA1

                                                                                                732095d36ad8e98c2d39c883986aa423af8831a8

                                                                                                SHA256

                                                                                                54791c997c6ac68eb76b75b3d3aae4029cd9e4cd8bbf492b60510544af4e8c4c

                                                                                                SHA512

                                                                                                acee308cc71923d2e89925b20e85978085c1d4f77b82a66db2af187c2be6c01eeb7782a64fef7d9eaa0f192cdfe53f2c6f31381d936ce72c67e07eb8278dbdfd

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                Filesize

                                                                                                312B

                                                                                                MD5

                                                                                                07531b059d12e87f1822153103b05e8a

                                                                                                SHA1

                                                                                                31d0aae845c2b449f14e1069e92437caa959fc0e

                                                                                                SHA256

                                                                                                5c275c16f1ff474dc1158dd2bdc027a51a36f5c6e06851145c591c1337491d1e

                                                                                                SHA512

                                                                                                6b02db1ef6ea547f40068439bbb34214cf9ffaf778b8504c3cb7ad7c54faed67fe6678d86023b8349da7a6fcd7221d80be1458a4c8756723696ad0ab3c677dc5

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                Filesize

                                                                                                28KB

                                                                                                MD5

                                                                                                142db32d6e3bac131479f8987e14cfdf

                                                                                                SHA1

                                                                                                869d1a83a5f41cfc6ef32737be8971f29042415a

                                                                                                SHA256

                                                                                                89544e770229bdc2bd36db25d6d3a64cdf0c1bb1da98ab835956f9e2954bfc15

                                                                                                SHA512

                                                                                                71c4a632203060478ec3996baec9d1daa736b83e3ad3ced9be0e07841b665a7fe8d64003113108634aae54b9d7a61f249598ebd29531346dd410eea04b60522c

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                Filesize

                                                                                                20KB

                                                                                                MD5

                                                                                                d155a5ff54ef1e97bc0ab0b509938102

                                                                                                SHA1

                                                                                                765d1b791e8b921c0ace32c8fcd24e59d1f0c790

                                                                                                SHA256

                                                                                                990d98901b1886c1a87eb384a7559d85b4c6d0ef58725e75c1bcfa77848f2dfa

                                                                                                SHA512

                                                                                                794d8de74aeb7b52e48ed4a271917746ea2bca3c85bfa0471e989c490e2226c75c8025627b3cc202b789c8a1bbc7726798607e2e9315903d4cfec5110d308450

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                Filesize

                                                                                                264KB

                                                                                                MD5

                                                                                                f50f89a0a91564d0b8a211f8921aa7de

                                                                                                SHA1

                                                                                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                SHA256

                                                                                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                SHA512

                                                                                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                Filesize

                                                                                                136KB

                                                                                                MD5

                                                                                                ac8203c9fdb060799bea324babd59cc1

                                                                                                SHA1

                                                                                                382fd392c333224d48b93c0286aef37274e225d1

                                                                                                SHA256

                                                                                                49f7477d1eedc0b2e19b991f00e92ea1ffc146827a6a1c881d9060811181c4f7

                                                                                                SHA512

                                                                                                9b9c049983c14afec8bb068adb8b909f3ee453c58e28743740012f8019790b9da7cd98b150e80e7b772d3c889e1812c4e5c9bbc94b83f1286b35523a55e4f3a3

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                Filesize

                                                                                                12KB

                                                                                                MD5

                                                                                                af17021e6d530c14c27ad303536ffe3e

                                                                                                SHA1

                                                                                                5c1e25e44a8cd8e497f55005a847ce2373898ccf

                                                                                                SHA256

                                                                                                cede1d231d1470db239138ac1f3321ae3199c678a10b5d515247d8cc9fbe203f

                                                                                                SHA512

                                                                                                765ec3de5874e894b5caeccf948aa1bb22198d54e31c0b3a457dde9f528e138ad0bf0a9a1d993e0c91d8269b009c138850b8edf844dcc0f4e5a869ba358e27ab

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                Filesize

                                                                                                147B

                                                                                                MD5

                                                                                                d8eac1e6395bb3a8d1281bc875273acf

                                                                                                SHA1

                                                                                                7be562fc1ebf8086eb3286427f8e5a5c4d6ea0d2

                                                                                                SHA256

                                                                                                d65419d3bc75b16dc4f4e6cfd583dbb85ab9cceab030cf727a4afca36047d295

                                                                                                SHA512

                                                                                                9b62d1941596114ab530eb51d29a4dff7b1317d8751a28575d16290668f6fe6af53c160699a5b3c37ba3586052e730aadde3750e6d3274e53449a6ce12b1aa1e

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                Filesize

                                                                                                331B

                                                                                                MD5

                                                                                                ea085e6a426562c686bf867459de7061

                                                                                                SHA1

                                                                                                9bd86b0415b0706d51d1e4b983e97ec1ce232d52

                                                                                                SHA256

                                                                                                f89070db1f488db797d8d88b8c10a0cbb4381e36a636eb0ebaf5ed20354c9429

                                                                                                SHA512

                                                                                                f02b30bd69689d351558179a161bac05514040dcec311158a42eb93a5c411e670085f161f935d5bee98c2673fa7dc52ca43d485b79ccf2742ef42264e419e74a

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                c0b29a30e0eb78d770364482e5367672

                                                                                                SHA1

                                                                                                f8395ff344c5ea95d054f71aa9b1dae35097bdc7

                                                                                                SHA256

                                                                                                141ff260a150bd619e0e131b4ab808e5f7ecf180d24628ef6970bd2916dc1ad3

                                                                                                SHA512

                                                                                                558e489df7ed8adf528cb421b210eced131cc14d75b20b7f9a994d3b84f2a941e75e501866d23e6971ecfab6ba60a820a731ff6047c6788dffd191fd714f4ea9

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                bf087567156fbe0e872be11ddc82342b

                                                                                                SHA1

                                                                                                e16077648f5c177491ac18e20ae988a1bbb9c09a

                                                                                                SHA256

                                                                                                274654078454d884fe9ac4a4d4c2623f50d1d64c0ba1dc018509f3537ba5805b

                                                                                                SHA512

                                                                                                ba70e4215c79fe74a536dfcf9626cd0f983fa44428abcb4442289b95d64673d0575ca205688d019c03b30370c297986fbb7416310ded561804daa6fd7a6f7f6d

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                55c52614cb9bd8969837550675b654cb

                                                                                                SHA1

                                                                                                800f75b7191a19bc10b41a461231a5ea09330826

                                                                                                SHA256

                                                                                                691b90eed88b5a0411e423115155fa5800bd43c8ebf9a9b9af7080e6c31c2b31

                                                                                                SHA512

                                                                                                86d628f8cbd2e87325839868642f019306a2df31fa2611da03cdd2d1a837f74f0e5ed36e7759da1ec4cf6017c83443773eff11b643f6abb965bc5f04d57a7a92

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                f6586beb68fe226102c91653003f1d88

                                                                                                SHA1

                                                                                                2d2e6f60d0f71cc3894010e3e0aad272b86604a2

                                                                                                SHA256

                                                                                                b2f04922ba5bd4cdf4a4111b8420560598858c6240c9f5f0d4396eae9e9da62b

                                                                                                SHA512

                                                                                                4f39615fbb15d950b041f0c03361f90a7f44b6fe5f30e96944f0cf3b7928817b610d5523d0be4c521f047480ca4031d0dc737589d3f51f9b7139f497607a04f8

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                3cd89e2fb3fe07bb2515e705c7ac4930

                                                                                                SHA1

                                                                                                3bbdae5c68cef51348e81b0cf9cc089471fa3fdd

                                                                                                SHA256

                                                                                                e69384769faa7106473247a8b7382ba67676e1cbb345dc0ef809040ab629013b

                                                                                                SHA512

                                                                                                ad37af2037e9430c8a7031e0ebbfb72b6c76df6815c520ee7fe7f88e4fd08b25f5b8ff77822cb1a5a8c47e4bbd7f2c49cedc164aea4b12b39102cce16c462f93

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                6c89a2ae395e807fca47a2cf97b4ac41

                                                                                                SHA1

                                                                                                f53eaf45f2ad9bd1118c581db5ef6cb7c6d42b52

                                                                                                SHA256

                                                                                                582b1a21eaad6d0525dfb55763b18fba2853ba0cb599216b65172430017da14d

                                                                                                SHA512

                                                                                                5150e137e3b47354d91ba6c5e88370a2c147081f30a863dfd635505369a98b4b0ae09640534e79f9f66ecec0c07f627f1a46a90eb2ad566505459f7e1bf76cfb

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                Filesize

                                                                                                508B

                                                                                                MD5

                                                                                                8368d75e41ae05edc37386f9d3bed2c0

                                                                                                SHA1

                                                                                                f8b02e982af0e9af27b336d0162d4e0a306850f2

                                                                                                SHA256

                                                                                                62037f2fa221530ad37e5bbadec244ac14a6fa26d270a132db3c78dc58583571

                                                                                                SHA512

                                                                                                6d26ce6ec74317e04d7b0734393dcda53865c6ffd9c56825b3e32c7d6e5e547c3c22313d120f38a1ca8525085b444dc775b30d8075d0a3514600ff789575bab2

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                Filesize

                                                                                                319B

                                                                                                MD5

                                                                                                d33ad6810db15a1341608f83f714de00

                                                                                                SHA1

                                                                                                a8a9c0fba619cbae3dbd64f5af8b3ea5cda38cf2

                                                                                                SHA256

                                                                                                aef63e325683445b370fd045a5b86b6e8c80aa154aa55b9f1e635ce9781f56d9

                                                                                                SHA512

                                                                                                3c4eebfaf6c7f6aa7468184e5e38f8d8d9cdd9066ffb0d206691c805305f23a7d72911b79ce4e29e2b406135dd6dc37de1023f560b5538926b42a94a48f50e5a

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364386288760441

                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                7fe853b1698216293efa090800004321

                                                                                                SHA1

                                                                                                531be2bddb7e107776c1c7469a2ef3b144295734

                                                                                                SHA256

                                                                                                fc1af92be914ae127d5b4b3821eadb91172bad7e43b39dfa7fbfb437048b2c48

                                                                                                SHA512

                                                                                                43455af768933a8bab3b46b20eda1633a87999bce53a7a6abdc374161483aa25715b9abfce33440cb8c5e37fdd819a06980ab1a6ae9fe50a6800b49ce9c40608

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                Filesize

                                                                                                347B

                                                                                                MD5

                                                                                                48a3d900ae5959504cc890c468d0f9cc

                                                                                                SHA1

                                                                                                c61bb0a283abf7e95a08134a49f4e89ce753104b

                                                                                                SHA256

                                                                                                e12238035a621818b1817bdeb8faa435553c189f918898ec94d6764941fe4104

                                                                                                SHA512

                                                                                                6b88888b8369b840a704666abd5c9961c1d14598f2ba2274a756c874bd383b571874ddff186b6bdd6dd2e4ecd12b6d4171ee6a7f743895f0948608f23ec0c289

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                Filesize

                                                                                                326B

                                                                                                MD5

                                                                                                36ebf64eb5bbe29430156d3bb775810d

                                                                                                SHA1

                                                                                                db3e237a26489d9f9cd7a54505447c517e139583

                                                                                                SHA256

                                                                                                ebba525989a3b57559f426e12ab949e094479aa8e19fecd4fd76a90d1b6fff1c

                                                                                                SHA512

                                                                                                acd57347bbf22ed8d8947baf4cc9d6d76e654a8de4fd99a5bc545e84cbaeb22b869e46663527d0ef0532e318b1e0cce17310440cc8315abb25a3e38c7fbe813c

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                db7f47e159dbdb1688543fd289201a71

                                                                                                SHA1

                                                                                                a8734d61bbc7d37fd1b577c285318151f90cb6c5

                                                                                                SHA256

                                                                                                a5cccb1493473e58bbbdcdfa12f385fdad7b0c224946bbfb7e57505f2af754ce

                                                                                                SHA512

                                                                                                fbbafa049fe606abc4e6a40d3358070f41f15efa409530b7a61301583936a04c85f3d5fc120283f119fce277699536a73b568403f466bef3f13b75c2cdd5a5ed

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                Filesize

                                                                                                128KB

                                                                                                MD5

                                                                                                019482648296f7a255402d3d15ad2ec7

                                                                                                SHA1

                                                                                                a62c8fea6b875afa780b10d92a1b2c9f1695ef78

                                                                                                SHA256

                                                                                                1ad0ba29e93287c2eccf26ef4b4127c2d3a548ed6d5434254506885e5fcde097

                                                                                                SHA512

                                                                                                5ebb2043e922d9028ffa3b97fb3dda096cd0099bd34adebce51a9a14f17915dc39f85dec048373dda46c16c562e7951ea00234209a43f36aac58d1d20f6b7d51

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                Filesize

                                                                                                44KB

                                                                                                MD5

                                                                                                53f43c110c268fd5cbb3b8af7ba817a0

                                                                                                SHA1

                                                                                                80e9ccadfa21217a60ca17ca7fb62c6e62fa2f99

                                                                                                SHA256

                                                                                                70c52a10563f671c4782d7322121c9995b40a11a9a55e383f2e9d9bbcb4501e3

                                                                                                SHA512

                                                                                                025231038918535669fe65d46a9b8d8193b1d1f9b3c5fa56bb7a4092a5557a2e3b8aa6d6ecd2d2e3dadf501ccf1af335ddd030eff626090931125ca5b9ed316d

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                Filesize

                                                                                                322B

                                                                                                MD5

                                                                                                da403caf13f03f1f29588750ace8f5e6

                                                                                                SHA1

                                                                                                c20218131b725c42d98e2ac95cda0a0f453d3304

                                                                                                SHA256

                                                                                                85b07c34350cdf77f8eca8b7afa90c3d62c655964f56a1d8628e893829d180ea

                                                                                                SHA512

                                                                                                67bb96b0ac22f28732deffd37e92a28d29a259b72e1459cf4f5b3eef6d52bd43068c6a23f23c7b77484d548ea198512fc34be1e1631e3a07945bb927c502f128

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                Filesize

                                                                                                340B

                                                                                                MD5

                                                                                                93b159a3c26d2abd5ae717aaaa905995

                                                                                                SHA1

                                                                                                5f06f50a2202eeb46e57c959802fd6e6f5e8a079

                                                                                                SHA256

                                                                                                af1d2d66adbccc8d6fefe9edaf605e80beb4842872b5a88540d79aff2ad4358c

                                                                                                SHA512

                                                                                                64703067b2904f4474bb7abc86eb4c63b2011ef13c01da181a8532ff92583608ce74687b018808956838d42ce9772e80b82824cf2c682263ee95182f240ebee1

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                Filesize

                                                                                                44KB

                                                                                                MD5

                                                                                                b5d8970ec3681b49e3f5a7cf0ea7bbb4

                                                                                                SHA1

                                                                                                5dad5b79c860d7a9293ebe6b74fe5a6c51bebe9d

                                                                                                SHA256

                                                                                                6a3ed14aa2430a0355df4cf22f7ae89a397288baef1f3aff4f6a588730dff0ab

                                                                                                SHA512

                                                                                                c401089515ba949b01aa4b0a4d35834a982e6fb8d67583e3cad9e3f7b8a62088018b673463a63957e960a60b4a84ef510946fe8c3786f17dc1ecf87f65c7ffbc

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                                                Filesize

                                                                                                264KB

                                                                                                MD5

                                                                                                9817750f73ccec64c4e6051dcfe57254

                                                                                                SHA1

                                                                                                c5613ee16ca7da77580126d7fc9d26c85963eb3f

                                                                                                SHA256

                                                                                                d3d3f5992fdfd9fb36b56b769353e4d6dd5bc2c594a2dd2ff03f8aa17f8c2e74

                                                                                                SHA512

                                                                                                c876b4f6a11799e192a361dbdd676d02234de544a2460a88d73bdbd5085bc034113c2bec2250a0aa0dba5589622f789a0726ea905693967a321beb40983c2ab4

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                Filesize

                                                                                                11B

                                                                                                MD5

                                                                                                b29bcf9cd0e55f93000b4bb265a9810b

                                                                                                SHA1

                                                                                                e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                                                SHA256

                                                                                                f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                                                SHA512

                                                                                                e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                854525dec729543f8df322388f86a08b

                                                                                                SHA1

                                                                                                061d816378ec1104389a3d4c10885fb17e03fb98

                                                                                                SHA256

                                                                                                7006c20740e4bb5922390a50ef7b9f2b946d5aa91e33e52dd6a88f93da2e4e7f

                                                                                                SHA512

                                                                                                5ab7e184a794666d5f8db9251dd2bcb409f8ab42e99e7baabcbef3e51f30148840f46663e1b077b30898be7609c047eb4bc068d0c0ebed7080afa9d4892eec10

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                541f11282809f530cda6163414cdc45d

                                                                                                SHA1

                                                                                                ae71afb771eba738ca1717d09e772fd4bf293a5f

                                                                                                SHA256

                                                                                                d41001ced4a3247276701ed4003b849d6051a837b9d578b6238fb4f53a2240f2

                                                                                                SHA512

                                                                                                35bd932ae3263a2d6b35e89b6199736ea0a900d8b0d77f83fa9029c5964c53bc44782fc8603a83630af7852a470c47ce2d204970fd6c54f6ef845c9cb67ac2ef

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.922.492.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                1f4fbeccc69ec5f6d1e469f44598fc3b

                                                                                                SHA1

                                                                                                495442ed85cf5da273ab5bfe496a40a256ecd5c7

                                                                                                SHA256

                                                                                                c4c7a6591737d03f6aa5657fd9a938791722ffb27f39acd7add02d3d78afd701

                                                                                                SHA512

                                                                                                d1ba67faf54e10adfe9621695433b3d44c71336bd2a2d25dd3c9c4629b7a3b48048a3d8126962c2085be481ac2269d15cdd28a006ae4d6557db4a8c9ca964366

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.925.200.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                4d7ab0344f834fd98d56ebb15db7cc7b

                                                                                                SHA1

                                                                                                48cda6a8106519becfcb6e850752901760fbcb7b

                                                                                                SHA256

                                                                                                d309c6295fd93ff2e8e6caf5e495238498b7e652256d109ac4b16349ca655cae

                                                                                                SHA512

                                                                                                edabb38ec74b89090d64b4afb860c8c3b705bfe0aca094bbea7547a9b85036fd85c45f1a0ab7c31c72e36310096ee27933b5a8c19320b1ae9413cf4fc497637b

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.925.4520.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                88a2b61e20512d95d24573d61fed11e7

                                                                                                SHA1

                                                                                                ee6dfb99174d19f929f67973c0b51ff9469c7921

                                                                                                SHA256

                                                                                                4afe7ccca89adf0340ae65d97835182e924a426664a6c93c52a1eab584e9626c

                                                                                                SHA512

                                                                                                b47588369a2131b35f1b826f0347ec084fbe053a7039a7fcf7f186a3cfcf2d4895c769d47a10e5b50d94192d501c604195d27f48d5cf0ee13fdf84fb80a1a6b0

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.926.3260.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                3d25537cae85347fcf73df6fd760ca5e

                                                                                                SHA1

                                                                                                181e160394af7d090c304dbd1ad70b367964707e

                                                                                                SHA256

                                                                                                80729e2687d95a665aa84a4f22f8be97c47e0b0036632c02b03c6fbb50011f68

                                                                                                SHA512

                                                                                                4bac1ddf9e812b2ab6167cb981de4637438f9ee3b8a976f61ccf1acfeeaf185900f4e16dbe4995519f2bc21fd530f95218014bb96c00846f9d1436156001895d

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.929.3128.1.odl

                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                8c46b91a8c6dfe2635f7f78b52a47fc0

                                                                                                SHA1

                                                                                                de35f1a3f59d7ac9de9cfc7c943241b891facdef

                                                                                                SHA256

                                                                                                9c1fba16ba454c2d0630a398ce7c36f5d253d0ec7286a57447aa09d2bece7be5

                                                                                                SHA512

                                                                                                e592f3b9e2bbe1d403f411efd69856dc6c40e0ec0f7ababdcdb457ab3a7897b3eda70c234803f0a73faccdf3f40a2c7b937f88222fb5feb244505dfe9e7549d8

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.930.4876.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                e5bd117d8c625edf3eabd48d520ba523

                                                                                                SHA1

                                                                                                4a1000081fcc372a1fc3535b9f62b84634262f28

                                                                                                SHA256

                                                                                                76031d040d454549f90fe825c5b98d3e6024d3b11735eda26b8e95ca03fd7556

                                                                                                SHA512

                                                                                                a14d6ff811e3cecdcb0d8883d9052cc2961b5390fa19d4e9ddd73d3feb26d2358a961227c077d6e6362232026c8c2f917a58330acd704d9acc90cf23233f907f

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-2.930.4912.1.odl

                                                                                                Filesize

                                                                                                706B

                                                                                                MD5

                                                                                                3fcb4c92ebf62d639d48ca82beba0134

                                                                                                SHA1

                                                                                                11a39a7f0e5736c4a9265d851ae63e6d121792a2

                                                                                                SHA256

                                                                                                0359f9f0a0f398650bac82d7ee432173fe9c905f57cd7617fc8082745cffaafa

                                                                                                SHA512

                                                                                                f94cd9fcf76026a45d7b7130cf687bd6c8819be26cf5471503a38e692719ff79c52f2ccfcc22052a43c17005ad935c64a48bf2cd928b11e270a4c5c2c331318d

                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                cf4d76f1a9247b679411a23597ab0736

                                                                                                SHA1

                                                                                                ca7ea2bb3f8f7be7c59eb122cad5b045cf4e9c66

                                                                                                SHA256

                                                                                                552fdfebf5efd5e7e3373b9030d26042a53a28197c2955a8dfa3eed3479c6bbe

                                                                                                SHA512

                                                                                                a21e03a0fb43eb2f50e2ee98e9eee1ffcda02f5e418352d567904c4ff33ca536c938f0cc46aa258bc6df37d34f05799bfc8c7d99a34afba789a2286ec1c47a91

                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                83704c7963de9f77ef9140f7c957c247

                                                                                                SHA1

                                                                                                7e084166afe58930cc1663a3db722b34754f9ecb

                                                                                                SHA256

                                                                                                2f164fbe6bd7e11a243602c6cda5488794e237f57401071b701e2e82f9062ac9

                                                                                                SHA512

                                                                                                1837f7d4e135c5a862d2875e9927085395a68e0cf16e3dd7cb556250ad9a478b22d2afb3050b0859f05a9aafd2c95e763d984d2f840dbfa343cc51598bd11019

                                                                                              • C:\Users\Admin\Downloads\Installer.exe:Zone.Identifier

                                                                                                Filesize

                                                                                                26B

                                                                                                MD5

                                                                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                SHA1

                                                                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                SHA256

                                                                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                SHA512

                                                                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                              • \??\pipe\crashpad_4292_VJGVNBCAWBEZQJZK

                                                                                                MD5

                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                SHA1

                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                SHA256

                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                SHA512

                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e