hxxps://www[.]bing[.]com/ck/a?!&&p=36b4be3445b5385fJmltdHM9MTcyMDM5NjgwMCZpZ3VpZD0xZmMyN2IzOC1jNTQyLTY0NmUtMTQ2MC02ZjU0YzQ2YTY1YWEmaW5zaWQ9NTE1MA&ptn=3&ver=2&hsh=3&fclid=1fc27b38-c542-646e-1460-6f54c46a65aa&psq=free+nitro+soft+sonic+discord&u=a1aHR0cHM6Ly9lbi5zb2Z0b25pYy5jb20vYXJ0aWNsZXMvcGFydHktYW5pbWFscy1mYW5zLWdldC15b3VyLWZyZWUtZGlzY29yZC1uaXRyby1wcm9tbw&ntb=1

Analysis

max time kernel
89s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=36b4be3445b5385fJmltdHM9MTcyMDM5NjgwMCZpZ3VpZD0xZmMyN2IzOC1jNTQyLTY0NmUtMTQ2MC02ZjU0YzQ2YTY1YWEmaW5zaWQ9NTE1MA&ptn=3&ver=2&hsh=3&fclid=1fc27b38-c542-646e-1460-6f54c46a65aa&psq=free+nitro+soft+sonic+discord&u=a1aHR0cHM6Ly9lbi5zb2Z0b25pYy5jb20vYXJ0aWNsZXMvcGFydHktYW5pbWFscy1mYW5zLWdldC15b3VyLWZyZWUtZGlzY29yZC1uaXRyby1wcm9tbw&ntb=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649825554908921"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
716	msedge.exe
716	msedge.exe
2844	msedge.exe
2844	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
5796	chrome.exe
5796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe
Token: SeShutdownPrivilege	5796	chrome.exe
Token: SeCreatePagefilePrivilege	5796	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 4824	2844	msedge.exe	82
PID 2844 wrote to memory of 4824	2844	msedge.exe	82
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 1488	2844	msedge.exe	83
PID 2844 wrote to memory of 716	2844	msedge.exe	84
PID 2844 wrote to memory of 716	2844	msedge.exe	84
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85
PID 2844 wrote to memory of 3560	2844	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=36b4be3445b5385fJmltdHM9MTcyMDM5NjgwMCZpZ3VpZD0xZmMyN2IzOC1jNTQyLTY0NmUtMTQ2MC02ZjU0YzQ2YTY1YWEmaW5zaWQ9NTE1MA&ptn=3&ver=2&hsh=3&fclid=1fc27b38-c542-646e-1460-6f54c46a65aa&psq=free+nitro+soft+sonic+discord&u=a1aHR0cHM6Ly9lbi5zb2Z0b25pYy5jb20vYXJ0aWNsZXMvcGFydHktYW5pbWFscy1mYW5zLWdldC15b3VyLWZyZWUtZGlzY29yZC1uaXRyby1wcm9tbw&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab3af46f8,0x7ffab3af4708,0x7ffab3af4718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9478472771438142009,2625058651033652178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:5812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa55aab58,0x7ffaa55aab68,0x7ffaa55aab78
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=1920,i,4416765590598854270,134498207225987059,131072 /prefetch:1
  2⤵
  PID:5156

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
80c899f7e24c9654f6742445a25df7cb

SHA1
2846761c4a44a9844e0f66a1e23a5c6e6413ca35

SHA256
fee7dbda190992627ca296f7bccc249637912bcc3f98b3c9932af1fa1b475e9a

SHA512
5f9f572430b9715809c26f17254563958528667cd08c0500bade0fcc2718d6f95d47b1c80664fef6a86e90827a6397ad659de5509d62eb10470c1d621b78ade1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf71050f6a30749985b1a696c06d053c

SHA1
30a7c48c9ce5604fba0e0b2f55c620ea0516ab1d

SHA256
e903f1cec3c3cfcedb968c02853c7b74be2cef0c5957616decc245bbe49e433d

SHA512
fc7fb0969d59e649f6c1ed5a39261262df9a066914719ae31b38b1318771c3cb301fa89b203dc51c125b931800dda6c4277c8b870f555c85728477f20c01db8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a8c8057f26f6a857ecdb399bb68e5fc1

SHA1
4303a88dbcc7f33b5367ba62c0ef6f0ddcf14da3

SHA256
869535fdd6631171e8f83ccbec17ca347c91bafb22c8d55513cd3b78d8ab2fda

SHA512
4a5e82cf5a67b676c67313102de31ca34dfd69d5af76b560ec844580d76f6c4c8144396cf25ff399f8a75b2d99657dff8ebfcc071446fff5940bc7c851b5bce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
8ca1aadda9c8caf575d8714d26f926db

SHA1
5e0ee833c0b512a8589dee861b5a0227a2c735c2

SHA256
76d33766c0d676cd57b69938b373070074dc5e6ceab1b5756603aa084c9b86cb

SHA512
144b12eda16f3a7809ce849b9bbb32a58f1513bc067a17a509789051318e1b4659d70ccb0f0cec1dc16163ea74717f377bdf627e9bcc69482a215174da9a0761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1df09f1a4219ed0e9377ecca9c8ca4ed

SHA1
254183470547e0521ac243b6fd9b7b09c7d17389

SHA256
d45002847a6decbbd82c4e481c698e9e445e2fd91754f4ce4204981622503fd0

SHA512
128125a9295892e004cbbc5c456a0cd2ac11febe27bf4dd691cf5a78920918734ec12a2f118c6ecbf58bc9a2e94fd21d86547e3dfb8f057ee67fb94f7428364b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
9364a982f5d66462cd600124e0076389

SHA1
0f0f166283e863ae6fbf75328a00e54cdcf55e59

SHA256
6d389eab403d4613a0965ee6013befa99883ee2db30c3714c551fdda6c3f303c

SHA512
2ceff426ac3ef55c2eade7845d6bd39c939e8e936ebb92545a202a4bf9862c98b90031119774189192d42c6ff05ccc2109167bdc59407a412d21359ecb4c3af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b2e82d48fbd6903b348b3830b2428e5

SHA1
025f94d8415dbe8093105c59ee49110860c08e9c

SHA256
f4df9d94bb87fd10923844673842baa4f1a2399e9920aa1b21fc30c88d8d09a5

SHA512
f35bfadcd24d66f36a231c39765fdc579d330263f090889f3cc2e69261cb665ac9a2e334d6fbede23d659884c57d69304fcbf00999f0b2bbcec4064800876252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e0f6123ccdb4eb94ba85822440fe20c

SHA1
4bbb5f0ac6d847a8f09c4219fb9d822978cbfdfe

SHA256
58be49e5684dba3629314870a19c8260fa673f44b9f0213397824cdd4f51ac68

SHA512
235b9593ad9cc6ead049ad20f284087ea5c159b9a679177007e5929108a775ef1017ab99a5c747278d16c16cedb8094e66f346ad1ac5b3263690c4879c8ae434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
13ed407034384bb140350c6e34051e80

SHA1
87deaf8e341d89c4ac0c7d3245d2aa56bf45056d

SHA256
986c33473a8379439484fe4b1a83f69079cd2fda34f63eacec7b18c263ca950e

SHA512
c8cea76f8e6d48e17270da65959f35d66a90a213a72bc91166018fe6c6ebc13469472d79786a6ddbd60f3d8600ce9a61536f79e56fa636512c0bb9df0ec00bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
badd3766e7753dcd2bc1359a299ef7d6

SHA1
9b31e87f360a1168e17940d4e9a3c209de104817

SHA256
f384eb0b9566318a6b5ff89fa0446b5990f534e1a33222718a71ebaedd2c9e84

SHA512
edd69f5156135f1c753c4f93ad2c82d166878241ada0a95ba7bdc5f56ae0430b5e266de95fe23c4d97253946a7a18266ff37e97bc6d85b13a622e1948d4d7f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8db72b1f65fa9a57c76985d074eb495e

SHA1
94ffb0a90b1614c73df8e1d2e673c3058d5f1fae

SHA256
094146cc62ac803897c21e4f4c062351a366a4c767eeb0e66fdd7efa27706726

SHA512
86f2d9da3f6583251473b242d7b1aafd17286eea687ccc1aa7c3b358a5db1abd158577acf6d9a3463bab9bf919da503f95c2193c3b4a4f51fad9ef96aa26c290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
93d47b14eb346af13768042f83386c21

SHA1
0c524d1c70fd8e942d26d2d6c0647ea33981b19e

SHA256
bb38258ee1df87871bafe02495a50b8ab5d48318e2ad53873cf557a4c2e903ee

SHA512
6d20b806591aed8239cdab44ee6782c42048d50fcfcd859ec1e53a91088d5f7771ecf6869d0beccc9f05a6b7400417905b69968dc84b60eab1a86ec34f86946a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6de560a313bf260092bbfb93e010adcc

SHA1
ace150d9b8d7208ae4288899f296f5fb82440f5c

SHA256
f9d6438307f0a2585b9c8ea4bfcc829f09bf2c810a0e6bb705adfbbbe9c6683f

SHA512
f6e516356e7e4a07454b1404ac589d4d73c733352c5b19921606af5fa91fc1b73101f52c97498cfb5c1134ec1344825da57f7d5fd96f4a3dbd9177968ba2dcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584503.TMP

Filesize
1KB

MD5
eb26faf683a443220caf62f716b9b4b8

SHA1
c04636b4ab2e224f82619a134114fc6acf4a6f67

SHA256
10d1da6b8fac45496f611b2a4615e36418c8adecaa190c971895437cde0a4e60

SHA512
0f2e9434508ff2abc07ae37e10cdced74f3eb958ccde75e9337082c7e7310c69ed0ca686d82d0b1697e43e9d6a28fd4d1935d3ed20be0408ceec2036ca4bfc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87c94431b64e95a9f3a8abc157e72ac3

SHA1
d30aab4cb8809a802fb6844f4bed2b6b321c1164

SHA256
a5fac493e7bc995845fdabfe1b1458eeaa56b4ba22033bd6ad84655c17722916

SHA512
db6210ac2498d60a6f29bb70a9612d486e2e22285aeef43daa3192e7780325fa5350defc322689b36cdd50f7b7242150c75e33a172f312601f05b4237f3618cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ae67a6eb8b653ccbb5f0ac88c00cc99

SHA1
301ad81860ac7873f5a0d36cf583da034e9e22f0

SHA256
99b32e7e8891112fb578375ffc96917c6b7b8c2c47ccf3957c24ea6153d67b5b

SHA512
f60ec1ba7c80c50b1c5dbae17bb072bae81750f6d7f5f1801216abb67eee8ccff8b4899232ae6be49f56bca56cc01fc886eb7ba3a1e5de9f998d7e5cf198b36b

Download Submit