hxxp://google[.]com

Analysis

max time kernel
299s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-47134698-4092160662-1261813102-1000\{ABF5C807-E0E5-4897-AB3A-8EF26CA87CF2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
4468	msedge.exe
4468	msedge.exe
984	identity_helper.exe
984	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
404	msedge.exe
404	msedge.exe
4272	chrome.exe
4272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 4684	4468	msedge.exe	81
PID 4468 wrote to memory of 4684	4468	msedge.exe	81
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2552	4468	msedge.exe	83
PID 4468 wrote to memory of 2880	4468	msedge.exe	84
PID 4468 wrote to memory of 2880	4468	msedge.exe	84
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85
PID 4468 wrote to memory of 4556	4468	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f8f46f8,0x7ff95f8f4708,0x7ff95f8f4718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16443421106126950230,7051228211619594370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff94e7dcc40,0x7ff94e7dcc4c,0x7ff94e7dcc58
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4624,i,5744245096943745798,11142300171431262295,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3732

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5f9787632c2f341ea0ac82fe8232a059

SHA1
ab8f4622aaab1a18138cfba649ac6004c630b7da

SHA256
33e3430c14e7a452c36f846a3c391e1806b9008f8589f2a618d62c3a82d0cfb5

SHA512
b7ce50802efdb124606a78109cf16536517808be41de13953aec4a6991fa4506c42f41be082dd6c737efa8bd2e35fec1d98d1cdc3f6c7a2fc0c1469c43b98210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ecbb82da7eb81cd7193c09351172e3e0

SHA1
d8beaf7757b7bb2ad14568f70701aa14fcff96b9

SHA256
f012b3d0c6d8b00cb51a943cf8100cd9b4d3834f62a0d1fdca7253a41ed9d6e4

SHA512
39ebce13dde1a62cc76eec7fc9d2b5406054ae9e085155a83bdf4a439f4865bf6bea01220e3b6d9212fa3564b02aa7b13c7fefdd335396f37661d85f6806ebc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f5e3e8fc1f242348880eda1bf0e6dcf0

SHA1
b93096aa17561ccd48256c4fa67d74c15fa5f2a1

SHA256
c9b1daecc33786b30ea6aaedbede56c0bf946502d9af4d94483478659fc4058d

SHA512
7df36b7fa64b0f9f47e29c8f4603754d23027d57f362fa9f6b2f2881b28c1aee31a97f00e89a60ccae26f8a626a2d58467d97a62bb33c82027563ab15deded74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9da56c07b2b23518fb91cd5a8e8ab3d7

SHA1
c0503556d386a8f6febabb52af7138c73a110c20

SHA256
d2eb865e766003f66d6a5dd2c88ab0934e8052874b06c746072b956e37bd704a

SHA512
776ea399aa0de58f16ff8cd882dbbf2cd902899e8d1b1f099ff5d675dbd7e9d0200707015309720e2679c4a5ff24a6e401c889e47d64cc33266b55d912e133b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72af739ea671be4505f35b7a755eb5c7

SHA1
da68a163fd87a3a21d53469bd3dc61cd68b1e988

SHA256
cb5fe9a76a09709c336ae984a4ab7e38f85d6344de8a660b37905f3bbbb2f60b

SHA512
3a0b994ae922a2d4ef82bb4ba664bb5918442fcff5a22897322b05f6e1e8d0996d7dacdb181f1ececeeb2cae81ae25e6af6508e9107539ba7585935f394465ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
e140ea530260abc2ffa969a7c55d1587

SHA1
b54398ed2fd61a3a60d598a0c8ca1712ec26c448

SHA256
c7dcf10640776cde410366243f69b664d1fadf6a8c981c46512515d90c69ba77

SHA512
be095a224bc6a40b8ae276e3ba02919c296028aed0efa6c4fc4292bdebe8f74604653efdc0a99a16718aa534c0ad40731fa8b2a3b3a68fccbedafa4024f99708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
162627f1046f98316318484b05173bff

SHA1
09b24a1ba24193d3b6963168a9e63f6eba4b7ca3

SHA256
3f035254cfbb87512e33a1b5a2845138633634225af64586b5efb85b02297569

SHA512
31e78278445d02171e018b9e45cea51d52b426a4ee83c2b924696f710d570766418c3b1e138446a4f7bc0eb4565dd3911aaa3686801ff38b8decca73cb9b142a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\812b5adab3a9b4c2_0

Filesize
19KB

MD5
3bdddd4f93d9c3fc3abc66ac9ec413ec

SHA1
904889e77eb05e5ab245254651eae0a729552bf6

SHA256
1351992dece42eadf2b6cde72d1c560db25bf9cafeab524b6102116250ef447f

SHA512
f3fda237af0bdcba2914ab82854b919ee6bb3c2b88e5fdea17b9d0034cf6ffd4356d73704033189f6f58e277ad6a7fc5846d7959a8e1dcc0f858a81f94343367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f4c7d1602924bff95e5b53fe9c54aeac

SHA1
3b617cbb7259353292c034d67cf154f582d04beb

SHA256
143e0474b8fb3a9610ae71bd76f2bc5fb5c78f363720f9aa4d54789c3f2dc1fb

SHA512
c562a368ae64fd7385ef3dfc36ceddb87315b61a4cc5527cdc44c646586bccb49c35d3278e76fb32bf38fa87664512244412ae920069e83f40298c09575d4fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7dae15d604cededaaf644ae084af95b5

SHA1
74dbf8fa9d2b53fa6ba3adea37b95632a015f396

SHA256
2efdcf75981f913e732f8a5ef5e38bcbe33b6301cea9adfef0edcedf5f25bbae

SHA512
c068e073aa5de53c12f4279fefa3a805f17e47711c3bd6a501455f346cc5da7cebfeda77e9a77cf797355a29937cb027ac03b81b373fb58989125ef39883142f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
47b6832b99fa0b8062bc82fcb72af754

SHA1
906d40942ff89908216c990c9fb193a7fbbb88d2

SHA256
98c256cfe0925f58b59e964244f52b8fc81db03f5fadca9497d287cf5223a5e5

SHA512
f48886e435aa51e12eec6b25d20b184b315ed7836e42802c417d519f60a403b05df41d9959db1972f04e605a25037e12d0d7565ef89dea6cb7149cf8b7b130fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a5019c34652c8339bddd45b057f4851

SHA1
d6d789695d9ed4c042c433822b4bdc442924a66a

SHA256
433e4edffbe47617050f41d424c3337a92ff2fd911eca7b2205d4f3ea4c2d033

SHA512
fffe76312a3df65c816bcf59618c1b590ab00cf265cacdd88cef4cbf1f02dd374a1f3f1a6e77e0e5495dd98873bf7286209dd277581ad1d9bcaacd60309f0285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
18271ddbb2e06655240348a641d1f072

SHA1
e2a83c065f7a65075c32648f92bf807026abe47d

SHA256
7bca2527f369ecfb650017f2c5a634f3097e845c1a21774d5f5cb661242eb639

SHA512
9fa0230a454ce67756a64123c81c4e6da23668566d951b60b81213b10ac1d29c1e8a88a265d44e74f119259f7258099be3a8316217979b46a62925f8437b0140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
dc8364ea0a0bbe638a1bef81dd50e677

SHA1
173a540d7c1538097c22fcf1e4b4961481bd6d09

SHA256
661c1317070929a5fc21892892e89790ee8905d08a321b16723bbf97addded61

SHA512
fd826f29c7e8a308480907e6f607e856ca13c58ec1448f683ca0991a4b363ce25e9cd0a6f8fd12772dc9f4c818aaee4abb08e3c1263cafcfef35323840953794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b1fc66ae84a56695317937a2be47182

SHA1
c8adddc873078d2227802e61a0a91eff670b7e22

SHA256
b571e5b9a3f755dae6970306ac4d59801952e10d9c471dd2ca4fa8c6ad8edb18

SHA512
5e5a53513b4b112286da119baeb696afec8203b09ad57bb5dbb30709d68e009d79aff07c48cc813d0e6021bc1c2b0f4e58c7cbdc34af5b8ca7b87a0141d6cc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc4923d8ed69ce45ce48a86bea144163

SHA1
4f9a66ec97bde87457fb9e99689bf1b67f72f600

SHA256
bc5cb9764ad16c0f7684af6d88c7970d07b16bf2249c281e4051016973aa1e30

SHA512
87bb097f301109abbbe64ad77779296f8ed6514937d9366885cc1c37f24b6e02174e9aaf9287a9a259f85489004dcdb82df1083d73df7780ef17f63af5cc277c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6399ea23e14ead59974534420d967f5c

SHA1
5a0926dca9dd8e358cbea6b44f573417b4a29af0

SHA256
a55ef3915b9f568b34dc659a44ecf35817b73d10c3d88333a6f272f4bc27487b

SHA512
54943a445843e0785dc7fbf61b3e9cea4e19c3a79bd7ee4416edda5bf63185546dfe368016f9e01ac7add8e41e5249ff05edb817dc73b7f8b5f0cbe887382eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17aa62496034fa40ff02228cc94ca888

SHA1
1126771b8da1c4c3cd5e2e7f09e9bf26fb5ed540

SHA256
96ecbcd2e125bb4a5a6a2a15a40a6177e8bcbf93c9f2e431fb6b82a23f66709c

SHA512
9d0adbb5e2a06dbe7f854b119d9788647f323526e3744b23441e626f6d69e309db107b60254ebd445cba7c8d4f7ae5fd5857f1aef19107d92373348ca80fe509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55ffe5fc3cfbb4849625a670b9911d8b

SHA1
eedf8761f7a7916420595e304474e33f8bc63f1e

SHA256
e41cb67c0a3483def6e501cd62fc1d1f47f44dfde1ea64c9d89243cf89177536

SHA512
8012700d2e02ed5fa47f2d12f0192de6aed2819250ed471923ddac56f5c766bf864ddc94f45a389c959b2f9e353731eab2266fd6de5294b46967004ed359c88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e81322c360c6370dc6caea46649e15c

SHA1
29151ef416e3686c425c177829028e77e958d81a

SHA256
d004629f1205bfde19fe6fdcc110031d9f4fdb83037fc2fe0f60f3948c14a15d

SHA512
ccc533bfa3be90eb817d764de92aa415dcf6cb9ef07662fc0f34af92c00127075a6f505e48b9bce1afe5b0a7686ba899204bcc8b224b6de388265580ca22fdf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46bdd837a3039ec08cc3e97942e7cb68

SHA1
6c78d4a03876a595a4aebf7e1331c5451e662e01

SHA256
13b565ab615332801bc84f99299269d3eae908b5a4857aacc68e57e727599b72

SHA512
bc7c89f11294ba574a96b700cc5f898bb3599dad1b29678467def2984fb353b035ab062a2f44bb07a8a8e03c7ee842f3005c71da0e1ee44bb372c3ae37438d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac5854879d981311a99e87532e1cf473

SHA1
cc62c7a23167f028b4a936e24e3ab882d16c10f0

SHA256
fb3ddfde34cad5d164372fae44381338fb696b544bda11e58636eda87a4a865d

SHA512
ae4634da938585a4686e0ab47c6425f5947b448d482c5451642fc90398c28d1dc1d041eecd381b3c98350b35d934555ad0dd00384893b82eb09167ee99cb48ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ebe5644cbeef20bd0dc4ad4c1ea2dfc

SHA1
2e8e64c54defafea703c57d5d43fc32466def02d

SHA256
d9a32c9905ae177ff0428cd5847db1e99903039991fa4e40cb04376c6e5af441

SHA512
72f119b4848458ae4a49932b5929e5e6199beb1e773903a7ca42b7f36ee9beed360c005b5b3198e9b73c699401a1bf00be07a8d543b9f3fbf2a76a5a605466a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
518028f563a4dfd56a8ba50bca0101c3

SHA1
9e3452e59c3b706bc2192ae96ef1c6e86b23b2e4

SHA256
dc61cfee9a39fb8b355c51756713b6bb3765740798823ac2e03bf750fa019f86

SHA512
00b798a6cb94eaf707c8ef0330a05f64289e3d26c0c6d5668a9c04f09276f9438cecb892faf88414c77ae802c86586cf96cb7f756d366576cb67767132ac9b29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
2eba0b6181dc6711261be9d97d7b7a1a

SHA1
2524d2d07a6885feba0ba4ae427c08cb6f532225

SHA256
d6de3926c60a420a6732af06b84fb966dcb85aaef31c3f182cf25ab3e2858b7a

SHA512
78bd4d3e283fb48aba6bc7a241d958b6ef51790d99b1604ab62907247cf1ec1e66b0322a9ce906965312db2d7b9ea2ea1aadb3c63148513c4ebd245901d5383c

Download Submit