hxxps://deltaexecutor[.]io/

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://deltaexecutor.io/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653366302315528"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
4336	msedge.exe
4336	msedge.exe
1632	identity_helper.exe
1632	identity_helper.exe
876	chrome.exe
876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 5096	4336	msedge.exe	84
PID 4336 wrote to memory of 5096	4336	msedge.exe	84
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 2996	4336	msedge.exe	85
PID 4336 wrote to memory of 1204	4336	msedge.exe	86
PID 4336 wrote to memory of 1204	4336	msedge.exe	86
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87
PID 4336 wrote to memory of 2912	4336	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deltaexecutor.io/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91caf46f8,0x7ff91caf4708,0x7ff91caf4718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4949649312290849718,10780045352131599543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding
1⤵
PID:624

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:888

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff90e09cc40,0x7ff90e09cc4c,0x7ff90e09cc58
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4448,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4956,i,13582695919350949126,485886781921051307,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4516

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
58c927a3d49d6cbe7cdc89e69c85f77c

SHA1
37c826241adf8109f61623975a7b86183465ecfb

SHA256
01b449714011e9a2602e40cb95117845f32fb411ff036fc0735c41ee7f24c344

SHA512
d5ec78c35fdd3de199dcf824726b0115a37523289722da5da1fc42a9becf082212a3a98cb88c9b5054432d9423ab4d0a900614cd998e2cced023c96bbce10d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3cc86fc088b3eb57d78019d9c65842cd

SHA1
c2248eb03ef8e54a0f76e11b8cf26c4007842bd4

SHA256
57c57592c33c217e51426cd9d0bdff7233ce0918a0006f497a58c6112603aab3

SHA512
2c478bc68f01bcf126555e59a3138254158977a50b6cbd5da4926d94ed6a4fc4ce3581a9ac6280119f992f746a6acb69de5c98601aee184fb4df21d417beafa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
939bbf5500941debdb91393be2faa556

SHA1
828ebea15faaa2adff7066ba1fc992300cfe7d72

SHA256
b080b203e65193b326f31f5970b66eeba15d6b29bc1f913588f51616d971a1d8

SHA512
5b9ec0be6395d1ea42ba73564328702a8dddce2044f200fab6049169739c8bc5bdb3accdc7f5d0ec7b319640492fc875dd479eb0cb18637a097ea891f8ce9af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e005c786351f5ab07062e6ff1b5717dd

SHA1
a52bd22fae756788257a7319a6a452ffee969372

SHA256
f717f0f55e644895c30d17e0eb9af53de86b5dae65be9362c6f440eeea71531c

SHA512
daf0edae65244b41b24e97d0691c246b0f93e082b37ca346fd949e291a97088dd6f728a3248e711ae3da623e1b5ba779fbc44dd582d86f7bf524b0b56d5c4596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
011aa26d1349b43deba13a2fe8d5a3ee

SHA1
b08442ac119b422352ba811f53125299e287693f

SHA256
02d885c13aa3da38321f4033382475f08c70207a052a6f1507f733fa773d554b

SHA512
8f49c7e0211da1a7f0db2aaac42ffa337bff186425ea52851ecb7ad90f06c956f00de88e1d5550e0d5a38e35af0beee925252dc7152ed2a771caf6ffcf61d337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
7f8965bc4a6541189bb000b832b3ba4b

SHA1
2cfc6a12844c3ec89d571ec5d87cdd5a0cdc26ad

SHA256
57e9504e17918efff5f382ae00f64cf1203fbc3190adc3774f43f49a883a16da

SHA512
7763d57e238ff0cf43550cada4c6d941a673e0e9ce8020e0b6b1a99af54217c7180c2354edf9138cd50461c07de5e0ad09527e3fc7ef87a73003ac3847dbf306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
43KB

MD5
18d0961161947cc8ff53cb476e005e5b

SHA1
f8ee3ff87725fe24c0565c63e6634c60aa6a45ba

SHA256
3d6fb629f65a9bb2ec596215a38109f04a408c479aa96585044aa19b5b390b58

SHA512
e68f50692d5fc3353f23fd48e2bbe7021015f944c60abb52dae9707034cf5c5c798659530e15c760df06afeec5432baa1c0b995e6b541ae0392b4913cce56ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
11db7fb3182a548620cd81d9834e9f61

SHA1
5d63717ac35666c5f31d483f54a21518b0b5766d

SHA256
af9a7f542fcfdfd061209de29b5ce5ed540d6e702fca08af262541a92c82d3ed

SHA512
06e000fb72af7acf73d11424ab54a1299e7611c4e8535abd7cc67de695d3a016825d123f3a2352e9bd92a92fffb5edb50a3fcb39553f4b332313dd13d3836116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ccb0cadb3b1e08f67e8e48468a7224d9

SHA1
ae13dcb1a3505a60d56d0c2b32c24f46b6716f53

SHA256
008dfdffe1a048d3ac64046b37e858a94d3106f8fe36267920e954c835cccfbb

SHA512
d5577d9e843142dbcde9ff1086defb968212d1a2a53d837ee2c43a3f95d8231cf8e814624387f89729076779012eb4a9ef70dcd0c2af8e052ac0fdcedcffd88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1355364d8e3f2b9fbec6920a8df72f21

SHA1
36066e62c28cb74b48ebe0b2268ddd052bd16f65

SHA256
334d8f7c2c61477e1ebf92ef8d0de8692ebb0f8b41ba353bcba0f22dfe3efb05

SHA512
f7f71af6c25f0ccaafbf7d9b79df10afe850177f34c1d1c4005f527b4ea64391a6aee732594f90789af1636cb4373dce37d77c6601ec289bb0d36d8b73f68db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f8abb37c9798c9c2cd0a01cd433f07b1

SHA1
724fc8ebfc72263951ee41f885c1b2b1bc977614

SHA256
86b0fa1b06185b30bf6c52a8d0095c93b17a24ef211d73fe0bd6f77d843b369f

SHA512
649e073c5709848719063af21e44b19b0e84ef95738b7222a807ad35c9ac8c39a47e1b520d184cfbd4396bb51788d229af631a71038c41f9dd9793eab1b720c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2616c8bb77eef42657b4ad385dcaf9d1

SHA1
e86ffcdf2ab3f31b6ec62159a7dc0a25e6041f3b

SHA256
374f7d179f290e940134887b96bc93e53dd38f37a53ea7711e8617ea8f4a91e8

SHA512
0427de69ea98b6ad0153b8ec7eda21ba0c0b8a09cea79d70054940bc54287658ba7066f0e1e35126fdda56005925a41c85187a71a68dad9954549038d00354c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
708587c908a33e76607266fde67d35aa

SHA1
c78e5c38b1cefe29699ecc3617a67fbf6ba68e78

SHA256
f2adb26ad2f6c0048f97822730589b6d925e18b3c06bea6dbff51d8085703384

SHA512
5f2b33acab1ca5ddb5f998b19e6f7d0a8f647de8ae916436295e28fbba9a1c046f7199cf1fa1de6d24263206c8370e89a4baf6ab008c12b11fe229e6c5d2ae04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68dc5e0ee6a000d252e0d7737b9a4bac

SHA1
263f62a553c3a8f886aa63af9594fcf36fe6df5e

SHA256
e4dd64bc6aa8eccab433866f659d782af4ed5d3307db0a547a7954756787d349

SHA512
ed2510b7eed2712fc0b62967e57c8047b6b3e0436eb165430ea1a89de782308075e6a528e01bab829980da54f1b2f256503d12b2fdee90901d8b4b8abacf51f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ca21c7f3d5748b84bd3fa9b2b5ba0fc4

SHA1
4ecbaccd9f8df357d958eeba9efdc4ac4704c27f

SHA256
1f1b4b106150ce7979b9138fb97d49774c77613168d93bf2042731ffcc709d30

SHA512
6a6f1c045404767bb0f1bcf0afe7d18bf6908c15858ee852ffdb8bbdbd424ae906edadbee4554ce17391d9bd9be727fcd5db272b32ca1fb1be41ec42e8856513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
371b27f083d618e154493bc436f9b884

SHA1
9260d48c8a239f35f4e8dec314416acfc7955175

SHA256
13733d5a5708616c6cf6be5a26a81016d69550e6441fe0669eee3c1078fbef72

SHA512
c9c11bacd9da21faac76e8aa057760f3b2baba51397b5f1b52009a4d8c21f41d6141d305457397c4069d1bccaa588cee90f0c7a69cae449dec7ef91db2b452ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
add1842efff009510f5ffacde4312961

SHA1
b23f3ef48f8e8142a59b1e830cf33c01eea4e1a7

SHA256
2709d06588a2f5bcfd6b157de5b129d300db7fcfde095f39676c2ad649147ad4

SHA512
d86b97c050b0eff83e871e434b8bbb394976399bbda923365ce0c53b6b80158fe4ddea36158e3efa5f1977a567e9bf4b10c5ab0afff3408968aedfed05c73df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d8281fc58f9dcb1be3ae9435ae492c8

SHA1
891d4013d9dda2221da73e3be56904a08d2c53c6

SHA256
a2fb83251b4a215ed56776693b5929e2de56390f5ba27f34ac550def3a17d8e6

SHA512
a7c81c35ac8a8147a1dce46ad0cdc719a6d502096c597157e6c76b29635d665ca297abe07e35a89c40471b6143e62d17f9e85fe5566904280297b73d369361bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef42.TMP

Filesize
369B

MD5
0cea62cad26f55531b4c87cdd076bbd2

SHA1
d6f1030766721b5b74c3a7a6b9f02e2e63bcf4f5

SHA256
be424b4829442d5e9df50dbf0338aa0b8a7476b6eb2e19f937a16d30a9dd024e

SHA512
f3bcd2124f08a8e1d6c7201c6e10ad256989d155213dba60a096bfd234102ca00aeccbc551d32a248151823e3adb21b06e3fb787f9f7c68cad5470454e45973d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f99db03fa65f959784c8eea6371991f3

SHA1
d5aafda1904f1c08719f0b039515f3bca8886406

SHA256
ef065623247cdf28f26e14cc5a4289d28a447e5ac9dd76924a24b2eeb0b46a81

SHA512
c634e4188e494af7e4cbe0ed57b7bf7ed9dbfac89f4331b4cb236067753773ea400ab531a39cff7f6546d844ae8eb9951e56a52570cf8aa28cce235578ce27b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b25e5cccd138754b533ab742c190b55

SHA1
9d18d46843db100d79a9dc2b2a39086d65e61372

SHA256
456a6cca898467773e9e3ea31111eecc481ae58ce41ac6e94ad8718fd541d965

SHA512
bbb8a4849fd500637c1873295d54f6567648f3b890ec6ae07488ff4821f7baba5c7636af85845a21a43340e13403e9e73434e5667a5b2b03b36c85182173b9a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
05c407c377e99db6e974b18ade60fa34

SHA1
64eec9707a2328afaedf13f36588b42158f4c91f

SHA256
a90a5f6009131860e7c278231e5e76d4cf3d4ba4a2405c2229de374717008ac9

SHA512
eeb12c423bb58188238f27348d57f87cc792a28bf5ef812a341028b70dea3c0bddcc10d0272240feb8fc326c5bfc7291bb609943da25f3dbb27b402f7bc4dff8

Download Submit