hxxps://drive[.]google[.]com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link

Resubmissions

03-08-2024 13:25

240803-qpbdwsyhkb 6

03-08-2024 13:22

240803-qmnansthmn 6

03-08-2024 13:19

240803-qkssdayglb 6

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671650318295997"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{45F2A508-DD63-4C79-B720-5233777F08B6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
3168	msedge.exe
3168	msedge.exe
5804	identity_helper.exe
5804	identity_helper.exe
1756	msedge.exe
1756	msedge.exe
5876	chrome.exe
5876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3364	3168	msedge.exe	82
PID 3168 wrote to memory of 3364	3168	msedge.exe	82
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4496	3168	msedge.exe	84
PID 3168 wrote to memory of 4776	3168	msedge.exe	85
PID 3168 wrote to memory of 4776	3168	msedge.exe	85
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86
PID 3168 wrote to memory of 5136	3168	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zJuPgbw22nmGohlIFoRdk8NtWcNS1L3d/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x8,0x108,0x7ffaa16346f8,0x7ffaa1634708,0x7ffaa1634718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1800 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,638051775965988121,9684225958050346787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa0a9cc40,0x7ffaa0a9cc4c,0x7ffaa0a9cc58
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4956,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5288,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3500,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5612,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4596,i,16493792878216797543,6848501952757801976,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5612

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x4f4
1⤵
PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4cac357bf24f523841d64a4775f0aa54

SHA1
78b550849a3899d802ec8798fac15a7401580ba9

SHA256
04e85566882a2bc4e8d6d31ceefcd36b4c0a5b3cc3885321ea274abf780ce5c2

SHA512
f9b9107b26c3ac0ae71c1a24c5e240f984663322eea15ecf6ad4d2e30cb444b78bb3da3d3c9229c37ebba39061fa283f94f02376524abd7d09f02cdb632159d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9366437629bf83fbff19bef18bfafab4

SHA1
fae98b0b34c15c9b47489fb23f2e38b0ffd86e24

SHA256
00673c363828ee4442c862d8fa4733f50780cdb1745049aa0b7af3145cb18339

SHA512
2a70a6b5c18819af73ba321fbcd170d7f40645cb93e6a2ae27159aae4151a6c6dde24d2ac62ca0f6c792e53782251fbae3704858058a855b1f697d5c3c6e79a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
57aea440a5cdee544c127aa9dc4c0a77

SHA1
518eaa164fa4c8b057a5b451ab8123d69f929884

SHA256
aa4c3f1a05d4f0bfe585686ad18a596344437bfb596f8be6a5505b367b6fdc1f

SHA512
6032b4eb9e856fc64e81082f15903ae037bd8ac50286218bdafc079a3e43bdbd508fb272ad785b154f715afcb5509fbebd47298e4687d31f0fff0582d8ee7d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ad4c8fc1c2eb5401a41d851f7dc8d928

SHA1
0b43e1c18c8da2f8efd28d285ec6c88f3d22cf2e

SHA256
0d657cefede694846a5c3e2704c8f7e4b37c3f10a3800bc256178f22c2adb20c

SHA512
faab2beca90544427ef1d69638d27a6894fdc5aa1b39550833fa5823bc707b2b41161d5acb72bb39eb312f62b184c7b032bce7398e95f3a704af78f913fe86d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
25ea1407d4454667380a7f531d08b56b

SHA1
915612242a551430a18e047c0234220cc43c69ce

SHA256
0fa888a2ee9f5bd7e032f7298a1b47c4dcb3ee3da81a57b2b2fde4f0d2f7ee62

SHA512
18eed68bed90c3c8fc9c49788fd9d41e8bd8c5a336e7c5785641e0b5087f6392a14ebdc7240b090f2d30cec8270718c2e1825623140d9c82c2ded939c1ad68e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
30cf63f4cc707e6b90efbcfd0c7cced4

SHA1
9e82402cd1f2f8c2c7bc5faf66c5d33ec827f21d

SHA256
68e6ea1788622027eaa46e91f8d842f8a8a6b4f547b983a0cf14de11b116d893

SHA512
7376ee2e5ca6c8dff4cbbb5c08c1ead4ce87c992a18f2318f880cf0984a4aab2c8a0ccbc512ed55a475311e7775803eaa7775e787752a7349b7950a6c4242361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a5eabff3fc566454ecec4f11a7cd0b08

SHA1
a7065e5ed19aa8c41e50bdeaa7646f92c730f84f

SHA256
e49d1e846a5b18dca4695ed2e80b046acc23f9c39f03ad1bbe9801d3263ff714

SHA512
5d578a7ab056a714ec34eea188bbb34ca79c4f8bad324c554f9c5f2bc7ade3d58cf457d4da09a8b67f8130ac8c194b35a882fb9f77d263c00ba21d744badff61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a76b8eaa0890047bd97e546c6ff2861a

SHA1
d61345d1765c7be43e850a6aa9443c350068082f

SHA256
a4878230bf08bd992fa081f663fe23db0fb0c89eda108f867b91943c512ba2fb

SHA512
2c00f626b45bb508a569c81120e2625cdf6df4cd9e72fdd2ab53305442a6592e5f041e1afbc3acc2d35167ada5528b7b852ab53380683a56240a89b3776d39d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d59493c324e423c3b2c07be8bdca4d3c

SHA1
11e43ff219a6553b9a23640e2472628e24691934

SHA256
1c1085b1e692f84411c7bb7cefc37be0df3992591f5ff3fd5616298aa4e60d21

SHA512
04c2e415084c0fdc1e60ba50b83a6d1388915d15eb41b1a94db2af0ead6615c5aba958c556b86cd8d4fefdbd54afe60612fcdf35d91287f375f01c718d443891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652982c055117aec0c5b154b25c3ec90

SHA1
92679848646ee9d8d15037f6c832cb8dfbdfa15e

SHA256
be0e211ca3845b421e6c271c17af1bb68199e7dd00a54c3848737cf3dfd7b53e

SHA512
ad337e2e56feb79b84764f82647d4c6aebc2b2b6725257b8e57f1b963bb2bff27d635bb59b72d4a988103abbf0a0034d2a93f7ada499e32bc505dd7577d31a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
180838fa789d2f8accc4a6ac9f11b7d5

SHA1
7751793889ae0203ff1748e3f52123c0a3c3c098

SHA256
9fddf745b9d34333a53f22b59dc149dfb44e6cc5b27b4f24b44be8f551967a15

SHA512
c28240c7ad9c1e535ad0a0c4b1418b836777ef3d4fc7eb093e6956ffc0ffc92d4db96b8fa31b1ae6603fa291d0f9a146d51188857a672414568384d93e8515d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d12b2a499a100262867a7405d8ad06c

SHA1
4917aec88eae70b2db3a6e3f0dcefe659889ccf0

SHA256
31cf1b33b388c0090a534d30c0044d9f5237076f810716be66193c9a3a960ec5

SHA512
6809b3f644d69c5b6c5e4023d83dc2ceca6998b55331a35d8c701385fb19009d7bf3fca61151c26b6de891c563659905d623f2b6e1ef0a16c88693bf0ffaae12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39204070259814613dc30413fa16c905

SHA1
958b6104b8e34c7db5020cb8fed2b0958eaa1a7c

SHA256
b5763e66cb2a961eff882a6cc0ec311483dc45588bb3d9b47b7e6a7c1342b6fb

SHA512
31714b4759e6d9e6a96a2e1ced33b145b31aa2bd944037a3f9f4b70ee62e43afb91df226a8724d8aeb6adb981cf08635d520254e3d12e1068c3764c0196b61fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
06d8c422f13e1ef9d9a968e4a7329202

SHA1
45008179167bb840757b7d8d3568fcd256919123

SHA256
b888a6d024c451e71fc10732d3b7a43f96b13fc323b9858986c19d9bc89b079c

SHA512
98fe97b93bc60233841351585e7bf6fa88ba0ea5508771bc13c3f7856870f8c89a4241d7783449ba38069b88ab6c5ded75ecc0e1a0d443af12b472d0a2c4b052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f883c7aecfc3a479d5d3ae536262d875

SHA1
201fa8c3c8bf8ffce375f21028a673df209f4fb9

SHA256
a7524b420e555aebf66656b7b32fec9e81d9049a6b5d7b6431740e2674693420

SHA512
d54bb02d6e39e7e46c466fc4016400bbc7e64bb5748b410c3f894d1c723102a16372be1fa02fccdbc24c0840c6d7aeecc46ebacd5aa32a98f19e652a2c905b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
73e766f360780def2b247776ca4884ef

SHA1
3b42eedcb99d5802feb4335146db578771c56966

SHA256
7eec3d4d8c54162293548355e06a78ddca96d1e88e080af01bc9306f33c79701

SHA512
1558236ed8345cbdb4f661a45a35a21dd5187a85c18270a6951bcb40b07d8c0a2c681342548985a6ffd54c010bc471f9138429484b8684294a850e91266c69c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
c7bca79af35bb7882a496add35aca215

SHA1
3a41023be781a4a7b17c51e7d57dc2abb384d708

SHA256
d321756cbd1c76e9be84e3630af9f6e131c1f3e130dc4f9511f862be50986fb5

SHA512
ff4ba7ac7b8217ccd3f76fa5cd2abbae02fd12d7e0e02b30741aa64642f490b5dfce6091940c9928d1faace9cfacb3a6a170178e7e6ef170384715d40e94530f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
86c7e0d8e3420491a11efef18aff58fd

SHA1
1ddb2e9031fc94f22bc685616e7b80b42aa7e5f5

SHA256
5105c4d693bae4fcad4da2f45548d99a863e134a12c67f57559103b3db9ce015

SHA512
e5fbf45dbeea0eb141007facf4be18dedc11b10a601897e07c1ba7684c2443a494b69094326a2f1a59c0a0142007ddb0d366aa580479f5c792a758c4e4a8adbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b1f3581-2c72-436f-a6e3-64c8115f7b01.tmp

Filesize
6KB

MD5
f96f7e10e853e4f48acb92719ed5a4f9

SHA1
38f59a27fa28ae1a7404b05426bb4fb00887a9d1

SHA256
39e794c56b0b1a169275c3d22e4556424cb950725f888392ed9c947412f2236d

SHA512
d97bb46619976d93e4d5d7e6d9335f869bf2ef67fe655aa61180bb32d743688534d89e8234fc2378cef841e155ba419c9c191101e5fe6d5b6ee365dd55e558db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
197e354985f801841fd9063f8da69326

SHA1
c127209badff83286ec00a6ce4bdf210a5771e52

SHA256
cbd2e9234eb362131abd368621f7c1d9b0eb956019ee79115c9f848c6795df41

SHA512
b8aa5e6379733e20aa61d1e257c892fa81e8a9169ddbcf8832ab69e9e7aee459b0bcce6fafbfa875ab4544d7b8102448b12cd58b58ccf00d04be3eef57231080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
17d6b8a2f8a51eca40103dc6f6a57000

SHA1
9eea745a79ab84d6b8dc8641a52a3f712ffdea85

SHA256
b6f861b6e155714d0e86f8e60230222aa9d1f0582c11a1400c81d9d619968fa8

SHA512
5630eb75f9f326c8f441933bb2812c227936cdfffaf643878e4a39a2dd504f62846ec2ed9a0d58cba5dec74ed141a7f4f401d4ac92c09df3a6e151c28fc7717c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5babf9d7bf6a42f86cdf5c121cefe4e4

SHA1
8b8d4b18eaadf23fc49c090c5acdd6a82d95f23e

SHA256
0d83a400a0402575e115d74dbc536d378ec07cfa24b4ae129a1e82c884cb914b

SHA512
c25abf6ceceb1a7ce959e58f7dfcf543a4561c7dc7a48c0c0414f2bf8e05fe9de43205d9128805a0589e176c3c4a8b24244e1d903d09eef13dbbc77c061d0291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e28708602c5cc786280adee79626e0e

SHA1
4f4e4bb89fbeb2173bcff9c04a5d95b6828f33c3

SHA256
652cec098a9d205bbc78f39c4c79039b612bff5d4a89f2937707a54c4e4727c0

SHA512
088e37bc952fd9caf5ecda6aea0ce09728a663136e694d0f2488aeb4a3feff0f86f3e5f2a1a5412972e9b58a12421e15bb8507e291bd4b1ca5582a2e3cd3719e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aad315d63e67f45f727e6c3078a25e0e

SHA1
aec8a5198cc0da33794aeb5c6a41175ace6b7837

SHA256
d7c1ab578ae5f67eed36da769115c4897433a91afe2b2b3350421852e132721b

SHA512
7c13637051d9aea29725e10c68f1d1822e463af4d8a01037b5938995c994c08f3fafdb23730f2228eee4aea701d6da5deb1e608b3c3bafa87eba1f4b9f8dd2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89ab7ecf384a2d3536cb66dab27432d1

SHA1
1b61b15589b20e356e795d68d837e5b37e8cd867

SHA256
c3801651a611bebd52048112e7a3bc333556fbacf5547c6f2d596e83ed803dbe

SHA512
8a7d5944d6568c6a92133dbd567033d3a8188879231d97ccc18a19f1046a30db5c533964c886fe728f5b221056cd8f1f559a2b41fea415343d06d777bbee7ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c1b5.TMP

Filesize
1KB

MD5
9e7f4cb41ffeda4dd9f149375abd6c6b

SHA1
789f8c134910fab5d3ea9b922d076c1ce71fe9cf

SHA256
17e9619a4b8aae13b7095141367e647cbe5a5725bccca9e2443943d35948dd80

SHA512
0577a32eab7ea4afad4f1e0420a53e417b25bc479cfaf95becd7f1a9e9418fa73262c009fec742e31e900fd4d3611115ec4e39ee2a21ac1813e181c5956e3145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee5680dc1dd15994638c99472d23624c

SHA1
eec59d330c1a3c8c46a23d6d25720244db08ebc9

SHA256
6258db5b400c1624578da4fa8325941973ed463d60c1a79d04133f9154cf427d

SHA512
f733ebd8033bd30e468f14f5b9c347daeed5a7e37805a3aba82055257fb1256d674f497df4a270215565c57decada36dc25394698b255ddc448e68426b1e34ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a19e35d2c8c42153bb9807be6f09a52f

SHA1
bbf13d7aa7793c800e49335e528413163cdcbe5b

SHA256
87de709cd29a0bbcf7876476d6fc79425340038f629815d9b7558ee167925baa

SHA512
e8106860c765abc08b39b445be8b7329739c3e3544cc05fcd14d5c6e73c3065c60b921c45d7d80069a031849a019a0e9de71710bfa2e46c4c17b42b6aac39ca8

Download Submit