Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 18:40

General

  • Target

    http://google.com

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4284
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff354718
      2⤵
        PID:3636
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:4172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:444
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:4012
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:4000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:1516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
                2⤵
                  PID:2908
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
                  2⤵
                    PID:4736
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3624
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                    2⤵
                      PID:4472
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                      2⤵
                        PID:4556
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                        2⤵
                          PID:4324
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                          2⤵
                            PID:4532
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                            2⤵
                              PID:4816
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                              2⤵
                                PID:384
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                2⤵
                                  PID:3616
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
                                  2⤵
                                    PID:3480
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3440 /prefetch:8
                                    2⤵
                                      PID:1284
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3400 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2996
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                      2⤵
                                        PID:2408
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
                                        2⤵
                                          PID:4004
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                          2⤵
                                            PID:4892
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
                                            2⤵
                                              PID:3536
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
                                              2⤵
                                                PID:3052
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                                2⤵
                                                  PID:4316
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3592 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3892
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3904
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:3420
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x4e8 0x490
                                                    1⤵
                                                      PID:708
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                      1⤵
                                                      • Enumerates system info in registry
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SendNotifyMessage
                                                      PID:2536
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcee49cc40,0x7ffcee49cc4c,0x7ffcee49cc58
                                                        2⤵
                                                          PID:5000
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1896 /prefetch:2
                                                          2⤵
                                                            PID:2008
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:3
                                                            2⤵
                                                              PID:3712
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2240 /prefetch:8
                                                              2⤵
                                                                PID:3548
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
                                                                2⤵
                                                                  PID:3048
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3336 /prefetch:1
                                                                  2⤵
                                                                    PID:3952
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4560 /prefetch:1
                                                                    2⤵
                                                                      PID:3892
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4808 /prefetch:8
                                                                      2⤵
                                                                        PID:5180
                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                      1⤵
                                                                        PID:4460
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                        1⤵
                                                                          PID:5244

                                                                        Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                d751713988987e9331980363e24189ce

                                                                                SHA1

                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                SHA256

                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                SHA512

                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                9e3fc58a8fb86c93d19e1500b873ef6f

                                                                                SHA1

                                                                                c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                                SHA256

                                                                                828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                                SHA512

                                                                                e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                27304926d60324abe74d7a4b571c35ea

                                                                                SHA1

                                                                                78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                                SHA256

                                                                                7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                                SHA512

                                                                                f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                Filesize

                                                                                209KB

                                                                                MD5

                                                                                3e552d017d45f8fd93b94cfc86f842f2

                                                                                SHA1

                                                                                dbeebe83854328e2575ff67259e3fb6704b17a47

                                                                                SHA256

                                                                                27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                                                                SHA512

                                                                                e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                Filesize

                                                                                62KB

                                                                                MD5

                                                                                c3c0eb5e044497577bec91b5970f6d30

                                                                                SHA1

                                                                                d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                SHA256

                                                                                eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                SHA512

                                                                                83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                Filesize

                                                                                67KB

                                                                                MD5

                                                                                a074f116c725add93a8a828fbdbbd56c

                                                                                SHA1

                                                                                88ca00a085140baeae0fd3072635afe3f841d88f

                                                                                SHA256

                                                                                4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

                                                                                SHA512

                                                                                43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                Filesize

                                                                                41KB

                                                                                MD5

                                                                                c79d8ef4fd2431bf9ce5fdee0b7a44bf

                                                                                SHA1

                                                                                ac642399b6b3bf30fe09c17e55ecbbb5774029ff

                                                                                SHA256

                                                                                535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

                                                                                SHA512

                                                                                6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                                Filesize

                                                                                19KB

                                                                                MD5

                                                                                2e86a72f4e82614cd4842950d2e0a716

                                                                                SHA1

                                                                                d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                SHA256

                                                                                c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                SHA512

                                                                                7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                                Filesize

                                                                                63KB

                                                                                MD5

                                                                                710d7637cc7e21b62fd3efe6aba1fd27

                                                                                SHA1

                                                                                8645d6b137064c7b38e10c736724e17787db6cf3

                                                                                SHA256

                                                                                c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                                SHA512

                                                                                19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                                Filesize

                                                                                88KB

                                                                                MD5

                                                                                b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                SHA1

                                                                                386ba241790252df01a6a028b3238de2f995a559

                                                                                SHA256

                                                                                b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                SHA512

                                                                                546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                                                                Filesize

                                                                                1.2MB

                                                                                MD5

                                                                                0aba6b0a3dd73fe8b58e3523c5d7605b

                                                                                SHA1

                                                                                9127c57b25121436eaf317fea198b69b386f83c7

                                                                                SHA256

                                                                                8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

                                                                                SHA512

                                                                                6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                a9c78d274e8cfb0954e2bff3f9c57cc7

                                                                                SHA1

                                                                                7aa959f7b7f07943519776c70fe1c23ecc025f4f

                                                                                SHA256

                                                                                f0c1d117c7606b0d6562d6f573588e313c00e74ecc6eb3f4a971a0da0989ed4d

                                                                                SHA512

                                                                                8513952a7fd459c073c1401286fa2f97457997ce078a672841b1251345f1ac615faba59cd30bb0d1b4c725d00d06f93fca3a275d177b27a0a475993b5b689288

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                66504a008f7fb902c0eec6f23382a043

                                                                                SHA1

                                                                                0aa0bf9b007484601fa148bddc3ed21062c4b2a8

                                                                                SHA256

                                                                                31f8d4611c3f252173ac69e48cab7f9bb62621f67345bde742e9de951aeeb7ec

                                                                                SHA512

                                                                                8b3d1850362e12f11324b4b259704b74dacddbf1b092777c340ce1968612a25183b13e8e4ae397dc2b03b5a9919d14f72c0f05e87ae81367309aa0e33e278906

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                ff8866b66c83a7e9e6f40cd603029f16

                                                                                SHA1

                                                                                b0569bd4f754a6f6dacf63bb0cd68fe3abc9adf7

                                                                                SHA256

                                                                                fea23a1f85bca594161e3fbe833f48e1dcfd7ba050df8f7b38de11dfc27a01db

                                                                                SHA512

                                                                                149581839055265e7f593d77294d306e1e3fb485041ea7fcdea5afb129204a6a6db3f9440d9f25dbd7a09785fbf981589d5d7d33a5407fd41d09d0a88db7d897

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                0bd056e32e9fcf1f8df562ebbef82f3d

                                                                                SHA1

                                                                                562c6932f39a4f072208a174de72315bb78918bf

                                                                                SHA256

                                                                                868c724dc1f07d8f30cf7ec1bd99ebee1da324f63622d6fe4aa6ed3bf10fd694

                                                                                SHA512

                                                                                76ac032359c3048a991acadab4dc4003c7678c803b42bb2c4be80e4a103655ce38cf21db4fd41424aac8cb8868d6c78231e7dd314c82787dcc42f347cc103579

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                70a656cf104d4dff9caebe36b2eb0905

                                                                                SHA1

                                                                                b7e3b60e7783ea5ed84e5a59876da9d26f56e6fb

                                                                                SHA256

                                                                                1da49951d1341779b717e66e2499721743c582cfc1f9f4a5c52665f96f2fe70a

                                                                                SHA512

                                                                                cf18f38d114854061d9011338c3369e0e71484823e3c9b0cd674cf0d36f6211ab0cd1ab837c06d1c195f349ded04214cdb8ea59e7f266e99aa647a35284c32e1

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                b2127ae1c17429104536de6db26d6f49

                                                                                SHA1

                                                                                e294baa48678488ec92460e1007499c5ded1ac77

                                                                                SHA256

                                                                                87ee9ab8a7ef515f163f56458eadbbf56df6a0ff0f653c82a856a7a1d114af7b

                                                                                SHA512

                                                                                c3b63657203ff9d3fc98a8f33cd7fc64d84808d15de2bcda908857cfa15a19cb8f549a791ab92235c052da59ef96015a4800a30f5cb7653732a13a0bf3088080

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                fb8b32d3bc3c3f7b95c134704274542f

                                                                                SHA1

                                                                                6bc90bc87d6ae8ecf4869fce01da4976ba922c93

                                                                                SHA256

                                                                                47af30346f7229df2331abf0cb59c532fd748e67b3114e5cb2d168062cbe5a51

                                                                                SHA512

                                                                                bc991677955988d1faf187c03c77229cbe42f9e799fc86ac034fd0bc68ac3618ae00929d814d72e7d1dfbedbd0d62a2f0f0a4868f37b23e106154a6d072a4829

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                4f69fac2a4712b6eafb0d088282f0eaf

                                                                                SHA1

                                                                                6138a305c2315d4ed823d5efc5a041f64044b373

                                                                                SHA256

                                                                                b7ddb5865d3f7687db2e5b969bf37d2f64685d26b9fc6bd88e796a009cbbf80f

                                                                                SHA512

                                                                                3070601e99d8653a3dd9e777833a9daf3e24a226442aaf4605520938b152e01023c6640403fc3401f3c8ceb96db0d07f23abd458173a356abbb4ed7dbff215e0

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                5ab458b23d781f49fa96ed2e3127fbb3

                                                                                SHA1

                                                                                a24373eaceab79b325deaa670e0d4f10b77ab05f

                                                                                SHA256

                                                                                0e982b69ed90106bf298fecf8fb6dfa879ddf12c0754b36a95e3e6a9c1885af5

                                                                                SHA512

                                                                                28b1ab7d2e4c1939a9caddd71b70efdccc80e7df846dee679b4be2f3b44751e1565d4cc1e624643bd58548f638d5cc14dc4c0e37dbc6bfb71273ca5daadc561f

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                baa7e657b34e8c25e9c650fc95e74bbc

                                                                                SHA1

                                                                                19eface13786bfbf7e65e1d93104d7b21e3fd6bc

                                                                                SHA256

                                                                                bffb6e65f45db39c0fd15a53ddd3abe0dfc4f3191477273a86e6cd6d0c18f427

                                                                                SHA512

                                                                                bcdca47352740e54e5173efc259b8d943e0008a88903a55894987bdcd9db33d90c32290500d23dcabe5f004252abdec6bf3f523fe7171002b7851656974ed889

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                f4c0dc4a867719d614030e27f33447de

                                                                                SHA1

                                                                                31c1ba10265028bd832db903a901347a6be17f7c

                                                                                SHA256

                                                                                ceeb534c13499b655b3769e845a2ec9e312b9bc2f177cbab80f5eb831497cc05

                                                                                SHA512

                                                                                4ee400b62338ad4da18ff503832edcc9b61cc17d1b461203da480497f030c1bbd26a4a28aedc1042f4d86301764496cd59aad0ad63893065cc0ebfd9929f304b

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                c191d59a97fedd7365ed5926628ffb81

                                                                                SHA1

                                                                                610a5dfd10207ef7f08f561cda4602ebefa1e639

                                                                                SHA256

                                                                                e34f66afa4c366dbe18edaabbde4f2d1e297062d15508c3c6c4656c88d777057

                                                                                SHA512

                                                                                1d0d7aa49e62da1d46798098deaa92b9e1d5d3048e74036fc61ccf0e8950c6a504a961d2cc3327bc63380497ba9af1d0b8087dc1d13f062681d0d4689650af86

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                bc7d87b8d29c8f7c3f8b6302d6612a35

                                                                                SHA1

                                                                                8cd724bf07eab68ddcd2329c6b19637bef06d584

                                                                                SHA256

                                                                                a40da4d11c15d38c54fb28655e227e8e8dc99813f2163ec4c8292b7e6e851630

                                                                                SHA512

                                                                                537450af2bb3d9c84f4302962dc842a6132990ce1d789e2680aa930a87de5cc5c280e551894f7585b5afb14f2e4852a0a56c5bcdc2ced7cb8fcf0135adfa4d29

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                76d3a24bf2011cf44c3fa75b3a916e58

                                                                                SHA1

                                                                                0259dc00a5069c370a919b50601f902362659920

                                                                                SHA256

                                                                                d8a08cde56f90e9f3ba2291014896dedd2e805a887c911d1cfcc3e1759c9adc5

                                                                                SHA512

                                                                                8021a9373bce80fcfc4506a7e9ac58a1cb5d149bb2665c398a8232cfcdde37104b4bb322dde64f0e5ad93114003f750eb3466ab9f6165927fca30e911e1a98c7

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                538B

                                                                                MD5

                                                                                a7d159a210d77a89cbc05ff9b9c9c9a4

                                                                                SHA1

                                                                                e20be312ed1aa0f8200fc09663c12ebe7ef0723c

                                                                                SHA256

                                                                                3928fdc5360699ff37061c0c5215582a64871b2106244311f3ab888456be6b21

                                                                                SHA512

                                                                                379e935552083409d4d7ad3cb01ff38791e6630189a26e52fe5d580a8ee8f77af351b09846bff365fa84908488372a0e343b79c8f41df2ee11b1da185ec9b210

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                3f0f8f783a3a632a2001e0d093ac3c32

                                                                                SHA1

                                                                                ab3870d4356291404f29712e0a168f0c79e6ec21

                                                                                SHA256

                                                                                4edfa1ebbdf4fe09a76ecf874ec9c00bdf1800bd1ee89439837c521693d84827

                                                                                SHA512

                                                                                489b7e7ce349b3342be4433ba39b0bb5408b7699642dc6aa6a7d5ca2f7832e93f578d9e762f9f35387d9f4b7619a217c9f70539783cc1e83846e4cb7df2a2e94

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                c48c6243c5450cf49afb2948b4148a11

                                                                                SHA1

                                                                                5e57ab84cad0e86e17ddef0928fc43d305d42b9c

                                                                                SHA256

                                                                                3b8de5fc0c979da9c2c96e5f63dec33e6e292d9ee017aa2174b57a6c07345519

                                                                                SHA512

                                                                                21b01de5386d649b60a7b69e7d74547ab1693ff732a56f9b6620771ad613cbb5b413b0b6bd9b95253363e0f066181d13919b4fb3c2f659118452c3d96eee2b0d

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584cb4.TMP

                                                                                Filesize

                                                                                538B

                                                                                MD5

                                                                                f93d1ad1bd61f5b1c3d1f7dda703a16b

                                                                                SHA1

                                                                                566416ac089e048fc6779cc74af0ee7a2bfdfcfd

                                                                                SHA256

                                                                                5e770e792ba9284995969ac77d1de9dcfa0caa3c835cb70ec209f84e0d7cfa78

                                                                                SHA512

                                                                                990fec5c2e1d64253b662c347ed5df64e32802f5d8d440139e7b669314de421d1e48b39e278411ee886712e382a7998b4ee8b40dbae4e7f0478eef88c9e40867

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                SHA1

                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                SHA256

                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                SHA512

                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb10a076-dbae-4764-9a99-2ab702625a0d.tmp

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                dcc4979df59248c126b2c7782e1fd53e

                                                                                SHA1

                                                                                b048a885de4e5599e8d045c32d570e4fabf496ea

                                                                                SHA256

                                                                                d92f64e5117363d7f282e960ea2006980a180a5a65a14328b8c93e34509c9697

                                                                                SHA512

                                                                                4aa1cb6f0a7769c43962426c5191897d45a70bc9ef6f5a89e53362a93194fadac691201670e5f63b8f919ee5c017ddffcca9b04c7d39e0d5ddeb6f92c0faff7c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                853b0f9ce77d9dc62e1836ef2246452a

                                                                                SHA1

                                                                                06181ef5af65be31ad9af465d6d8659201d36053

                                                                                SHA256

                                                                                59e7def2be04383f1bd5277635d7893564195bb7119fac2ca838a38ca038602c

                                                                                SHA512

                                                                                5dd81aba8c88328e5c8845e6bc5c20cc34785119a4cf0c6e7ce8a3f2c7dfa44622e127a48ce349136fbbf039e0b180de02fb5ec8d2ab4701941d529fff8726a1

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                bbeb71155c17f1406a9a6969e601e8eb

                                                                                SHA1

                                                                                1345bfded03c9d732d00165c340be99ffe1159b8

                                                                                SHA256

                                                                                92288e6c4b9672e9f1e31b4de3e5ecd07f751dcaf7e4da635cfb3ac691c112d8

                                                                                SHA512

                                                                                7d1d809c040184145f35adb6571954e319d8669d6c5e0e109853938d509edaa3541a0d98519991dfaf70a04c5bb515b17ed771840e16ddb8256a9ecc46af1ee8