df4cef28690a48f96cb74fd532bcf3f97b81da7490a61ffac434ae0f55e3fb3e

Analysis

max time kernel
276s
max time network
275s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21-08-2024 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shirt.png
Size

59KB
MD5

a8806b8053ec18c46918f96a03187849
SHA1

3e24942defabdf6dcfd8cedb7aa68a984d5d726f
SHA256

df4cef28690a48f96cb74fd532bcf3f97b81da7490a61ffac434ae0f55e3fb3e
SHA512

a165e6c1847563182911b799d5871a711610c87bcc294dd5f1555fbb72860a7184fb2ff071f62b9ecc842dc181eacf63981ab0c57ee2f733f15209be0b44f2a5
SSDEEP

1536:fNHmdOHskiUyEMajBGlsS1ssVcK4/s71UeM+k1p4O9:RNHsbUUajBupZLfMR1p4y

Score

8^/10

discovery

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
80	4924	PowerShell.exe
81	4924	PowerShell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com
2	bitbucket.org
81	bitbucket.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4868	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687147464758639"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{0D2D2BC7-8654-4BFB-9D4E-0A3BA0BFA649}	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
1520	msedge.exe
1520	msedge.exe
1652	msedge.exe
1652	msedge.exe
2884	identity_helper.exe
2884	identity_helper.exe
2144	msedge.exe
2144	msedge.exe
1616	msedge.exe
1616	msedge.exe
4924	PowerShell.exe
4924	PowerShell.exe
4924	PowerShell.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 4808	2032	chrome.exe	83
PID 2032 wrote to memory of 4808	2032	chrome.exe	83
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 4968	2032	chrome.exe	84
PID 2032 wrote to memory of 240	2032	chrome.exe	85
PID 2032 wrote to memory of 240	2032	chrome.exe	85
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86
PID 2032 wrote to memory of 4800	2032	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Shirt.png
1⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde85ecc40,0x7ffde85ecc4c,0x7ffde85ecc58
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4336,i,5013053983427524344,3998957090022537259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde87b3cb8,0x7ffde87b3cc8,0x7ffde87b3cd8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10536700325803614664,1764015355714325225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:4924
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c ""C:\Windows\Temp\MAS_0523af0f-c345-4d31-876f-bf7f66a94cec.cmd" "
  2⤵
  PID:4652
- - C:\Windows\System32\sc.exe
    sc query Null
    3⤵
    - Launches sc.exe
    PID:4868
- - C:\Windows\System32\find.exe
    find /i "RUNNING"
    3⤵
    PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1b5678928abd7cebb69e834a20adcb64

SHA1
b32be4719810fa8f4119238f23284969fbe4139d

SHA256
6034a740825df4abd810672ff0e50355376fe8254b3549dcd39f9fa8ca589ef1

SHA512
1c0a876e13abe1035dc294f2e36682357886ecdae58c4331d6b7579c70f441b6b30bcdcd5bb5924a0f76cc920a5c50e8b36b937f0623dc0561dcb2defcd1681f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
025b8f57910a1f7ee4086ffd5aab51b2

SHA1
0ce22d76712b864e58b3e6f73975e2cfb665fd23

SHA256
9509e271fb033422d6ef0db0200686496db872b5da0a51229062c7c8dc4db04a

SHA512
a5fb3a750ac5ca98c0759c08bc4972174cff08baf4c0ac8552acf71b9cdc02e73df356470c6511bbdd0ff0e413d0b7827433909b856aff4bbab62dcf2d5b3e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3948de5566483155729054e84aa7fe13

SHA1
19c16531bf8e73b6ace2c7e1f1a060dd36c295ef

SHA256
1945a65e96e6d5541cf754b8190c1128af2de77fa589d1b742fd8e6a785ba918

SHA512
2e961d13bc5717e056fe4653b91e9f21005f5d4b758762ccf53b5c8de3c8af98899c49fc0600acebbfe5bcc1f9ba4c5c9a80754e82d2323008a7a88d25d85991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35ab0b897d8051592f1d6c86504288f5

SHA1
3a7693296046d96ebf0bf1a136c3ac4d51f57735

SHA256
f7f90780065804ce2543692f329a6319fad5ec7c6f68c04f7ff692a44aa3dfbe

SHA512
823aa5b621a8b1a30cb0b5be32c2dd11c7a91bc767e84223c943eb98244cb04bbaea298a78d7585b8e58386ab308dc5b3e6a8d47be7ff03e8f9c762228e4361d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8fc3f89868a1e78fbbc5f4a89b1071f0

SHA1
aadce116012f02b65b4e3557d154259a3949b797

SHA256
44fd655619606c16c0f9b9a85cf0004e79b3875faba79aae8d6e5cfbf6b830d1

SHA512
4a7def09a495aa98f5a30c5b8c8b32a7154d1872b05d56f0703eb2bbf294805aa4739d25e1cec23714b8dd9deb9709a25e688cad9b992b3d05e30f6a651e6fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b822e80e013c816275fcc4a4e598b102

SHA1
c1848566be3f1e855419b5b2debd32b8050c3caa

SHA256
e012d5744887de1a94f3bde1c72bbc2331e377c74c086488befdfa193b0de8a2

SHA512
c8a67bd3657558ba61f6901996b41bfa91171d37b52c9084a3a9f1b5f5533f9b2104fb7ef303d0889c1266c2b9259bf71c73a0d24caf4baf8f467905c2a9fe3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bf7d961378726eab2182ceedb05fa7b

SHA1
9aa48934ff689cd5bc42d4f79d3a7eec38e5812d

SHA256
ad546905c7c7324ec2e9614e99442fa015a19f40669b03fdf44e345a36701c43

SHA512
e3b2b16ebdd2971beb171f3af2f8930bf1e202a625d7724b8caa174764ba2f88b5b163325a17a3604896c3ecf62793d74acd81c811823f0ae9803571c2c4ea5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c467b473dc9aa9802e42b07bdae5177

SHA1
7d27c1d4e6ecb785390496b8a994fe55907bbf05

SHA256
db5232944c6680c2997789db2e1b50dea91a37492fcf4982c4c5fdfd70bf1789

SHA512
330a2c258307015f2db9815134456527c742a45e6607043c00b394595073db728a9b86b2f4a3f70233026055bbb8e31d34e6d5632967bf1177afc3881e3a2e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f8c0aacdcb5efa8e53d526437a6f095

SHA1
1e0fe1687128ef27b8360fc680e932c1009817b8

SHA256
66e16709d9bf5ef0883dbf01ad2874d4651896e3ad7d3f3ff57e6c764e79df7d

SHA512
571dc077c4da165fa652495a7db28094fdfa5f4eea70eaea927b5963e920f6043065d0071cdd0e63171350c7be45f1740388ea2cc027f91a87f823eb49980372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9c17234a045cf285b70b103e65ee88af

SHA1
61f5f12c743aca383485d7c541ab1e7bd8edd265

SHA256
f997b5ec5e94ebd4ba84f30b16f07900c1b6ede4b80dc58d9bfdde98a6e21d29

SHA512
eb30df915484f9bafbd9547015370d6b4cd0c9cb237ff2cd5d0b5e607160ef235ed8fff72bab8f5ed7a6671af7bd4fe7ff5166fed513b5ee50c3e1bd814ec9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
224c87ccac3ba28a43560ae079eb7f98

SHA1
3f642f27504ea140a34a3a196468b796ea95c941

SHA256
1fe7da861978bb3c18469b3c7b7d284fed79378c6183a8013248195f3c8ac381

SHA512
ea6a885abf15994c65e6a6dfb5d82e0fd4ac73d271007b1f035957952c0cc3db3480902b2e3c07679547db6311422c044624cdd72fd81a867eab5df20378d7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
61ce7805ba873fa9f69ad3cb7d2d935b

SHA1
d0705a15976a1b48cbfe835b7d0598f783105c6f

SHA256
b68f145544336d6313c4af8ada55e5f90429a1fbf4646cf4fbb2ccc01e3d4da6

SHA512
d3d13efb18302eebaafa8b9056ab21bb888f80514e28ac1eeff4489c7f0a406ca3be8afcfa2438d6144172ba892664fc628fed6af78353b4d46f50afeb6bd25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
3e5605ca6619944139694a2742d840bd

SHA1
b481c8f63dfe281f740f3b8f93d63e0ec152c93c

SHA256
071039ae64f7a552d6fcd92c3d20d81a780ad04c8c4084cbadfe13932922c3a7

SHA512
183aed95612eef8de0bb7ad7c1b90bce400ab1ab2983d9252b47fb829addc829bcbcd75854a0c4e57b0b3de78b4a1a09a67b2be6cd445c04bad380559e1c3111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6941a41be58c42ef59647cb3714731cf

SHA1
0cc59e2f3a0b8a65d1a1a470fd3926b146f14b26

SHA256
b30e8c193c0df28c018fe875d2e2f3f4aab5bd11e104b3c5a2c6dbc45817c04e

SHA512
f8c488c6682957ba4f8cdb406687be21ae5d79c7aabf4bc8bda64181db22238d75a39f15064fcaae0d5704c5162b8c628f7b1524403d060eab1d3d3f6cfbfd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8b08034bfcdee81ae8b41c922afbc0ac

SHA1
363369044a21996373a55dc118b500ebd40edf71

SHA256
fb903ae411f950d508bb24ac75a62c4297211e83bd34a3651fcaae91db3241d6

SHA512
20578989e31e23e47160aaaeb6d0d39679ae676f7c2a8332ee3310abf53ea8b19e97abd96d582cd2fa078d4fe7e064aa8ebedb716c41145ab02c8ed0970e4a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e09450f925bc7766aa352b9d84a22ce

SHA1
0c1fdeb023f1cbccc7e1130577a03feb6b3e48c5

SHA256
227bb698ed0b9fc89d5d3e7f30746bb9bd2c5d064ad999df843fa738daa56533

SHA512
85a8210ee2c6914f69b2acebf95ccbe0e30d139000665096dcb75f416c7c05c4598d03cbe7ab92f8dbba60988c4eadb33b659189082c9f01bb6fd7ec822af90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32d9304cebd164df5319d6b7ce00a751

SHA1
a2ab9745f9d0a8d5cf2106f17377c8bd7e60d05a

SHA256
2efc5b13ace575635eba98b9dd234ce3ce48087361a4aadea35f212f7a1f1fe0

SHA512
85ec434ca0d390a2592a12e69c23d524515aa0113cfdea7dbf8032419e48d2c522b204cb330c2cd1d0117817cbe645385064f6ed2975040ca3ae19ce008e628f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4f846487580228edb4b4c6d137c2d7b

SHA1
6586809b5566fb8455e07e35dadb55a2f9a176fb

SHA256
49277a8adfc7805066d1c6154a8e651bd6cd81ae70c8dd09f36320166d2df240

SHA512
520525959ef78265864dd7aa661a6a00f4d81fffd0f67dbab1cf6ae5a94869d9b6f55d15fd8df5d40a1ee98d8a527b18ff6c3a7980bdb66346d68b3118b632b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
316178b02833bfb7bf5837183da8b7cc

SHA1
2b2c337ec8e2a6140ef8f7ef5bf131059e1cd01f

SHA256
d42dc2740161bfb70f7c067b04489e5e1c06388bb2ad5d1057cfe0bdfe191090

SHA512
40b44a1c4992ffad1708a57704116cee969c224e5bcdb8456c0c729ec62079abc88200efdb9b63b9c8167f24a0f71e2c5c9b853f02489ef0363d282e80ad2312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3341caecf33bfb4a7e92c1ca6ea8dce9

SHA1
c8527c98b289123f5b4a1fe9a81ffae76e937e82

SHA256
30f0605e951be65dd388646abe6e84eda234f4ee0c8ced4ac51bfebe463f7779

SHA512
1c574a623ded642df2663fb99b0f7ca9783ee48036709b6f6f3e12ede161af5759274933197da48ad1a96be12c1f63675fad782842e845877cee579b882ca8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea61a35faf8a526eb35848145931dbab

SHA1
3bbc2d11c1bf255b245506234a1aec373d0fd3ea

SHA256
3f56e9165893e359b9e259d80bc03252dcf19e4486b0629cbae7fcef07b10ee2

SHA512
9fe88065fd5967d526b340a5d5272ea88ccea95d70594a4bfbab13951c08649e44f6fac4fc9f8dbdd1494728e3016e72f2fa380f2adeb5639825eecf9bf4c6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6f3a11b15e6f3c1208b22d4aafce5e3

SHA1
3daff619b9b958e428e5fa6cee240668dedbcd88

SHA256
7445d109ea9cd244781c24a2066c87094effb5f35daaa818def8dcc1220802f0

SHA512
f4004b223929fc726bbe656318f884a80f52c5c75548b5aeb0f825dd4f107e611af51d81aa61993043e739c40e831529bb7c4e739de6d36a189e03c2858945b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
936b8a4445396b48761c28fa05f5c326

SHA1
3e2bc78cfb9bc7cf5a7459f8ae4d71f85e9499ab

SHA256
85d71df7ddffcf5f8135589035da1a3b887daf2802b176032a923fc43e03ef16

SHA512
316199021aefcb1ae10bc8a44e2397f8b56afefff267f43f9e5d0f21535f8e1cb23c6aaa845fcaf32e2be6a5ab24eece8faebe0230b71e723ebfa74bc18a19ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8012acec97548226ad316e06d6b31601

SHA1
ef65a0499573499e3bfdeb0a1fa3ddd2cdd8e703

SHA256
c23b4ed44edd2b80fe986db2f3e7febdb4aa6f64434a76cb7dd4316c8f6bca3c

SHA512
cbd454476ca2df23c936451f8241f6c3e2b14014c2bc278c195a697e953b4b6120f46735a72076aa362af606e2fe4442f98cb9986daa60a8645e3a95b07641ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f5fd9f2c599530c49ac91fed60d2814f

SHA1
ff8400a3401ba49411e780d248a7b76d7a559c76

SHA256
66e61b0fd7bcb358b0ce759c20cfe0c438c61f8923116a9a2ff870d350338be9

SHA512
626fdae5bf7189138f89edd146b11ee713bdb3d086bc40100ebc597f01e8293bdeb3e7c603259896084154063b501011d01cb3b97c7ee86446e8209dba4a2236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592bb9.TMP

Filesize
1KB

MD5
a4c7f460426a330249260a0e5cdd52bf

SHA1
89335ba55073e3362fd6e1c23586633a01ce0292

SHA256
9031f5383a8da2bf1c64b618aa97fbdcac0ae6eb096145a8d925e45dd9aacbdf

SHA512
980cf1f393d2bec95685205eb7c2520c95af587a3ccb46263a1872c15d5859fc52c06b0b472e8bd312c8e7e22717ee31a4cb42402abee462dc788d07e72d5c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ae92ce9c-160b-432a-82b8-f0dcd7374bd4.tmp

Filesize
1KB

MD5
a10c1d68f62beb038fb4c7922166c0e3

SHA1
36c55d023bfe6f717d9a6f627781ea7171d2cbae

SHA256
5fa37c7d5cf37160f80489efb3e6b22cb84c978fc4c1d57746777f15cfd68509

SHA512
148091f2300cc3f5c4075f1dcc3e0862e22679731ccc01866cc30dc359a62d94f3ea27726e9ccb462e67a41f9b86ad62ead5feb82598c2007347d5adae34f11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b7205b3458965ecb79d2e14309bfa60

SHA1
ae26367654751ee0193951b1c5132b8816c1dd6c

SHA256
05b0a2a3148f4136a27a64336d199e1b0f490b54679089dede2b4a5c375a6b54

SHA512
e74616c3cd33744c5994d5fb5c83156659a2f537e490645909479f64f76e1debfff65c1a1a19f44d885e2ad984103c014e9004bdce43762d372fdd8a2bb6202e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d86a80b81dbb2b2e878ce843a46b816

SHA1
8dea475d12067a0adfe8dc6a9f4e18ac10b635a7

SHA256
90f450afef9be4a41ca73c717770225b99f206107b3dab582307e5d3acfad1a0

SHA512
83870c7a360253d3c904947bfa83a7563b0147b16281e3e38696737fb4171ffbc55e41ecf32bcb3f7c63a5f1788acd38d7a4e8c72e7437f06ff85912c86ba923

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lcaao4zb.ozp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\Temp\MAS_0523af0f-c345-4d31-876f-bf7f66a94cec.cmd

Filesize
438KB

MD5
77b642478c67539ee091c985b9f38125

SHA1
53a6b8081ac4acfbe2f2ddeef29ed99d80d79c77

SHA256
0220c5d03d30a38078159e9a9cfaba01ab5f6b718ac2d3fa0ee32a885fb9bb71

SHA512
7b36ff5cba0093337f7db5b6ce3b0fdf7b87261cbe33be472efa938325dfc4c9d1c343f2da3eec1ea6fe188c472c3d5ad74ef6f876d3ebd532bb6c77bf5e0bb5

Download Submit
memory/4924-689-0x0000013BF96D0000-0x0000013BF9892000-memory.dmp

Filesize
1.8MB

Download
memory/4924-660-0x0000013BF93B0000-0x0000013BF93F6000-memory.dmp

Filesize
280KB

Download
memory/4924-651-0x0000013BE0990000-0x0000013BE09B2000-memory.dmp

Filesize
136KB

Download