hxxps://drive[.]google[.]com/uc?export=download&id=1SvZJqUwhWGZ6CtBCCFZ75SAsJVJXfQ_g

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1SvZJqUwhWGZ6CtBCCFZ75SAsJVJXfQ_g

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688210840791419"	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
2604	msedge.exe
2604	msedge.exe
6048	msedge.exe
6048	msedge.exe
5792	chrome.exe
5792	chrome.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe
Token: SeShutdownPrivilege	5792	chrome.exe
Token: SeCreatePagefilePrivilege	5792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe
5792	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3688	4540	msedge.exe	84
PID 4540 wrote to memory of 3688	4540	msedge.exe	84
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 3732	4540	msedge.exe	86
PID 4540 wrote to memory of 4176	4540	msedge.exe	87
PID 4540 wrote to memory of 4176	4540	msedge.exe	87
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88
PID 4540 wrote to memory of 4168	4540	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/uc?export=download&id=1SvZJqUwhWGZ6CtBCCFZ75SAsJVJXfQ_g
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff49446f8,0x7ffff4944708,0x7ffff4944718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4192 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17951932272518492046,10876216957038075160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffe2c0cc40,0x7fffe2c0cc4c,0x7fffe2c0cc58
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4416,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4888,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3300,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3316,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5388,i,14287011134165737370,932260573187035239,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1152 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b0090ab1cdad51701a99c3c78da647c7

SHA1
01a2adad14981ddd1ee47c1ab1287dd18eab9278

SHA256
eea38ab9acab955df1bdaa1601eeea12cbc7c20ad0996fdb75e48e74467c02bf

SHA512
6a13b7ae1162137a2c4d174a1c23d87538b270d8145bce8a83612d8d39755f081b857716bafd91aec9a5b2d6208e40e0f31b14aa94fafc267c70f9376fa227d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1dc938927665047b63fe4fd0bd23e3aa

SHA1
986a24cfa511c06815de1e6809d4ebc88e56cf62

SHA256
78d6446d83170680532f0145d36274e9cf227ed1248d75e23fe3327190b707b7

SHA512
40cf4c6219ec618b3d7925a125812df58ab2f0e77e1c3f2de4488f992a7838975fa7a16513b336c4bd10ba9948a011e30e797edaf4cb400563fbe0073c96ee85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
75b7a23a0f9438dea31a3224e8e08d41

SHA1
f4090f4a31cb68fa8cea86d6c79dc2d53cfe31f2

SHA256
9a81c992992c85bdcd2b2c12633cc22a808b7005d7011764f29cfd2fb35f793b

SHA512
3b3627909ab3147b658500e7736aec0e82f6603594e9e90848927153940adbe2be2e6ba9d7732903e69ff9616cc56891a2076b985cc1e54ff8cdc68bee3e1ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4a6d2e06a0cb5726a2fbb9b8eb913468

SHA1
8efc37378e05dd1bc322058908f697577e6e6494

SHA256
6d4fbef3ad0fe31d1f79e126b2a2696846c9f5d459995d09e0dae6159a8d333d

SHA512
4d133e62ff600233a7c5376184a7644d34eb2cb3e098f5cf4cfc1c1a04c40150012edf8f3308c97da954925a8c7004c983ebc0ad3b174666fb47565968e6ffd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
42eafbbd49104a3524956eb0050e673c

SHA1
3d229ee17139a5057b717b89501999d0e89d00f6

SHA256
cd0e4b8b62a1b4c99adab9ea75dbaf4233efdcbc0eb033f46adec834bf690047

SHA512
85483366e8ae6ab48f272d785e0de5048afd73f6f2bf4c0c6b91659a60194a0c3d06cef7fa15f73540377d84d95c60433194fd93dd23a4bafdb1d1fc05b57710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
01bbe9883c4550c376adddb3b677156f

SHA1
cb24c5da58ae0e9605be40c792b8eed0898a367d

SHA256
b8a3c995b4db9a952de47606d061ba397015034e1f362aadf93054daf5b1214b

SHA512
75acbf08548693441dbc8880fc70b0cf82384b5627d199017eee6febc4b9b42ab1bcd2a9a6cf2a40d70ecc49ed51f588e1d9cfc44eae9b08a6bcbafe269f2696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a528ab2158730e283d848828399f338

SHA1
594859a28514384bdaae5b50abf196dd118da61e

SHA256
841db3f324bce4c93783a6b7451893ceca199fc5bedc665be715f6efee79466c

SHA512
d749de599a84a8b5b2e89a2ffc16d7793cfacdfe5b98c219d261837f2c28c1d4d9fc7b05adadfd95623e695130283562d24579975d28496b1da1c87395422352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
32f24015f6257c4ad1a6d6dd72338b80

SHA1
d2147b1e82a9c69035fa49d64c955b0db5682bed

SHA256
821622eb1024c6152eb98eeec5b92ff9d4e29b9de1debc38e32ed8926c3d3f25

SHA512
e531d5b232190d16dcd727492b2ab5be1f0e4cbf8fa7b32ab4f65479d6b0e3ec39faaf46159419633873b23f12bacb09920d610c980decc2c46b38660a352b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
a0f5b4fb535db2006403ba2b3a2bdb02

SHA1
93b8bdad57d33c848dbb3e445cb031da239c6023

SHA256
971b7287bc9c2106d9ebdb0cf248cf99b4a0b9e88baf46f491cf4c2790d6cc74

SHA512
e621f07bd58eff9d467002da9f3facd024c8f4d7dee4cfa58d508b35923470dfbab1a4b6b2ccc020f0388d59dbffde4ad6e4fe174784e7e81f0175e084ab26ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
233eb07d1828942380f6bf8bc82d1587

SHA1
edb1ad97a9d8d0c6da4a683ac8f12b1f66dc8e79

SHA256
81e59a45afa1a9b9075c2d02108491644cdd26f4146357a0fa24f2862a71407e

SHA512
8aea44a72a6ac3c63c8692955aae3dcff81b8c913d3cd5688c56562c96586d79597a354a93200e8d10bc701851585539dbb903d22f6c971a499c96111a3cc183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58d8d33eae86dff68a5cb63bb43bbc16

SHA1
ae6a0c39da440a7fe083073aedb8f385a47e8db6

SHA256
3a311ee0364a114f8b5cb949425be899eae58af42e229447d2a2a675226b9502

SHA512
ede8065366779b3bbc4f507022cf27736a044453d5f9ea40d0700a973c54cd2e9eeaee12ba8508115d03036222866262641c91f121e8bcf7a15b52e39a0e58ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88e142c2f51fef37a030fe19cdf92f20

SHA1
d851f3a3b34b4fd7de378c8e8b40e43d0f099a7f

SHA256
53abce3d7f83acef470aa8f3080fbe0cd2f5c9d263b7bca5fbe837caffa0b103

SHA512
25e7616e6ea4bad908a831738def3959d5b39e8e5b719f6ad0a30f5b4f49f27fa52eb0aeed0d0bb61d6b9331072431d5d7b4ea0305042e05ae828e332cbce9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3aeb1780e32ded81ca32fc11f8d9839

SHA1
f582dc7dbd79bbe24d655eb366b286c487110c59

SHA256
5b61d9b5e958b1d6f40b5f692f6a05fda31deff3f092e0a3695fd8a70d54a36d

SHA512
b307c99a8bf45ca86c75a3035b1c975a2e885c7b6e043b07e82da04e19c72f627a27eef01efd4952b6887617ff63a4fd4969458ef0013afeb2d92581ffd85481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
98f05221d1025694cbe77117bfd9cc97

SHA1
4c04439d3c14b307140a86fe59e09fc1779ccb7e

SHA256
0d8a6ae66499aaaacff804c685fcd2469372e7e398ad76975e7d240d8e885ce3

SHA512
ee7e4d4b1dfc367960265437f8630ad743d87227281bf55df78c7053456c2baa14da81e33e2e3b7c2d80a4ab87c8b234fcde7f9ca7393cdc49589aece59443a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a6bc8d3a2752b9c04a4ef6365b44b16a

SHA1
34ddfc49b8d91ed561f4e9a83752b9c37f93b60b

SHA256
a0082d56ad40415e14b3e16ebfe9e58da7803f07d44b983e2db4cb6928e39ba7

SHA512
2334eff4df7491cccb07eb9d2db105fe48d56e59c54dab11840a47c9cc41f65079b2d4335170256c3cd4321ea73b2ee0ee4bd85f530726caf997924f56a64585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ff097958fead6268786bcaae7887dc42

SHA1
7764cd16feb8ee516a698d94cdfc827f1b56ecc4

SHA256
973c6eb7ee61f0ad78799d6ed1df52867714851f23262d11db21e5c5333db15d

SHA512
79406400f5af0a3a8fd2f2af2d9d11f25e3638cc8853656db34606804f70fe79bb4c5121909ecd10f4b996b41aa6a9b7a0e80264853e7061724e850bee346fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a3fdfab8e09577021db5954e1db9d0dc

SHA1
e4778f30f24be19e81bd0f3d9f8bc73ad8f0f912

SHA256
4094691c281112ea18dab3e549f7707aef33bf7882c20042972df6a477b57cc0

SHA512
48058b0c361d7cf92484da51b1c7d4f09ba65ce1fc9e2adb040cf98c9791faf22b212b91d57dc787ae0e29cef876ce827734d6a842c644544e3a7048e97c8ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fe617abd889a2e8106c9604bbfb8f465

SHA1
82d6d2e934fcce0a3488e98adf1ae897a0db0c89

SHA256
d35ee2fd00ef664c35e717635bf3ed679952cf716fc2d705b8008c7de4203921

SHA512
272ee852a5db0673b1d155e2238c31739818a42b19b2cace0aaa28a33a990344702a566f9fdc795669d4e44097d49be3b2a163cabcf1fee1b4289de792cb7086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e9d22572f3a9ce9ec4e1db386c1e59d8

SHA1
866a3a98a3d429a39bf6f66514ae0fe85a33f22e

SHA256
e5bc84a22ac6ab91f479eabe584b73c6a4af271926e375688ad4ecfb38c1d238

SHA512
867c42474627a139e484a7cbe20633d13312954702a47cddd8dc7970f85ff52d565de8bf5cfa200e12f5fdb4661bd4618a04049bd8ff48488ee680155f436db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c60f.TMP

Filesize
204B

MD5
8f2cded46b5136313891cfd8b9334338

SHA1
83c22991cf580c827ee3b8747101d5721512dff1

SHA256
099b7c409e19c505de12b17fa05de6bec755d98d7ebe41b11fe3e8871f522654

SHA512
91cb4b6d46310eaadff13e433b057931777ecaed0a108389886baef95ff420fb6e682f36f1e489b21b4f777b70df67ddac63d39ded1ab859220472217ba994dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5dad16156d16ed7d08f59e757ed1ccd6

SHA1
de22e45899851ed972b14d85df78311845797c91

SHA256
f49c13126dc05df1f046e99fa88d233952c2b32fd042f96667a5388af1ac7bf2

SHA512
b689ac7c319aa191ca99b4f5928150bfe740d9d1eea975e395b7e3559bee405cdb3527c4604016e9a4170cce45f4a9fce2c1ce184bb72d0e90f9830c2ad17ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93639bf1b71627fa02e72ff36c0bc2d2

SHA1
6f9541675853bfe1f23f8301278faffb8e6aa121

SHA256
3d4384753a29aab5ea844431d387272e4a89c2f2f1eb057e5b16ff244d5478ad

SHA512
ee024e43e5a7af9e939e5daec063e6a5a9489d1ccaf649f4f75677d7e1c588317dba3bc593333aca436c8b27fc4c788cf817c41973870139f5cd9d281a20b58c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 905414.crdownload

Filesize
2.2MB

MD5
3565bc6e396446ffe33041823de9f3ec

SHA1
df386dfd9a57ac56d0b6c20d4c322412b95a50ef

SHA256
7c74a341f4b321d663a9d35cb30bf7105e1c5f2648e319d350384b691f2e0434

SHA512
c7d37b569a5d9dbc51f45acf99bcb67ba6cf254dae3a8d889d891e34096df6b0ff9576c5acb342ce570fb038777c0c002010c33f5784dfe96c864bd6187fa2fb

Download Submit