hxxp://malware[.]org

Analysis

max time kernel
190s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://malware.org

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698849565636668"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
2888	msedge.exe
2888	msedge.exe
1696	identity_helper.exe
1696	identity_helper.exe
2828	msedge.exe
2828	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
3000	chrome.exe
3000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeCreatePagefilePrivilege	3000	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 3056	2888	msedge.exe	81
PID 2888 wrote to memory of 3056	2888	msedge.exe	81
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 4432	2888	msedge.exe	82
PID 2888 wrote to memory of 3868	2888	msedge.exe	83
PID 2888 wrote to memory of 3868	2888	msedge.exe	83
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84
PID 2888 wrote to memory of 5048	2888	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malware.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff38e03cb8,0x7fff38e03cc8,0x7fff38e03cd8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8019578785253801239,13841734856435800108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff38bacc40,0x7fff38bacc4c,0x7fff38bacc58
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3532,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4308,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4260 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4804,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:236
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7880c4698,0x7ff7880c46a4,0x7ff7880c46b0
    3⤵
    - Drops file in Windows directory
    PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,2224472229322080927,2102013237892922190,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:4344

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
474b8fdb9618da633b498420c45cd4a1

SHA1
b1555400c879d14b66c8538bfc3ab26dd57cc54a

SHA256
ea251eb561b8c96ddc25334b40f7eaf6601dbbc889b133b878a4b6a69bb8816f

SHA512
33d939056fe3a1f2c1554e331b51da567b2563caf8688b73302a3cb4e968269dd7e7fcda25f97f6473101b71356c55602d63c907ec675418b6e25fcf79a8d09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c1a57f27dbb533be9568521385407024

SHA1
4bc92c4bfb9b14ac5d766081384f67797b67e92d

SHA256
01ee0519cf96e6da403ba3a16084b88ef8bdac5e04a1d79cde252c415831a627

SHA512
ae5a0e99fcad02913e7b60ee9acdcce751febd58edab2c6b096e43542392e3301a7c2b02d38f6f5728544126b83dd3b9b56e76ea260cbc579a9cfe4f619ffeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
2931d612cd203f1f9cae641286c18649

SHA1
db7b3839d7ceab5e22504972960f43206f071ef2

SHA256
99ae181a3d4175583f09533cee068837b2ab24f143434057cddcc76c7e9bc4e6

SHA512
236db3bd8cf2a1a917b2a6d9cdc671e4ae5c096662e9cd5d83b3b997825dc088955ce548e572f48b24812faf5a3ff7def2cc2e41608f11fd14277894d1ef0fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8e22b3aacb873b7896946b266870ace9

SHA1
f44c7787315d6de8b700153f491592cf4347b3dd

SHA256
d0c9b84a11f90f66003f4b0155e98c3feff4065a9c15ae619b18a4108db7d079

SHA512
c047cb52485d6b9ad21703a5c89f0a4bfcc0d203bf1844a93b90042281e5faa6ab20f20533dbe063ec0e40de5464d79725fecc067fb5770fc1dad6f1588522af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0a4e8cf091075d9337c8f1a02ecb3aef

SHA1
8edb06edb635fbc8afcea5d44701af7def43171b

SHA256
765649e73c0af1dc25e8c726a43f8c4c2f39213cc76260d30efb3ac72cdac278

SHA512
1c9e820121039ad0ef3f01c861e8fde648f1a23278ec30d78bdfbf9087927a9f80c794d3be57d7abe7d3571895c57f361dcc2334e8b03ff9037718a013652eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
431efd27ce680e17fbf27856c8b5828c

SHA1
77f2b5089e0f9e75b08cf3b3d70b0c8a56255710

SHA256
8963a40cd4166f0bd61ad3a8a2f8007afa78043c84ffe893178860b724db93fd

SHA512
7a7dc2b5eedca4de73fca34c014e0447506afe8dbf812aef57d4515ad5a39d7a1a338e3fbe3c844a9e919f5b37b6d3f3df9bd12e289dc416653ec60de1a63d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
808a98f468fd8f98201232ff0fca269d

SHA1
c9367f246f1c932d5aaddb0e44c9a2aa4164c844

SHA256
1b88ffbb7abfd8b4fc29e9099ecf87bc612a59027b4066dce5b4951f114bf633

SHA512
e1e53917e99178df95b75cbc412a7eb4eb99c654c7242cbfc2b315f6bf0d7fed61de0180fa9298cf39cc7e6a782363423503700ad555958748f8706ffa4e26be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2686f4263c9c76fd62fd230711575b26

SHA1
e7d5e5cb323cd3d7ab7ba9c3be7ea58001467e99

SHA256
5ee805355805f74e011a124b1b0aa5c52594ac7bac9c49df0b1f2269dacf814b

SHA512
7a05a134e21bd2b60d1346094b647d3d0a43e03e8ae0263906214cd95a800b9713a470194b42fd04d9ec2e5074f3978ef8208db65fd7bb35cfb369cae6224996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1ec69927425d36bae801f3a8a1d4094

SHA1
b1d99c90067da308b8df26f38258668004464c18

SHA256
48ab68ce8e87e7ffaad549447e6b1d66e796670a922aaaff4c2bcfca789dacb6

SHA512
d17aaad25e4e4d8ae3329c81f72641a4c00141157001b32d5d36c8e7c16929fad1ca0f616899a4a4221918c7942384a460e270216df488f2c824f3da24d0109f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
886b2e31834951bba55a47a712dc315b

SHA1
c216db46d4ff427665100ce117635fa14b7f31c1

SHA256
49c9cf318de9c94511c5a14612021b18e16a803c8fc03de1dd5ba9f1e231eea4

SHA512
c492c394cce8d2f45b997ffe8453864a859e25196893bef5026132862f3ee69d7f17ddc3b20695f9a17c132b890f6068e35340a9f20d8ce9bf9785b053258316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
76cbe2a39c33093ea7466af3d9bc8674

SHA1
710e20ebe17654aa56acfb8b8e71bc90c37a207e

SHA256
c7919470af81f50d78c6791f20f83196b290389806039c212aa321c99ae933d8

SHA512
fbc4b211c12348718a9d619e2e500891e499fd91b5c3c5aa54381c9f856b75d699d72ecd5560fd8ae65d17f0e626dbb59b46e160187a7bc803ad996cb885cb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
204KB

MD5
45bb4936deba3682b92ff4cfb808fdd8

SHA1
bcf4ac22aee1b51c75c0508c1c0c809a0b14d4c9

SHA256
0233c7f252df93ffbc611a8231080073e0f4ff77ef572463166af1bfa9f092ec

SHA512
9788a4c0efe096e00b38f652db1f3ae99e0dbad81acd401dca40588318f24dee76f4c5cf229af778c2e4ada4f7585afb2f9581f5dfec348945c004256dede2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
204KB

MD5
6b00478bc2c1edb922d9de141ea5c61b

SHA1
245dd7c91a0564bf59602f58421f1560767cb8b9

SHA256
478ade5369e610e3180e75ff06bf2bb6d07efe9f9a62a7d059242778bd5b20e6

SHA512
31e945015744ef5e23505d5f36a6222e2ce56c02aabf0a5d40a32884e1ba484878afb21e4803aaf02c2944b5c90ef0ba68b234dd957e04fa8c32d6522c51ef62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
204KB

MD5
f6a5e0d3317e41e1ba8e0fa2f4e252b7

SHA1
7cb1f9adbff82f9b7a2323cf0734ea3ef257728a

SHA256
4ebe7c2093f3d67dceddcdc3303fb009f8db60bbc86a3e58ad1dd92f59ad2b5b

SHA512
228d2030e5834d75a353ecbddba4db5525205ff17b26db69f594ce563b54c249ae9cafb40275f7f1cf5642f8def8b868b448aaa5b0dabf5432420f1aac757940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c3bdfa3c31b58af9959a251662334dc

SHA1
2edbd9d6b5156a0d8748dcedccd91e065974b33c

SHA256
3e532abe2aea8a3b69c53029d12c524bcdfe65f8aff8c6fa634f705074a7a2ff

SHA512
8e87164047999ce727bc0c6aa5e4ac0c0c5fd4491040dd7e15c9e827d41d28643bf27b30700abe0e90ad70f50cb8d4ca913c1deb9887113e5715ed5fbc4ca815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
fcd9c2d2c5873e70dc6ea88049051c75

SHA1
cdc9be867203d28cea90cd512e1da82ee3e000da

SHA256
2ef4e831610de721bcee262d6c7076f98a3dbed1864434e8a397681b523783c4

SHA512
19531f2883445c90ea112551ec9cb47c16c407ec52e76572b842a835bf5d98dd285eeba314f3d05b19fad24f8dfc93e88e83f4b975f2da0ff67161f8fcee45b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
542B

MD5
42aa59db591ebb9c28527b5d37df3252

SHA1
543746c2bb053de373d34e92942f88b420780037

SHA256
423ac86cc9b319ee9ff867d8a4a7e143943cc7f2e94482abd483ecb3546fada4

SHA512
c44639741a645411e81d643873416f617701a228296447a06d2529fd78fe30446af53009bd5a2efce48d049a61edb64d375f3e461650b9681a075812a0f6aa52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e2f7bebeb4c3e72f131cef4a60228be

SHA1
7855520adc6df25ba196750bcae440495fbae9a8

SHA256
3e0c493a7485bd0d1e94e30a549db7b09f0ea46e02e13f9bb88f0dc0cb38b703

SHA512
ea185564cb72e4d0d07068c1790c3aad757761f7addccb67d419b135e6854075e54a617c8f1d6a87f1746e58d7651f2bb9590400d3d88b6df9efcf8a7d3370b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
195cf0acbc9f6a997f9415f576fb1d45

SHA1
3035d8188273f30474046848d7b94f6da9ba15fb

SHA256
e94476842230441aae115fc8ac319aec58f369031af0f1a132f39e68b9da9331

SHA512
8e4abb70c1df813ed5fa4f8509f0babbc4285fb4bfd3e362e02c7be82c40524c16092ab76c26e70a5526e1eada15e87afc893858ed1844208f58629999c9658d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89d0a793bc9e1dfe807240350b1b1ba2

SHA1
0bb9387d1faf0cbe448566f71b4836026949f12e

SHA256
57813d90d6e586deeb79d01b15a998af8dce3e3be0a975938195d8e1aa90ef5b

SHA512
c4d7742e233a2c66e432dfce26d45f3a083520517c1d873ff5c74c9bb993f043cab3d4380de82e8c7c0ccc7d6bdcca65004961b3d459f50cf827f437ceb7d45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
490cf0d9ed2e49e46ddff1ca2b8d31c9

SHA1
9cb8fcb5971854d4fcc09e4b8a9a9a1943788072

SHA256
158cbe0b4d8c63bc19c4a92e157c7829d4daaa9ca39df61c67467fdcb0a49567

SHA512
157ef8b684148ac432e939bf979097a267093d2874722a236a85a96be32dd95e999bb6587871136bd7d5795a6d9a635490ab3f4ec6d95b3d5ad8e8042d43430d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b40603a6b0108f3f5eaff692a95a9c72

SHA1
6905f6c429f1e233b16445e6422265cb6587450c

SHA256
68fd28f4e41f51a0ff9e92d7bb2396ebae503b5239bb8795ec9121189f3a5e47

SHA512
e9b621fb974632392da638a05ce29b54fd48e071b7ef61acd325d0d3022a0890e0869bbbab6be777a20d421a9ae4431791e87439fdf1beecc63a8783979117eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3b13be2d08db58b754826f0b076bec1

SHA1
217559bec9fe9b3e41b821a6d0562e0c184c0d7f

SHA256
8528acc94025b79f975b46ab165a9fe5fd15359c5c9f698f7fe12019189eb7ae

SHA512
e8c5d2f99cef2f78deee8f3f049bc2dff4176d4fa03e2ba5fd15462f6df58bd74bd3e40c76ca67d069ace5e82150a5a92e43ac22e51375727c185029f7c8ed46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9da924182bb6a9fe8ec5dba9315db96

SHA1
8ff0bad76f92fc4da4ec8780eb99d5a366bff58f

SHA256
c30ad9b625a834462c50728d3f0b4cf8a9348bef50bee993b26ed9aaccedada0

SHA512
ff6b678288d61eb5a495381fc2c7df5d94f527e9b9a7ed5467ff2dd1db5c04c3edaed28e1edf5b6846bc8e908014da8ede52575036f42818a81add7742434a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
f2eaccb11c9d7573f150ed58a230c476

SHA1
68fa53835ed82ba226a6dcc2f4e120129145df2f

SHA256
84ce5b19eee8387d9e01aa705d5605e24da601f152d3cf3333f07af70b0661ff

SHA512
d70e236c611d183d883076bf61bc55197d12fdf4959081e5e0f4b20fddb70733e12810b362c0f0510facf7bd938122ca2b3ed6fefbaeae502b9b0430d4557b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f763e013ecde12e101fb04162579285d

SHA1
e95ea68f5768023ae00c6d06c78dff9ea1d494ff

SHA256
e485f4e461485a6be576cedd02da10b642030a12f363176fe8093ea14a2d4751

SHA512
d97a35c492e80d6a4d4ef6686fc12daad9f60a1df9d89b9e294ddc1f7aad534488b9b3282b4be12b302038761081b88d14760a129eb379515a10b9555912157f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595366.TMP

Filesize
201B

MD5
506ba3675eb783714cead9596ef5d3fd

SHA1
de6b468a34e2c645eafc59621096aa33d8e55b0a

SHA256
b7f1216b1c3e08eeaa0152918de245b2853a781d35615808c864bc1beff17ef1

SHA512
8ec5d0ac5adb6e39eea26061e0f90f9403987a4ceb099ed9e0abda22557871e41464836e0c9296f30a57d7fa37b62ea9f18e388640b40820254233f23ab4af03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a85ba7fa-34af-4b36-b344-a211b119d635.tmp

Filesize
183B

MD5
6b81b4d913fc9a3d003fd6783a85ce83

SHA1
51930aaaeed64686f552bc0673e01342c185c234

SHA256
e0c94436b06d570bbbc643b8693b382146fca5e919c2c7e3c3419d5ceb47b869

SHA512
a50af77db6d91ecdb8956bab88ab5bc0d5fa9d1c05be7b43f6459a2b558a34315f0d1a7b9291602934fc5bcbdbf2004122c9471452336eae8e80ff62c1bd6124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a82e3088068c5c8b6f9437d8b2aeee2

SHA1
0631ee28ff918fb1664f901af769264ee7f93ef7

SHA256
d39da48e0284e435bdc1991d85ceb495dfebd8cbc23e744a6cc4207b4ffb2e47

SHA512
b871cb563659741e4a5007b5be65fd2cf25dbf00c12d5a79a6f0c68fc050e2a87c0bfa9b90daacb2480aae918478d076a5cfda1ba469eec90da3debfd87e4452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d6159006-5709-415b-b28a-1680bc428368.tmp

Filesize
11KB

MD5
bb7d5bed4402e011679981a9dac06fc4

SHA1
2727ec730dc0a713ab0967ff95951aee4c64c797

SHA256
fb45612c2a23cf186450523a140f319f69af83f1583c4567f5755730c11ebecc

SHA512
1fb9d66d38d24139faa7d866756d135ea5e75c6405485e73e828de31386783d8a715b2b769eeb7dd9c57dba86dab2a6fad506b9ed7f095c0c6c6b58e2e2651f4

Download Submit