hxxp://oss[.]jodi[.]org/ss4d[.]html

Resubmissions

14/09/2024, 13:59

240914-raq2gaxglg 3

14/09/2024, 13:55

240914-q8krnsxfma 7

14/09/2024, 13:52

240914-q6lwysxbjm 7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://oss.jodi.org/ss4d.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707960153217043"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{9FD3C123-A5F2-420D-B42D-21F11984E46A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1792	msedge.exe
1792	msedge.exe
748	identity_helper.exe
748	identity_helper.exe
3744	msedge.exe
3744	msedge.exe
5196	chrome.exe
5196	chrome.exe
5272	msedge.exe
5272	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe
Token: SeShutdownPrivilege	5196	chrome.exe
Token: SeCreatePagefilePrivilege	5196	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
5196	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2572	1792	msedge.exe	83
PID 1792 wrote to memory of 2572	1792	msedge.exe	83
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1768	1792	msedge.exe	84
PID 1792 wrote to memory of 1112	1792	msedge.exe	85
PID 1792 wrote to memory of 1112	1792	msedge.exe	85
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86
PID 1792 wrote to memory of 1540	1792	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://oss.jodi.org/ss4d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe832046f8,0x7ffe83204708,0x7ffe83204718
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16107812036047957476,16190815317811931761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffe71d9cc40,0x7ffe71d9cc4c,0x7ffe71d9cc58
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5200,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5032,i,8357668116835524317,17891675649676157255,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\04801849-aef2-462c-bfc7-4925781ec88d.tmp

Filesize
9KB

MD5
86c5667d9b2b7526ccdd0b32c9ce4375

SHA1
e5f3f0fffe5553755b0438882f36d5d6b2ed3301

SHA256
f296862835186020d9c93ac629d92393d216bb181b9b340a07ef52ec9459a1ef

SHA512
11aba8c67add790cff2b108aa7e7e65101dc04bbf8b2b8c8bd2d8881f45b2eb7270f08e0e1c4c4647614aba50c80b58b7be2c14e772b060351614d3519ba56ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
439ab08d65edad5d41d3380bab92c51a

SHA1
626171d8d47b38a3fd63ee4db01cddd920173152

SHA256
01ccce64d6d7e98fe128a407faf33c088dc34cec76c33184a0e1c11e21a43504

SHA512
61502c54b830eff666a43199a933722b7fe69f162c90b87bde8f80e76f7a056f6c2bc9a3343d2dfe513fef3cc7e041c04f4634f8e355b851af664c6348d89a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
34acc6034be00eedab097b97d401ba10

SHA1
6892aedf70f87ae17a27a98fd9d3d91eb8203382

SHA256
0a92303427c567f07f3d4e0df2e712c75e861b67ec1d32ccac327577b8c0ecf1

SHA512
ee89049d34857ee14d38314e7908d32948f9e02b97060c391cb5ca8b5e1644aaee93bebbc36d844c10c5f14dcbba849e803ca123b8d53fd5b2011bf8594b895b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5f7606ade5d880fdd15698e1ed1de1fc

SHA1
d3fe411c7213ddb47a6af9d00330f6aa6004bda9

SHA256
0937475caa7e28ef5ad963540b27f8380451395aaac93a7f7df3483b4e0b9edb

SHA512
373380e953d31f9fdb001ff2d0aca536cd7279b4a27183a35141acc8cbd9a46a89de4cf42fd729f758db9c903b6bd9c2ad7645efc5a322659b105d97ad494fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
238095be5a0b0436b6d571e00da65ceb

SHA1
a1b5cd4b766e35788095bff6a73b2f0af36ed81c

SHA256
aab144c9e4afaa3ba2da7c7b907a530c773c922dacc6c9f826f5c3c967c9302c

SHA512
2a333f9d59339bde9ebb96d81b876a54b84b53860c7d7d96f2ebcafb2f93133ad6977534867303279326816d1206c4876f1ef5d553fc89cc723dbf62161b8f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
28ea1650244345e331264590fcc41b65

SHA1
7088ca82820b5f8601e3cb5873afed5ed6b0ccf5

SHA256
9db15fdf66ffbfc1e9453b59290de04cdabfe677909126b90c38f980b9f15702

SHA512
2bf700dad1a672f744aada1899e46c7695e9d7cb68849936758128a78918a2928409f5afc34c98b9e61bfebc63bf34f46913f585188244aed485db62efcf54c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d16f62f1a095db9de76479fad830e48a

SHA1
82f3d131a5a392dd4f06eeedf6b866b83d0c34c1

SHA256
9ea188b645cdb946ab2ea12eea4f74111fb2c9d01da7eeef006581c7e8f7ef1b

SHA512
8899cb19cdd948549d77dd6bcbd2c3c20ebeb955d6134f44e2ae342330d5b1e1776767a88e347072eb5ba4d83039cd5426e0401e185620af32e9a04e0cdc13c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f2a04d86fb22efe0f2acb6e61b16d7b

SHA1
3162ccb5275a07a526f740dbcd416e2e102b9844

SHA256
49093dc755ef5ada04cb21e9463585528e25af01a23cc87bd17efb546a54d54b

SHA512
9f3dad73b7a8850fe4968b94994f5f278b54f6fba470d8b1fb9226a010cce09301389cdaac93d608ad1739db3a008b94acfacbce459798728d23108405d5375e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e8511f07649a706883f831d0ea0e6cf

SHA1
6191ad0ebf748a13c1b8149931d56c247ffab57b

SHA256
67fae283bcba6f9adac72394e9413dc18239cea3d9c5300f831a096ccc39ba8f

SHA512
713cf3d8e06aed7d1d06c38d09b3ca607f96f242cec55bd95bfa6c9f17b6cbdbb764672c12e5317dc206aeda04321b5d58b95aba7923f793a93847df3c7d9885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
478cfa9c286fc80add8d977074c292c7

SHA1
3503043dafddb49cd04fafa9b8f9bb67fa3d9a8c

SHA256
762a0d5958e79dc8cd750ca8dba4df8564b6305a486dfe84136932385142e574

SHA512
561c84da17bcdd0d733854cc743fa883f21028b0a7770518fd751b62fcfc0248c78688b087301b387230d345f33372c19467020b74423f59cdd7395f3b89b5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8743ba11f8f4124dfecb0119bed2480c

SHA1
736de70f9ee44cea390f10c5500d4bbe9c0dfe55

SHA256
be40c230e865f63b4f88b2fe6f6823f1f583d3ab0094872e85e9fa2c2de5d004

SHA512
8b25fd289edc865b742fe8360d669ccde52d0007812867cf3bfe77f50326aa936b5ae9f792c9e9f61e74d37bebe18d1cfda3ab434ba55ce2453464cf1d7d22e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
341fb035ade396723a8c0102931abab2

SHA1
1ba16c7727c64d43fe818d61dcee0b4b0d635dfb

SHA256
fd455950257c602b8ee31bfa946b146e4e86276b56da00e25b5846ab78c0bcff

SHA512
feb92023a968168dc04f35fc20ee78f016d4e7bd9959bc87b7ec0884f63a63530da688f89d97b2519821f26e4a1781f6d3712c69c22a39a67cd1280e7426028c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a9ca2bee7288a1439b1ab761646e8b6

SHA1
83d700ca2e9bdae2f733da299d7229e25b3d03f4

SHA256
ab9a394c15ff5e71f8538f635d5bd72ec456bcdfdf1ce45c9491c5c99b1841e7

SHA512
e7ddeba0e1a3bb25506af393278383933271bd584a492560112b568e7aec291bd0cb1def98cb6c690bf9d27c62a4c2f259500088f36f1a71ef1946abad19f09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
f4322c486fa336c25c33ae60a6441e64

SHA1
d3b9e77d44be23a33b95b0fe19051fdc8b4bfb62

SHA256
6fac88103a7a6c74d016d676e411aafdd3080c7a4006b029e89970fa0a0e2994

SHA512
e7b8e0b7c9c3193c046fc0b5a8e558a1adb04855c5b8627f0f612024ac1a471a3208c2344ef7bf49d9476dad6397256684ee8a81128d78877d3c35a54db13a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
03c90fbe911aa6159f4d867fdf358d47

SHA1
fb96acfca7b2aa14aefe9360ccb50a1e9fd4f7f7

SHA256
2d168d9707b0fa531996e876716cae936bd1a4ac43c40f6afe61668a56955374

SHA512
8406faac9b4d1cfcb15b64296c149ef94d69fef827b5bd2650310a3c38e4e53ab772cb9b1c0dac8b958fa7b3a50e7cae2bdce37cd7dad2f14c2dbcddf1a637d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
550B

MD5
af80bc4f8c6f4b47132a9ffeeb750e3a

SHA1
c5535c316e37db29474fcdb63b97a00d0b1c461a

SHA256
b16b79a2133a1e0f319d1dc557d188f98861ff25a470519cbed3f1baf6d95d6a

SHA512
6df8f3eff7d1f5f45ca1169868bd48cc6395d36ee33292729424dc073fa52f7752d630a9342fc1071383322538ccfa1b565bf73cd2856d64ada0300d2f51af65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cab6c617a6a508ecab95650f38e24a7

SHA1
e5a648213aec9bfc8586d8b96d3d30b657049888

SHA256
7c8e315420ae47fa23ec4a26fe8faccee938908382544e54a00198927d37ec80

SHA512
6891d27f3de2a7b96a344647d3606441a80db3efdf918fd3b173d13e8270cc18ac0099772aa74c16c15118b8bf193f9706de91a085890e32b7ebdf29acb41d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
969680b824292d87d263beef7d8064e6

SHA1
41388a1fd65f82772559e1c8a4612fc257957a0b

SHA256
d4f1c4e91e10d8294bd7c6b79a090ed42c258524a03ff341cecd438027d9bfb2

SHA512
0d386cdd15e28263c7cafa96a1ddf67975155abacc72fa8b8b38362e81d2bfac46779db5c3baddf9a1effdd1cf4982537b197e6e16306312d575fda6867b5430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15a35544efbd1517fa5aa49e5e662a54

SHA1
45a4df478d2eb64ed1fe26dae72fafa42b626235

SHA256
a0adc05a66f9bfc2b9cbf0fb5bbca59a6b8e89b1c5290b8bade3fcb35438a9f8

SHA512
45de3c3b98dbfcab445cd78641b8094c20304f2347893b3a844285b23b08749cb78fc44d5dc6dded1ad162f86f0cd4c4364ab21e10cf7089242a4431f4b8a4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
badff94c75d29c7750da0a0cb416f20a

SHA1
affa328596c5938fbc3370d95cf9be13ac516547

SHA256
f276d2c6f64585cfd47b030d4a6dcfa39ef3da2977c742421480e51dae858af2

SHA512
1945b558407f8752924ffdf5ffe6d61b56eecb73a199a9b4df3a063b6d2bab02ffd7157ea1a4399a6c40b39a8e6480cb90c1bf18182d8d6c333e86913772a4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dabc3e84abe813b0b22b473d9d63ed7

SHA1
ec157a16a77a851093dedfaf55c765c3219ea481

SHA256
72af45138112c97e0768d34fe4a2b988ba00631d7114d15e59b92cdb1ccdce7b

SHA512
cead789d9eee9d33cfd5e152fb9ba62d48bd41b3efb0da6aebfb1d72136011a85f89b38c71626eff3d9241a28087fac96b53b46f4617e733ff0e1735c956740b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c2dc2bb720cca8758c0d06a0829cb60

SHA1
7da696ff4fc84ade4d93ac1ad155ad7479cd34b2

SHA256
9c9fd1485a917622c93dacd9fa84ae4ef2c4289edbc78bd71dbe429313bfe8a8

SHA512
3871c6c5dc416ff8dc644fe12e037ac99f40719707b260b63e7ee15acc6f2f2a01f3b8fe3e96ee8764a21b003aba33cbe2051ad8fff21707a485e9fef9100b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ff3ff66117918086ad17bf315ecf2ab

SHA1
af6a9beb6c4a270f7f2a50fde38051f19b4343d0

SHA256
0e04678fe0a5f50df17f7d9508ee632fa1cc42f5548222c41807960dcc83d9c3

SHA512
57e2420ef899515e2a165bfad9d41dbbe1361eb31449a5494d9ad864fcfbeb60b4d1b07623f85f2115134d52d95f582590c461970d76eff1692794b437a8edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 108014.crdownload

Filesize
1.4MB

MD5
5bc7c996416e34cb5d23221dede5cc97

SHA1
afe2c6c0863039c11d7b791a91c3c809e1ed9071

SHA256
a2d54cc2559b87841250b25a7b3f72cfe5a6ef5cbd3e720d2782c2f3253f44af

SHA512
34ae27539395c3fbf577be19f0fad383ca862e4d129ebadb2e637e8b5e56dfd96619833050ac2b93d22193c72a8694c621b99a00d32eedf7f57bad7f5ca3f373

Download Submit