hxxp://is[.]gd/h5E6we

Analysis

max time kernel
256s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://is.gd/h5E6we

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exe

pid	process
4544	msedge.exe
4544	msedge.exe
4072	msedge.exe
4072	msedge.exe
3000	identity_helper.exe
3000	identity_helper.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
4688	chrome.exe
4688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

msedge.exechrome.exe

pid	process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

msedge.exechrome.exe

pid	process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

Processes:

msedge.exechrome.exe

pid	process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4072 wrote to memory of 1352	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1352	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4308	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4544	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 4544	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe
PID 4072 wrote to memory of 1856	4072	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://is.gd/h5E6we
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9277946f8,0x7ff927794708,0x7ff927794718
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
2⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3584 /prefetch:8
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
2⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
2⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
2⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12709755611059603218,10612497741627314508,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1268 /prefetch:8
2⤵
PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff916f0cc40,0x7ff916f0cc4c,0x7ff916f0cc58
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2332 /prefetch:8
2⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:8
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4816,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4504,i,5880864826809679146,696802603997070341,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c88908e720743eb6b5379d8ec572abf2

SHA1
87d6f855e2c1eed7c367fb5102b89eb36cc05348

SHA256
fe2e3dfc7946102aa81bb70e37b560b5c1ec7fa1bd5077bdd5cd5bf6c7161257

SHA512
e61578fe5068c5524f8bbb60d9c0a650f79cc52ed3b97f0f8e9149b2a8cff5617b037ff78a2967734484d4498ffd23fba8342a7780cecd6644d5cc22f02d5f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
33fe82fe141dd103e2bd5c9f8b2b3276

SHA1
0f4de33a8988252803c7e768a602f2f6f9901fe1

SHA256
862c6cc0835356458c656fd3c2920f0cbba45fcdbe1f3efbe1c2b5657dc50e88

SHA512
6d09be456db72fa7ae2d8de1a18686f7866e11429ef46c0b592c6aa775094a8350537beab8f7c2cf66426b3993e971529caf61cb96d11f697fc5af9d9fa57382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d73d190fa1eb1835c80fbcd5f97399b9

SHA1
f627fa5b3060505c58813692398823e1cfed0b49

SHA256
873e272160be362ca885abd80994c15d2230a3164387290bb2184499615eff9e

SHA512
23988a0cb341d119660aa2280dd02941e3fc7502b8db15772aabc96e56ed52e059818779682de8bdeadc53fc89466990c168b39b1df5e5edd37eac8a84414acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7327e1713bb02347953a5ebc266af141

SHA1
b9a096b470b11872ef2b34691c5cba84d2e90987

SHA256
bd5f8f4cae2919a09e864325787871b771e44371e733bd066f5207d5f465f1ca

SHA512
e3de146048b441675f5f80f2ca0c73fc0c5f7089ce5bdc510385223dbfccf35eec82c0e31aee4b845ede7487ecbe6679eced5c060d51f71609509f79bfaacdc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ddbf8104-cb66-466d-801a-e859364c531d.tmp

Filesize
8KB

MD5
e406831bcc4a501689652f2e9b2133c7

SHA1
e0e4cbf70314729097c46e0024a995b6db052878

SHA256
12757501d64f17dfab474cfca0a50173ccf16cf55bea8a658cdf654b1a89e717

SHA512
d5376f2445df2b0f532a1d7dd96785bd708e76b79de9f063ee928dedd970953f7ad4de1296d0e190a8bff089f23fb3d6c12f437782f3aa41503af78b9eb90f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2d74336013b8be26e4232b11b15c11d4

SHA1
e86212c061d97fde1cb6e8c2716d3c65863354e2

SHA256
033336b7099eef33e408a112ffab98fb6462ef47bc3af2d086c698608adecd34

SHA512
778a92597e8bd6f3d8b0f9c05218cc77f78c995c2d1a9af37c44d46ccf92d23fe0418dc3cdd24423861706e077dd1cac3f3c5b4aa2ce69721db4a5bbb0588e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f099f5c61f197de322c5c5256f75235d

SHA1
ccfac990b35952341f72d9368d9397c156c9657c

SHA256
28c1e8b787409270b7db780a5e6b8bed382949ad0737957db7569ebeec85c265

SHA512
1306f6f45f0eea54e70202165a2ab1a1094c2f3f08852e9d86c6f78154a7129b9ae8215ad5d47fe3d1e8ab15dd4d4c00eea688618f815de277867b51696e65c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb96804ea04ea563ea589a2e26ec6e57

SHA1
77e6bf1298936b3d098590301b41353d4ad3facb

SHA256
75d04c82a37a65171dd9a51c8b379939ddf1bfec61421d9f864f635f2246dfc1

SHA512
42c8d2684abd0777ef3cb84085670a100047c4a39818c2e8f571fa4f8f039a7e655781cafd42a27367fdce8cb6d7699fad4553bf2c8a01453f1beeb5a99c07af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
961021f04653c4aed093a167559d5ee5

SHA1
d1ed60a3021bb4aeb9f5ff6199a4b25fdd57cc7d

SHA256
4889e7362be356d4662c1ef226e70c9d2ed8b366ce7957a98fa3c218dafabd47

SHA512
f0467d5dd746c45e899a64ec85bed59f7ee500078f66dfd44be2bdf5efd3a1265d0a03269800ff2f468e594be9fce3583564b1307759f32856e296e57da62ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
620B

MD5
473c7b55947b39c90a0234c3754a18b5

SHA1
bff80080204dba7123e4a9649efe67275a30d275

SHA256
4fc1a44796fc358ffbd4500d25254970a081ae59bcf696adc791c2ac74cb9ee5

SHA512
9e7b57282ed5e674dcda8ead22311a59aa3e3a3f07a1dc6d8c08d06a3789980587bde947623ed7124c726ef17bf962d410a336dec5981e84c4ac5e88fcef864c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
620B

MD5
eafea192b75b94b39957045e913463bb

SHA1
51eeb484287f0ba99bd289176c2f1f385fdd2c4e

SHA256
ac434e928161d69f93aca944b0f6bcff015275ac535e947dffebbee3e8916936

SHA512
191870c6ada10ec7ec54b35db10d3e8c5ce2dd64eccfdfbef942c198810112da8ae5ac1b84d66a5237ffcfebad02f543ff4283a78034133655a74f4750b121fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fea060f981f0d20d15ac8db0548786ee

SHA1
6cafab3e0ce3754e2c3e21d8cbbd570691af1815

SHA256
cdba6b6c7c5bb7ecadbf3a8d52f6d6a3ebf3ad7e358cb3dac37d84ad652c9093

SHA512
da33e81782d21bdd24bd5a0b92b6592d06ec1067b9546fb44a2a13acbe9ec05ccad13f6d64d4a4caf5a5c68ba86e802844b978ded539f2715b53541e128b7b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
90f7b2edc33f3063d27bf14306629ac8

SHA1
02ad767a5da505d58243fa6f3d1ae9f9f1f97d84

SHA256
2d08afedd69a1a4a8223aed17d44d6c2a512d131db52663f605b84770c59e7dc

SHA512
951a9f785cc1a18a6fb56161f622a3abc251631bf8a1a400ab99860d09f703b0aeec9e90f6c7e9b27bf9a624b43a4146a531430b9881cd3de812e697e84d202d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84eee5b467f4a0b57739bd3de5e28150

SHA1
5d47a6ac59cca0fbfef070331bf2ce724f15a9f1

SHA256
bdca71583a0a758bb9e79f765ae5c7d26ec2f44fd561d0f1427080fc2e0d0332

SHA512
53d5cfd279cba8068b17f666c3ea9863670ec9b0bf38b6b0a3191e48ce0dcfd57041621bf10c8faec3d3ac361d4a244fd28be936fa5e1e754bd7daf64c0cbd09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4691214e7cc38239de7dbf777aafc31a

SHA1
198e0036055dad7d249228198b0e9a7c44f0bc8f

SHA256
10f93877148c975b00098b97c7a8a37a7794f70dda767d9bb184c177853e03a1

SHA512
495bb4e229e104971f40e0178d020e8e054da2c059b99ab5969f2254bef528574a959bc141a26474e2f844a804e561233ca4755f2a412464569f2a34b87d2a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a608874b5ed0a692d541c6522a0257a1

SHA1
fb07bdc8ac5ddd2ab1b6ecd719dd85d676430e9c

SHA256
5d7dbc82c5c0336bf4164eabb86b35eb6101f4f5e6b779e8986c6dfc28e92bfe

SHA512
e870055a64f9a805f89910170c68fef53bac8258061af3972e5522707fbef313e1e4d5262e6e0de3ca02cb2d2becc927c3d24ee8e6cc7ff202f52cd21596204a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0729206572e9422798ee0151f486d200

SHA1
a74dace9005f851ca9f3ddfe2f7358d7ae0ba6d0

SHA256
2cbfa9e8732a77c39103acd500eeb8b8aa3e91aa9d090153a281a6efff06dd7f

SHA512
2e2a43846608f7f0bcca7aa0d93badc589421e738025dd4151a8622e5340b05661ae146277b4867b56eae7adec33968fe3712a83f0a2a68b0cd6bd835d2fdeb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93349875dc02a3e72375f5c2a6dcce12

SHA1
0079f50e26111ca5ee8424c3fd0ab2699d781338

SHA256
0eedd5c93c8b7c417f33b9179f1c26373d519779176331bcc42cb655f1fc0055

SHA512
3cc9b0aab76adb70b25f56dead715f5d9ec31e0e9163fa11cfb84b7e5b22d1a8516989b01844f587f812cbd1580356c3190e0ee3a14df0235290cc1d0e86b430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b6e9ae114ba6072ea25d8ec5a2251ce

SHA1
8a53f85e93f86d9785f868520a76b36f63ba1e57

SHA256
2918fecd667ebef7c7a0ef6838e693d2af5449edd227257232f154be897be67e

SHA512
289665df56fcfd8cbae8dfa00f3444190d0d3d435893390da339c57d4355e25e63993e04544773cca9fab7d5849d7696963bd514ddacfaad3d62389e2c5716c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
92ce7c7d24556ab77168d17fbc110c94

SHA1
ca7073f87b1cde37eb7b3a8a5f9c020b59ca5e3c

SHA256
f3217fda9501365891c4f565130c51f118e12c23f97ff1e1f3832e6c52551f04

SHA512
b39569f6c10a919084191323b562ccb2354273fed32f0f0ddae01a4494f7cfc3fc6b85c4d52d2a83b5686bb43c3134b7d6d49cc23f11816d8256b47c91822d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
e0648690544b9df6aa9a96a0f848d49d

SHA1
4d3b329f00cadad9a8270c221084ad5ea789bbd8

SHA256
13edf5010f2db2501aa1333ad22f23732962000d16d9a18458d7eff068e8c00f

SHA512
7e67eb8afbd104b8e2cc41a2717f54f81b8bcd7ce5549f6e7e9d9072617f0326fdaf9d4ecb638fc65ed69ba11db3febeee818f634f609c4eda0c02d12b376a75

Download Submit
\??\pipe\LOCAL\crashpad_4072_IFKAYTYDSYFQOQKN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit