hxxps://github[.]com/Dean2k/SARS/releases/download/1[.]25[.]0[.]86/Release[.]zip

Analysis

max time kernel
116s
max time network
113s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20/11/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dean2k/SARS/releases/download/1.25.0.86/Release.zip

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765467474578106"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2548	msedge.exe
2548	msedge.exe
1816	msedge.exe
1816	msedge.exe
4268	msedge.exe
4268	msedge.exe
5280	identity_helper.exe
5280	identity_helper.exe
5972	msedge.exe
5972	msedge.exe
5740	msedge.exe
5740	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1596	2528	chrome.exe	79
PID 2528 wrote to memory of 1596	2528	chrome.exe	79
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1292	2528	chrome.exe	81
PID 2528 wrote to memory of 1612	2528	chrome.exe	82
PID 2528 wrote to memory of 1612	2528	chrome.exe	82
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83
PID 2528 wrote to memory of 4072	2528	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Dean2k/SARS/releases/download/1.25.0.86/Release.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fccccc40,0x7ff8fccccc4c,0x7ff8fccccc58
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2060,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1704 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2960,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3548,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4272,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4688,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1040 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4996,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4756,i,8273754074368690270,3941350188560311468,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:5208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2628

C:\Users\Admin\Downloads\Release\ARC.exe
"C:\Users\Admin\Downloads\Release\ARC.exe"
1⤵
PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8.1&processName=ARC.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:1816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8e7a43cb8,0x7ff8e7a43cc8,0x7ff8e7a43cd8
    3⤵
    PID:476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:1488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
    3⤵
    PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,5146987491558649027,5341870312453746379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8.1&processName=ARC.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8e7a43cb8,0x7ff8e7a43cc8,0x7ff8e7a43cd8
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:6048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:2508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,11872048714209664477,5905081322198809077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Users\Admin\Downloads\Release\ARC.exe
"C:\Users\Admin\Downloads\Release\ARC.exe"
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
30202a778e0d0079b5cd2b20e78a2a69

SHA1
1f35739739a741c1bc4619fdc12478b46f25f8a7

SHA256
ce2560398b2118499c275a9b52bc227bae2558630778843b40e113d2c0709b7c

SHA512
a7d4e1303058cab27a70a61bd97d77b88850f9a6b266d3246a3c394ed75b6b1be20307c9a732749da225a8cbc8c2c96e7a79979a294c71d5276291043c292fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
679bbf7b342b211f7a29c491d94565d0

SHA1
aeb064c4ff94adeea92cf295a56352dbce7fa3fa

SHA256
cc0a0dd81032dbf90cf0fca0040ccac580d2510b44970bd223c26651622f2e3a

SHA512
bac39ff065250b8fed07544a2115c947aeab43965920160cc60a1926db91b5deaccbacfe7a5cfcbc587863d012bf759ab23b5927ae6b2cffd267570008c3850e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33de0522f99e74803ee3bbe7a4027ba3

SHA1
972a184e0e73b07628b0496e5c40e043235781b6

SHA256
e00cc0794660a8e223d06142bdac1b339f73ccf98e86127cbd841a9ab48e56c2

SHA512
ffa3d44db9c9bf3f05a227543f28e503d13c87d44ff750fc46364b85ff51314efc4d604e1690d3d8ec02687645d282b00d4a5722678502fea9bf8fc678f5914a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
291de88a14a13b0e58c9130eba9fc6c1

SHA1
1178527ade7dfc8271b44d79dd85b6cde011f2f0

SHA256
5f4521a8610363ef1907e1eda1aa4ef9ee4114523208d240a5478f0861768204

SHA512
471814c50e28a795f13a3e15e249b7dcfce6a7e49f0b2d95ec53a1797d77ff08d8ed51c73aa5429aec74d5ea306f4864f3582178e10c9cf16224f737c70e91c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
02ed5ef1245e3841e736136c10469fac

SHA1
0f51cac718c13a70b670e88409203def91c717bf

SHA256
01610ce342bc87f88e4409756a3dad1cd2b15667ba326dda8f27857eed6417fc

SHA512
4ab7cf1815d45603d3b6af5e0c8c17896c60a3c7a5de5f7e18948167fdc9f0f1092d0313d99d7c63af9824e77cea8937afaede49335fcca02805714d60e6a583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
44363ecef3fd15de775f0e307d861a05

SHA1
92f652761ed73b84dfca3a8481b35331502f9952

SHA256
e5fc00c66d047725648121b391db1b43950205554aac992099afac2abfb8e891

SHA512
4bcd0e47bc7b9daa40a82dd3af51c79f9d75275870fff8dbd247506bcd58c54afea01b21ce5dac589523b02f91e252fb6bce2ca8158d182a02b6c97fbd93ff4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d935c710-7ec2-4cb0-95d1-bb666015c139.tmp

Filesize
1KB

MD5
5d3755f68810583647110c20b200f6ae

SHA1
572c412b226c00be2c9c7e4aeef3467b19331371

SHA256
c4d85e558eaa402e4d539069f5b796a7b7f6db6eca1f40fb72254c8eee4759df

SHA512
1ce9b51e76f9b5a366433bab6c8b9ed185df12b23217a7af29a71848544e599368d5e1e203d09601d215d68b9609a624626f22070c0546419ed5feb703e6f642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
255a8ade31b680581cf7b7dc9984c351

SHA1
45b902c100909e9a739b494df1f55294947d5d0c

SHA256
1334b7d423daba0f3310198d17664a314ebe3e22262789d1ec50bd7f5bba966b

SHA512
2df0a77d532a2a22adbdf9f1168b6ed47365c2ed2bcfae5c4e32fbdf8046d5af578f41ff0467b6b3fc70359d4c3831d04c9a9bd1606b58b94ed0e042fdea18db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b0f0badd97e05f0496908529995cb7e

SHA1
03fcf427b33080459631ed3492e628a94963306d

SHA256
a5934efd39274affb1cbfe2db705ce225a2c543a76c505aa935a72b38e8f7200

SHA512
d0ebd668d79a70fcaa8e4b9ed5af75b41e90443c53f8fef5d48f58953d0b034f92d5a622cd2f063973fa862029a1868a426219ec60c341d21fe08fe11be97bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
777f2ca7ec219383ed0cb992211e58fe

SHA1
5886054f3e09b8afc4f6108acef34c0cb50728d1

SHA256
ff6cfe86453b2d5ce723af54cd9e5b4a66e3eb6181f76de248b53a4ffa2d33ea

SHA512
ca4f2cb4fe20f11fe9407083693c2a298ca2c5f6271f6009c618e69e04c7801e627a59e26a40d5bb977ce71b26df6ef48ffe75136dc6187984c74c7e5fed9342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c66bcb7d2c25bfde445a052615947fcc

SHA1
d96e51e14e277d6bc9485e6ffbd9fb675c3198e6

SHA256
c110dce547015151138930c3171e790b305340f8c141f99c78d483ff76d1b451

SHA512
5bc2d9d33c5c9bd5501dc1fe780d080e7275ac304c4f686924f5ef4f8482bdde8d3b8088ad48252041d8ae2e7c7772d07a113c4a4b9be5d317c889dfbeb76ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62b6968430cbcdde8bcf5dee5b2e2765

SHA1
d57fe569f6604bc4f87f1e25ebb64f95e541d262

SHA256
31a360f414a4962a5555dd87b75a09ba0bdb6a028455c800a177f1f91ee4d4fd

SHA512
39eca8d5218778a1f2b75815e1bfab4ded1127ca84ebc22a0135216e4c0e70dc1a0b85932aca2287143353fe9ecbfdce493dde3051c5a87880e135308c0d6e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d1e24c0e590139dfddcd3abc93fc1bd

SHA1
5d5595ce34769957428fc8cd46263345dbcf1416

SHA256
fa92fd7e0f3ca650ba8d13e2ebc259d0031408a36858c4a909092fa39cf74582

SHA512
ded564f30a3053bbc2724f067fc2bcd69fdf1eb73614e20291de4ce7468960e2804bbd2a87ecc488da3c933e26535e136b8b7e0f432c078006fadfca493a2583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1e9dd2ce5846e84b64aa505a85c2513

SHA1
d7cd4a160f20ed80f842b4599a38b11ed931e774

SHA256
2a144f6289b066946725be2e1db9b5a588431bb6f81a81656ccec66187a1cdb1

SHA512
40d63557446675cf4f7c08590dc1bf308e085dc47cef2e0dd9f3de9388cfeb0d810508408282f12c3cec44ac02f9374d24c7e2c219305d705039d1114aefb123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae097e17-5706-4c41-801e-bada4a81da7d.tmp

Filesize
9KB

MD5
f1e552f2ad6dfb7e2405247b17459d93

SHA1
2afff8360463dcd137228784322175b008d05f6e

SHA256
e17c1cb48eafd75239298eba8435405bb5bdb3b4bf7e4c8dd099a68706c89630

SHA512
75e70e6d8055c909513992cd9a9715e97ebe3fc48e2e1dd9acc11c9634fef6dac363f17e0e71bf4822f3abc6a5fd7db67024e6120ebd805bcf2729da6acf19f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
89e369863f91cbaf23202508eacd094a

SHA1
5af6e74561c22beff69612cdc7d5d68fe020ded8

SHA256
ae8a76a90996e1fdd17be90a3d4d53727d488bb2a9789ef735e2061198f8ac91

SHA512
e5e10b65f7de338a4b058614b0269a1dcd9a86325930ce11a3f54294d1362bfe552a3e3aa2ff3163c06cf52ffc8df55280f176f6359d87613cda57b6d54ba2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
2af1a1d5145e66c26f303be0f9b72d46

SHA1
bf236eabc3e71fdda5c4fbaad24868e9bced6ac8

SHA256
08a6d8499bd8417d6d44d4a2aeade58d4b6bacf8b334286bde320316231186d5

SHA512
d15f74388cdaead2a9ff09839359127891e7cadd0d16155ebef0c1b74a92673b109ccc653f887a6bc4b4ebaeebacebd078c8d4e3e58b120ed4c670e88a769e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
0c6c98f907ca5f0faf40ac2d10d028f7

SHA1
d5e5d296ff1836f501b83eb56db542b1f4ce9bfb

SHA256
366ca7f22c64225ff432d110d8a1013b21b9a1a05bb11eab15f0a6aeb545862d

SHA512
59ebfca424207fe01097773678ab1c0d7d9ac8ddd51daa323a835eb9d79b2488f05b3d86db7557adb818f7bd20a84b522ba6c6e9ac05d4ae4bbeaffd8b6f68f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
55598db3dc40b52ef5937f295fe3372a

SHA1
4ca25d612f4759ed48f166df42e42e0b9be44819

SHA256
780a259ce0e385d50d83d2335dae08af681fc49ef9b0f3f0727d5ca8ba992cc0

SHA512
8f6a05691a334351ea534671619606f244bdfa761b20f4c42f60fe8378b56d1155af0a612f3dfcfe9ebe96ee1edd97fcfb3062113eafa57e2d4349ea9a360c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0b274a4d8db19748b7ec629edb66eeac

SHA1
00b86bcbd518695246fca41d6bac9d7dea413aac

SHA256
81e58f475c2701ecd2dd523936cfb3016ac9e0fb32e81673bf92355a2fb1ee89

SHA512
7b7443d701512e2f445f4e3ccb6c6ba49748f109d27898b670c6bf4ea470d68b58e5eca11b99c4937f62079e752b114128565d9650378c493bd9abf5a521ebca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
388585b6cc09434a760221c98863886e

SHA1
610015fd391c6f556524a840837f32c86e52c6a0

SHA256
99a0140ce5e9d47ec7369dd61bb43b6d8fc31f39fec7eb8d598d8d5a41508cbb

SHA512
71a87a5d2f015c6f964c781818cdf4166a8bebf9b7458414aa969b178b8d44de07f4b735011c2e94304ef376df8417d6a58827f8937bfb6fd0075f6f2588ae05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c707bdf613834b80b1a8bb361078945d

SHA1
0bd519cdb2b46709067f70c40f3b3af751085c1f

SHA256
ef76ed65b5e383b2d3cfbb4c06d5f745a068919e542b0e513e19b2bc8c4b1208

SHA512
93d1586b1b0e91afae5375c3fdded3adfd631330b6257e76f7d131d5fdf1f57a04a41c609fc4409b9606618f0df1e96bccc3a491599979f3bbe465b57f3037ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
e03a098dc3cc29ea72d858c1b2d0bc4c

SHA1
a167ad5ce6422536d4ebe636746e0fa75a7af56a

SHA256
215f437583d05d725140eb0dd1af38a0a845516a7b1c005a3db2b8a3a9060d06

SHA512
2423f0f1e77b73bfef3678a0e833878952f26ee8e918a0ab42c77e6cd80ef34bf1bae4778058f184d6c5df1f9b3e91580b91b478cc8389759aab81d58d5843ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
9d58e2159d4096dd5ae99dccda330244

SHA1
da72b41d4cf2d4d1c6f414faa630a5509c6c72cb

SHA256
6f5491914a3d7d21bd74780bd70721d8d07b55c67a6fcceb22e2421241c8325a

SHA512
35d2b8b812c048d02443d59f302751f48c16c53f9e55d8c01a617e16c317680d90c41cc44b5b8d39030ab5b21df55b9b2e50a61e402c36e39230f9b497c347b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f808a19a1dfbf2113d809d9a951701a3

SHA1
79dc4156df37fbf4900f33ae8642720377a85cfd

SHA256
1d895a9264c3e6357a14bad287a1495259e0079bf9a3dc967866f8d4543591a8

SHA512
14dd3b4de543e6c5bf4d116b388bf64d4915cbec87cba4c8c3066e05d3fde0fee4ecefe23448aef0b1a5c8c5cb13574764548ea5f359d5f0297ece8b27270354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
4c68fa9da4031e4f6bce89afb698f67a

SHA1
05253b06c10ab70558beac773286ef6c56292e6c

SHA256
9556882e8bef920eb50efe55b57afacc70c710e8ab808eb95b04e8d4b88eed2e

SHA512
e750014f86f1ff47103a585b912659913f4b40c284444747c770d3ca870cbd2ca1f249406b815c518c59d5b6f95ff3761bd56912ec799a22170ca0f7aa9a7ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
803092f24fba545024098e0246375303

SHA1
784780ba32ff8a385d6a96670d5ffae7074574d9

SHA256
c3c306b46dc262647ba0fbcce143747e5aad636d7c12c5666fbe42451498e23b

SHA512
e3d13d1d3ac881d904ca92af99c3f5e9158ef0a19e89a39f7dc7321182a95c83a5a776c8faca1d59acf962a37038ff35ef4f3eb7296ec7a290161841d7859019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e8169773ba36f5c25e7154b72caa399

SHA1
5869e93048940c7f88bda5ebb4ea35150a46ed54

SHA256
b335aaf4af765287050a4f43801559823cf0a91bf230ea02c7f83a54d1a2c277

SHA512
72fa5388c037e18c2bcd64592f2b49f6907470736503499a345f491198c3d546a27d72a8ce3bda4dc356843d2f3c8874d62637c320384c053a9e5ab6dab1b795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dedcd62527de54cac7edc134597c6ec8

SHA1
86c9560fa4ddcd56a5d4864b884947d376d5f589

SHA256
84073d81933edb0d6210a126da585d401bafea5ce4963a50d2bc0748ea7410c7

SHA512
8408907637bab7f98c73bdebafb65e3dfb8f0f9062d056a47730e08e633f303195322f0f6cdd98e97c3891ef8c0bdcff52a969aeabff011ee4fc153df65db356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2e36d841685a851004e6d067c0daffc

SHA1
2ad67e8a037cf7d2a2d63a853b0c2bb4a36bad22

SHA256
b4e12cbcc65d21901f62423376603d2eb27e75d4e3edbe7aeca962b9076b7c68

SHA512
f5ea184e38a4b99793cedf3f35b5f07b208ee47a291f5d458f8ad2734ee58e49752911a1617b31976ccced7872e666f369460f05ad9fc3cc95b652e551a15388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
d8253a264b7399ff085853ad72c51bd6

SHA1
5fb141823206abf200fb0b266a24c5faa6ff8193

SHA256
e9819151c44201057d7e47624ec86c05a622390f0ce160be88c4b067e9266bd6

SHA512
4e55a3a3045a30455177f9168ea0e77be2086025ca3c19367e4aa6da291741b92dca162c065033f65a06c3fdbbd77d2fa8e5031620613fbaad0191ab7a999695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376546803512078

Filesize
1KB

MD5
e8aa6998ad03c2a0e03b1fa2a6c044ef

SHA1
1a5f84ced3325c0716eaeb5a57f46ecbe24737f4

SHA256
13d2e105a60de81cfa56fdb8334fe44e29c145a1cacca52830b755210a7ea0fb

SHA512
c0bd30add2225e322bc21d18be90c24d2619f27490666d2298f0b62cc4150b1ef8af86f7352a7e3c3e9de86c6d47d1b7c87d9a9c90eed737e04767799f2fda74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376546803822078

Filesize
1KB

MD5
4662a53f5796d057fccb10903a207a08

SHA1
a5ab4cdd8eeb0a9115c31690d681cb2a12219143

SHA256
1860d70469b28cc19e66d757dc6df0af52fa7fa9c3ca14041a8a07a9d4ec638b

SHA512
9f7cba60d994ba578753fcbc2a38caeac1bb33948564d9fb545cb85c469bd010d685ef617c26a5988c311f2e738431af2e460de5ab4f7cef0dce2b84fe1a630a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
249a87b27ee2743fa455d6a26be2365b

SHA1
54b95fc414a1e012279dc559c71d89b64c445d1a

SHA256
3dde6feb57175780cd99f1770781b69a60c17b1a1ae1081f3a2d60b92c5aeae6

SHA512
53be7270e5de98f300e1784c8debc443ca3f7c4520aee6165a85c4260a72b18bc19af44009c05dbb5032723b4dc5cfb7fd98bf62e6893d18ae96f8246205d48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
83ecbe5552d25cd326fb08fab26dc991

SHA1
dd4a8adfc6f6c5a2e5cf817ff3ad0ec3c54cd904

SHA256
3a5bf10f36b1d0cca63ea6b3da101eb0834507a39cc77c7fc7eebb358ff62e80

SHA512
d11c022dab4b27023e14729c4c4a25ebedb27a0a528145fae1c551bebb7cefefcfda362b05a6700e05457a56a95044cd636da9db75e586361e3cafceb9af8dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b2d17dab22c9de30e40e8ad1d4be523b

SHA1
4234159493d765d609949a33b88f4469fb49be5d

SHA256
3f47fb4b959e930c76b11223cdb1f49e85edd2ee8fe0e83c977df9a42d541f0e

SHA512
dfcbb738a9a5364f37207bdf6d7fa1e1750837e43373e000d988aa9620d49baa65e9fefca83490717b0ad5d45062d2e82b40a5e655a2c095e1dd0006c7fba374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
cba49b9be9ff645e45de031968d15a3b

SHA1
32e8a452d75e203d3a75b145f551d44e3dea8e7a

SHA256
dcc2746263ad7da0a1d205ad634c705f764beb5375d01fbef31b5d37fdba7896

SHA512
4a061fa30e88f0a21589754fde14306cda9a049b6246bdf5e962655f8f61f7c50c3fec3330d969b52ac62a3936e0f8e87c3d77dc5980b1addbf5f9f1a7a3db5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
f758d503f9402d6f4b7f01640e07116a

SHA1
565b3dbeffc7aaf747ba72ef6c1e1dd8729fa354

SHA256
e0fe27b703b059d2e5786ae6b6e1f75af981ac524125e09ff0d463453a72d61e

SHA512
9421673f95ace299f1b1da9b0d2e2c6bfdfdf0ad3276afdb98cebd06e715d72e1a6425ce099263647f6c6bea9569f65315fc2feb780719374a078eea65ed9b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
61274c06fdafbf766004843a1452f26f

SHA1
7b5ead2fdb7d8911e229594a459601d8e8867ec3

SHA256
9dd36afb03b7a780f2cac91c57329ac7b0a5d2e98142b1ef4a24c5677d4799ed

SHA512
7627a1a389a57b5c5ee1638061687a54b55d2a94857428bdb83bcbbb8fa99364500388888ee515d494699eb8b746b6e924b71aee4b6779d6fab7d8d89899575b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a359b1e4-abbd-41c6-b47c-6d0e0d2444b3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
fa1186611df97b1192b22ffe921b2a6f

SHA1
8e37a39bd8271c031ca86bbfde6bf1ba02c11250

SHA256
56d0dbd61b782f78be587b9f9bd435ad866f2403174d26d27b39f4217220249f

SHA512
41a4700c26e4fbe0db88d394e506f9c611b8820a2e9dfb9875d0adfd32771131a98033e71d34288b268f06ce71478cef6b3bce6916531702849535142c88b2db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
fa707ace7800065fcae63b7d6302cf4d

SHA1
235a5c4827dc6cf7e4aea4a67954d812a9fe7b6a

SHA256
cd2ed3dacaed622e62c64ab0862d7f97e66172c227afda40731383a403433636

SHA512
0883521d35bddaf450bd4be1f415c8a9ac6b8d3bbe96fb273a7a0599288c691d0e124d19beb0d2b9a30de32d4b0411aace8465a2ee66e011310967beaf9390ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
de1a2e805ee4fcd8a5780b94f67ee3fd

SHA1
7ae2f71233ed1d4c662542dcfadcfe26da694c49

SHA256
354eb1c5491d85c508a33b15d4d90066d57ee3e1b100fa59df9b884017be8223

SHA512
30da75fc9906df2b0ae308cf9cddde424c1cb2260309de4c5daecf47e50264efca39fb505deb404a51ee3519d366c91d164b15d3f6d1b70a0b7e4c8760d1dbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4eaa999410acf3223ad7d0775c94f6db

SHA1
8639b4b26139ebaaa334048d17493c798c62e7c9

SHA256
912582223b4bf3387211e7b2d6b39730086a54b0275fb4ee91a7e362cdd909b9

SHA512
5508dbd007ec6cc7857e17a654020bc93a402499c043c07b75f2a20f967ac8e400cf26ba5cb6816311bc3406e409a89df3a3ca627c5c64441d23c42688303300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4f7ce2d1166b0af9691b590b027b9b59

SHA1
134c8495d2d758e36786e562de1f3652140b376b

SHA256
df2fe5511a22eac00ca0092b7536c4d19375e472b1100c97dd312ce95bff213e

SHA512
a2bd8818069db04cd8d98a0512314f947fe748260e62c529ebc1b1ba6bb243df60514deb8f5876aa8889077487d71e27dd5426ca2f4e8ec45e1b38c62ea407da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
8d21889c4abcdcb95ef127d3c027cf7c

SHA1
a02998336dd57ede359302bf5e4e9b043e422684

SHA256
57328f89396492b0a411447ef45e61cccab4b601f1c2b0550152598c56dabe1e

SHA512
89924c4cff145d38da84462c65152dfb834c5dbf43fbfd413c457d8a29032fe0ca1bfdb8b32eb791496ccaaf67dca2618928e6d1880da5fb441f87951fc0bad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec7e72cfd151131da42182402ac2f49e

SHA1
ecce2320ddff8867e79726ec602312f461a1897f

SHA256
b3807a9afedfbb9f74787ffec8ebeaedd17973e74cdbfedd2d6535ddcde71eee

SHA512
402f7ad3e7a1e7efef110c2800c3efb4971b08c83cfd41193d0de22bdbf32ea88a47edba11177ce9936da3a175d06fecf1abe973fc1b0833cd366dcb51e212e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b414ab4f591a97156d7daddf49bef70

SHA1
f5eb100a468b5c41285f3de3bdf2c9e622532df9

SHA256
0538877db73c0173cb7953b24904f132b4b90a11f4be48160e6141ccd25381e3

SHA512
c99e58175699b3f6bfc766e9d7ead5dafd7135284b7b83caf508ee4a20d9171ff8d381775b12c6885c0eddb1d9fbed6b650ed0c1cd63f8832f26ae2801bc2205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
1ed8916a7105a67dbb4ec6d59a9dbd4e

SHA1
f15383c1b6782addc59574a4999ae8b248b541f9

SHA256
0873f8c73312ecbd6baffc7028211679334cee7256de952c0b451fbc4b7335b6

SHA512
c02b95716f79ea51363f58124919ea208a306917beb210b91353f93b05ee2df982691a177bafbd283af39e43aa21595dd7cf07a1992f1a73fb1cb9eb561ef9d0

Download Submit
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit