hxxps://doublesheeps-china[.]com/?uoaeholm

Resubmissions

28-11-2024 01:34

241128-by58asvrgl 5

28-11-2024 01:26

241128-btj49svqcl 5

28-11-2024 00:30

241128-atfleatlbr 5

Analysis

max time kernel
209s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doublesheeps-china.com/?uoaeholm

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772275699752407"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3244	msedge.exe
3244	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
3508	chrome.exe
3508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 3776	3244	msedge.exe	83
PID 3244 wrote to memory of 3776	3244	msedge.exe	83
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 940	3244	msedge.exe	84
PID 3244 wrote to memory of 3312	3244	msedge.exe	85
PID 3244 wrote to memory of 3312	3244	msedge.exe	85
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86
PID 3244 wrote to memory of 1608	3244	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://doublesheeps-china.com/?uoaeholm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd7e46f8,0x7ff8bd7e4708,0x7ff8bd7e4718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,5200004159616912122,16533184670565486991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ff8bad3cc40,0x7ff8bad3cc4c,0x7ff8bad3cc58
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3364,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4872,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3476,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3368,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4484,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3572,i,14658223602255227982,16175991693790072766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1828

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c01cf976949da4eee3100649a4d45274

SHA1
56ab8defe188b5375cc60127a999245f47faa2dc

SHA256
5e413dc44091854e1fa41ab98f1112510d56532ddf966f7eaaf49db1a7770dd2

SHA512
5433375f1ad0592f51f1ae82d20b3d6738eb7f4d63595c3b91e5972c7a41d74c113aed67631db20ded50f15516d5e8b33d03027988f8924ef67760e180d5dc22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
fd6918f70529dffc57bcceacdb10a4c7

SHA1
39d11aa500eb1695a598622e03944cb9ba29cc67

SHA256
55a040d3470c14091d20846bec4806af49641c7bf8066fb3b71824354cd47d45

SHA512
037339c33308e35c23b0cc1eddec35086b970e99194c72882f731c816527c738eb9493e55ffa294c1891bfaa0c0b25c982d952f8d382b5a6e6194c560e9b9405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
8b5b2a03666fc6cbb70a28e81b37a47b

SHA1
26fe182e3965f08a3879ca2f856e4048d568b691

SHA256
cb9affa4fa468a3c1306266e2304a92f35c03e760212a42b07a2beff51af761f

SHA512
bba54f9300d0885763cfa99ddd33031109c0fbf627faf13cbfeed484d58fe324fb59d19af9a7b4a0b345ca85ba44b6b84d88d58177e8defd556a5079746452c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
57195d60a311b3b4ec6436e7bec77eac

SHA1
85aa3fa284c1cab83686900195cb177ec7bf0413

SHA256
83d91d469482e58dd961c89b79a5714cb1cd67b60ec9838676740eeef53aeed0

SHA512
1987d61df30a916ef820e358327239a8d678c0aebaf4c13a5139e330368523776c77cbdc181ae017393ad7b208110ad33915294750c0a40ecfb335aa596bb9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c484b7ff3e2a941989151a27100f743e

SHA1
94d0ad5536907c53374db67dd4f095b3dcf723c0

SHA256
f70293fb00b61d67f83f21c1c4962c9bca288519897287afd8e302e2f0866a8d

SHA512
7ebe0e8839b5a73c6541eaa6b1b13c96fdc3c57647e3227122a88e121df4e3da019657514a3b08f0131296b7187de7ad7623a8703ea1f90bc09f42a3be7ebdf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32ff9a84eb0578402d458292a9bc5879

SHA1
295eac0bbd63bd873cd0b5aeac670126de4071c1

SHA256
cc18ede5c4c09de31ad342fd7312a65d1ec2eb0874e74574e7b96fe26c2bbf70

SHA512
3aedb066fdf812fc21b662061bf11639093fbe90bc3546ef4ffe050f81eb6ca2151091a56f9a8f6527b5039bae87ea57f0e3bad74a01cec3021d8b196b5c454f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fbf1a889c5d83960ce9009ad886b053

SHA1
ba279a8b318a854d9f5797d24ad00dd3e8cae370

SHA256
b49964b24672ee09df512cebd9ee5bc722d09fabb18a02cd0eb87697be9c7945

SHA512
07d94f5673a52902dcb1fe58fdcd95b3f6bb745092774133537d1905adec6a7cd6812ad5e6cb9ad74d4bdaf14b1b1f98307854952afb7cb29b81b5164a17565a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef8e5ecc7bf4a5d9ae292324bdaf653e

SHA1
52fc617b2a3936e5d1e8aff3e0bbe6b4756b5126

SHA256
e428a0235e0172992c21d052f3976da32d47e796e0040283aa0841befb46a49d

SHA512
a7555766ef448e59521beb1622b2a15f0b57e6f6019efdb39f7236f5ee295090cdbc8a4810ec5664e4d1276b274be1981c44468d2a9ba219750931b0bd5746a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
bb517e97f25893f510ace7d86d026ef1

SHA1
0a46ffb310ca59ef658d5dbf785f50d0929cf36a

SHA256
8bd25ded2360492437258a88a552319ad72af41c5d09dfc8b148d844a699cd50

SHA512
63454e22013d9124a85f6d3a1a076d5b76fa50b2f4e30deca63c59dea1e818abe477a78c7cdf624134e1e5eed94a3314000f999d793263d2a11cd69e88c57388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
99fa87b0c196b0237f37680893d24eb6

SHA1
fceaf8f1dab5743bfe29c7e1bbc199c2433d86bc

SHA256
6a59fe0147263add015c57a6eae2bda23e9ea0e8861ebd4e4851d058e014b04a

SHA512
a6dcfce2185f6954e8e2db17e22a4df30571784f4bc9446acce93c5bc92cf8e8b887d29193e0a867d631149821f389f5250513838014cda7e4605d79884d4ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
f0de9a98dbdfa8c02742ce6d92fb2524

SHA1
cdec682aeb9e39edccc2374dab26f04db754a8b5

SHA256
faf4294f27a542b0f9ea2a7cb2711529ab027cd84a5f5badfae752100855e6be

SHA512
856fc9ab199997e69a9487372bc0083564f7115b3e0678cf1d542b9864e9a88d5ffb85697fd93538dc9439071e3bcd4b8bccbfc610e1a45de104d6362d8adcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
12b0275e8b134eacc671b773eb8a026b

SHA1
c559a0acdbd59e5306007ab8bae950a8eb18d0fc

SHA256
92a8dcd280b44de2651bc4e753236cf40fcf9c8488fd7451da00f5a5a3e4a453

SHA512
264f0466aa3d8dcf966ed280fbc8a16b4f6df0a46e0177ad73124265ed9aa8ec2238e649d02e2f338211a4cbfa2db29ee6baa50fbbee163aed5c72ff05c66d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a5db5afd7a559ea9cdec4a50872b4a8d

SHA1
85b5a8f01c216d49ee50334269364760c25ef5c6

SHA256
0f9a89a83e64f24912c6c47a2f325e10569447ccacb59daf153c76b4989306ed

SHA512
1a572475e927573a89a48945b6fb4ff456445a33916476be168a4b17e23a7ce4ac5d8c24d6140f203c474ac338fdd843d1382f701484302fe2f6eeef8b308ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
1e5f3507114532b9929c41b4e00ef1ab

SHA1
2626b18d65ec55a423d7f41c8f9f835e62dc4096

SHA256
85c902c241b679b0b35d9d2e06d9f80c926f301885a7f826cf15fdac5d6e9ecd

SHA512
94a37dcb4b6b220e84aa8f15d691f8053211b4b294cb2023f466650753f092e9bd0b3f8d31fb0ef78b3da5e43069875c19323611dc7c26148aee73a84a6930fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e18a77d38310d9448fe72baa1bdbf594

SHA1
88e3385a533a8d57f34b606c07e4cc5b2ab9d0ff

SHA256
8003f8aa1e60dfcd84092b8cff6fa8b8c51ab13fff2fe4ca9fdf7d01c9ae1454

SHA512
df497c0ae954f984ddf9e74571a9277b90403a7d621f2b9b6d614ad469562ebbac9e2717ba953f796833b37519ad574e2a44b6949c29694351a2b80652760266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
526B

MD5
5aa220d5d5ac5c6d5a217142061230d9

SHA1
63707a6f211cd9b19dc31c4e1da97622567985d7

SHA256
1dc258afe7dde04478d18e27d56fee28a99ce6a8a27086fea28810e4098e414b

SHA512
cd2c3f467cfca595d7040b982ecd1bcad275335b31f6347102cb04d57e562431eb8f8305ab4e58d31d62b8aea56cfbb2f3d39ce480270918db79d80639ac6e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
685B

MD5
84d3ccd7754e1b9462ec3cbf8cc06d08

SHA1
d988b8012b96af9c1f6a329f57ab870b210e1876

SHA256
00219a4d5ddcdd105bdbd89d6fb0e2504066c91b1c30c1fe06bff1bbfee7f49d

SHA512
b81ada895b57e49c760c925cd4eb533be58c6303b9575f46937c5d5bc5ff0593fbc3cbd4ca587a7b548b86a8931e6d594abb74ae7a9bab4a5c1a5ab3e7ba5434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c03f7df65727b14c21e11f9f342fab88

SHA1
5b4bb386e8ebae685da1b30243b8e80c2803c095

SHA256
c16fd353c0672a631d02ceeb5a9ee8e56baa01ba1e48a72e218baf939e4d481e

SHA512
c6fb0429d4ae56d7e390529e516bf84559a175aa23d5412fc54b3eb8ff099b224a775f1f9e1de847a43dd289122b4efd788d69e1a3ed3783f80e98dc302540e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba383d4953f31d6feb2089f715f61359

SHA1
918ee83ac89123351611ef57b4ad1d8463cd09ed

SHA256
3a3fbb84a8a6240dd9db2bd4819223722540e1b89235b0161616c2328ee1e8a9

SHA512
0720d26efff0a900689030c601eee0744ad2f2645f68d5efd0bc82c512f6815817a061e042a9a9057eac462c2b8dcc9c03c71de66059bbfd56d22e98324308bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ff8ad47f2829f9a0b0bb8189d4c8b47

SHA1
33ef90124457d9a66002e0b33375fd22f91da4dc

SHA256
6f0e950bfbd37440685b3244f4cdf36dae670ed2761014c59349bf281e70fabf

SHA512
420061392c0fc1ccec75e7181044a08476c3aed07e54d2bb278be9d38921aae92e04c5df12720cb36b19b7d49a17908aed25affdb2415c9a590c33f776799660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
039ad949c13b07f18b36d1725c66847a

SHA1
fbcc92c3fd72543e4ee711ba4c91eb7a5fd74c93

SHA256
4226a18e6e32a58ec287e045495a989453ed0243c11785600801bd56709bdb16

SHA512
852bb26a099f3f15573c70e176174d8ca5c1bb9b09daffa632f55574af257c4a5df1b0eb00f9e428bad19f054fa380fc2b81eabd9cbb067bba9d2ba85374cbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47b1c364f34479e4f9e4395a4cd5f458

SHA1
ef0975c8c5f315df59ff0bc9f4d424e4e5d8198c

SHA256
4480bfaed0354b206526fff3ec6bb960652839b40e196b9433160b07ae438e25

SHA512
c9d96c7089ae3993d9e77662d154c9ca7c1573db42def77383e8a70387514bb459eab73f34f1107bb207b1b661c0cbe68caf9d54b6082e249afdddd2afdf49fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e43182dccd86655c9a8367f3aef93cb3

SHA1
fd563fcea76f5db4b0da57683f51caccc410135a

SHA256
a9afb2a7a7c87a127bf06a3d3e8146c14889700e8f613eff367c39679a7f3cd7

SHA512
6d6b81dec6d3dea0b2985682416b685c313955ad0f3c729847bc5d3ffd2877de26f754394ae376b6997dc162b8fb68f4deef6c778c312710667cd54e7fe10ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f61bf654eeb5f658ea2e50af1809ca3f

SHA1
173bf81449a9eef7130692e2a6d6125c25966f24

SHA256
3c9fa00fdf82f0e7ed886d92625606476d44b9e43b4eeddf8951c801a55f3a71

SHA512
52f963e385ee1ae6be29a3cee403544058c5be013f99ab42dc525183651f5bf210b67907c83bd43ab6ea6fae0d7428172316101571d46530092c1a2c66c2d40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
9ed664242676469258f3d53d4ef37781

SHA1
b57d5573d36ea157ad45ac89bfb158e0237b21aa

SHA256
407b3895ea47a179910379de63fd862b1c5a31b6c873f1ef875e450d88dc80b5

SHA512
ff04a060abb913b584ae6d15d7156e3c27efdb8cfee829e8e2a24de443fe7025465a130c35e4db6cb00839f856ef022d0aaaacd6b768b2d9af1df2b3f4e55916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
968059fa2a30524f6892eb4cd185dfce

SHA1
48327cf682f3c3c7d90b2942ce4ab988115f91d4

SHA256
71a211cc62a56624ca17d60b141e025aeccb6c61d9ed83c8510ebfe624b86305

SHA512
937de131e559d89de7ca190f305ce7e73acc710e049db0264e3f36322cd444db1df9c8c22b86b66d5345905f555ed7e090e0254840b17f46770ccdab4c32f12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
0dc5921e78fea9ee3978c075cd9bea1d

SHA1
6c47a71c0c746225ec3131e9b6b8fd8bc47837e2

SHA256
c20284cd76397e10fa3c0b5ce900ea07c99f28e6ecbc4844023b0efe15b2b8c2

SHA512
bd21b69c43e5753d1e707f356bab4ab7191ac497ce76a83d8b93fdd3a58fe43ead8eace32518a25f916d800125c58bafb00ddcf401d5f8f88dda1874f03f5d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5fdcdeece973957d80a354ce9e16cb54

SHA1
7c77f9c14a472c7efa991c0c1c3addc215334f70

SHA256
48a5933aaec28dc99541d704e200cf2ae4907cb1ad0a14a2ab672d8ff10be697

SHA512
d083da4a92785f0abe53a09289db3b107b93756d28d508fd1b0eb14d96f3d55719c48e5469743efac2a198fb2be3f2b7efd4eedd5824210443ef6c9868650a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
61e00c9f47fed2444a66581776459528

SHA1
3aa3717eceba0e8bfe37a27c1a12958ecec6bd27

SHA256
8287a2558b77bb0c38ac9f267f9e1751a9c6e92bfa7dfad28167d0115871baab

SHA512
447129ff7317bd09d3efc7c86cb2c020c441ce8c6f61ce444b8db2d6484986e27ccccf816f88f1806eeb803bffb0c24a5a793125805f89985bfbc1b8b3a0eaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
63cb1ac74fa45d5727f0ab30311b16a5

SHA1
d639c8af62d0a118f0ce108f07cdfe06a4379969

SHA256
2cc4277051e5b155b780d9cfebe92d0683a17c06ef7ce75fa26d6bb3abca009d

SHA512
61556f9a030bb55a66712ae15a77f683adda662eaf99ff52dcf82f52dec6735611a7e436daf1ec91ab5cfc2b69bfec131d1f67ff846cbb22778986973c75e908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5827a7.TMP

Filesize
371B

MD5
e699d7678b216e274e8931574a1ac51c

SHA1
f512a715df1f3f808759e5711eb4b3a15ccab6c5

SHA256
44bd05c3543ce0693d661619cf4ad98ccd0b2e89b8dc1338be48a5f53a8ab21c

SHA512
b4f8c95e36f7c8f8bcfd62a9ef3bab4b7bf960cad435357d6273aa74c25e18b80d74a4e9d929fac06fbc97e2afb7042e339d7fc3f8044c9375a14174ac59edab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9414d32f508f2399c1fca3361d2cb67c

SHA1
7a532cb0a903903dcbbf777694f586483aad6525

SHA256
e94fd75ef9dfeca5cbfc94888441c89f9cf9446ace36901ddf04d351f98f530e

SHA512
a0b313aba3fbce16745b14865678d629e78d9dcda4e3ffc6bc895932b3299d7ff652f9e01ec2998dc33a8f95659fa5449d94da569c14f1ebbded078aa1b3f1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a79503adab5f2ca523fe200cd6ae5804

SHA1
93947837af58f3ca8484fbd032d90170a29ed551

SHA256
8640b1898661955784ff13cb49aedc3e4d408704957d3c547e78e80b5dfca70d

SHA512
1dcb461b69137165ab6a40bb0133d72372a38c73ee4c3f2b95dd8fdbc92f47108b484ae5d9545988149a996f0145a02a2a1b3016136369320b5c895c50102ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
b684a881d71750296edb77f9952e37fe

SHA1
dde4d0a7306be0dd61c0dfa8bd90eb5234e6fd0f

SHA256
170ccee6acc1b5f76aeb38b223fcff6e12b9e5529e20b25453a7b51e3b16e57a

SHA512
936a40208324eb5dacaea5dad8cffce09be53e46e0507829dbc3636ab665def8244c43bc5cda84afb2a9b7dbd3294a629d3943cff7760c02f67272fd0a5d50e8

Download Submit