hxxps://sufferedparaly[.]online/?data=vtmDgoUw39VO&pub_id=140&made=IqrBSZlXhbGTUNeQWdcmMP5sHRowfgt7Kyu102vJO9Y34ACDEp&site_id=170&yes=LKeSh1GxpvlC0YOrgRIyXiZbk8zjnm

Resubmissions

31/01/2025, 18:47

250131-xfla3atngv 3

31/01/2025, 18:43

250131-xcx6fswlbm 4

31/01/2025, 18:19

250131-wx8x1svrbp 10

Analysis

max time kernel
220s
max time network
209s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31/01/2025, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sufferedparaly.online/?data=vtmDgoUw39VO&pub_id=140&made=IqrBSZlXhbGTUNeQWdcmMP5sHRowfgt7Kyu102vJO9Y34ACDEp&site_id=170&yes=LKeSh1GxpvlC0YOrgRIyXiZbk8zjnm

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828228133205455"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
396	msedge.exe
396	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
3440	chrome.exe
3440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3876	396	msedge.exe	83
PID 396 wrote to memory of 3876	396	msedge.exe	83
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 2956	396	msedge.exe	84
PID 396 wrote to memory of 3028	396	msedge.exe	85
PID 396 wrote to memory of 3028	396	msedge.exe	85
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86
PID 396 wrote to memory of 1644	396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sufferedparaly.online/?data=vtmDgoUw39VO&pub_id=140&made=IqrBSZlXhbGTUNeQWdcmMP5sHRowfgt7Kyu102vJO9Y34ACDEp&site_id=170&yes=LKeSh1GxpvlC0YOrgRIyXiZbk8zjnm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdbbe346f8,0x7ffdbbe34708,0x7ffdbbe34718
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10966106213929448314,3111928124672917073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ffdac75cc40,0x7ffdac75cc4c,0x7ffdac75cc58
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2156,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,3887390750009082230,6612420451529664550,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:4724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
b7c086a142e8aa7e404b249de38decfd

SHA1
ba04426a8d1f657720cce068e9dd1db2ce1e9b76

SHA256
22e995034ad125dcb9e3feca82d93388041917030905569bc67d4d6161d411e7

SHA512
92d50267f7793587b10981f0625d87473da0e1bbc0424f4eaf8e77efff50f3cd20105b34e53be0cc9ad96d61d3e586c1c719273e04772b4fa5812fc3b1826618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5d38d4533a0646f2c3fcdb5762aec8d1

SHA1
98a2511628baf3dd18199c8f60747b23fc2df6ab

SHA256
3ba7dfd3f08ee08c57a9698de7ab8bb07f6000e2204c9dc2eece50f8f812bd0b

SHA512
c3a3d5b53da9f16af74b8de6e82f3d6d0df97dfe71cd470466e1cb287756cae566180cb86d4fa8caab1e012c12b039c8bb0378aa8e73a652b7094ce93689bdae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
09d7e7e0271ff3dfad90c364e1963b63

SHA1
1d7389b1f658e004e9925ae9daa73bb3da9aff6c

SHA256
47fcb55da00e918dee87606eab06cf9f16176339b02a437259b52f309cba1dac

SHA512
213fdeb27cf2a882a42cbe54d21e5bd773f6cfa57964b2f54ebea48d3c985c0099471a9a27e31ddd7be1edee539e5b884f705b90c0c1c880d1a97dd9e26ef3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ab490c2ddccecb6cf50722e66314603b

SHA1
f87ac46f43f14aa8c3c4b5eeb5609c4544868f3e

SHA256
d3a92224d0467ea286b95b9eafe329a5dca1151fcf31b16f2eed6430883c6845

SHA512
58840748d6785c04c81414475308dbed0f7f0cb94d94d3d5f010e051c1a59523e0be62516adb3a4e6a9454f2d32db0690e18f5ff20210764c1400a0a16f50718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0a72ce0aa5be9cbaa380d8b5216704ab

SHA1
4dd8b0203c78dbad88b7029c8180c1139b1f8525

SHA256
42815cba4eb015d1e311dfd57a153fae1b9f8c8f3387be132e8850a879689635

SHA512
e80f006649b3c9819779b839bcf7e362a566f1b91451ffc8f42ec2c656c67aa5b2939d904709ab9f0d88408664c480ff41ea295eb24bcccccc2ad24383ea4ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
241KB

MD5
9ab796ee23a6ea923322333e7ba7fdd8

SHA1
4e6cc30cfcd8802e57d11a921bceb414df2dd860

SHA256
22cd20376308b6410fe20afed41763e6a74265966ad258be6a4e17c07d6c2557

SHA512
c1e167daec7570d62dbef14af2a4f6696abab2aa9c3b709c5b2226f2e3cff154e5be66c8e6ca191499a938229db93cc9375cb08c721a335ed7f2b20d26348025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbc1e718c546d417730568d48ebe699d

SHA1
eaeddd028121ca603bc558471291c51cf6c374ba

SHA256
7ddcaa9364dea891bf3d443bdaec5e3a6e007b535336ced81af9a645dbee5c7a

SHA512
096342fe5457bb099bf5bc9304bcb1e34b93edea049e5cefdae2cc01d4ee2a1f046cf963714918ac24565bdf6eaf049df52bfc17da16dbf40c5d79157a42253b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
31KB

MD5
fb28fb9793c5990e1d0f2108ffae55e7

SHA1
e1b3602712eaaab090dd13ab501dcd3f57925f6b

SHA256
80a7df77558be02621568e0faad2094f4fea5689728577aa47fb7422295b860b

SHA512
96e667f132b565eed7838a5f83366d394af46e5afdb91c0528d55e4cdfdf1e0613c23102a8d0e1a548ef60d5fb28346ebdbd8e3dc59672eeccbb4f027018490d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
62KB

MD5
7ec99dd3121c453e659a23bc6f9106a7

SHA1
6dd16d4536c4f6e9812b54562b6d15c7712e6ffa

SHA256
448655a01aa921a8a61691e7a60104e5d84b689dbc81d007434c148795494fd3

SHA512
27f14e300cf57b701e8c3f68eb8d5f2c8b210114dd04a9e27939f85de2ed30ea2faa27080a8b9a0ff176ed313fa1dbfc60e2dc59ab5aa9d918a6d616d778a587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
35KB

MD5
7dc4289d9c3ac2f767b634430b8f5dcc

SHA1
6f5ef0c155699d0e0893d74d3b1b9e8eaee321a6

SHA256
56269541a5e167c2bdfaa6a0659dec3798f8dbe429378acfd843a42bf03979bc

SHA512
3971df29218c7ae9b5a37ab7ef35e955c83b5c6bef2850a540e121c12824c04599d20a01e0eb33f3039fe6ada6889cb2d2286d25ebcf8a63b751752d3aee1452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
24KB

MD5
fbed73500a96221ed192d65fc6ef892e

SHA1
46d3d36b5793dbb23e18badbf905d83c656dcc03

SHA256
cfae0206fd27562c98e51cc31ebbab697880fd8ccd1c976921dd0be5bc4e94d5

SHA512
b345c26ca8f534ad1158b878cce840079dc2501254369f0027fcf803325bc3440965d0124829e54ec787b4689d242843eb4d1052189d694519b4d0593c1b5fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
66KB

MD5
f53b6d474350dce73f4fdc90c7b04899

SHA1
b06ca246301a6aea038956d48b48e842d893c05a

SHA256
28442a56b016bfade0e368929138aaaadfc36156734e8ec7a6325b3e58fddc25

SHA512
7f275614052ebae8876ad28fc5d48e4f63ed9ebc610ed981f81377ea3ba4c49a2031ff771deb12adabcf33d4789ba35354c1e52524c067a9e7ce078703683f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9aa53f0b58e4be5abbab9bab3b389a33

SHA1
0bed568438df9721f6a537f3779ad7f4b651af04

SHA256
60ccbbb065c687a7908cb3c17f49c6bac1ec15d13512ab9585226b5780288408

SHA512
e66c2f08a4692776f2d176b3b2c821b4b3118c8ffe35d0002e41e4562fadddb06d61e9749b6b91a6b7ca172eb9e8db52cbab84cd2f174d920e4b4b44be262a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
183f45dac7c7ecf957a8007b7bc2d7e5

SHA1
195dcd891f674a62f79aed4669e2263eae7c8428

SHA256
379de3d00049b7033f6a960b947a1a96935df0508c17deefad94ae62e5891184

SHA512
686d0a4207031b9e38e8cd9f34142f5226af7c89e90b8b08c1d43397eebfadf079a157dea88dbb713dcc6384b3ebe7d4bca021acf51128abe162b48a0efc1eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9c0d55956fd0afca392a6af55e8f2488

SHA1
c71100ec41874211a1e6aea622fd7fcaa05b4854

SHA256
e65f31ec56e6fe5eb54f7e8fc145293e6257f383ea87689296f824ea011047cb

SHA512
f840faf67024bdadcb92735d7fdcd52d117de4d0ab69aca38beeea4170cc5c7468dd1293b7a5b3ea101ef49bc0f2283a644e855b708af2231e38526efd3ec462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
ad7e8c6ba2b7d36b514598b5e329acbe

SHA1
b4cbcacbfc43a3e938fdd9136cf5334849e78473

SHA256
fae2d123e5a61bf91207ccdcdb03a518c12d606279147bc2696b6edf85a0c0f4

SHA512
10404bd18ff7e7d5cef2720116c23d1d4bc1cb0089bd305195e39c37a7fc0f323c303e3233b07d34ea5d599c143fd333e8c322543828a307862bedce6cc7d66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
8d753f5acbc69a887ed75526ec393e37

SHA1
264484997b8f2610ca9ac50ba83ff6f53e3ab739

SHA256
e6a0187cfa65c05be66ff646f39ce4e029ad588030308770ab66f8d60dc22bd8

SHA512
3a64c57d375412893e9777a256009c3474a40165f9f07f251a6c953073bbdb8739b0af821ae2c958d31826773e53b6b5364146ad7e45e3d9e9f31c7a430512f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71c26b2c985ec2ff3d6a1ae8cd1fc4c5

SHA1
2323a1c7022afa643b8c095e43ed1c395c1d409e

SHA256
e96f60a548f1d700f280a9592ef72019320112862cf16ef8f653f0e96634de83

SHA512
393566e69ace9e2fd3cb7034ddd7bc9b3f96a19ed6cafc64db1781fd2f76a4e34eb94cecfa1ee48e31dc8c049d85f7f23597f49435842cdd94fa12dd8e20b8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
de64cf75b2eac503a3fea536b0017003

SHA1
8a0ea216c195db85930fc8ed2e29ca0c09f084df

SHA256
7a00d99efea2f43a185eca62028695fdd35a43393da2e4a3f8e388402e081e69

SHA512
2bc07d7985135b4122d6c6efa47285046cc244319c02045b74b8eae4d916a063686f978bd1cb62d92d3b1d5e1746965e0a2f71978a9c0058a852bda795ca65b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a402ef4c21265dc2d4398533bd7068d1

SHA1
a92e1260d84bf583b0b40c7c3cdb0b0e8ee53be5

SHA256
062dd3e70c350523deb6d5a355403ef4688d01c8ed6cf4b790d677f31d9104bd

SHA512
2f6334b31d1b9cb00f60fd6d67e1054b1d0178564f143cefb44a06a662a88662d0fad213c27ad30568228990692efcfa2971e7ce657bcae75bcfb5165468fb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04540f648d33fdc07fdfedee6df34c79

SHA1
22503a84daa3eb6b1166b1c591e1a68ca5130159

SHA256
a6fcd96689b7d4cf70651e061cb921a45c267ce10a0c6441c812fdeadc15ad2b

SHA512
317f227c94466dc82e6bf5b4296b476090b4ffc3029180acaaafc0ea95a471efe7f1c14f2e8897f8ae8e81162a6b32515020cf347f30903838fb15cd2d658eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71e99df53097012b71adb402576b079e

SHA1
5df4698e62b7cfd45c3355db30a39af878a35a69

SHA256
304b51950a9e406e11d6f0d10f0ab0efc7a776fce1f8f43c4703154ba8fd731d

SHA512
33b9ea0c2567d2fc3a12202e5a60d3007a514d56fdcd1b22aa1072e47f9dd8133dc10e9882c811f8d4e938f7534a6911d76a29b10ce273c70f9ad46ef36cf878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
326bf675e30c34fc56aec869539ce7f6

SHA1
38525aa3c4eee6f78bc605f6483429ab695144cd

SHA256
db8b08a6cea6b720aba625cef3e2c7d7d7313d134a74abff682564225f2cb4f8

SHA512
ef8879d5b8d57f6d39338ba11dbc28be90f0b6321d071612afdabd715bcd37fbb76e3e2b7051c65c81702d082c79f1f3ddbbe5881de8099b7c56d0a0318a42fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5b6e0f8d24a51852d79147c7683a4583

SHA1
f3498eeec718025293fe101c1f30bbb1d155ad37

SHA256
8fc603c3a1de2750bd552bfd5d8d41a9cef73403910273681ac7d9ddc68c0d38

SHA512
d800532e39c32228ac69c570092838a8a9553aeb0c3906710af883bc6c91d0b090139189f492c3a9bb6ce9e361c98fb9446d56ad88fb7e41234795fdc1dd7962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8d02744a8f2675d78de1d8f56ffd3f30

SHA1
6a24d814065afaa0f02bfb9709bd34fff95af081

SHA256
388432f45072d6259a5b020d6bba94e81e0a467bd4a3bf036de84645bc37ff84

SHA512
933155793e39171173dd20f52fb6f70d3a6fa1a35d0b5248175e9ddd3c7f393997d646f6427ab621e470ead19e41a1a77930cd01cc7034344cfd847b2d1c599d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
76c23688b3f9e54dc752a6a9091c8748

SHA1
d593b5baa92b1fb93b9f13cf989f02d9868dde7b

SHA256
60b469b58d98317cdb7744b77387b3e5634399303846a89ac69c032ae2a821ac

SHA512
c13afe15ee693df7613f891645151291f4da50368c16193626ec7eaa851eeed10598698376a975eff62086be2cd4e0c96ffd912e60ae54fc8a4efc9c283aeb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7379d265123d6a102363c0cde80da03f

SHA1
4441b6a04093dc1a397fe4534261553d321ac9b7

SHA256
af7295beb033a119fb58b461c006d6db6395b72a78df6b9bbb2d359f06758390

SHA512
4364af00734d42716cbcf3aef6a482090c996d664007c2e293d9de9b27327352ceba42d87287cca3ace31c6a3b09c410745ea41bbba4eab067f85cf1a7cbf35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
284315f43770672f86167ebc000964ac

SHA1
37bef2198e5a38fae22cd4d59407bd72cd3bff71

SHA256
9de0ddb157240fe4d1c7811ef0d2019b8881065cf775e5534e477dc50c0e06e1

SHA512
78df739b4e31ce67c319c7c5fcb7da892f89cb43e2e7460d4188a0b225b78bae9351fcfc5994e2d60738271a978bbc7079584f2b8b6c2ad33802fbd5108508d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f859e74f70bb2944ca22f34f7f1827a0

SHA1
85bf28998e700fa3ec3b6799b8e7cb7daee5a241

SHA256
2d5c6ffdda47b372ce28046d82f151e1610ef6e79953d4ea784b1791e2dada42

SHA512
7cbabfa7b38fe09437bb68b1720c69a910d0d9436a79e294077ce4e76a13abd78d991938cfe46e4c033d160d2e0dade3e00b314c97dbdababa5509970e2b8175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f4813735950d427e7ac68eb57b484905

SHA1
c3a03dca14229b9f9c798101b37cf6f2eedbb34d

SHA256
d13e3356e28e83c000036dcb14b7bc1d8b7c00be47e9a0137d26072ae9f6a221

SHA512
b89112e782e62d5aa926a9413f93e8a7627e48204bd0f8d377f969bf966fcbb21817dc18287d79a39bac09fb12427f127595a7906d8f83028ceca774996b3f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58678f.TMP

Filesize
204B

MD5
ac523261d284b6ff63f062d5c27810eb

SHA1
b7b6cc2bd62eee814d903f9692fa4b7ae54669b4

SHA256
61ba2bbe2943d3bab018af056c0fd105ec46319a9c744106d36718c63efaf5a2

SHA512
255f317b295fac71e82744eab33976eca830b174c8a6aab8083c9c524d563ff71317f35336f628b9b2d3b1179ad17c754abd060e9c5d8b174b8b1b22a2f08770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9be685933b7c9bd5d002e74a9df5aa76

SHA1
28c390ad1d43fe54ec711bab59dd3a6a5b95912b

SHA256
34d99d3c5d098d00d5de38e6328bacc862d30b6270e2099f5dfb39c412814a1c

SHA512
d88c4ac86c15ef425603825b2e8d8292b1af53a41ec5e6709ff4db38ca3bb514243ebb254a109eb33bfc38c8f28ba0807c66360b4fd639ae3861a32a41f29c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
852b7f3eb12d10024bcf545931e1346e

SHA1
5de05da0295618ef1e1c33236a9c0fbec75f653b

SHA256
20dcd6b8b89ff7859d62ec25db818806125c35d5967547ce69d41031043f1cae

SHA512
d29a74fbfc106eff9d3734cee77455c9fe63164bb78a0131c613c29ad54a833b17e89647b15ed0a1e98e83eb5edc7f9d16023fdb91ebee895e40262e22618779

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a685110b38168b955b31501bc3635048

SHA1
77b208ce4126d897fb6363a04075ac2a74d6227c

SHA256
2506194a6f326c9456f2753e1995cc72a3e661e0d2f4b16bfb71aa94667e8347

SHA512
5e970cc2295dd1a1ee0376677303687e9a3d3848a76e4285f1bcfaf120c764e3691bdce0710b267892c7862dd616fc049d485abff40e2ebbb0a14966c4b3ef75

Download Submit