hxxps://gencorner[.]xyz/free-vp-gift-cards[.]html

Analysis

max time kernel
1799s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gencorner.xyz/free-vp-gift-cards.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341269598368579"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
1920	msedge.exe
1920	msedge.exe
2924	identity_helper.exe
2924	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
372	chrome.exe
372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 3008	1920	msedge.exe	36
PID 1920 wrote to memory of 3008	1920	msedge.exe	36
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 2164	1920	msedge.exe	88
PID 1920 wrote to memory of 4636	1920	msedge.exe	87
PID 1920 wrote to memory of 4636	1920	msedge.exe	87
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90
PID 1920 wrote to memory of 2664	1920	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gencorner.xyz/free-vp-gift-cards.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1aae46f8,0x7ffa1aae4708,0x7ffa1aae4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16627617749334302278,2530370649046885757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1a579758,0x7ffa1a579768,0x7ffa1a579778
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4952 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5448 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5800 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5984 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6064 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3808 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6084 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5468 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6092 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6944 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7424 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4816 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4736 --field-trial-handle=1764,i,8952953497195793570,14605335557936323748,131072 /prefetch:1
  2⤵
  PID:4588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x2f8
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
23KB

MD5
65afd19ce5aec2918f0d9ef7b9af3525

SHA1
aeed48068d2aa6167fd1a7d4f6bc5143e621742b

SHA256
e7e19e232428f5faea9dd16ffa5e9538efa0fcc8bf270b0bedb4e64bdf019b13

SHA512
9282782280efbe76b015b5836fcd0b85c55c973f27fd576fdea574862b6ef3fb3cd76f00f809757046b87f6ab8362298a50ddbb6a1d126565663922a2426d0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
50KB

MD5
45f43a18e41db67b3d8809499d1af1bc

SHA1
f6ffd5d4541c847dd83912e93fdc7f90e1df2e2a

SHA256
ef38cbbf20c60fec59876932a4a0e4d9893cdc0987cd01e0cdf9785b28486f47

SHA512
2edbb2a1c87045eb19f637d35e1d74b7e530c546230c883abf2ea75dfc72c5d3ac3c1c72579b3232eb6efd6b011ae2728d28196c32705ece71afafba73b2eef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6ce9be4505f2f0d9d6177b3aed4ba034

SHA1
6f08c9a1fdab629e0f3b708473d08743d0c5a96f

SHA256
e410f684c9a79a1c2beb8f3f07d51dd14bfa9c693916e54b38dce49663854568

SHA512
e797c6368d4951a2798b406cf757da3dd70429273bb5e5c19a2a05c9a9881c19ca148468118a6b1dbe6de41f1ffacba1c44d4955f0ec26c23dce54ce05da8af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16ed5c69785430f831ff30fcead1128b

SHA1
b41587ddd8e1cd6eea32cdd64499e140de5177b5

SHA256
40e4f3ac47eb5a921f0d99ed3d4338845b5707d03c9968c14b466361117cf0c0

SHA512
10a06578afbcaefe926fb7603983bb0def16a7f5bdefc52161ca7ff733c232670bb23177887723aca202f36114d4d6def80cc0566eb3fd73550d33d15c2a9ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
228a527bfed55a8e7c09b73251cd1e38

SHA1
3e0609a91ff7a4569b815d3af81f558238999196

SHA256
4486c6ab714ed26810aac995f0b101d4401c7f43ed3f673f52f99d0f2fdfab80

SHA512
81ed3c9711df04fc39712af05269a015670ff99987c094a44634f1c1b76dd8d4f2b86c5f15eb349296c5dc0b5e199c97b49b6d59ba2f2657bd5de042ae0740ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
16763c261003a9ab70ba743d17f6fa7b

SHA1
33ccaaaf0aca700ac71bd1cc13240a9781884287

SHA256
11dd5067aa58d68253346d4416f77df5ec1dd77ec938b1ac455a3e3cb121c5fd

SHA512
6e1da2faad112321cf264bb171eaf0f0c2b1bb434d8bd40b2886827479376c66ad41171d46ae7f73c25cbbf973a162de4413a5c60a426af2682ba46f3e48a530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8f17683dcaceae0ab7e7a1ffc23c7bdf

SHA1
5369e2f845f4268db118110c7a5059376e4d3d6d

SHA256
cee6c2d766a7d8dd271774ad600574cb557f648f7e8b40f60b469bf6ffeb55d6

SHA512
34395371762ee67746a1bf50e1e5e04325c64dc6f76766f5ef8b7327605fba741146f6e93c1ccc1be2697c793a40e3bf5c78d98131730e8ade8fb8260c0c0001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
55cb5379d5f918439feacb7e3fd6debd

SHA1
ffaa3ab522c8716cc3f7e83bc9f764e1577a63b7

SHA256
b5f7b955f71aa47d10d644868b36b89adc872e4b24567224a27a68e689bcb3bc

SHA512
675f4c485b919b61fac457ec19c8c546323146c9319846c94008ed644bfbdf05970b4c7d315e2dd2954d7a5e36fa4f6561575198ad338696c9d65ded7c62f719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1cf8c5b167765d930687d82c7564e3fe

SHA1
885045797d61b7ae072cb512e14265ce190cd48f

SHA256
44f7e3604e81b6be5cc0a45d42c621342ab06416b25856cdf31c25983e6ce5a0

SHA512
0a1c2e8989e25431cf05601ef17af8349c8d9522688f7e45699061f7c9cd9b85789f0152bfcb2401276af396e0fde25e34188b7b05c738f0ca190b560e9a9a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5a9b3f8526c9b9c859709449ded87278

SHA1
25485e5cbf9d2426f5d5ea24667806e06f1d4e6d

SHA256
4cf5508a2807b229cef351613c558096d37ae7e31fa5fbf726fed7f87f3f8b95

SHA512
c5fb7de795b123b1b1d9b7adf6b791c9bbc116f4a0072965256792f0dbb5a48978aa9469fa75c63dd8183a6f776b81a9487436a44ad4191600d17fbee1694cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9075cb84f014af31e6d8a0337db7cde

SHA1
de70906a5cb51058225576c8b8a0917589d74e7a

SHA256
f1cb9903aa154695eb969af04a8b295ba269cd1251022d9b82fd13fb0b1cc88c

SHA512
c4488b168a59bd30ecc37487065d98e338b301f492e741c5a0f1885527a7931c103ec9fab921f401d064871a7d695d6d050048a5f877c398a33543eda857ae5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
febd37a2005a99e7b431764de9edf885

SHA1
09571639f2b7ccbef3ac0848f86fa74e9bbd27e3

SHA256
2212e777178b534a13c8871e3339c49f56f48089ec9f5c90b6e7cbec5fa7e2f5

SHA512
c3c125ee786e974da863778d31113bea4d611e2b8c6c61298133cbea873d2ccc6231bdf32225abaab1ca02b1153fcc7a28a2318a2a7c1b388b3cd45fc189bfff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0424240e08e75e03ab5b59629fb4c7ea

SHA1
50166a5f58c206f93e51166cde7b2edb59bd874c

SHA256
e2639f9defabc63825abf794c8ae7443e1bb983f260d969629eda81d18975832

SHA512
f2e83d1383be5438a914f56b058b0a65867403466eeb21b6da6cd6d28aa25b0764f2455e084cf11a1f95c59efdd16ce6f0ff91f68bd8c1a47a9451cd2fc62a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ea62f9675768115439b63fe3683eae7

SHA1
53f231a6f5d72ad4c2b9550035f0a794fabce036

SHA256
155a31eb68f37b9ae8a9f9cf09cf882bf3d6c7d0e2e71b10713d907f26f0cd62

SHA512
1487c452bea42d4b3cec0b8f14584317df39fe08e2fd2dc8e9366931619d5e0434f9c746ede4a54e23f43237d596b7431dd9afcd309fd2874f148899aba30c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40833ece1e28eb289250beae4bb7a4c8

SHA1
3d574d14c0d5354aee257be056bbaf6d7267d2e2

SHA256
fb0ec9b36b7ef7c05e1112af0039575931aca11d2313777dec8e6917b0f54a47

SHA512
381afc6815a2989da1dbb3a0f73e78fce6359ef7ad835b1d1041d5cdb95880c0e1d967ca4ee7413ec61306e29524ca1e46298416785c89359af72945ef924700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7ed9fe9aaa188a8b00711273ae5f6184

SHA1
b4895b9926e3c7103b59f1dd45a896fbf0b347b4

SHA256
191329fa1dc36ab757c9e1e32dbcd650fe3377573928157e5dd62bcf2d5706c6

SHA512
8ef54e8bb797de4b9f5200d0d593c6a0d31b74df67fa93d1a8e25a8b45ec60575ab6f1bd64c74b8533e9ce1ccbb300de3601ed47477d177893ad142e836952a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a4a3a81b3ecd99ffb1a4a25394d5cb1c

SHA1
5ac68e54fec6955bf99e9737ed13fd45c46b9aa9

SHA256
42c5fef2fbad4f2a5c25cab9801bbe7f7d9a359fde76d365c1a3885b480dc7f1

SHA512
99ebe1186da9112e5f08eb297eaaab8cefc10ca8481b6ec182bc579e3e561218037d9642a4236f3fb3c44970b67b7b1d3746c60dd98a6632d17fc9ac76c12bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e3c5d7ba626e23df527b1087507ae240

SHA1
64824b31141efc7647e3e9423c9c09e6b965ce6b

SHA256
11b7e1cbb71ff86d30adf2702c961b878d04760336cdb7df4d56a9a73026ff5d

SHA512
8c25c3d23e62e0f367223eee0c1ae43c66207e6404bbe678bc564b182bb858d723f127af68e6cf565219d0809945ded8e23721dc6da158280e0568dedb56de0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fd89fd4b-13e2-463f-8aef-259a4d0a5db6.tmp

Filesize
6KB

MD5
566320c40b9eabc5dae8afef6c852dbd

SHA1
d653d6fc81f29f57a0957f0244b0d4628fee3ffd

SHA256
d1d06cc6298ba1092826121676993dea972917bf29bbad928d4828e259c872b7

SHA512
2fe7bf64f7b21559844b8ceb77d55cc54b57b52d82d6f6e4020972ad4a2a5a255481edf031ca9023482694b359011976a5a180d9941398eb900a7117336438e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21c613176fc616b232e686b291909b7c

SHA1
a347478fc116c0322ce0b3a36c75d0b5e7330d0a

SHA256
36169a009999ff08019c4f2027ffb4718e47d74e01a81c23d6a5192c0bdbfeb1

SHA512
8d0a2e6915d2137c04ed7603d21f9b38c68b55e9f968f00a7366c68c34b9dd19ba681feeb2e701ad34b590ce8c6e3738d9cb0b30fcc852c59e3bef0f93fa998d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4b5500e956cf95de28e6f10513b1e691

SHA1
53fc29e30ecda78126500139eb0683283dc55e67

SHA256
9e3a938dd1aab6fcafaee677cfd175fd626118cb9687bbc9f09a3771c3e990e0

SHA512
4e0cc1411edc9c3459bf491227c371643fce3ba3f6e6a1670811ee8e972e880f63e2c6e9d5003b86ec3f91dfed1837704204dd14039245c0ba1437c12521735c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33a057b525ddece21b26692665871e79

SHA1
b1be0796a900461d9553a62ec09f6aae241fe23d

SHA256
35ed7d2615e54adf1d1cde4de905bc92f16c81620fd723550d1f7a7deac87bf0

SHA512
db3d08b892ca2b90103c127540d36efd67e3cf83b77b353eab18e631d50aee6140ede43fc925b2341a881a270e55f6ae0e4889b244b7d0c28e32081a27d99959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
600bd7965c3b971747261d87aa31fa27

SHA1
336d3258780bf6d40c8f4d43b3a3abe7c99f2bbb

SHA256
32c753843aecb7e1a65863b165c1ca499948789e5bdd98eff9aec29b197e87f7

SHA512
71572bd00555c0e3abb90111490bc1dd5fa9aaefba246668ac51e47bbc2d26eaed4502566a16f05345f9eb34efe680b799f624b8e15ce7c3737c05824e18d12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
ecf26817d0580ea5260707834ac1df53

SHA1
e30275532b71f51afd4db663ac2e34e778048108

SHA256
f178bb4358c13356a5bb31c82aba901468656fc87845b69d2d8d6584e3bd9a9d

SHA512
397e8e4c002dc7998ed3a0b05c3c46d7346288f9f9c9adb724f352558b05f5c067bc7f527a8c9eed4751daf69fe6992f6c92e78c17b256bfa183936d8375e7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
02def3670eff58becce4103cc2c137dd

SHA1
5ec6a0b8a35b822355851c5f3e4877f80f16af91

SHA256
4e09a6ce4f0322aee380d5ac0c2fd1a1e22c047e9bdc716eaaf0c63e6e48fa1d

SHA512
72fce4308a91987618ad5471ffddcfd6a509d956f87974a019986d5906d06fecacd3ed0cd70b88df1ecf995c9f64f1ac02d804869891d09abc4f3fad430b1c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bbf55.TMP

Filesize
48B

MD5
e16365208020793a78f185faf1950b5e

SHA1
8b6a76aa31056ba73f52cb0bd39fbccc89b686a6

SHA256
f62f5f7d3d5e958ea12bbd3e2215ac9a508a2dcfb235efa1a95ab692e86c01d9

SHA512
b22455dd36788f3dd048b23beeef6882d6a3eac62390634497ac86e7ac71968c5d096267c243426359746fe48bd97750cb0c6caceb8fafe3605498e862ae9074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
47b34f7246aefc41ed83c1757ca5783d

SHA1
56e4f7dedba49e8eddf3e6f3db182a317b43d36e

SHA256
d472fe1eafcdcf65ae66b4d47f389df01df009b343c331783313c04b7ae297e8

SHA512
770e402d2c5e65373b958d5f5272d52263a15561486492c2cb7b09fd566e67094f4ba8aaec8fc4da30e27e29dabe661bbbf6814f6ed383cc1055ece42cec863b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
3489e7443e797a996e66b63b2f14d914

SHA1
bce41f7e2edc23a584e7dc0904d1a5a6ef11b270

SHA256
48f28e6d4d776e5238f38d7191ee1dc2ccdb57490bb3d25322d627e6518fd44d

SHA512
c26dc65904c0185afffc78e175e4bf51d1e199508a1fc70ea15154aa4fdcd2d8a3fcbae2fe7dbef81e7ad2d03e9ff444577a5ced6b39ea801ab4825d074adef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
1f110f0be1327f2915c0cf4bb435105d

SHA1
6daaa6ee1566c20876d313a39fff718a8d5c5df9

SHA256
0b1f2225e0d29a809a68c6014e0c1b8c8d381d7c25b72786eb096b55b85bc828

SHA512
7cff7266570ea855b6d9360e388c3d6e027a6d757664cac4d612a3fff6a17311f2c6626ac2575dd827c67c2f5a9848c1a24868932e4d4b89e1a40d1b12f4e517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
915263861a66ab53719cae7ee85dd857

SHA1
86272524f721463ed5622eb0c69a9f252770e63a

SHA256
0b8ae537500babb77e257ce4553890b4577cac639900bf6b3ad0fdfaba877bb0

SHA512
160e3950e708c31d60b5f58dab634b7e65f4f419c3a0f7b67dff5b10dd9f888c85db8254f5c3531219ce4d54ca92f785e2999049bab6bbd717a4e9340deba0d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
45d509252fcdaabe847ef9ac764e39cf

SHA1
72533a76f91fd941f1a717d4bd234bc0cbb4682d

SHA256
12ac7f5e38ca30e621f7ecee06cb6bde5de8e96d4d774a23801cf4b1a97a1e08

SHA512
cd6e564954899b2511010f8d33625cc3bfd8cc88e75e3cf75e8945ab2a84acecc0176f4c225deaba2f028ea9b17c65b322bc52897d3c6b63c8682ff37e0994f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
7728224df27d1ff6b80d073e3044a73e

SHA1
de221a40869a314d87c6ed07a334cc25e6fb5bcc

SHA256
135fb65b81bac680b68d3f6e7ef5e8c514de60776ebca80db326c5d5e04b1492

SHA512
fa281e1522b9aa1ef720ac2254ce2b2691d718062307c63348dff866ef0a24e7fa94f1179e67a1dcb39275b8f6b38458c283f719e76b642cc592aff5e57e26c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
d4c0e7fb9d58359ee8bb55902e84762c

SHA1
b87a5d7c095c91a8cced792b0b4c20599ed6074a

SHA256
2aa9903f8681259fbcd9a330798911b4fa6438ecc93e448a3577d17a63c8208f

SHA512
18cd4bce7ff307e4de1677289a5d464566261a4af415730c0d69525fde83470ace6d9dbe66f3428408383adc1e8a35d1a28c899d84324e9fd5766729a0e72466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b9518.TMP

Filesize
97KB

MD5
059e065e419f4608f6dafda3be6237c0

SHA1
82d2f90e70f2492ede81a8714727bb7594090ad4

SHA256
9c2c46c5d229f7539f484e41ccd6612d33ea9659cc3fd3cfbf106adbb189ee1a

SHA512
99c39373f93d8f5ba0603ae069c449ea424c3ce934fd30bc2e318e09db9f01ce13e112c5c0ca4cf0ec1f43e5fdc6fb9d1b1b8ed63c129c3b183152ecc3b9a1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
331KB

MD5
b7a2a3b2a972feed3b5279e806d03f09

SHA1
636108ffd5aa0a7cb928ff1f2f051c95737531c7

SHA256
f3145f403ec7de607beb31de9e92766de363158082c5cb76c0b53d889a3685fc

SHA512
4286dd2e990470d6869b6a16994aba955e9e728905350718be09c0e3bc01608fcf781cc95a9138a60caea3b637c1571866f37afa5e5980519e6dc6071e48f400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
73KB

MD5
417eb7933d89cf28c85fe2b071783704

SHA1
a0ddfb98c726d30ff4e517b0ee3d85f345dd583d

SHA256
bae2ec5fd469972e0690d9b7d07859859803360095b7c599153c7d8e57f6ee81

SHA512
f58cfb4e8531a1417f553107beb7fc67564bebfb907ba5b6ea1372bdc3d8f80f35c3f0ad23c9a8d56ab0d05b9603d9f730620ae64d45e0ff90cb35f4d17bbdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
82KB

MD5
b75ed9bfb8be8767ed3b8f7e01a4d038

SHA1
49abd1b4991a980e13e40c9890f83c05e023a8be

SHA256
0a5ee099b1b435fb0be9c53a7f5e3b0923d0d88d3652f28408c63707e0929afb

SHA512
0cd5ff0dd44281817651363eb7c5c4ab2ad050280fdeab8d16b12d145e9c627324a7d2ba84e6fa26f5cf21b5660a7c3ea42c8c2700f7980a4ff8106f8467ae51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
84KB

MD5
f4897ec03d0467e1a343f3ede0af13d3

SHA1
7967397cfc80e8516eb2fbb7a54837dbc486a107

SHA256
e52175df9420620adcca2ab77929c3408d49d533ad32e020da9bd1969246f14e

SHA512
627c7133c4cc998b38ccd1c07fc04687e37436d04d4c14b213eafed8f905ed3e450daa7edbd0817d94d4e76dd97c9ae3174a20db7eeed3accc513c9f0f7d1671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
2a5afc84be940ac59f172e7bc39b0ad6

SHA1
e8cf78fd890001f86750354316228b6191085a9a

SHA256
adb4b6554adff5f07b94dad19b4f08c2bed70d6c98cb53a5cbc14fe3719e1e5c

SHA512
b5592a8415941137a0f907650f37f63bfb4b3bdf99cbce91d378f4aa1b50df8878819c824b799c01f5a1ccdbff399ccc5d385510f715e98afcdd92e094621381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
94KB

MD5
d9028ad00529d3302aa54cce16024cfd

SHA1
afcb0ec1bfed770ea4337e266c741cc1372c98a6

SHA256
324f7453ad73213469bef8662396de94cf8ea4d64dbafd537be4f3486691c669

SHA512
b62a2b49acf69a9a15b80cdfbec2d714168064fad6395b5a129e189742e32e8b53114c8a85373d41d8a9acf86b4b315fd710f3d026fd256371cb0693a66a0d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
19KB

MD5
49a10d28521222999b883c6ebc13ade8

SHA1
af8f9517747e1b947698650461b675064e95efea

SHA256
1ce2768fa243f1dc6d09e194865e78c61a8f9533a768f6c02c2807d8dd607ca8

SHA512
490199de7b1773e7b17568e6ea07795ccdacf793b2c230f51735f92328d0e7e558cdec225f4a90d479c276d2987209c1139a54970cb4c82f82da81513d7e3e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
19KB

MD5
3a9d657f0c1033d1d7b610ee318d8480

SHA1
3d8f85517fba385a7616bbb81b4d1e2a4da88433

SHA256
b5ccfffbf4fbb9a8c2df90627b81a30b5edae9788cba72e6bf1ba6fef7bb4514

SHA512
4b884f7b858cff1f1f49beefaf29f764e8516b5fc50dc23ac2c6c2061b2698e30ee06b7d930eed9495a97e7acdefc24f7ee80bb7d38b631597e8d09229dd8c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
33KB

MD5
cb68569c733a7572136e0c21ae59baa3

SHA1
e6a80afb49bb7d0673259747b3f3829badcaa18c

SHA256
dfc55541b0c31631571ccf8a16b71dd84d6743b01956a93718a46349a95e0f80

SHA512
bda24e319bbed03c1c40580731966b75facaae194ee2c789323c78a55234d8c501c112cbc8431b65527829cc8f49b19cb0932b655becc856645248eab5ec15a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5c12009fa4be1b81ef0898f1876cf7dc

SHA1
c74fea4f094418623b1af719d3a40738815b7c41

SHA256
17f6afcab7e9a3b87e2f482c067ba979cf49db53069b7573af52d485a6bf826c

SHA512
d05abd1bc1a48455c1db662edd68664854fb681f9a95acd73f63379e49d2b0ea35e45e4d5d68cc0802f0dcdc16649cadcd3854a4e2cefe5695fb6647d3c92d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eb51b35927824bd2971338e8862249f5

SHA1
11a7a5c2db63aa0921c24cf91f0eafa252a0ebf3

SHA256
77f3eb943272d41bfaa9b51ca6bf9a338aed32ae4bc73000a4e4ae88348da5e1

SHA512
c59002be779044a8dea76aae79561c3ff85f648c9695328c6dd44412b036452ab1aeeb21d9da2a28c7ba1a799984e6974716dcede352c28f982d67e5f90a21d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
116c929558321e492a2338e4b73805e0

SHA1
daa6061bb41edbcfee6b00e4173b457db1001078

SHA256
70c538651138b328f7280df9575748a334fe3addfba98138d7cc77fac618c3f3

SHA512
e70a8dcd38fa3b6fe9084fb4af651914126b29bd43f3fc4be9456366acd6935afdee15096dec24c69461fb1dfb08c32b1af8955fa93a4431b22b734b885a9574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d32a62755f5c1b76be3e5c5bf0768172

SHA1
12c467a1ef4fab15450cca539e1bb8b0d494921d

SHA256
f68676846ca4be220db0310fa729f6dc51dc860181efa09f6bde14113f8f19ee

SHA512
15f745b0b627d292162c182ac6490d3b2af43ad6311550a87e4376abba4f7a882814b0466e385e54fec6a0fe5314925524f929ae30d35ca18e03a8eef3d3c6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
29dda30d0d4ded0c1cba523993d46ce7

SHA1
eaae38b978bdbbebf48c3553827e6a0e3032aad9

SHA256
075409170233e01203615459537617aec6f22d72893562a20363d1607ee9d64b

SHA512
3db87b93bbd753b1470041b54897f05d62fb944d1c76fa8e581a5b65aea50ca519402161fb7118a07de69cd82b7ba350f7282b0b332438ab9946d6741f9f4522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7274d3335ceb87b15acff1d62bd50c52

SHA1
2d7651490350aa3354c55d428e548fd263d510c0

SHA256
ff20dda3f4aa2b94e0bee18d525ae332c831bec3a4b0c0aa3553f426d9e928ff

SHA512
2e0eefc457c9c0a0c0f7710e02d547b096235317db517f2e749c57061c486fc5679e31cec262d5e38cb1084a68343e7558671b952b8d0e4d3c8345906648077f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
834a2c1044cc46f9d397b3ad7fbcb2e8

SHA1
3bbd0449f0a8099c5057319d6ae032cb249f24ae

SHA256
4513df3acc10e50db8b42c33145b3ffbd06bebc4fd1814a8ff2939d97eca4239

SHA512
5c65d8f21933869c1e68ce8ad76772b4866f4c18101e7a34ecc451b54ad9533db04efaa5baed439d8248ab003463e873d4c2800307337fedde97bce551c083e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
274ef2d4bbe1b3e0735c702f753dcbf5

SHA1
8a37e2a8112e59c938134a7817045557a81ac202

SHA256
3071086c1e4284b07018738c5eafdab62e7b80a4275a44324b628242225c7bc7

SHA512
d79578fd6f84d69c80e3834c54af3b436698e2fcabf3a4cbb5d53f8a45c9e50f50016c28a237ab54cfdac5ba5bf8d773d83fa95c540a18649033303a1c22e154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
11d5805c810b5f733763589d905128dd

SHA1
50c26ec0446bd465de48190d13c979ab1a7f62f9

SHA256
1b24e348ca875d3ca4408ac3d26065090bc598dcfe0dcea101d385933871f886

SHA512
09a7362498b7995da7a147f626251f24bae7f08d5bb774242e0865654b362c06b9cb1c8d2b80184eb6c7cf76d22abf253db46ffd6ebee6381ea1ea1b5ce0b065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1c5c6df21b2017a5833a9571cbd43cb

SHA1
00b66edb3aef2ca6ea23bb495cac7ca93a296a42

SHA256
4036c769a2e40904813382a478b029849ed8d2a0492702ea0bcd981289cccdc7

SHA512
06f866278a6fa0f6bef9c65b37b8ee3bf5046f8c0ebddf4345df6c8f88e3bdbbdbc5d82bc1ef3dda8997474762d0201d0f375d77ca3f276c0faa0049005c802b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8c8a79d0f711d307db3d602488412150

SHA1
8c61550b958bbde450bd45c670e1c8b4f8e888e9

SHA256
204257edd7c8e10655ba75f8bdb5f43d7b22a999b30688997127746b7d82303d

SHA512
32b6a5f315a11c76621c1d397783c7f23d018dc653acc8c3fc910b187c19188d51ca6e3001cfe5a50efc2e1c434c48e9c5a5b5d081711e8b1b799fa50c727318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
559502afdc76ab63b75ac45421278e80

SHA1
a4a8682adb7454fa930e684d036eaee2c6d4f64c

SHA256
5bae206ad26f900538376e60f3005722495998e0e7934aecdba33d251f01592f

SHA512
f85525205a7fcde88640a9801f094b0cf085e79033efa486892ad0e9809e4d16cec05b36cdf6e959307637b5ebbfb0fea119bddf8f166d460075fd4aa7a43630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
52cdcffe02b22abbb92eff4bc387d3e0

SHA1
dc760e956d98574ebbe113d168e61ea0c34fdd4f

SHA256
38bf3b5f910663211f11da6d83edd844cb8192fcdb6b3fe39975818af29de829

SHA512
9a8a45009753989bc26436359f7aa3af7dfdf2dfadc8528e2d5464477c5b4141af5bf271ba5720393d1f1ca3dde80d4535cffe59e2ae8676bebb2d957b13505c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
339557f65f0093f8384224e2fe1a0799

SHA1
efb6e78deaf60be03bf1b932c01b48ecd3a9983c

SHA256
14077fa2be8f5c84428302bba38e447b9b2c9aff24fd34c4ca5ccda8b1dd4a06

SHA512
80befcd57409cfe2ae18caa76738c77edd9ad6ec3982b4a3afb6fad474b7ccfa6fa162965704229ad0bb5838fa97f7767900c7e12b7abe0828491a8cc6b12b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7dd61f3353d3bf67b2d12c6069cba235

SHA1
c80b7ba7f7deaa42d669a763d3d7789c6d6723e2

SHA256
adfa4aaad8cad91a29d0ce1cfcfe5e23d16d0cf89217936d1ffb2eacf86a1123

SHA512
e0b14002f492ee4cba03be014b91f9601df077257a9c1618bed49801c82e5e054cfd9bbcc4eecde2d5789faea1ccd2c8a4badf36fed020ccf1ab8f7ffb845e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a64029ef326eb27983f223a357dbfdca

SHA1
69f80755ad5b186e924a796737fa8993bba6ca1f

SHA256
be621bc22c58440ff3404801e5d34697eb548f1211911b79cc61e9251f1d986f

SHA512
c9a33b38256c3a4cf249d369f4cb62fc1b394b56f630581a444796959fa51c7a75d2528a3b7c22f669fd3dc73a0462ff3176dab31341bd6f4218ff2c6f5659b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e1ebf6b8762263e548083988ca952dd

SHA1
310b84b14de49479386a9d3d3fc15c96a867e51a

SHA256
49af8917deae706d0494dc921e3039b472acf75c2042497e12f974b123b74a39

SHA512
b87c61b254601a77791c82b9755a75f195e2c3eeed9e59f3bd9919c0ad3a26d9202b7d30b1096e0416275f689acfa41d15546babd50a726da4a0fbd795025fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ade62797dfb5f19ed7c446562b2d9607

SHA1
bed623c5440e99b8049290b1c7a79c30e406bc60

SHA256
1cebc85b7116b372acf6d6549b6afba4feddb84ffb703c76d67f9947dce546aa

SHA512
66674b5cfbff4f33a6519eda75e1f5d1413f902f86775881d2e66a4c4d6fa8a88450bc3d533a13d03c76127954076f498b43bacfc6e22a8d26065979cee73deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7df64f37f3b1117adfd6ba26fb493216

SHA1
33e927c160959a7ce68ea9110cb30fc6fc51ee59

SHA256
c46a97b4d0f3f9857df37cf9c795a625600ad9f3bbd52108bc76dc4191991029

SHA512
5784a8bfd6430a60f5e93b2245232e8f71278bcd481419c9753833d29dd03970b43ec826d4d797506d81875ccd246d42782ed7f559a3fc7c513322d82cc34754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
fee96930de4523523f8b5199fa7de693

SHA1
3f9b0efd9054e9fa246bd9f84dcc944331c63a07

SHA256
b566b3caafe13a0d937743e5a5d5327b835be0a7c0aa39544fa5c10cb3eec313

SHA512
7910eca1c026db902fa1ab838ddf39af1ba1307ae627607e0e9e9a3f0a21c9f2f847861c524e6751728df9483ac1e31409ee7c6c30bbe337b8743622afdd307c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593cb1.TMP

Filesize
48B

MD5
6de34603b73097db11e7f96866431b6f

SHA1
940eea9d63d8c8a580d0fe471860a77191e12bb4

SHA256
6f7ccafa80015df8a8f49abacd9aecbe41837f6510bf4a2422c9ed9a6b29a075

SHA512
108b2d82ef2c58a4ec63dd81921befd3b5e6958d565f70fd5b2b323407ec3c90a4095006bb0e2170cf7862740d6de28406a3f07dd09a0d7f4e016ae6b73ddf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
56533beb19f7ce20893f117e6dcc5b32

SHA1
2ab59fece6b130812f35c843ef01461a15f56e8d

SHA256
b2c0c9d304f9daa322048a3036c982d8c8ecc5920e431bd59734f43ac902a526

SHA512
7284d939f5a2f3b426f631fc83f796ffcd00279170f4d16102f2dcd3d1feb2f3dd50c38bd9f319027cfcff1e568c049dc6f6ffdc6882ece7ceeba01a493c95d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
77ab89a77bc6ade85896a14d74ad1a16

SHA1
9f9247f44d9b5fb84e051dade75effca1e188a83

SHA256
65c2c72c46e547198711157498f6dfd3dd7fb29be0cc7dc9773c9d4ec2ca60bc

SHA512
dcb7d71b958d36faa4489d7cf7d6c3172d41f3805a2310bdbde46133d99e1fbe07eaf856ba0b0635887f751aa80e67a06e73665bc091945526ab2a3a6a5b2a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f7478f867088b9905e2c426517d4e08

SHA1
0186a5963c21d5d3d35dbd4c352e000abce8543f

SHA256
04cbfb9f5c76acf4fc2b8c68ef139b1b2d46fe02a0df3900ead9a460d762307d

SHA512
561a59a09755a10d0c7ca68982e8265a492bdb1321ded1f1d21aa2b163c76febad6655bda557336f19046eb20d26cafe610caae5c47697e844f0ebba23cc7ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e503a431f00da0bdabeaf97592451af3

SHA1
08d32ba5cb0737146bed397f66151375a21b57c2

SHA256
c5c5d7a10b3790a47a4f1738a90c7e0702e50fe98586a904b971f3d086d081b0

SHA512
63e72d7c7a0217a5a21a6dc624ce5a5eb275729d20e8b0a4da37ff665e9304934c7a2a005410734a6e7b7f0ba8124d99087114f4d3419fbeec6c06d31e93bb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
292d393928bc8a13d6930f94fb08f1f6

SHA1
8898974c005fc7ea4a8b5602290ec83d6ae7454a

SHA256
656de9129c7542dba9812c495110ab9442e52eacfa3d4799b8d786578ba6b8e8

SHA512
fa447f9ed2c99258603dcfd96f4267106da08770d31409697854d7098009b26d7a3ae18bba831055441c2415986c93814e954e8bb3657d00aff42e4c4f8110f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f42a13c23d4f69e5395ff7a7c233ca37

SHA1
6910e761c05d63866deb0ae5a02c8d83802f3baa

SHA256
3836bd8b1aec0c31eaa7508dae7ed50554474acba595ec4d8fcf7e2842e23cf5

SHA512
d601eba09774a0997fd294c48c2051668a21fdff6f8e5485ca150d9a6a296c5d1e27615dc8dfe40eda0e9e407016a219d4d38467c6fda5a5d3a6eb2917bc3e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d07417d056628969035724d6a28d7d7b

SHA1
0a3e1a6336036d3371271cfdb569663d1ae2090f

SHA256
1ad67870025f0357d62420fa5a57d4d2fe2f178ffa342942ffc6a0fe2599040e

SHA512
86f3617de2ac4890b591538436b135242fd86815a3308772e7911113e7bceae8cbc966ec88714ecc0efcbaed61c61aeab0a3f20e0293614632a127f2bc312331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b77c1dead039d78e4884bce89255e1f5

SHA1
0e9c47a1c68141c392889f79c42f65bee3afbe2c

SHA256
148f9979b913efdfcbe41541563aed25cd4b86b9c65bfd0a3509c9f7c8e22df1

SHA512
25ba6f132e4063da43817a03de6ab33249657d31f055eb7e63b4c318202a0d7923130a45f5044e396a7a2b85cc490a4dcf255daf67753f497f496ebd02c542ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0027e0da5fb00d795d25c73b90f9d322

SHA1
d064ef7dc5c14bced9c5237f793eb09a7b0a9968

SHA256
2e2fecb4c6876621b0c4b0f328cb488226d51eabd6ddd726805f1e7e9ab68121

SHA512
805da4d626b0e82bc029ba013cbf5b23630da3052d7738476b7777aed74018742f913bc6ccc1b931e6ffd2a9bbf414fb49128fefb764a057d6f2166dd433705e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b86ddb7399f2c6606a072b237abf350

SHA1
198562a1fd3e624b390ec079c93be767baa48780

SHA256
638d6cc80588c98b516d1d10289f268569ff5545ca910f040a4689fd6610b6b2

SHA512
33a83abc8cdf84977dc44fa7be53b39ab3aa1346cab4d8b29a2720bb268b690fe224703420aaff9779828b12046b21f58261a3e3c871aefa2195dd31f14e0b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2ac505a7a13bf3052b2deefd4b809b9a

SHA1
40fcf9b9fc8c391872c50e04b5f9e0c5428c6d8a

SHA256
6ce52d0753ea5438446158ff44a7f475f6f544c084bfcb39ad5f6973f068c898

SHA512
57aefd1214d459d10129ff72d70ce5aa7984d0bf016be900a60fa797bf8db120eeaaf47b011099a0163a988c7b77016f7b27b162e4004af71f1f5165e305246d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583803.TMP

Filesize
371B

MD5
86ff8be59793ac983daaeaff7d90f804

SHA1
a145c9f8f8c26ddf89f9c1d89039edc2c6f1499d

SHA256
4be225db8f2ba1c004fa5d67f01be43e954c043b78b389ecbfe12aadd518c6de

SHA512
d7a192c3166c8e84d50e06e72bc2d7426412eb49583252d7a47a8c0c2555f34a9e7504eca2b7cb9bc7c8a43d47411394967c427a2181e436f6b3ec1af3ec0af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b10663f2c561e48d56c26ae884dbfaab

SHA1
79946737d04aa018d20f76bbfae6401aa047bc24

SHA256
4163a1950a2be89caa58998a26406a58e4b4c641e09129c276651aeb936b1316

SHA512
8ca1792f86bfa56f5c126c6dfa001ec20252acd5b1c609d712493ee2c8fac318389daaf12ccbe3f20f43ecfba94df460ea4fb1a59a6f90f05d91a906c77a2f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
74bb268cdc9ceeb64abe192b0fbcdfdd

SHA1
b70719299fa9ae354c4158c3bf498cde328c4f82

SHA256
ace931e36ee27e7762da4aa1be6cd877043d81fae0744cea13e51d2503873cb6

SHA512
08afaa436be20388fe7b39efef56441a42871b6ac360148b577e4724a9e5b83e25d7b3126828a737abb8ae663edece6f337dc84dd4b4e4078f408c50336283be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit