hxxp://url | Triage

Analysis

max time kernel
1376s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2023, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133404817888887436"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
2776	msedge.exe
2776	msedge.exe
2572	identity_helper.exe
2572	identity_helper.exe
4828	chrome.exe
4828	chrome.exe
5232	chrome.exe
5232	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe
Token: SeShutdownPrivilege	4828	chrome.exe
Token: SeCreatePagefilePrivilege	4828	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2224	2776	msedge.exe	43
PID 2776 wrote to memory of 2224	2776	msedge.exe	43
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4020	2776	msedge.exe	87
PID 2776 wrote to memory of 4036	2776	msedge.exe	88
PID 2776 wrote to memory of 4036	2776	msedge.exe	88
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89
PID 2776 wrote to memory of 180	2776	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://url
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffbcc8446f8,0x7ffbcc844708,0x7ffbcc844718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,16227979729915604681,12960617931726243252,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffbcbb19758,0x7ffbcbb19768,0x7ffbcbb19778
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3004 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3432 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5360 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3336 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3560 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2740 --field-trial-handle=1944,i,10656580882761750878,12627120362498753789,131072 /prefetch:1
  2⤵
  PID:3768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
57KB

MD5
186a92a25f483ab93e96918ac11bab05

SHA1
6514d35d7a6f5939dac76bf6cffc34a9f794fe63

SHA256
cd3617d6e7a348cab00c121578afdd85aba9b95d2be9eff8a94d19d2490d4d82

SHA512
80c8c882bff35679b8e3fc4b58e1b537b032b11e6d1473238cfab6ab4129c84396831ccc116c48c100891b04f1ce7f2964460dd5ff6834cfa7858632bb1a14ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
182KB

MD5
cab0e0444bd6133e149f009db7cfe861

SHA1
cdfb64946c4ae4f57fa8aeed63075808883da118

SHA256
293ab5d7809d40381acadfc942293c957e44bf1a42940a23bfae843b3c75fac4

SHA512
97b287250f8cd0e60b0d890c598e538f4d0b30f174d1a3cb60c628da36783d302cf3dad9cb1f2af27a9325504cd46fdf9755249fa92affa5e54988afad6acf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
4810a59a4418b6cd819de1a68900542d

SHA1
109fa36a7b8cf71f1ea95fe24c5d8ce4579dd153

SHA256
733c94d95dea683fd3f07f13589f91792dd5f163bfd30f3dc36190f8f1b4e786

SHA512
e988f2190b10958b4ca03a15b6ea35873b9d285cb540615a1b6232e729a4c0a38e4fdf96c9b1a43c1aced5b18e8649d2670512f0c6483ac25dc8e1f0c71c1600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e2a609a700836c93a7e46103c3f1e59

SHA1
828595452e90f699a43e79957825d736ff0313dc

SHA256
c44d18f71a35cc2e994817feb957a6f3a4844292e9a20c07ce47d19cc64126c6

SHA512
85eb484b868e733e45fe1558456d81517220e7890ceed5418c0d03d7c4a7077b576cb3a77727206c3918e7306f74c1d84201e96d8c9bbe5a6306a7b4285c7386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
522dd9e1159c0314ebf8e104b67366df

SHA1
2b41d6d504f8b006921d39ad01c41e0088296492

SHA256
d83ae1ffc0bb90d20e61179d8746c340e3491a492f92581388c3daf9e388700a

SHA512
e6c71041915f379990f023c7dceac0cc856e2722ba99c8bc3f801978fa7d146d76ca6a77d084e8cea1d9183d7e39811bd99bd73fda9db4a82e90e596146b7998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c12b8fff806aad07927ad02d1968e6d0

SHA1
25cd4954441d1c1250951d6b288284cf7edd76f2

SHA256
18655c467a516b86b2089307de346800347a10b98d6fc9617098e015531038a0

SHA512
9f34b438db024cf01715880c47856c371f2e006010b64bc157fc047c8b53e0db63f67d8681ce2fef54eee62b692db39563aafac4f096924cb10e51bd0bae2893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7add1b3c300f06c85d45e172bc2bdc75

SHA1
1fcef8cd06eb6d81984e102919006cea4c479ea9

SHA256
5a74e1b25e51421f0c3f318be3b33df1b08f80f49aabe1bbd3c03c2c0bb66b08

SHA512
0fbba6e7c808c77a1c85a0167314b565b91323fa852871037ce163d11b8681651dc479f471945e50b7407c9090e081ad5fdfa9dbe90c0500e71b7c96046705f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d681f4c9f2cb4f56f8f9cd81af927a10

SHA1
bc6fffe59fdf1f3136733f9607576d3545cd6194

SHA256
b63124c429db639a9a0de3d92ab9812c0af9ec84a018933d89c4d5e6402cb1f9

SHA512
c5869f54e811340f5eddeaa0236d89bc047c7f4667187fdd3eb10992c33b4087e246b2b9361e7afb614783397ca457036fd39c4a4f923843ee81811b1e8ed512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
473256759790c49ea2d6cae335385aeb

SHA1
a1b329b4004dee28dd7754129fd85404ff94b2ad

SHA256
23056266708cb46fc65ede38eacc83c19fd40efe49f149fa308ff072ae14244d

SHA512
273c9030eb06b6445a3945dc08cb64260a01480b858ef39c2fb852e0bfb9eef1af1157be3b2c48f9e5fe19ab620492c529f25b93a059655ac47af1709e2eec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
74213ac7814066886f85f830710735fb

SHA1
1cfa14921e9215e95e660c1aefac41c9a361197c

SHA256
e1ddc066248d0fdb9e14346bb6da0a7f074ff8b594d516f3b97891b532c5000f

SHA512
9772e09c8048985a59ffa75951f1477a0cef872139867da7ffb285c04cec286a6fc7da430482fbe5b78ebea6f541a06215efd7f41f23c11813ac898b200ae48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e45ee1dc9ce2b1be781c319cc6a2fd16

SHA1
92e76e8941afd2787a6af20c26be634e15d218cb

SHA256
0e5cba067fefdcd67d2de9794f203546f1337bae5c8587573fdf813fbc2496e4

SHA512
a598089629be520b874dfef56fd07ad137338f36010e166547d2c9f77a19001a3abde3b1648c62fcaca037a248e138576e12f8d89be49bb0008297d05901e2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
11b8f00c9fb61f028e11b29a756ffcab

SHA1
24543bab05b400bb41a48e77db48baaf77196adb

SHA256
30111700e6a4f48d7d7f2780609f532e04b2b4c318e425218aa056a73e8f6170

SHA512
b8fecb5fa94a7c30c14c1acac51ad58ca4cb81f483f13229cb3d9748627f7e7efd6d82654ff14b4056f140c3a6cfe5a272f697134ae83e020a2466b84fec428e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
59a4945e54c65ffd837f3751e9054354

SHA1
c590472172ba701a4f62d27de06c54c81474d4ca

SHA256
d800a46bf44770435e8ad3c5fb48654f45f0a361c0181306da1b82e68439baa8

SHA512
39e1aab08788a561f02ea2327188945a3699db9fcce119e26e9c3b3650656d13827c27159a150704e623a6aedc4422c243cf5906a84d76779ca5f193f347b76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa5323e84036ef76c303794e685c994c

SHA1
9b07ababbbc1eb854d4bf45b7a396ebff18cfac5

SHA256
b46c16b928250c8429efb60b1e43f34762dfb833d7ee524eec0c52ee2db1dbcb

SHA512
3ee1279cf9f45092049e9a629fbc5979249c3817df1a2481af1c49e151f127e84180c9cefa2d9f2df27029c8810a583a00e27e90202454d0a424c00cfa5b64dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64daa63d34cea405f7c62223e5fadeda

SHA1
7dac85692eda33b86011061273f32ad439ec4480

SHA256
aa3380bfc166b72d9b60da54ae4705f8ef7822df40abf953cfc65e31c0434546

SHA512
cdc5c9bdad1a79c242af1f38a96e557d8b9773a07159434740523e446516dd68e47e41d6fc56d6d7b5486a008717d3ace574258f63f4af7e489cbf6a28ea238b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3a75d3363f9bb5d686429f8dafb4d05

SHA1
da9dae0daf0a6749bdc044d43b727bff5859a8e1

SHA256
e434e7869e5099495e2acd4944341a94c65df277cfbc572d7ae06d85bd2b3db8

SHA512
fbe8fa674103ef4e9fdae465d69edc99d536107ae9f1eda2ba31da0f11df27c4e9daa6248e70ecaf43dad70a85b0cc241581959a6e3519c170a44f49220446f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
adecfa6c8e907a1dbef143200839ffc0

SHA1
df80d04ec3a8e20ea186d242c980c98d35294c07

SHA256
3f7d48072d11b748d2b819a71e1785b5a0348abeecf6cd260cdae54f6c04e5f1

SHA512
6226f0d1199871862cf97e480782b89cd086a14b681a5c80d0029cafc3d34e5632478d69a196300ac173f913b44c2464ae1e41df486995f93081e8d03698c152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d4120ef468b0958c8eabc0376a704999

SHA1
04fc05b44e832e13fd2e0ec9bda05e36d09e689d

SHA256
07caffca6310f73aed636c6db73e1354ff613bfbc734c30755b5a89d57c4a7d1

SHA512
ae8defab1318b91771f532c9feeac2dfbc7bf6e7f32508e8c33bdd47da0973d7e7dbcaf574442544a7c8134c423a8b71dfd014e10b9c37d6ebb474b3ac7c9296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f5ec6e6e200703ea68a3469b586de2fc

SHA1
02e022ab53cef1f05ec953ba85a4a0c3e74ce33d

SHA256
2f3b2940f0d825ffbecee5cb2bfe609300dca28bf23a2f41422fb50e39f46e4c

SHA512
cb2b59ccb4de9dc47fdcaa6851a70099d6917168f42ca11b6038a83366668de04b4e96b48f6f261dea10a6848b74251dc8eb41bd4a9f996fac9591c30f857a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
899ed62f3752981d88f7ae62dced822f

SHA1
85880350ce99cac6e3600e45b0a2373a952324f5

SHA256
2020249a01eeb7e64014bdffe3334313f1a20a6ef1bb93fd142c804c91683ce6

SHA512
ae6d4a21b187c2fe3349708c7465aa4f138c2f801caae2aa7610e835a430c4cc5d244db02264eca38daaa10f4bec7938be5a38a0e5b55dd760df6b13454c48fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
76f592a4f93804c01c38afcf414f01b3

SHA1
dd3629ae0566b323c2b8e7b725235018d9238410

SHA256
bde0bbbfd2d98843e7037cfb80e85e865c3c7d34bbd25ae32859c6f33c78a013

SHA512
cc177927613d680e4bf83a6ba6520fdf75e13a9bab5c5880cda18a97a3aaa2393fe5d2ac2bda6f95cfc3510ea132f4a7aea91fdee6519b51bece3066a0f0d5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be4da9b24fa6a8c42956737192cefb97

SHA1
69e4f20d2b28c10f3b7a7cd63d389c7b21bf4742

SHA256
74ea915fe6c5665ae7b9e427992864bd56b381c9bd6d3bc3a3f5931bcb72fb77

SHA512
af566d0a2360a1d119acec58380edeefadd6671e9f45e38e3b819fe76622f4c9704301f54e5604ded7b1a231b721e0d841a899609e438347ccd11e5ea865fcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3bb92fa25b638d9b808497877f3d80e

SHA1
41988284c3561da6509d2b721ba3bfd79903d8ea

SHA256
ba819c8fc6f76172e1b0dc6aa9c4b75a848e1958c4a56ad334524c024f513db0

SHA512
fb07988847d6f476ed883ee52747d1904d7a5e6757e114666fe908a81023ab1eca1f519254850c655d899dd7625bdcc5078c02a9fb635d3f959621fbdfd2d50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92281ea6d17a795f0b0a4b7804bfe623

SHA1
4a3b20497eeb7e96ffdb828c6150ece54f42dbbb

SHA256
e935ea8b55371ff569d1c6d2f03a265e9e0ce746089e049b16304cb2748299b3

SHA512
4fa6c1a69cef29c9123d428029ad6f835b06f4702c3a7b13e5002809ff12bcba0abca57c2638b80c6d4b224952f4b228c616b76983a723843bab8bb9d2182f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0012bb5d4a565f2722a317761c250a70

SHA1
ef18c8268382c1bcf8fd434e8cf4bd39d16ff59d

SHA256
87af7c1472de89791a19668d36601a1c80b1bc89d99b4fa0f602ea56b55c110b

SHA512
4e07b01782730c4595f03da129e7ed2a77c066c8c29c748fbdf733e1ec0209d91690aecb958b0a37ffe392826dcfb21035fd2ea67e26db0a22aaec66c88c9565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8afd5a87e94511a152fb945ab076ea44

SHA1
28289e453c89d33f867a6ea0949a69af7451066d

SHA256
80b714c41839cbaf6a1b8321a95256860ecade97570e33717d515af6eb2754a6

SHA512
5201ba486aa430398d7ed110c4a9c3fa1362dcf4ad7db7e6e04d6148fd8a3dad6d3f69c1676047d8f870c314fd1708c20182ed2704c2f364916abd74392e0063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
121a43a80cdf0347b12d09a08758ba37

SHA1
6ced109e4ec5be404f1508a92b59017fff1fbdf9

SHA256
31430d80eaca9ebd9e120ea8ad6a248156094bc1a618f90b0b51289aae9dbda6

SHA512
f550c7d7cf4608eab4587ee0e2c585540e211cc6173545de4e72b1404433d62dbb7dcd0bb49f0e86339f7e20381072172f5ad21cee01805707d7ce4bed712834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c1dd31ab72800ca56625b321b093daec

SHA1
0ae636af7d18d2924b8715e82f68e47712e0f857

SHA256
63ac9b8411b0e9f30db2c00d93abc6ac3448448b48bc6c33e16df5d4e94eb34e

SHA512
1798351c2e139b9d8a463c47ae7667be1e16c2c0974fead108b9c16379bedea462a062521edbc3e6b6de2479beafffac8f22d8278c2c1126b83bdee0f907b7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8dbd598999c2f7ef6142d09194c47c36

SHA1
6fcf729b242d67ce4236c15ac14e231e74b3a6f1

SHA256
94621dc36b204661d0739373ceb01231b44e34ef95e10cd9b8d221623c2c6c80

SHA512
743f67f710d4fd43a6a02daf575179a774335651302cd960362c62898b65fdf40987ba99ec628adac1bc0d9aff2e5b48859a8aeacaa24192294f78a414e074b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
181c2c17de05480de0b86f0ead9a4c58

SHA1
19af5c24ff8e5fc59c32def9136d723fcab27fe8

SHA256
59c1c9f2586bc623d055a3a5ffd0609b1c3912e81e7b407f9c4148ce7ca01686

SHA512
1eed6d4965d795b7acbaa4314848cc80dbb98198bfc78a30246d7a99e9ae9fa0a3527dad9fc2cf80a0f873d629c22b7992ccc27d3519ad7cf314f7b3e6b7738e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
2784ad93f2d677c244fe621caa2e3003

SHA1
e9bfb4653891caeadad240ddeb07913d1193d79b

SHA256
c18f8878ef173947944b356fff3f3592d0ec54d50d363c40fbc24ee29f855d4f

SHA512
2cf8eab40271fcc85d19564587fdf507e9f4fc068058f35ff0243820e623bd7816b7a36379d6a3c20c19f017384b4437fb3bdf47c9688ec88519dec1b0791c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
3d1c17556b2159374a901f952c5e8e8e

SHA1
56fbe20d10eed7d1405d5a7f35c49aeff2324267

SHA256
de9aef83ef779bf3e85e871dd709eceee8d3e88b066dac05887912be10d93568

SHA512
a51b4e5bbef6dc4af9d131e838c2ee4b1c79fc137885dac1be5b5c7f218f4ac1a10891c0769f5c5f03b74c2ccdf1d9ad2ca3cfeea98e2768d9692873181dc374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
615b40bcc0aa1d8690f1c694b36eb0a8

SHA1
5d335ac87fc2507e96fe5174ad23e79c7744889a

SHA256
b29d23c8f67c132998334c10d78afda1126ca9dae51347dab14d630c67e2466b

SHA512
4801e85f3bccdfbb8dbc0aa3c98186bd5fcbdfc2f6472536b5be4abc9cd46ad8a709879beb359a7cb09d8fb30d70496017e7448d5563315fef6230a466c5ab30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab344.TMP

Filesize
98KB

MD5
9d56c88f83c4dac69957cc4d8fb66080

SHA1
c1f7029ba4a4d46d8b45f3e1ce72fde840b997cb

SHA256
e491d72b5b8536279309039ffdbd8b4ce4661a6507ee6f6eee4f3fd7f211bbf4

SHA512
0129417d7248fbf44e9a3c850c451872b0dc3466e667f842c8b71da29f6a1ef636afe109ef4fd360ba1961c1a2ae2a77c277b88ce3fedc785104d179757d1ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
09d1663e85da0176e873162411987b9c

SHA1
ffe2969d20243db96d5c5936676a6536b90a892b

SHA256
f12fd6e56c609a78538981e2c4152525976f3da261f2e96b67319cccdaebfa83

SHA512
1ea5fa25f863ad22823215a476e6a0bb6b5964318440bd17e291b170ff5d525df38feaad2c4a40a7213fad5364da0efdb9236cb921dc8caaf89f6face4e56bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e67ff189b92b2c261bcfd0c63a26423d

SHA1
fc6c4119c8d0e63e2312fcf4013225b46454cfea

SHA256
3770029c592979e4db8c1fd71857ca6c1cb55fee21e8eca750eac5f9c459d403

SHA512
9c5937cb746bc07ccf4ab9b731daf8b31525610fcb9cb41e9f6e4d58b6eea16ae674fbdedb00009706d3308e29b3e69946547a5afb7f54d1eb571d327668eab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4452d058c7e3793d445bb0c905ea560

SHA1
21260a9291d98faef44f0d8eddb4a6572291ec42

SHA256
425ee5e25fef8e677c85e0b43855b4662333f0bd0b28d4e23ae307ff126adec2

SHA512
ca0f01bdaec78fe71e1f569a3bf86a8d8091c4d6fde5282b40bffbc466152b3186d8ac776332f28b740807a572f97ec3243c5d7345580e82db1bdf4f2b3daa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f06a02ccf7bc7c4995f77b66fec39683

SHA1
a3bcb61ad06c59a6a0b84eaa5f4ae294b706656e

SHA256
3b94d5ba0522dcd26074f885ad8fb00fff48d5ab2a3aefa78c6e2702db850f4a

SHA512
2f3fae7f95763431b238b00a644e0ea0726ffd84af8722c83901af204ed4fc75e2c3e88fa2ee01735aa6e95d6299effe7f70fcb98e479519b2b46e384f30b971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6b6af893555b5444f491214bda8f46b

SHA1
3dc66de8f394c01cb2ac62c6f9db9969c6264c4e

SHA256
366c98bad1b0c3c549c7b1cb438c4a79134052ece1842b17c8946337b592cf08

SHA512
b9a5da47ddba553bfa689f24669c7ecc775df3d48083c0fbf520c33e915d480fb885e3a5df2d11ae23b3ccb9957648ab03fba6ca077a771eb573b6faa7e4f911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit