hxxps://192[.]168[.]22[.]107/acc_MOG#/login

max time kernel
1801s
max time network
1712s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://192.168.22.107/acc_MOG#/login

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
4544	msedge.exe
4544	msedge.exe
2528	identity_helper.exe
2528	identity_helper.exe
3424	chrome.exe
3424	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 2840	440	msedge.exe	23
PID 440 wrote to memory of 2840	440	msedge.exe	23
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4392	440	msedge.exe	87
PID 440 wrote to memory of 4544	440	msedge.exe	86
PID 440 wrote to memory of 4544	440	msedge.exe	86
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88
PID 440 wrote to memory of 1044	440	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://192.168.22.107/acc_MOG#/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8beaf46f8,0x7ff8beaf4708,0x7ff8beaf4718
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3204776888589358088,1880782166208848113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b0009758,0x7ff8b0009768,0x7ff8b0009778
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4768 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5092 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5580 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5548 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5248 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3332 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3928 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5872 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5908 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4676 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2700 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5700 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6120 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4108 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2916 --field-trial-handle=1964,i,17779594846375715197,15513898110578906916,131072 /prefetch:8
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a8beac86c9c43ef7951e04c0d8fa4f53

SHA1
9758e36ab8294596236f4d8a18abfbb120efe580

SHA256
6875acd6ed65dd6b7f02c826770f7dd9607e31814219b2c5b68a23a71a7f539f

SHA512
7b93471f9ee3a5c8db028e9293ec38d1aa0cf16f521404e66084239012d4b4e6f85dd2adf511615ab2ed8f674e1b0de89f5b930831a8d58ed32f23567853390a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91a66dfa410ad0a8165c9be92f2dcb8c

SHA1
dbe3e0539b657602c5310aaac033a7ca8220fbcb

SHA256
d9f1e5bbded1e0976a607fc3096fb8ac0dc445154e161fb65952d2d6b2e16a47

SHA512
9d5dd4d63503fd681d5bed5a98d1e608559a4b3ad8c0ff31a6b36725be659123c72438c7ceb0831f65c80bbe10aee65c458e48cf46cf3e3280f0da40ccbdfe46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
44bccf85b24326ed68a9d049f9c0d31f

SHA1
153c0400d7b95ba3ae7813fca1cb2a21fc9cfae5

SHA256
0291081eadef7d58ad9e8a0b8f799ff5e2ec938f0ac399906f8c2f3969f7eb78

SHA512
55995658fe950f38331c5d88def7c0d7392803678f28055d947978d94b1d66c7b0a4dfbf439c2f9138ce857f341b15a148d78011c1ed980e5fc317908d890970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3f5f9bcc41236675748537a9aa44270c

SHA1
e360908560fcf8cd9736885c74ca1f9ae0896a94

SHA256
0bcf104cbf1a0310460cdc235d6feb650dc4ea6b5b1ffb42cd06bdbd786c6fcf

SHA512
bf9b9cbc8f5abca07be1b0a05e6b7d984e3035c601384211182f65520489ce300fc31a6e40843a4b88ccf61e228c036500d18dbba156c136e3e99ed625756c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
376ddf5c20ef4330bd5446fc72bb3d03

SHA1
a264b34d112b35667753e4b43b631f8e39a482fe

SHA256
24b7c87310b3809b68a7ee356a556d14435c5dc119f27585dfe87215db998bce

SHA512
aceffe5d454344979112a18e706c55320460e8a43162baab9b2a94650658b9e58b8d4a690bfabad3b274f379554277e743072216c05a00219eeecec5a5aa26d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f56a5a33364df55d4c7669268f52862c

SHA1
7fe5fcdf1e92c9453d8ba3d0310584b654cef684

SHA256
7e9fe0b896c1cf5448b642544c8fb31afe35251c3b075541e463738cc25135a2

SHA512
8d74253f9ec81b5c7d770e41e063520949ea5e7bf57ae5dd08866aea7c8659e8af0fd9548fca6d254ab55545093ca8383e22f08a34d04b2c556a76592c40db22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e1fd4a2c755ce2a3b412174917cde45

SHA1
99c170c88a46a0a15228a246d1103e6fff126e0f

SHA256
d198a174463453a0f45a7cdd489493f898deee0bcae151ad397988382114d7ad

SHA512
1366436411063690c461a79ef3738ac71bbbba25bd81b1472322c6dfd86622d868f41f541c821559ef1cdbd3420fd448953a7ee63b2e95a9507f1053752a4fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06ccbda93c5c081039616f68733b7500

SHA1
11d7a527aebfe74b6ed45edca9f71fd10df37a71

SHA256
1937d7213bae2db7822968d7db56a2762b35ba1e6d01dbf600d2c72f3145985d

SHA512
b35fc1cbf7559de1f664ed0c591b914ef33e36964ec2e39683582ded79b0ead3f21ef7ea7fb2d29e76700cfdc03767b9ceaefab6e22b68a1a6a8d68483ab3185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ecb54d92b069dcad7d7512d115540677

SHA1
46c4ec51fce8102295c633894b6c76a26f327d76

SHA256
df42293fc604afe3d6da62c95c2d409077ab7aa0df4732b2bed639cea8430ed6

SHA512
3332239856b8f12fd1b63a6adf75d1f461a06e15707361264b581c52cf5ad9fe3511c0ced05e74500a597076d23f28ab197a07440c940f5bfd500bceb756cf7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
710ca9d44d9dba73a081bea7a350b529

SHA1
36d4026fdf00db31a3361f6a3d60e705d8cfb10d

SHA256
2ca5c07366793428f4f30aae01fd82f4a5de722105605d244fba448968aa4768

SHA512
1232d357bdf9f3e147d9b72a165108b30ad41f9e6653bd4b13d0a1c4c0adca4a16ae6f1fbdbe026ad4a4fd156edd637c9e92fadd899ea47d1894c675ceadcbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
e65c8d2e3c7c3a744dace5c5982dde8f

SHA1
ab635b1ffd21879273e255c486160bb932756f3c

SHA256
143be47b6e42a435e5ac4d2660af67c9c9d8ea2a239f0c74c48f9ffba4e330f7

SHA512
d64a7436428810644a50a5a889c58e29f6361b18f38f507e0516723c000fe413e6c238c54b90f44e86593ffbd47ed3ca373f6b81dfa733510657e514fb041348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
4ad7f14040c7fb32c1164ae26d157340

SHA1
811f800a7643c2eb12eb0d9be91ca978edac12d8

SHA256
2f2d12102305720c2a8283c787a4eb320c1385f51653f8eb306bcc1c5e0f4c00

SHA512
07a6ebfb7371c1948958fe158eb92f859e151838a5d5b32b02d9b22fb1f828775163dd78c800dec0d176fdaae66bb94b904087ca8a47f489a8e429834a4c2cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
204KB

MD5
f8eaef37432f5ce17177fac71a8bd8e4

SHA1
32c52850d4cfe5921f6e71ca199c8cd5c2366d12

SHA256
fa2cdda82302871db7917c700ed3bf76d3d8029c9407c64174cf122b4989c706

SHA512
b07bef2917f2d9b6d13100c139a8c9f5f9bd9780e8a5ae2df4e71deddba011456787a44a0619b34d1e3cc2ff4ea4a7e68814a44717f1bfc363bac8adcc1fa3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
79940a9d8e69d80880bb2a93051373b3

SHA1
195509a7cb8389039300fbf3009c78a85e7711fe

SHA256
ab2968c5362486786e5bce58be8273c0a96eef2dc4b5faed0706693308988a0a

SHA512
b545380609ba91d290f0aa09fa07020f109c8d4d6a9cc86461c29badc6b8637c08c9e924a88fe117efa1061ab769764317a86a448cc666131371ed1f43b90aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b716.TMP

Filesize
98KB

MD5
a4ce7ce2dd678d95fe8dad06d169e759

SHA1
83414d5a37e5579f232e508fa8a2c887267969bc

SHA256
3a163c607891cc40579dbb73524ba5bbce033a031f409dc28cd18f1e5f5f3b03

SHA512
af38e9453510031ee2fbcf5696231cdb0ffff37e56d4d62453301465752deac88daa51bb9b3e5eefb8154220d59c9144911a9e09191d4501b130617d490bad37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
931d35e2a66060362a3d7dd02edf1b68

SHA1
fd06272371f2bf87f9769f241de809cd1f487e1b

SHA256
d1d4f6508c2a6aba38bb2c2be78b51cca268a527f3da8ed7ff6cf863e59dc49e

SHA512
754c122263aad0fcd7b945cd1abe1fdd0865ea22664e73b71e937299238519e4f134069e4ebb212eea145c1c8dc8b13e71e477d1cac42b69b1d51a4ae9e967b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d75d77e2aa9da3f21bef21a8d88cb0e

SHA1
b960c70cee1250f7a263c923b2324b7e3c2c13d5

SHA256
b6ec6f58e2ae8ae825cafcaa99c48bc33867ea01aea5d4ba51ac48d5a2840cb1

SHA512
a0e00528e2ee9780e46879c6922660eedc2c4ad66edfab2a9d6338e57af5fff60692a34cd1ea0c6763cf236a78312f121c91705143ffc5953fb4a9e7f79c5bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24e16cdbcda347b1d796500fa7f51949

SHA1
8bae18a180004525ca4eda825cb339065a0342db

SHA256
d94e91859ab7290fd4636646b515c48c14820e156abf9131c3bba65744986022

SHA512
c187eb8cfe3af2313f46c820a92373a03ae19c055b96e7714d3bbba9037bc4b77b629ce215eff2a60dfa140ebce1a5efdc5e8a9d5b70def24ab8a8e933e8179a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bec30ed242e782f2bcae4a494425e5a2

SHA1
61b4c20d56f4ded6f9227d5f0df10bda0b72fe54

SHA256
daecb39671437e962805bf411d5408f8be70d8cc88892555dd0faa2a8f9420f7

SHA512
cebbf05cb0644d90f9c7889031ceba340acc9c22c136ddde7715c830060e314585d018356ceb4972903deff7fb784da8de4d125a7267aa4bd17ab16bb948c770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dae8ef8fca737411cbedbd0c8e78893d

SHA1
513cbe6c51b611c7025649841103b982a8dcdad7

SHA256
2edde4e6964a95ec392e2a52250c5d387bb3540b650e886c95509251bd7684b2

SHA512
6ba9d029ab4934250e7920c19789cdfa1eb66675bc39dbcd7272ffca251e92b4f4329eed53b147a6ac32b21f7e691aa464c2485c4059b072b13252a23f408fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit