hxxp://hi | Triage

Analysis

max time kernel
1800s
max time network
1718s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 07:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://hi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{FA5BA6D2-D431-45DF-A88F-ED211B82389C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
428	msedge.exe
428	msedge.exe
3312	identity_helper.exe
3312	identity_helper.exe
1052	chrome.exe
1052	chrome.exe
5460	msedge.exe
5460	msedge.exe
5460	msedge.exe
5460	msedge.exe
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
428	msedge.exe
428	msedge.exe
1052	chrome.exe
428	msedge.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
428	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 1404	428	msedge.exe	61
PID 428 wrote to memory of 1404	428	msedge.exe	61
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 3068	428	msedge.exe	88
PID 428 wrote to memory of 1552	428	msedge.exe	89
PID 428 wrote to memory of 1552	428	msedge.exe	89
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90
PID 428 wrote to memory of 2228	428	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hi
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffe0a9246f8,0x7ffe0a924708,0x7ffe0a924718
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1084 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12366322514963432271,7239247206619379010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf80d9758,0x7ffdf80d9768,0x7ffdf80d9778
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:2
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4756 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2284 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=328 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5836 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=884 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2196 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5520 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5876 --field-trial-handle=1932,i,5310316506296376728,12581858525148022537,131072 /prefetch:1
  2⤵
  PID:6084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5356

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv hN7WrrJ5/02hx+tZbUJAkg.0
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08a129e54ca40b10016d81c4bd787260

SHA1
622930a00fd4a91eea49a074e67fccc2bbf80e9b

SHA256
55858ac855d8b53aea9fbcd0a28082ca2e292ce30c92adb0953c8ed33a4b174e

SHA512
67ae788eadfd99a6338fe06dd4e0f3358dfc422cda6f74a938e4393523b857eb09853290e9eddbdfbe4d5e4bf72badf44d30a0985a4f3d82cef375388de41302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
56e2049bb52fa80f9e5bda074f4a0eca

SHA1
a6da7ac7c21164f930dbf682c55d5bed44cadf03

SHA256
098b6b302703d9de3de41b22a9ba67ef5307e5e04263cfb05eddb37abc9c08a9

SHA512
24ecc4aa75e95e074331b3fddb13b039478b0f0fa0dc6dd98a7c481b75c146c932de2f955ec2f1439b7c9596398caf2f7aa43e8bed8aae8af207b98f67f90d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d56ab9c0a404c7b15a93dd2e1e1d4fbf

SHA1
03dae8b1605a3b5a61563c2c96e7c77448f64751

SHA256
f78887e7ed25a85488f7fb7b7741d73e1268f793abdc9b72328405ea5de48fef

SHA512
e23661ac57b49793459eafa384905af6dcea98d863b629266276a2d85ae4d61543df8b2dd73d53c4f894cf62b014552add534eec6c49239f8ebb160dcc5feb28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ef7b5159a4315aa88f7bc29bd599e4a6

SHA1
e1044319e6fe39d577aaaadfd05ae9e3a660f393

SHA256
817bdf70b0952bcd73315ad7443c48f47eda614d86875734745eb75000af819a

SHA512
3af4c78bcade16782419be9e5e00c9154615fcc9af7e433aae87a9167f02b0c2ed9166a9e24e4f0faff068d9808c05ef0760dbcb996e6bd647dd6053c4e1727e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8123903d8dd5c5f43f4db4ae8408c422

SHA1
d0a493e314c3f37e73159d55da9f7e28ffa5b088

SHA256
df4b73e880659be39836616475d8299ebdfcaf3757087c6b194d86d0a56aa375

SHA512
880250838ed13782457996359b9509b3406fd4c21db2a1c6e9792f537adfac5af881005b670cdb745826902a350d196f479bc02b36a34461c9cf93b60bad1aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0be8c62b98d4cd11897905f5b4ce910b

SHA1
b18d5fdbeb302be22815f594b7a0fd7766e761f9

SHA256
6ae67b67283d7c7e21a55d4e987c100374bdc1265b890fc3cc444d758e1d9c46

SHA512
55f5c774277f7c71a3aa42be5ec8f570088d3f1149d0a510678a819d72b1bd60e210a404a4f66f90efa3a55400a68b5a92bb0f182471ed785addb8bd3569b9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
04cf5ab01137bef4fbf8d7a13b33d74f

SHA1
8d1c3d522db010034347b3e4e05105a18a248d1b

SHA256
6836038307e005651c83b005ab6b859f9ce6fe1c3ffe70a18145b1e654e9b163

SHA512
53495ccb8ea2f5bdb0f1b5149c58cac2bc79cd954d4d625d3a6e57225561296de5c2717d6dd4c4dbcabc14e61629eaea71812aef00ea2395106ae6de4a5077d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4f51b66bf7388cf031bc39ad40fdd2e8

SHA1
362faf2d0e0478bec00438f2543d30d1121dc9b1

SHA256
29bba1d3fad5b0635e1f647a5ba222d6cca6ef410243359778d06678d3c89d2b

SHA512
948ee693ebad20a779009b06758ac9988afc887f19a212969756c356453b8e9c1a91415e8a98e423535676e55695c269fb164fc370b2fd9469faad888e21286b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa7a83b078b073af6be003fbbbbc7c4f

SHA1
3fa833051cddff004e89a21b36a730cb48c8ce9e

SHA256
383b521c56fc4b84ef093f1f663b9d4713dce8e369fc344a440002fe20f69263

SHA512
0c35d98d18f46410e063615e430fac6f56e402cfa40a9616480b7b413fb4427f979a0512055a6065fcf4dea430725587d14084fbd5860bf692bb214087368ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
98b74c220a56a23ac58891429748f959

SHA1
07416c37cf584eb3428b3d8f45f078502c0aae55

SHA256
94c31deb142da96712132bcb40ebdee66d0368d1c566e4ffc996b25b456dd198

SHA512
152a3d6c07832266898732825ade7351b42ac4fd52f5ce30c60dfdbc37f6aa03f352a064f508f1d950bbbc5adccf2e04e2eb587de5f2037af91701beaf6fb23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ce459067f27c11cdadf6f652bbb8ff51

SHA1
ca04255a87a186221cfa62604ccc5fc4a24307ee

SHA256
f728d4d248925b943695c80ca8250b882297a47703bf36a98db297f7b3fabf5b

SHA512
2d92780e40f3e7c6967c49ec8ed7c0729a6b2422455fc17dd967ed8c57984d025c42824b0c16a7c84d216da83951c7a1a74a2a84cecf933f773f412478646ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
63fc21b38474f7016c1813a02d7360ca

SHA1
7f63d170a4dfbf6da08237354908a7676cda8a82

SHA256
e8e2a6a3f1ff9e1a6d26b105f839b68e019412e6ef2ffa2807c35f9cbc2ada8a

SHA512
74a159577a4ff095d6df8e5841fa70832062ec0d5ca09f415d56bf50e260918790aa3641d6a02cbca2c85d6630e8f39b83c29ea8090e2a551bac7ea4bb554087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ec41ed49dd8c514562e1ba4760f732d

SHA1
51402ede7e1d84162fffc0899b95f2d11ec61f9c

SHA256
8a6e78383bc683d786dcbb98b7139060d8a958cdc79babdfc9e875961e80c907

SHA512
49c9a5a9269cb26c72e15a6ff111141fbcb0fe716453cd008db4fd2c89ea426253a3658dcb1b6b23e4083572609d457e535a3aa05db625da41c15591866f96e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb3270ad54bbe881ce6d960ee7496d59

SHA1
c116b434b59cd9f84b531679efc11d24469d2149

SHA256
3cbb87c716514f097fce9d5dfadfc3ddc41a83986c941bc803816c618f18f4cc

SHA512
d5ad81fd7cdaaeef8bf1e9f223f1b0c6cb8be073554e050292f7958131d5e81260f0024095d3ea65a0a26d966af76143a9d7a63f349df1533b97c560c54087f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a26a1c9844e18c7c18f97ba6a58ab53

SHA1
d3c8067dc43383e4eb717f6e388515974cf79a2c

SHA256
2ff165cc7b9386ffb5614353e30d4549b05f964e81f1671ba25a15772502a44b

SHA512
d5c475b63840744c41d1f71b61392291c271f9c88eb1e77a57441b561f8bfde880ce170d514d265041e6a5b5eb0827a35791d231dfbbea7895d3a50361a7512b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
45120603b24e9e9930261cffb62d4514

SHA1
0519b476be816d75cf74a847c91437f3e54bccc8

SHA256
37882b4e398f5a52f6b276ad6d56b27b65ea43114e5333f8862a2bf55cbb7c06

SHA512
bf00b151175ff74cff3ab35c2bdb518519420e13a6e0d1a0dc8c847af0edd9a5982ab8b769e9f56f95b97a388e0fd3e518d8378c6b0443a00584f5fec2be4caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
153f4dead001f0fb7d1ca24ed7a41724

SHA1
d3a698804589c0e14dbee7785792d208d4a20d4a

SHA256
e6623bd03b5209495af677b27e350db1b0dcbb58fa0f9d4110fc3f6b63489463

SHA512
d469ac09b2c4f48d19459de88cf26c24cf893f59849df69b9ca514415b468667eb6c255080597bced23010199dea1bb2df60744f346a018ac82621b2d099a950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d3fe9ccb59af8e7d20aae4125141904e

SHA1
58b7bbaefdcdb22db230831a62decdd41fff2426

SHA256
4911f4f21cf7b29d9e89859a68666b5d2677d780e3ec8dc9169ce06785d1463b

SHA512
726513da65cb3ded0d2b40471440317a1904a509096ef0e800ac78a4cd834e9ac2e2fcbd003009264e31e4e32b8679da42b62f1c83c6dcb2cd6c9aa67a6273b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dbbfea202d708bfc0547f041ef71644d

SHA1
3de6cbfce0c8d2d3a1655068fc8cc42f1168fd04

SHA256
1e8fef518dc5eaa6e711ab246329c1b97e4945cbab9ab0b6e386c059f750ce6b

SHA512
6e4116f3bc2896613faeba7fa3b70514b70378a43010638103d862b3dc7625ccd88be995e1c472441a4826284d0f2f7a1c76c032b518f18009fa6fc7395af287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3bb5135d678c3dd8947b6f253fff5cea

SHA1
b90d68fe3e32f2c18a038d8bbd01ed0129227b35

SHA256
7cbe9168a4c13f60d8d47564f478d20b6ba42acce7b5f5d909a0678b5f26441e

SHA512
3c8b362f1118f0d85fb4939ed4f65427b7ea960814be34af359ca1e9fcbe99aedb06d385c2ee004b89ff218913a898b59ca0bf54c3932c9316ac9eedb7385d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e3c63db62d7e5eb63b6d1e68190e09e2

SHA1
0e62e56d9a6e00117aaf10f725928332e118e53b

SHA256
d37d0a2d7ee3d893bf08ccfc13041d5962e550f870ac074fec7515843e9806b0

SHA512
c2d54ad22653ed8b8670c70aea6eb8fd0ebeb63ed64cb31a9378db9d00a36e374a14640239a359047c1758d26bf27423d323c0e0d9bba555bfaa2878509bd068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
47a5a53102147daeab7f571b8037903a

SHA1
2c28ebb1b067d4ad6c1ee5d33f3dddaf2ee121b0

SHA256
9323e9c9b1f471b79c14412305080b59473f49cf748ea21bfeaa4a6b2e64ba8b

SHA512
03c28bffc7e541d0a72a726c376ccff66717b17dfee60dc57af68a619a50b8f51b1ba2445fa4f0f6a9a0bd7dc33db941cfde0847b37c1b4e5d148a9cacb689a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
963bd78a0ce2c19b12a3b0fb11895cca

SHA1
beeaac7a9d1f98f92edae252b4d2520ff723ae43

SHA256
40390bc2f1da2d7303666910bcd0ad328167edc248b971d2bb59ea1a88278178

SHA512
0ab3e3b0f95cb77a3f004e5316ffd73118f4b0cf3da34932d5b842a9845e7cd029d55404444d22ceb407889e52e4b593bec9ef53f0a722856b1c647370d26c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
004a6d367fce93a13229921ec176ab8e

SHA1
535ca0f3ea5919b0d78f5d2758f6918bfd6dd6b0

SHA256
b9bf399f178cc98be7c6b6e68f7e02f3b0f4300c97e4c886e01152b0ddcb65dc

SHA512
fd365e649c3075bf717531b81ce7c08b33eadf82d1a5dd06ca500c8d12154dcf1576d8e50615ed8ece63bd14c746829293ad39309339c097450f3f9dfc2bb4e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f28d09dac760898e22914efb7ec2f7b2

SHA1
de9faf7dda215cb7e115cedb16d209403310f7f7

SHA256
1b5e0dd737f031565b3e584da7ccfdc9948034cfba860c557299de92065ba354

SHA512
2b6fe577ae6d13bd49532aed86baf7298260e51bb9aa23facfe043bf5420b12f808212a2989c6187f8cd1259a2078d8d5094d48d3ebb432e3f6c4bb26e89ac74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e2911c4ec7ab2009232b997258c1db49

SHA1
ec863f76320b42f268a792e3d3523c3fa5464e8b

SHA256
7bb80b9bd19ae134f6566b10a461c5ab5995282aaad67892a02732b17985fa7a

SHA512
42e801cf53cd76f105fdd0d0924057570581b9cc030778852d32c9c4eb721ef71e03f7d4e4f3eb0798408f1535622bf62aaf2cf20e85e4ad6580e8f4c7386f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
767bf6e42dfda0d7950eb614c47bc63a

SHA1
f95796faa7e6ff561e96a7f7e86c308b05486e46

SHA256
f1ea3c3d17ef2fe1bf2b498f3a4981fc1ae0fe3d107c5b0be579ac1d36f26ab3

SHA512
60bc45b33e9917232c3882a62781e2add89be737e36cc35a82b44e84729e0c1dd3d23b4094f7314bf0b9956c7bae7999a7497f6d90972f4f289ae058c3176ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d4f4fde6388d37feb01c90e80f24633

SHA1
a4591ebbd3b826ae51a032015c97458a997e70d2

SHA256
06074d00db572a11b735ba5f4558ddd116be568675fdaeb2902002e76990f182

SHA512
5350a8b9c7e98b58c38fa454997834e982bfa19cccbfae34c42fc14f66f50df930449248196cb72403e5e900b4cd02e61a1f06c0ee169d899853171ced2506c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53f809504320bf13b0df0b9c98e5d48c

SHA1
dcfa0fe5c2c73b0d506554b21ce251fee46f2072

SHA256
d5bba9238e535cfd2c18938344d3e4df7f7381d92b879e3db644199d4c5b9ca2

SHA512
0fc2d09fd2c283368d55ddd4b6920e0848cfb6c41d042f762c30bb1a673516edcc578e7e2de88de04002bfebe4c7a00db3652624b492430df18e8380f7c802e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1dd9fe53ade9b85398779e269e59fc2e

SHA1
c859d1ad3c1205aa6c2744f1fde74ffc0f25c8a8

SHA256
4c4b794e1083fc5a242ec84f965d35d80c70008f210b87dcf0df2fa944762361

SHA512
119ecca6765cbfbb0db5f11c2924ba8fa27638e3d2aa6fea9becabf693a8de927f6ccdfde667fb6e917b170e19d2e8314186307be9bb2f6f5af8df20a3f8abe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b9177427ed7eb2ab6c61b24a4e29bbb

SHA1
df404d47f274523f8bfcd8085487200642b9aadb

SHA256
13aa5c05127173c2f0acc7991727cb4538b651f581b6166d9206269431761bf8

SHA512
9413998bb766da2bcd2f9e9c9bb444066554a31e39bf9cda8dc43eeb9b7348c56d120c00d81c5dec81f8728ca7cacd98d42e40e858655678655548a3b791a697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7b11b3899caa997b21bd2d26b4306124

SHA1
d6037d3e591b5e14e01cd40c967a492c6389d7c2

SHA256
f0614aee9dce9a522c780a72c7a78681ce09f8e1ef190f011924ef76ba419d2f

SHA512
d23d059724362ae264773cd5f13c40b3256c589cbaf05d636848e1a8f4b8a30db9b833f9e21282b0413e8dc869deb93e585fb95d9a9567fb037a5fa67a3bcb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ea6c5f46bb05f8bf32332c871b1a1594

SHA1
761343edfb540a3554312b86a7c530b14237e72e

SHA256
abc887c93cf70bf1ef98d72c1d759575d803d0a23d7805079c95f9d5ee18f0a4

SHA512
8a22eb813da0793364702437f14a498fe478df72e032b3614dffa78670b5debeaeb77b5757cd83ceebcf7dd4b7c5c87b3d0a40fbde53e872cdf1dcc2e9456efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d5d1f9e6e4109645f4891e5e3d57c681

SHA1
5e97a7316b5d4da77016716059e5e01409d3d5f2

SHA256
0be8d9c92735d83e373a06347a440eb62206e98e7da98610f5347d6438c77c16

SHA512
9fcd1eae63f82ac6e349cf65d5c088700bf3caca28429daef10a30e46a0212fe3f8603256b6153e065ff6df5e2efd686118b0131b223530b4f7a7da973e63040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
de545af897ed26c58df35382ae0e3bb9

SHA1
27fbc9839e683f8c6aaf1052f2851f8acee400e7

SHA256
32b6f3e029100be813f5c5c1eb41fc641c02df14df6fcb8d5be574e7938c4293

SHA512
6247a7ff0627ae52e7d93cb49c55624548aece3a9cfa8490ad1c9316f926dbd47866423a3276e5125a62522ba216b9ef23e2ad617f067adcdab4d3c041c65531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
11b3f547d6717b302051393b77eb25f2

SHA1
fe5f9f7c118dd2e12808c02e10ff63abea969d42

SHA256
c73186d9002b63bad3215fd87467d850e5fb9561878059c94d6b447c3674ebbb

SHA512
02a496fc686e2ef00d6827d9f8912c3b7b6e10590e79b74c932741e5afe96cfa8979311183ae858732f36a4eea281dcbcbda02b3a2f20341c3c69145d65bf7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
95a6d7f179c1850d9cdc1e424c8c7f96

SHA1
b6cd3dbef8dc91942295841d592f536037317f83

SHA256
f5efef80faa084b4f6f8281fa202086eb31672a7dbb5018a06db1c26ed711968

SHA512
c3121c6d367c90dc4f8b08bfc8347b549888a5d4321dc0458888b2aaf9797fb183e4db40eb55420d4e47ba4442eede1e18de2ffb5eef6929c24c0ca5e284fcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
46b1035d7cf8d58311952b6d0ca46c63

SHA1
854cb30ba0a79ff59cdb2c125df278b7aba19231

SHA256
5c230eb4f700449fd24ccfa151389f4ba0888c339ad1e5975a11157b58d33cd6

SHA512
983db5240307aa22b8ca80b1b669baff716b65e300dcff50427d01979534d2406b3a623bf1edb04c12f372b0864986de42db3ca00925455e8a2d86028c24e618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d77b3.TMP

Filesize
97KB

MD5
039ef7b107fcda44c597bfd23a39f938

SHA1
47cb7b303f2b06400389112eba62e9acbccbb922

SHA256
121b15348b6acb157bb50e6b99302af62d7d67e50f00890cffc7c58bab1e28b7

SHA512
b14b2e14da7a661731adae1d81cf218bfba39caccda5550aa4be1e2391588c74d622152523ccd4568d7a66b9e87c8b0913f1a830388dce0a6b2bbb933f7835f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c33063fc907f64f617e0ac9bc23b28

SHA1
6e53d65daf5f73c4216e88462a8b94f506a2e034

SHA256
42727e2914950fa621685b0fdef823b3126469738aaf885fae355fc653f2a54d

SHA512
2aa22525368c969add2854a06958e0b0fbcc9d5715c7706e12b715749eecc07269ebc628f6159ea83b681f34e8b9bf7f876b60121c510fda48342b1f454ca07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd91f873e42a0cf1a6a65b27d095f4d

SHA1
ca5c2d587e7227f95022e67fa409605f9a008ab6

SHA256
46f1d1a588b70a5ba40cc4d4b64f630a0465a131b021f8de724c4660aec02405

SHA512
428391f418e5e91d71d76db38e4fa82fbb622e82f6fdeed4d4fa099725eecba1ddb49db410555dcab55cb2a6520370a05fe73a1724c92986dfd0baa3e1ee2fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ee0840a7fb8c53a0de1da4ff5596fcf

SHA1
ad21f3d370c101a4f2098de357a63cb1115d613f

SHA256
5d047740edad5668c06edbada0a050a1b91bb3f2c197cc237c5a5ba597756f8e

SHA512
8eeee445157545b94ab61b9b96b0da5d882aed58f540416d08034580c6ec3aa35e686f1e5b4c40fd78ddadfe2a2d238cb5a0bdc1d7794cea177c78a4fc253b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6f3f4e6676e262252dd47b62166bb91

SHA1
d61d431103ce7861eae5c9e99f37cafb9510bae3

SHA256
572f4167b3d209f5f73f92e0ea35d90f769340c5123cc517f59eef62a1a8b9b0

SHA512
17dffd69d72096224387ec6b3e659cb35130de3039b46a8382ed7407f4863d8ef1164bd3ed8f6dcbe83839e7ee1a573eac4b85d37afcfe3a6381fd49a9033fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71e2da7dd526266831fa0831efa99714

SHA1
2ec52ef0e267175e13ee10c3acaad02937c57500

SHA256
1484331beb022cbdd65f34ab1714aae3647d3f5f415f54360e521f94a5e8cec5

SHA512
0b5dc1780de88af0a5f38f3102af72ee44f7fcb512f938e1e63fe2c90d619194bd3983fb2f8feaa95ec9a83e6947f31b3fc5195d24b9b7e6a1ebe15a6076d256

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\login (2).htm

Filesize
102KB

MD5
deb6569586dd3dc4eddb1e45788896d1

SHA1
df112ac9e369f539a5be60494e91abd5a1817481

SHA256
58f435b09f06c4bd64a24fdda8a092b80056225da7f756756e24f2f898b41edf

SHA512
75be165e9d5d5989b4f4d9ae906eed761442aa5f7b4b2eee52f0d8079d187004dadb7af01241fd507ac6b2f09613e545875be286390bb5b3dc5c4240fcace6ce

Download Submit