hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbFpXR2VkTGRGWE0yOVpiR1N6WFp6bVlIMEJoZ3xBQ3Jtc0trNnBsRFBsREhpbEE5Y1RGYl9BMzZPdzdac1d3ald0Wkk3dWgyM3JOSXFKbnlJM3FqVi1hZnBWQXhQV045X1h0SG9JMnZPaGMtZHhld3BRUmttUWxMTy16OENpNU9SRHBpRERxUlJMdVRkcHg4WW56dw&q=https%3A%2F%2Fcdn[.]discordapp[.]com%2Fattachments%2F1099116433595703357%2F1100373479041282088%2FNitroGen[.]exe&stzid=UgyaMMX3rYe0RAYRhuR4AaABAg

Analysis

max time kernel
1800s
max time network
1718s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbFpXR2VkTGRGWE0yOVpiR1N6WFp6bVlIMEJoZ3xBQ3Jtc0trNnBsRFBsREhpbEE5Y1RGYl9BMzZPdzdac1d3ald0Wkk3dWgyM3JOSXFKbnlJM3FqVi1hZnBWQXhQV045X1h0SG9JMnZPaGMtZHhld3BRUmttUWxMTy16OENpNU9SRHBpRERxUlJMdVRkcHg4WW56dw&q=https%3A%2F%2Fcdn.discordapp.com%2Fattachments%2F1099116433595703357%2F1100373479041282088%2FNitroGen.exe&stzid=UgyaMMX3rYe0RAYRhuR4AaABAg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
2176	msedge.exe
2176	msedge.exe
392	identity_helper.exe
392	identity_helper.exe
4000	chrome.exe
4000	chrome.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5720	chrome.exe
5720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
2176	msedge.exe
4000	chrome.exe
2176	msedge.exe
4000	chrome.exe
2176	msedge.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
2176	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 916	2176	msedge.exe	54
PID 2176 wrote to memory of 916	2176	msedge.exe	54
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 564	2176	msedge.exe	89
PID 2176 wrote to memory of 3992	2176	msedge.exe	88
PID 2176 wrote to memory of 3992	2176	msedge.exe	88
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90
PID 2176 wrote to memory of 4676	2176	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbFpXR2VkTGRGWE0yOVpiR1N6WFp6bVlIMEJoZ3xBQ3Jtc0trNnBsRFBsREhpbEE5Y1RGYl9BMzZPdzdac1d3ald0Wkk3dWgyM3JOSXFKbnlJM3FqVi1hZnBWQXhQV045X1h0SG9JMnZPaGMtZHhld3BRUmttUWxMTy16OENpNU9SRHBpRERxUlJMdVRkcHg4WW56dw&q=https%3A%2F%2Fcdn.discordapp.com%2Fattachments%2F1099116433595703357%2F1100373479041282088%2FNitroGen.exe&stzid=UgyaMMX3rYe0RAYRhuR4AaABAg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0c946f8,0x7ffcd0c94708,0x7ffcd0c94718
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8273977878829148512,5180335361665416578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbef89758,0x7ffcbef89768,0x7ffcbef89778
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:2
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3884 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4772 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3252 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4696 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4636 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2200 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5208 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=956 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,16348478856303627381,2643724516072786859,131072 /prefetch:1
  2⤵
  PID:5496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\535eb940-ff35-4d58-81da-1661946f494b.tmp

Filesize
6KB

MD5
e2efe10b06ad8ec86e28df56eb3ea11c

SHA1
55c4981f38975408b05c1554145993787f48255a

SHA256
169e49bbc4a8d41edc82d980c93a626d967ba360b273b21efa0b95c887d99d92

SHA512
195b3cc5656e5991e6c05212f321270e2a58b1e38b1bc2c929465376bf59652b20841246358b54525357cae64ca3bb094d98d0e965d6ba422e6ee5dd8db36151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dcff27d16922be9de5bdc20fef09068b

SHA1
e2004690f8353c8f1ce75b9df636b4689ce7bf20

SHA256
6f96cc97ac7d7faa0514665bbe9bc7922925014269ac79939a26faa204349976

SHA512
fb7f2b44fe2369a3447290773398d6ac46d5e62a6c522a34bfa97d32297651aa88ed02f32dd4b792bc32d3861a24ea9fa8dd41850f1f68160ad9ca5e28da1cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b42ca46723967df4b82e035714ea410e

SHA1
04d3d29e04d6ebb10a9a790a2053699e81f8b7b1

SHA256
ec7de470dce5d8f57628a094352b5dbf6221242648a25c1a5dd265ef8d39477f

SHA512
2a78a1592911d455bff3b5694b730619c587fb98139f9002af903c3c89bbabd99faab96f2f7724cc40acab90ef6d481b2347eb817d8ec1554b813f06d41caf22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7140da151b3656d9cca4851687a044f6

SHA1
04a5921dd0ed5424388a9ecadbfa0a6f53942dcd

SHA256
39be21acf5b5a41375a8dea030c3eaa040cc5249fdf94b7920b3bc6718e3a671

SHA512
4aaa2284d412b9ba13e9b40104472009e3798b584db421677edfcfa3b6df87c22e652eb85972a05c58689783709006d14b3be6aa95a431cefc9666bfc7281f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e457a51fdc9ed751a83a766e08f2c58

SHA1
451fe61ceaa727b735b75ef5f21a5c94f8247451

SHA256
ec9df6bb883cf5069ea246b557b49950c466f767fade3eb29e538a7009b7d8de

SHA512
192f9bca53a4e3bc3413e9f4a9d06c7f98afdbb0501fb099b21c109f287af8a29fe664bebb3037cd8bdd46b67701a20e288a2e8215c77178392d5794a9301afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
67fdf7f710af01d705f44ab366a8dae2

SHA1
19e9ad03b2324614b891a994d95d0dcc10a702d7

SHA256
186543bbba08d32ebd2d1d5bcc6b5b69c3b88e63a20541ff5f072136657a9d3a

SHA512
6b8cbf340c3f342cdaa06b7646552b9c3e5670b4be48b83729386aa6ec8563b9232d4c25904605835801ef4f571fd6316a0f3da126b4d303b9776d980d74ab0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
827b29159d184b6a37b91a4a8baf1f93

SHA1
8ea45b9cdbfee087ae9868f3ae982582be47add5

SHA256
09b1fe6cd721c517773a24f497fd008e599d61fddd2e0187da10dd79ce93e2a2

SHA512
7ae9d936e0370d5711a05f25c61bc14beadd165003ffa3b8e9e77d33800e01925bdc0972fc58ac496362aa30224daa67bd72785f06cc5dd8a7869f1e9b54c995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9c2f514c34440e8eeee2c808115e5806

SHA1
4a2ee5d05ee2447638b3f5e5d86f05df58792b8e

SHA256
b385ea8652fbd3c1a34993efc06ad88634b7bfd5501bd1bc190b6744d8a96d42

SHA512
ddefc4e21461f43b6ce23509965c8155e10f248f0842f5d4ddfd0fd3db6378d35bb3934bad450a056ae57002297d4fb9ec4f9964236a3f444c91f00f34a4989c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d510472ff564ffa5f00fbd8519f977be

SHA1
7bedcd70fb6e6f3776e3a03a4aa9e85477666c62

SHA256
a719b229a7cc24a53b884280498400e8aa8b09c4d5d5641870401ee5e82a1e2b

SHA512
f77386c1666332f03c399be0febe4cb0fe7758d9ba1171fbbe49763d7645ab713103ac830d97556607aa4d6b362326f669f826784a9d17c691054a261bed0ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
17aa070b1797b2a96118fe9101c9d296

SHA1
50310da1a8b56ce41dfff6a3cf5af39b4d927075

SHA256
60252739b1f707f137abd619e4535e44c5a0d5647f34d8c31c35b056aadedf77

SHA512
f43a169602983a5edb2746f8ed204f69bbe37fe25475a644f4fdf2423f672e0961fbcbff5c2507cb3ca0b286862e712661f87413c499720b35f0375c6f707fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2dfb48cb640453ef6c2eabdaeae5c463

SHA1
9b7b1f2b47b91363bd60c81129b13cf829a8b091

SHA256
d2c206bb27538198052d0ae180ccc8a8c66ce73e64e4fe48dedeff472b0c1fdb

SHA512
64910572ed613915daf2ad94b8118622332a57c91bc3af4a6310b0e2bf46e6b014666bac4904e85281094f3479b2c15aa3df5215dfd657aa76c18de2cf6f7c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a92328c8a0a0d053801a492a71261b1

SHA1
b058b3047309503bfd2337ad9ded98845aab4074

SHA256
49e30b2895fbdae10f45ae3ba2342a12a828e56a00a36f67ea281dd60083461c

SHA512
70069261059d10d3df0e54b28b353f624eb00c05bc80843f5e88cdec821553393157d7e36cdc92d5185a2375add3542d5159238b710295bb0e89e3e1a1fc46e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
aba2e84ba6b208047d9202d1ec3ffa41

SHA1
cc96b49827ce01826f686b0f5068f4793eb32497

SHA256
12dc62cbdacc1c7179a37b4ab10e90d0f078a57fc4f3c945d44a004c72a45ced

SHA512
30be6c97cef0920d49db030de4b5b5f7bd195bac6e9d8b497f4a54b69d452603fb24c623a8f47d3cfb63027a1137d82f7575eeee1d55de3fbf03fdd61f359485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
f775a3dee336a26e51810abc8cc70162

SHA1
6e19647b11ea56e6a6ffbf5ebdbcfdfd9ccd5c12

SHA256
b004a08565db0545e6ec0c1f39ac49606216bef42b0f7f019c0fad9e425f3b6c

SHA512
caca3e68a4ea9615e3e2d9824cbf9c4d5eda6ec6f1ab436fae8ebde57fbfd61faee65a0bf8fa880b29d74798adf0eb6371a71fd47e3c53c3572eb1b29227da8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2ca1d2ea4f29bf39695c3d78875ee653

SHA1
103989cab6dc08634da4688c99e7a3624347d8af

SHA256
f2a870a80d05afe54e40134f1265c81a2c9bbcb31e8ac6739a76731ca9701405

SHA512
c78a7f982531fdf79529fa38bc8bc8ab0eb97badb3419508473eb8e509e4294fa73e8248aceb96c3e631bc1dfa1f8b88ae9f4616e3759868a5988827be1c8c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
7a657d8d1899ae97295f365fdb6b442b

SHA1
79832c3d9832b802bcac82b54da90cfa3cb994f9

SHA256
84b3c59b79c4f30369b15d0956e976ae9c2d48ba85297e19f30f2b59fc0dd137

SHA512
14e7a8b857057f67697bee6d9bb9c8afad398813344013687a6e913cb739b4d59b6535155de9f65751528af7e8d165c4e7c9b9e4c7bb43a4dd8bf0a958afc57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
5ab861a2902c24b64e5ce2df13898a42

SHA1
20bed53f3ccc27b8efe2bc20c2781d94e98b9e31

SHA256
e0af7f35eac2f295abf5f0a5d8094710e98620d90bbe3fd6c28f185852f9810d

SHA512
5367bfcad82803414bbe2af680517a3a7656554892b82b66b5cd18ee1ed8f5bdba808b3dd7c5042ca58d828a15f61a7b618cf3ea352ecd883e7ad895d1692a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
2c5dac4bb84ad39631904794f4729b6b

SHA1
495112cf2815fa174b931b9ff2a7e82a8f546893

SHA256
8538d34882eb23f969e1e33ce7220ae682e2530ec217ec3c867427a5e777fcf9

SHA512
29becb715ba6c8aa1193d257ea44d7aba3532f6875f475303052a8ec6fef7901fa2d23c12d241e1b2ac8ba9296bc06717b43eaee1a07f508b842cde8a6859b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
777491d7884f7138d85ff719cb9a73bb

SHA1
a897a91bc3e730aa9948aa44ba21d84b73a489a5

SHA256
5d134e8fdd78726c4b0d627a61f6111bc0c98729b0fe26a063915c59ebc8c2f5

SHA512
09c7e235688ab7c617fb35e31200a4982bab014d331a68c16356ab949a9dc5f6c8f744c325c9fbdcaf604a2c33250f872c9e1596cc0919b863265f95c72a13b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
9b20dec5014c8359eb436efa2f15fdef

SHA1
69ce8c75dbf5a4192cf866470eaa7df07d19b808

SHA256
aaaebda58b4e02ca1817e3a55384cc69031cd7d0b06a40d014ece3ada3bc97db

SHA512
c0272fe66d687e924a65b78ed511fc8e0a13726fa006dc9592095be7ef2ba88cffcc475656f7d83a3582538412622e6e4bfa7aab8a6e5bb77646aed559d703ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b474c34af06244bc41ab392a4a3a199

SHA1
a3409d082a64eaf4db58fe2ba24af0c697462d92

SHA256
4e42d1f1a1cc151846975700fb74ad0a7eed692edb329f12374dfbdfeaa1c208

SHA512
8cf47cde32823cfb7d217ff88c61fda4c0911890944442d4beccae830f881760c555028c355c94cedc485ec4d75ca17278b2669c5321b78dae23569f6ad983dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1a1fd39b11a13af956514426029b226

SHA1
7517b8406551965605941a4a8372a48f2c619f98

SHA256
499d21d81476980e265231930c70c60da85b64172227aef4353ed2a0a9b16496

SHA512
a8f7323d86d2f1c29f64566b850a1cc4616f3c7448e2ff727aedaabc99a483867b189fba2303571366fc1d4549c9964dd571449c304267c5ce94fc1d85aca6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b942d618db2d16079323378137ae46f

SHA1
ab3c6b18ac435a2de6c2994bd6aee959db619dbf

SHA256
142a877f192b4922b7586f197c546c7d7dfca8e86ba8ae730449016f6ec25607

SHA512
d9a26adb3ba831b11de942ea7910a24a33d01351c2e753bb544cfaf436c3d429b101ac79de107b61d48e406601e001e7a1881cbd2f4a57ece71579def48f0f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecd45879e435784f940a7d091b01e0bd

SHA1
6aff9b42660cf94ae7da11d596a7b82b4e2a7103

SHA256
5964c34dce4572162400c4e4470e8ccb84b8b689fe58b899b9841fbaec2942f2

SHA512
7f8beee20f35caad271f360c066b79a81e256e79b9baced824ebb40e1ae1ead836ad0e29d068c72a70ab7295ee3b3d1599762d3baa0a811679ee2bbefe145b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85c7871be5b6fce7183c0b2955cba6b4

SHA1
8b9251f71073bde193a593d9374a258ee48ba910

SHA256
7818a57afb4c335ed601247f60fcc50261253b692fcc0481328739f40a9c5f4c

SHA512
76e55b5bbfcd258e692d4be6f56fb67af67b6f3e1400df1385df79738b9966d1ecbc3b114a02416cd29b40c80bb7435b2c55a4174bcfe3f1a5cebf0565804fe5

Download Submit