hxxps://cdn[.]discordapp[.]com/attachments/1210890454485442563/1210890781221720074/file_release_2_0[.]rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File[.]zip

Resubmissions

24/02/2024, 18:40

240224-xa85yabh9s 6

24/02/2024, 18:37

24/02/2024, 18:36

24/02/2024, 18:35

24/02/2024, 18:34

24/02/2024, 18:31

24/02/2024, 18:28

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532731095131474"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3176	msedge.exe
3176	msedge.exe
1520	identity_helper.exe
1520	identity_helper.exe
3588	msedge.exe
3588	msedge.exe
1516	chrome.exe
1516	chrome.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
6092	chrome.exe
6092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
1516	chrome.exe
1516	chrome.exe
3268	msedge.exe
3268	msedge.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 4900	3268	msedge.exe	61
PID 3268 wrote to memory of 4900	3268	msedge.exe	61
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 2600	3268	msedge.exe	95
PID 3268 wrote to memory of 3176	3268	msedge.exe	94
PID 3268 wrote to memory of 3176	3268	msedge.exe	94
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93
PID 3268 wrote to memory of 388	3268	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9585746f8,0x7ff958574708,0x7ff958574718
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7730612085703964383,3521746171569392740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff946509758,0x7ff946509768,0x7ff946509778
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=556 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:2
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4756 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3628 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4736 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5636 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5632 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5928 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5952 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3268 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5656 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5444 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1864,i,10946882856486667019,12707134041718445896,131072 /prefetch:8
  2⤵
  PID:6088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a72271a2df73ddda03473e155d606185

SHA1
c6eaa677d2fc0612b37a78cbc3331855b984a954

SHA256
b6cbcd568085630e3b8957b90b2d25e97f67903be31929c8a8af388ffef78639

SHA512
56fc9eb2efba718ba4f4ce39a4b1985840513335d02967c96567a79a001ba41e19e922727fda5cb09c620417a3aaf90fd819c188488596426afbe3b7f4720589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
033c469e7e476d66c7617734f9f056ab

SHA1
32e7f4625ad666b833902deed367bee1ccc2b7b2

SHA256
cfa8b9d196b09cf391eeacfbda49066dabf0a91a5502759a33567cbe5ad5a0b0

SHA512
6be4563ca79dece29b61b4c3808d74b6ee3f11b5f588f05b7bdc9bd3532834f0c62ec74b7a221f9b27cf8a777c299f56e669f1449bc4abfada91dd34d42de5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
840476582e172ca38c49585a70f7c481

SHA1
4ed7931b5ae577d5cf2ba4c6018d370ed239cad7

SHA256
b9bb1744f26594043767a399a55ee9caf0f7d846100fb7d69d57b9fa41aa0a86

SHA512
965172e742660704cebef78b616eaa55b72908515446f494a2b665d28d83a4096c6dca4f126c2d331b6fc91f7af5ca9b09ff8962656e98bb564df5056f3c7999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ce13c4670ddcdafecc94298e3af540c7

SHA1
5609be6946f5a354d2573c044286159425e68823

SHA256
2a1f0d8f4d12b1dfedb387c1fe948f3a82003c62950e6d96112d69be47b0c8c4

SHA512
e1e20d9338875c4e21794a4614c1f96a3571687a45abd96b555125dd063870cc90bf37d4f3ba339602ad2c17cb21f2345a1fc5e21e0f94c3f9f05c7d41bfc3b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c044b2e0a31a549a8ceb0d88d231a60d

SHA1
66a8647ba578d3ce4a1ac4d6f9e773449df2c355

SHA256
efeb552a4e5eb1b9bdbfcfaa01ee3461be9ca19e2f98e1d2c5016af90c652d60

SHA512
296fa465dcc17be074789aad033628dadcf2dbc5b29896dc4ac9df398e8bb8864dff64042736dc79c21d5b78e9a2d7e592587f00c30bde81bc0d40b81f50dfa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
503953cbf036525ce0d71558aeb899d8

SHA1
0c5cbe02275c7aa0bb2a9b16bab870093708c3df

SHA256
0b50bc5efed62c5182369010f1765fc4c07c3cb1bfd5e30ed9c987153a68253c

SHA512
178f8f3e593aed3a3c32509d6ea52a00462cc7c41d7e06e4327132010f0fe1ac50ebc000279fd4203deccbf5776bc7a3639ecb7ca782d6d3df63895703155e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0976c7dc2f040d1f42a85bb0f48e052e

SHA1
bdbee94236ee1225334b91aaf47f0e65ad381c44

SHA256
3bec1dd6f6a9d2217b5cd6524a62951c780209bc4b23acb0105b07b167b0029d

SHA512
063505158c7eb2f0608e3622c573b125c411a9e5273211360742a1ade788f273e6a8e32fa97f9b0254d88612d8b5ca3d0698bf95ea5b14ebc9a173b683ff0e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
874bff008943a0b24d43d4a326e4b56a

SHA1
086947860b18f579c75cf7de720a1a1624e7121b

SHA256
fd8245c414c3047d21bb9fe3175fb83b022c4177a8687afabe16bfa9a8f3518b

SHA512
5a494e2434a6844015a9b4b93f0865011a29ea48c13f77213612daa78f062021f07cbe4d167dd20676ed3695d9ec8ec3caeeb93f97af712bcd3912b3cb266c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e6a62601-9a21-4421-9198-a67ce71c332d.tmp

Filesize
1KB

MD5
c943c5ba1846ead8d3ef226b437d3069

SHA1
40256e69207fdd5c211a9c58c284fdd0123d15ae

SHA256
ce93f38bad07f5198097a1555acce95448d07ac2b199aa31c4b42299c59afb34

SHA512
8355f2eaedf7419bc6c6028340c11d0c17cd428af324a93cfffae42d1faaa3aa7a8862e0c2779753ab30edbc2db5b853a0e72b762888c56c87cb2ecf2a687f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8dea5ad9ffadef04ebd41decfb87ad9

SHA1
8fb854fc927559be4fd778195dbdf70ee480a3bb

SHA256
578ba26faafb483b77f6fda315f126f4025eba450304c5b26cd3a2982c0f558b

SHA512
697ac977c72397d8de0728147e9729f1f8e1ab802f392d09505d307435840a837c21211d7aa3aeefa82ae3555e314f2e3684ce852dc9ea06f626907e64c3bb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e23fcee13dd45653b03cc930e6476d3

SHA1
f4423c146d2f9115c347d253fecb1ed9da685965

SHA256
53e8c97f9bebac66e7b04164535e0eb944fc1d1303e8f5d3e3dd690b300f541f

SHA512
0dbe0879c96a2d47254209505619fa337925b2fbf9b27e3a78a77502783004bc0983263c50bdc288d4d46a2b03d178cdae65c173893bed7b86f065c9de7ca146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
917f3e515eab5ba6f4c139999819bab6

SHA1
47d46e8b98819a8f72645d837debc5210a44aa3e

SHA256
3d6217cdd8042176610a58f80d07256172d118c3064230e3b3c4f9d73ad33989

SHA512
1cc1c78166cf345ee4dd1294c95d3f3191b9517cd636bfd69407fece9bebaecf1db3c186a81a3e9c7230aa57cc7ea7501cc72733f43f9109df81a3f9fec154d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f928d8b196b6cd8b54594d6d38b8bc0

SHA1
ddbd666717a3f2c0fb8731aeaeaffdfee448cd04

SHA256
860ed2e603fe13be47ce8e5b5a98e55456409f34b52c46ac6beb1088c798fffb

SHA512
a38eb5d76b58951152c9f745a297e5a2d6887250800d1ea1fa937b16e4fb7f1baab58aa78b1042f86b24ca42d946ad85442600c135455e7e5a9e8b89caea6467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50cbd64a09b9bf07836d24fb240d0a03

SHA1
2e74f2f4e2fcdd89a5ac7dc0d2dd3a8fcd958f0e

SHA256
1cdca16c94a67000ec397541b738ac5408205a35bfa236adf5f9b4e38ca3a433

SHA512
fb532cb7b0c122e3ffe8eb43e05c9a29b09364f1976d432758b1da3ad9bf80ffa333246e9c435447f17ee63d72bd295590fc64633dfc3db67aca847d18fe936d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc216a55cf4b0a9a91750f18a0c689a0

SHA1
9fd819208d08020347a13bb2f58406cf6433f2e8

SHA256
84c7357db8a36cfa2a229b6d88a7c2bc250d09617ce81cef51efcee2ff653cf1

SHA512
2e03d6783ca76fe4a7c8fcfe508014e884fa79f464db2f7d302b60d78210374b1c641d1a0a219aa65c0d1f5bae7d1c44fdcea8cc3e3a67fe7d729229d1ba9966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
46e5b5750cb98115c9a7a72f89f14b3f

SHA1
a27c9c217ed69f3ab01ee9c794c614b2f78c963e

SHA256
d71153cbdffdff753cc2b16de29013bcf62d62b92c4d513662885f79701457d1

SHA512
dd18680d523181c1a1b77e0a718fbb333ce5f57f5927e655dbccf543ed9c2927f22cffb8438055eed05a4e336bcbaae55b3e350b7ac2ffc9d3b86a76c6bab7ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c05ed361761ec4bbeb41c9d89a830df4

SHA1
55247cc9b17365a210cdb2e30934d0e344a95d0a

SHA256
944bda378b7ce3d0574c898c0ad73c86466a95d0ace55b121559b1232501020d

SHA512
3ce9eba4cc0f90f5213f127f9b9e20234a834120b839199d04ea133bd6c604f2e1724f183618298c80e68ed2e350e4ebc33d055ee772c0b9d88f00b7abe7559d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59982f.TMP

Filesize
48B

MD5
598933c4ff5347a18d622b9eb5704982

SHA1
9fbaa321b32faa7fee8e732fac46f8f4dc02785d

SHA256
f8c628f0902fb5ba2bb234c8fe45e5b660e33721c634013111598e93454718a3

SHA512
b5630eddfe355735bc65daf4a17bca419978b30ac92bde8313648e78c235cec475cd7ae93a97e4bb8dc16232cc939466ffce5ee3b4b30b33c913333e252d180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a53f64d9414a61082c3b544bbabd6459

SHA1
75f33862bd69e502773add1c6aaf8432267933b2

SHA256
95122bf7259242073c49ccdadbf1996b4b612bf8c1a6d2bf90aeb90c7f5de8f0

SHA512
99684408c8a4aeba8daaa3b5885e0c4bebfcd2981ee45fe2fd1a23f9ad374e42b31d47f7ef1bfd30c5e18c584670845d227e7afdee87af2cf92c8a4fdab366a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
1e021e5c60cf266ec48701f23f699b7b

SHA1
b99f7b48dab3199aa57de53ece896737288c891b

SHA256
579f1a3ffafaafafbb517c05c58ebb05588c0571dfce07d03e865ce18d23c538

SHA512
bdcb4ca752d6c2abd376efb491e74cd79fd403c6bf9dfae97dc1ef14ff5f128238b90f0f70e8c2a5a7a8a5cfd1cc81020edab6ca6d3cb48054eac1a35ae62044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ca426d8454691f16dca92736ef3d9553

SHA1
f4175ffa12ea3a9214e56653b4de5b910f4c062e

SHA256
8aa5b37ef6a94060a3b4fe56d178f6608af905602ba7ab5ab07ca6e2dec07b6c

SHA512
09d075ba8cc044b8929cd236813eff7e171b5b95f024c7b3b91cf74f5448af47ca802f36513a1c47b943502acb904044aa5f560dcd9cd1a63e2db4b0cc7ec555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594481.TMP

Filesize
97KB

MD5
71829f0a576461e6482140f268573eee

SHA1
02ba80fa50ec26c5a354e0c24e093ec8e0325918

SHA256
0bd065caad855b6f61cf324ff9b0144a8d43e0f1d03ae1cebed61756a7e227f3

SHA512
6dd9693c4b3a4b9ca1763e513f210b17e9c5024ec288d8085e1ad262104d9341c1bac8542b10a29531bca168d993b33972bf9c5c72aa1304546cd9e295d9342c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
289fe3189adadd961f05ed041f8f8d68

SHA1
5397ec8e19f692ae1f4d9b0c1059a1f8508dc0b3

SHA256
5821d87f44fb5ac362a33fa41a3e6ac2c5c17a884ea6ea3722457d23418d3740

SHA512
12e3f7fffeffc62ab10ec6c4de70d30e2fb07c22c10d42c1ddec4ec55a9576378813477c45d8c01e3411fcbbc9f4506b689248bf7e2abad483ab18f71c396925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
372c24afac0dd122cb7c632f43764a58

SHA1
dac0e8ae1127dc82c7c3d9f209e31380705c9ea7

SHA256
0bb1d746728086e8b79f7a760238a94e57cbc131463090f721d87e23693dd591

SHA512
470099d16be9bc302b7f7f6c4ff6d69afe7785dd52a0af1e3c7e8e38812245236bb41be9e0ad5df521308d22e3e00a5b577db56a659c42b636b63b5b85536604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf95caed0466b07fab58fb716db6ed33

SHA1
21dd37cc376e5b61865fd27ff892498f916fd701

SHA256
8bec75b1886cc1622a41921058f60b5e1128ff4d21b7879057f125647e7ca777

SHA512
e96288f6e9cb5e18b9aae25a50f6dd06f996d780af69ac58848dade9a296bc3486babf0b67d5da859cb54ec2445406a112ae8711c4ef96f0e30fb7e5090d64ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\file_release_2_0.rar

Filesize
17.6MB

MD5
2ca8c3ffba689c68aec760c10033a5d0

SHA1
a39af4c81d7b97494cd8ff8d1891b0c86d5b073e

SHA256
ef3156b393aac52c02bc17d12c98cade55ee8af678fc39a18637350047fa61f4

SHA512
368c8611210f9296ceeae6e409d9ebeb0f3d6fc0e1ba7910a018ab4ec402f4806a4e36483e8862627a7cb0481d43453b681677469861d1d789a0ff4e5a5b7de9

Download Submit