659e47c7d6f5339890723040544c28e5f61d29ded47eb45669f436eb9a91d536

Analysis

max time kernel
300s
max time network
313s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
07-03-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gröna löv saker.png
Size

4.3MB
MD5

5a3ec7e8b5cb32433b422c8e4963e9ab
SHA1

432827125becc1a5a32284048de0aad076511a57
SHA256

659e47c7d6f5339890723040544c28e5f61d29ded47eb45669f436eb9a91d536
SHA512

5382608a8b119673bf64d87e98654e067cb1b8a76b59fee9b3a4c058cc75ab9490678d72bd19834c23a7423a0f01003933427e2e01ed2c115da12e565ba46b3a
SSDEEP

98304:Nv3Gy5x7N1NzQBN5bI6KQG8JdhWzlDVTtTVwE+EG8rfrvb4TD6U8:1WyjZQZqBZTVJ9j8n8

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542895150304637"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{618C3775-C47B-4E27-9DF6-2887C609F379}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 676708.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1228	msedge.exe
1228	msedge.exe
2728	msedge.exe
2728	msedge.exe
4924	msedge.exe
4924	msedge.exe
5780	msedge.exe
5780	msedge.exe
5928	identity_helper.exe
5928	identity_helper.exe
3768	msedge.exe
3768	msedge.exe
1136	chrome.exe
1136	chrome.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1632	1380	chrome.exe	85
PID 1380 wrote to memory of 1632	1380	chrome.exe	85
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 4772	1380	chrome.exe	87
PID 1380 wrote to memory of 2152	1380	chrome.exe	88
PID 1380 wrote to memory of 2152	1380	chrome.exe	88
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89
PID 1380 wrote to memory of 4952	1380	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\gröna löv saker.png"
1⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf8a99758,0x7ffaf8a99768,0x7ffaf8a99778
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4720 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4844 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2636 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5328 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 --field-trial-handle=1776,i,311224143572383936,7252840642187050252,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf87e3cb8,0x7ffaf87e3cc8,0x7ffaf87e3cd8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,17788898831798562452,7643296479459190064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffaf87e3cb8,0x7ffaf87e3cc8,0x7ffaf87e3cd8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3735532076381029490,2452108782661245571,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3735532076381029490,2452108782661245571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\647b7b516feb2226_0

Filesize
321KB

MD5
b8d7492a8668bac13105c915bbe53d7c

SHA1
37946a8ba31d5686d11734f66e62472d1f08d167

SHA256
eb478f8fe1767987a4a1249fc39286087e617976fe00a7c6d76bcc32a2ef92b6

SHA512
fe95d6a5e11e3fcc541929fd689b70004a9445e15cfaa33f609726493acb89134441ce10bd3c5b5fff5c6e49a31400a5dcc4e246c927615a462cf8a48b3b5fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
69772fb5244258b9d33173a1a20a8768

SHA1
f96131abc15c41c347465035ccfba8f7d0938948

SHA256
afb8b7072567416aad12e422fc76e5ebbe75842577431b0af81cbc0f902a4bee

SHA512
f1cda38316bc16874a9ff1e44d6e3d487d025fce248834640051ee769ec3323f6611b8472a4b95fd1555bdce3ba20a6023b36e8478b11e5dfe131eb00daa6f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fadb1bf61638e31c8053e28ecca9acb0

SHA1
479c62f6beb73275bbdfe41ca21c6bdbcc5a4fa2

SHA256
7f67c0a6e899d79d098d735f339eaf4a91dddc0b164f96dd32686b8a5d7af182

SHA512
7db2a76a5dfb4543581a913dbc4625176fce76c2f8f9ad8e0cdf852e8d652d4fdd1ca590ff75dabe5ab95e303438fe51ea9655b4c4a74313ae517a683bbcbd67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1a080eb2f8e105b3f6a84aad997985e0

SHA1
92008e0adc0a7217b2db9d535f9a555988fe9b88

SHA256
a3e9a12b00888aed2f2adb3aa9a443cd1e79e8d71425638f586f3912823ee4a7

SHA512
e47402b9530650018fc32db4fa5bfd56f53e08a67ab131d2b38a013c4000defbb7f4a8bed143d20bdd7ef60f4f3728311be2f9ac9d785b0bc06545977d007384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
78565c76463c13fe365dbe36510b99fb

SHA1
ae399663568ae024b698acc39ce547500ee2d9f8

SHA256
3f9ba315f20404db2220c58eb68bbfa91e8fe6e3dac903e240c23638ce67546f

SHA512
17b51b132dbecf35904665bf87400be7460fafd5ea0e9a2449c781b7388f747ee300ddb2ff27dc687f09e4b201030c01f179fa406eb503a234bccaa4b943359b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0e09107d3b4a680663b3da14ce81166a

SHA1
a8095ba604c225c48ebbc948d4bd5bd4b77da9f9

SHA256
615fa13e08ed93f753a791ca0299840bb450ee26617c1bf27e4068efb03a9859

SHA512
75509322c770fbd4a4ea07328b983f1bfdb11a8c9db725d531440f398290b111bd7138b1c7d6c2fa2f75807b637b0f6b76bbe091d1db7514b989f29d3357970e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f9bb1d604cb3f1ab5b4e5669ab71cd95

SHA1
1ae4aec97bbe068be9a4c5325534fe64af18feb8

SHA256
b145b9ad345934898160f91a1c2d58e7dfd4627734e47f896ff712ae40d615c6

SHA512
9615b773a6847f4319c3df7ca9be445ceaa72ab7d18556a2b072dcb73e15df41b882a756c9d90dc6b52d28188d8a24a741ddbb104c618529263874b0ad174bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4a5dfb7bc10278bd36ae9d3f9798e7a0

SHA1
2f4f0deff5b1a0182c3e4c9cfc68fc39606b6be5

SHA256
6e13c84fca600a5353de2b367aebedfded8446abc3b9435d81928f7fa1d95a02

SHA512
b7798123e6b6e097254296c3feaaebe2d5cbe57de482b33670131273365fab2a0b733e988b4b62cf01de66fc908fe86ef4742b84ec68407ea539027e6c062f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d16f0163b79f3b71fd6fe8d8abc22f94

SHA1
0c10c4a033dd80f28f26d68ab184003bca5f76e7

SHA256
af5eafff6bd67d0f0a48a412f035821f3288ab7fc0aae5db311853dc7821c305

SHA512
b101f164102553452326078a7b96f97808a4e0807c2c7595d9a19d1c11166e9ae6409a18e65a0f59e508af41976b6e64e50aa014c522943ba992e42d2ca7584a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5e895a08b65f30998789fdec446781fb

SHA1
b7f7c843c52df95d3854a5ddd934bc12bc247fa7

SHA256
12e76ac4f7d54a41e4df078498d78d2a9ce308911cb1acc756e787ef39eea1dc

SHA512
c398b935be2eaf3d359c14bafad78cb6aaca1d321df49feafe58a7a4f1ad242d65db69a1e6f9892732f94862d0fcc4684c2e1f99d63c0e5d810efa2ada67b8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
db837dddaa6cb8ebf11cf8757a8e452b

SHA1
bc17eb7573a2f8f92d34e194f2e297bc85d2e2e1

SHA256
faeaa659c949e0ccb5e2a76661c57223fe48302483407285e9a5bc6168168d84

SHA512
3d42144e194f22ab7adae671b01cd66676b0bea0abf55fef7651f3cba91eb9dd8a641cd5e9f8965ba030d8a59b346b64013ff37e70b640a8a3376bb139e31f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f72792fec694d39ba8df4072a289989

SHA1
d2f850cb1722ce082960643a9a9667ea432bd3b5

SHA256
6673f39489ea09bb097f2dae4d6337cbbcfa8dc9548c0e6a03d1c75271092f3e

SHA512
9d0d8a200526bca6b4e1777203c1664d32d53cc255c4b4a992cfb69050c6b04c2d4ddfa04b3e75009055fd741124ba72bd7854964a5f923a0e55cd1974c14095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a042055e7d55598853e580972b683658

SHA1
5a3815acc4a5a11df41355c4174578d99b3b41c5

SHA256
7184a51baf47a269b67d08f7c258fcf15abf3bbd9804152a94424f82248589d5

SHA512
7c1d995ff3698f7ffba561b6d437a24ad4f37dc56430d67a9cccfdddf7e92b98212b06dc38f6728d13ab417d455ee27c0c1f56a35e4a28469887f2e0c8bef4bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
71055201ec7bde5953bcb2a12c87c92e

SHA1
a2fa94288cfbeca62118b284524c8580627aaed2

SHA256
09c07355c3101f57772779db54da96041a27cea44f22a17d87af7ff7c42d4176

SHA512
af73a6ddb856b5179b462fa6c292941cda7b892d8adbaa70e108f1482b221344b31aa7c10ec490095e7f064fa0c7b4e0fee2e8b15a74968d189fae9c021e8cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
531a1c1123aa87a4cb200ebd66cfb7a3

SHA1
376abb5c6b8406ded871dd3952b5468f0fa08826

SHA256
4eb130e0e879825de91a4e20d9668261ecd8e8665adee00375993ef0b9adb844

SHA512
5576989d2161d7374471b1b3b20eb855a79360b61043fddaf549ffdfc3d04cabda2de9a87945157f5c52d79748e38febc7f1e45f557eceb49203ed70e6b5ba2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
92d793908e8a670f0e49ffa5aad075e3

SHA1
808e6c5e8e63ead4e5e924cd57afb401f805a154

SHA256
4b76154869252ddcb4bad750a46f89f6b1c180fa74d1d23f89e3330c48a595fa

SHA512
2b6d4228a2ad11665c3b3596141a0407a3c75730d2e557630c6baa17154c773e354b33f92641f3a8ff85e88fd0e01d219e0b687be593a0b52c50ea5971d73c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7b3046fe5817d39b9d6ee00c5ddd0805

SHA1
6a66fccee11d947feec564c2dbd9b1443fa69f84

SHA256
d746d9fb51413ca9fefcea24266fec56d727e9e45a8aa9ea0123cc550872ba41

SHA512
18c2c5cfa0cf9df08d7b343f2005adb2ce4c7cc55fb57602c02a0ece38aa4d817a56a28487a1d289c612c3c1e800e92f80ca34dcb87a4715c69455ba01a54b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b9703a9c94d501a98ce1c974546ee3d2

SHA1
885e27f375efab94d05757cd7bd7ad29732bab57

SHA256
0ca557389cfb21d3ef7e1b3acbfd8af4945ab325d8b2eecad0fa50f16fff3a46

SHA512
aade5d2c576ee270082bc6b776f452bc30e6a02e4f4aff08819e9234edac52305d1e13523524dd7d93a286c6f77e43bf1a15d9f15dab3fc9c869f3cee5a97dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a5b6e59560b7e8e808cd63d43ae9147b

SHA1
36160b661fce4873279159858aa9f682cd695d01

SHA256
b8492c12706557da5617710ea21a5fb18dec4d27f52bcbd742c6383bd543a343

SHA512
27c44b64d137372dc80830d0f43da85133ce41e1a549ad78141f4d72cb762596d7b335de905ce8a3b075184904601c435c42743c03a2b44ef36f39f7c32e45be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f1aa153baaadc6a62ce934edee169226

SHA1
e3c1f8aecc77661f3da5c8d7319af336c3afe188

SHA256
3151bf5997c8beee867faefb6b0aaa83564f4535a3f54bc567ba726d2da4b55b

SHA512
f3180294eee4a71db39fb9d63f7e6b79b422594d79f87fda4be82d1b45a6d43d7d787f9848f964156fa17eb26caad03576e215cfc77ba3673550388ff2e16a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6969b8eb5870660aaef08fefba74a545

SHA1
d6562580dcf006eb6e7008ed0355682226596509

SHA256
80a0db280b4b92ad4bb95c8f8ba29bc12897f0fe02d284cd8812d7aa80038beb

SHA512
1d0a6dbbd67c55d895d1dfffc4c03dbfd3791195423ba3bbdb8e087b6fe253bc172776be7b72b802e39420c37e6e23b684e1d1b6a109083c3952277e63b60c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
796bc274c88d9011e907e82443155b06

SHA1
fa3f63845bac40e6d0008614755e7cba55cd24f8

SHA256
57d4b16e4c31565c68c219fbb4bb5487441d607cb85df88e73b8e5f44c0e70bb

SHA512
c81b23aa14ac60ba890aaa2939985c7cb232cf81c41290ce190c101268d84a131dc996520d7adae319bc110fe612149b6c9e423a3ca19629f319549927286e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
51cf0d46dfc7b9d4d07310783baf51ff

SHA1
ae6af46b4a6e8d66e26f3ff3e881c881dcaeece3

SHA256
17f98c8f817bb6231db893511bd175e8b52a63831a5035e4a41361076196b0e7

SHA512
b19400dc6719557f6a33bb0a85ad87d8a08b7c98abd7c851f0d384798b883b99e6f8829022641578641fa5a4d311d3c37446118c883c673491a26b00d1603453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d58fb93636110356ff97f43ab6db8b89

SHA1
762f1273b600b5d2259fab799a4a6fb1d3a8ba3f

SHA256
669857cf3e1489484441413cce7246d29748699a4b15163a91fe977dfd41639b

SHA512
e64ffa0d2319c6052800b36da443fc14f856a29d124f7ab613cf36257616d41d4e0a900aeb69c350dfe189a14260c48252c80231a67cfb50f8226a1b331e9bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
94c2e90a8f9161f1d54659b283bf4ba1

SHA1
047655ea4ea4cbce16350c2981d0d5802bf6a0ab

SHA256
423f05b68fa52c7446600a004781214f0bf06afb7e12054f9e4781fe65cb250c

SHA512
ffe63fc15400945408c5db0f057fb5a7fc58ca5e4817f28d4bc60b7bc66efc8ab16b1139731cedbe32c86b6652fafad228b38e281f6cdd556093ceca1066987b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e9b2437b595731283c4c268a2e154bc

SHA1
4801d1df7eb1a30c6c2fe5c197d2d25e27138b2a

SHA256
f6a0aaa1157c9759516273980d639443990e3059d7eae47b24c8bc1694cf4728

SHA512
0333cd8b44ddb6e4c85ed6c6aea662bc90cee9ad58b386d8776e83e8b64bbc5653b1738fd83e5a5bb38c788702d9680d4354b20b2f3a209d6febac9805e4cded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee68e0838903176ab532ba011d1b5148

SHA1
78bff9a0bb427a27b277492bdccd6c50d4465377

SHA256
f4c169d2b41cfe7b5dcac3ad56f1a3c354b5510861c92ef6fc0ab2b83b299e78

SHA512
03c8e2a574afed395a61899263bae8f5831f876cfdda13c708ddcc2f6551d36443373b461fd4c1eed9aa87e6e0d2ae37d424d9fa01dd764542e30ef0c722b586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b725a943409fb0aa5715f87e35335f13

SHA1
ae9fc9edfc000b47897197e2ffaa7c3e6399bae4

SHA256
a7f24373f6fee6298e5eb5c6e989ca1157b9618e4f684cbc074c40cdff9a1f05

SHA512
504e0ab18c0a9bab36603bc89c28743d2da7c8d95430ca24e2ea88eb847ad22925498fccf3f765e380660792165ac13d687de0769926f62a5376c029e7abd2ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3ec75bfb5289a584fb0b516d2b8927a6

SHA1
2bb52979fb11f583b0b1841ffb566b8e200605c0

SHA256
c62073b69d24395b9f139141b05036dc5b1532f8edba9f41843e3e6d12bd9b24

SHA512
ac7685626fc656fd98ace1e0692ef0789064408a941e19195606ea204e90f95a85ea2576b966274960d470a55c68b7bad946a94a5a3f23917ce685400e261c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
441eaaa714cf878ab3e3b52a284319a8

SHA1
faeec32682dbdc600e053a2e48094cf1275eb034

SHA256
530d45a185277713a307acdd95e9e7a174e8e8d4ac2ea373286c880954820ffd

SHA512
784c8fd735288cc7be15deecc70424610970ead738f1b2281da6539a58e8644681e988e036d89aeea37a3bb11a2880b40df112fc35fc642ad5d36d174dad44ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e9bf.TMP

Filesize
1KB

MD5
ecd9a65d1871f5eabc0c01b5489e5e91

SHA1
d9f05d36515f66a3700813ec23a32419bdf0d2f9

SHA256
098cb1faaec386404a148a0163a948a6191c1e329eff50e781e7cea196318254

SHA512
cae11ad7a62d5d066555c459d785c1579e97a8674a8f34a00b5106ec26b6d905f667cc04ebb2cbd68c64fa79e2cf5032207c2923611fb265585b65db18609ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc1913a5144625523951a58ebb93e011

SHA1
fe1ab32c6036985e57d71df9e3e39a3a9cfb3ba2

SHA256
5d5758540b47f3aa6cc8e531f5da66d4bc13ce29df65a7046aa0106810fc0d9a

SHA512
dd87e1f6406fce9a1a610bd2be07902dac68a1505813f4910e711f2f67cbecd6798a361f850b6d3f6dc16d91ca864e524a92817a5ab66c454dc185a6f534e0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0956dbc6071aad5abe6d4151388e9fbd

SHA1
fc4f40ed24b0ee9a48223a552f982440a1f69c85

SHA256
adb76b841e3445353e224d1f83d0c8f5cc58bcf256e545857c3c0f747e407980

SHA512
e8129827270064aaf2010d9f78bacc39b3829c3a9f27b7c51a9510d13db4f4d6132edf3e6cbe17aac54333e46da3ac45a9e9e4d8a0a30e4ec0b06156f5eb9625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
21449f7d11ae0aea2ae894b009049de1

SHA1
111a6be8f3a322ccee4ef7f7f40f2a1b37d4b953

SHA256
a200ec264ed457eebfdb91fde54364995fe79207def119d1e75bc1265c0bf496

SHA512
501bdb6f4c436d6ccde4cc598acfc086564799687f29d37fa0239e8d5aa2967b67de0bc336df3974d6de6c79658fedd9081a05049ddc4bdc00d3f90ab7a20be4

Download Submit