hxxps://github[.]com/Bximenos/Minecraft-Vape-Client?tab=readme-ov-file

Resubmissions

22-05-2024 03:27

240522-dz6lkaaf49 8

22-05-2024 03:24

240522-dx9v7sag4y 8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Bximenos/Minecraft-Vape-Client?tab=readme-ov-file

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608219620508330"	chrome.exe

Modifies registry class 3 IoCs

Processes:

msedge.exeOpenWith.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{3C79EC6D-CA4A-4F73-9029-BC71B7B0FC46}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 997206.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 997206.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exemsedge.exe

pid	process
4716	msedge.exe
4716	msedge.exe
1212	msedge.exe
1212	msedge.exe
1724	identity_helper.exe
1724	identity_helper.exe
5704	msedge.exe
5704	msedge.exe
5844	msedge.exe
5844	msedge.exe
364	chrome.exe
364	chrome.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

5932 OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exechrome.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe
Token: SeShutdownPrivilege	364	chrome.exe
Token: SeCreatePagefilePrivilege	364	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe
364	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

OpenWith.exe

pid	process
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe
5932	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1212 wrote to memory of 2944	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 2944	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3236	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 4716	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 4716	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1704	1212	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Bximenos/Minecraft-Vape-Client?tab=readme-ov-file
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5804 /prefetch:8
2⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
2⤵
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5228 /prefetch:8
2⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5972 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6456 /prefetch:8
2⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6238813062978873116,3952567442521377605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e47fab58,0x7ff8e47fab68,0x7ff8e47fab78
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:2
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:1
2⤵
PID:5436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:1
2⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:1
2⤵
PID:6024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:8
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:5212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6621fae48,0x7ff6621fae58,0x7ff6621fae68
3⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4504 --field-trial-handle=2056,i,5357528010373008385,8760524486748381815,131072 /prefetch:1
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
016265827b66a71dd2d0df7b817d4b8a

SHA1
177d0aadf2f3c957ba31a87adc9bd4cfe2896530

SHA256
a824eb49daa9b31945637b8fd3bb4d2e4417d6a36799e562e0e98a690a920acc

SHA512
38dfd87f82d363781fb4f0448f7b19cf8e779cf688343f5f9fe1cf794af5b719a18d969e2a1575fd7197058dcbc79e13df64747cd30a47fbe5df19c14ffb3fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
01b5f016334423cdbf04223c405d93ff

SHA1
111ff724f98ce73fa393629d205a947d641031b7

SHA256
6a33fe1e91ab30175377523b4a5521878d1e1bea8df44001ca1f627242fd92ee

SHA512
42db66dc40c17c3c50407bef19020dcd1c9d623e7e18a6a76790d17ab6922ba7b608696b1accca3ebd78cd4941b9882d64d137238661e6e2217d355adf20a7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0efdf78b2fba40c651781e44dc6e74d0

SHA1
b5aaf64aeed7744f08e5aad0bebe02b25e0d7d95

SHA256
60e6d62cac655c3294b2e781dcbdbf2eaa45487b7f859a9f7db677c1ffeaa5f4

SHA512
3ada855b6085342365f7ad24ad5510c551cb888e6228eee92b3e7414788c2e7663e1b98868100a3be65c54532b95919077052b306b9790b00a94aecf47f77f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7b626e58c640bb4e3065bb6bdef7b8ff

SHA1
27734fa539d0e835f0644e4b98a32e8a0e706cbd

SHA256
1a9bcc4e3a7dc7cbc9d0890abaf9db2298d602d39c0b61c9e3f43fa941949467

SHA512
552a32b667edef5b39acc4764ee64288b14a33896af5ec01137d55cbdf4050778156382e643fb736d6059381825bec43231b85c25dd0d9b0be66f6dc469e61f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9d30df7a79bccf5bec18c69a84be5a51

SHA1
570691ef0ea38b6bc136143b58e4c38510abbda1

SHA256
636bedae24721769c1506ff3d15a31c6c8d9c8dc32aa79f5ac559b07405b829a

SHA512
3815a912cb6240aafaeae02448ece10dace6a22686e69fba8c932ad994d80a2da577f4335e11410326963b595674b076505904ec9cfc54047f6f5e5d12c955f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
addf3721ad2daf35f36797fb9dc7efa8

SHA1
9070717ee2467ec4c33fbc7be01300198e6cab63

SHA256
e3f5167977137fd069afba6a219614636a10789d528341b4f66c8ff2ec5f5f44

SHA512
325192ebe9697be35d457f3846d68c2983cbb0103127779b35b8ff4bc15848147c33aeb99e32b54527e1b2ada7fa86adec11aad4867bafd7f2cfdc2cac7b432c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5477b65f2d79bd149bca4dbe4c5e9fb

SHA1
3143e33c79c13121362745e10bfb32e4c6e6af0f

SHA256
3570058217ab392c85bd38321d7f94f9ce041221d92eebad1cabeec407a7fe26

SHA512
198255554c3c24185ab97950ccd455a5de70f0a655058f8b8bf35fa10d4e9fe8383d84e863192e5d41151677e43a9d95b11962ad193de67ebb4a7bb13ce37a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f0709efb23e75d16d158b5f9adc5e8b6

SHA1
a812277d89e9fad85907f62bda2c3eaa0b0c5f70

SHA256
1275a1c77bab6eace3e28016598bbdde6939d5d1cd0ffd05f86c58c026bd125d

SHA512
4260dd6fbc83ec523ac4d07f3125737823cbc3107ec072e914ee4120d2bd542fbc549e2a63041890b869624a1ea34614d44a67884fd1b946b7352f6de2177d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
9bb5796a70469f693169eb8f4afcacc8

SHA1
b8646522bfa2a5be08f6bfc7a80fc69605afe8fa

SHA256
a92d0c22563a05aa64999ffcaa3350b143844705b9621b19c9b3b420e5868b52

SHA512
226859bdb214a43a03768b415ea9bbfe6633ef30d2b2ca57d9641b83b23f191edaffa46319291405fd578ac2a91592b16e1e24a4e6ab417c3d2ae26a25fd4e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d57a5e376bd8fade19a59a0674c8d6d

SHA1
ba44a609b926bb0a0cc47c50d9b9f58b6c2a1e0d

SHA256
0d83426efb6702dd7bf7651460dc54a5dc8de234e7b97a4ff6d51a8ffd95a9a1

SHA512
95f8c3b3135c5a4c3b3ae55fe1981167cb98ccdd3b19c92cd8c30576abcaa43f202b7d863b073cc8b41a012290d049ae334e49cda27d57d81ff3c20768012502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fbf157d93b3144a2fe2a5a635bf319c7

SHA1
8fc98bd709d426ac22c60a55d1a38a6ba13d477f

SHA256
add4f34f82f285dfdec5c89717546084724efcb65a725b9e57b9e0de58a7301d

SHA512
2e920250d072d6d73c8b09c96b8d95f6698792b8eadecdffc692cb509c347d0531b078c2bc9a9a1c212a6e20ce2293e00fca8e8725a0945289740d379ebf3fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
413dd97b219ba160012b4e4b56b45ddd

SHA1
3df07913ea6696176b8438d93bfcfc5d8a21d467

SHA256
6773073fb3fb7ee20e7973aebdd4d1206b4812d0717cdc8dfba74ac8e64f6ca6

SHA512
860732e5f8e7136377fe60d3a3a35a48b21a7956d2b09defe5af8493f78b8818d506d429e20dab79e5ac2ee3f1e2f139bb3b70e93e3d9959e0cbc99bc3f56a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7299cac7dc87bb589c0c730cb6133439

SHA1
51e86177ac0b75a67c268009a50327b1854e73e1

SHA256
b3cf485ff04add0ec25013ac7b3f02b8e76471b1a066533270df634c9a936ca5

SHA512
c6088dacb0092525506f3947037939ca55407ac0dd8a7998ee5a57a86ee60d5f481dd5a64995c94c749055b609f3d907516e24e02a58bf930783768345d297ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcf7636daf53cc0af8fea12c440a885a

SHA1
b93660bcaa9d48c4592f35d35ba545940d521173

SHA256
716c256f09353830813b5969297d3869f1aed5b75009e673b541a46af5287c84

SHA512
d08d0b915afa73fe91a5d64d86ef7227cc46c2865c17b2307b595cb3f234c6668200a00ca64f392b6e2cdca937ec3e27a0941754b49444abeec7d086ffa8bc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9669be4d924d061975e0110f8b318503

SHA1
e3b0d37afda20a6206caa79a749e9cc75e0cef3f

SHA256
ab6572a6fa2568bf5c11a8d48426dd459f5746c80baf6885c41ee1fb768bfc2d

SHA512
007b491498aa763adefa0e64923c87384b0eef565a1f2e311a4755098f9ceff431fa65c0e102869de61a61eed0323baa6ad9e5e3c8518b6861759b556f7b6c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86a512d07efd84d94790f045b8a44a16

SHA1
5cfd4814be4a42f6f111e864b60fa4c686297821

SHA256
73ea5da19925ee9cc908691af7939b526d68cba14e43a926665da778709b53b0

SHA512
6065556da3b266f67f23c912a3165a7aca43679edccc059ee9931576c90d6bcd0e1d984d7cb26d3eb5d01028ca96697464114cff5caa867e100c627243210c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db249f5fc0eb08863a6285443a0a40d2

SHA1
98c0d187a5fb705f2d245eb6c198e9823ea0207e

SHA256
f9d312690430f319e5a23ac22edbe16d0027aea6982d4aa6118a0a2a75c5c9bd

SHA512
97cb6a5b93687011d9d0d0e19cb3f3924df5b36ccd16f05f29fa23426eec2f40fb9bc11a8e04deb0586569daafb0822d1531c7c69071dc28351170ab10042ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
40c9a6b81db714eead1b1dc4555b222a

SHA1
10fa7ba69642a7a5d3708a537758bb33fb7ee391

SHA256
fadcdda895733aeab805a1cdfb58ddeb457d61368f4650203f3ffbcd458a3a10

SHA512
b616d90162d53a11e3ae5654b7da91f3a15d35562f86b121db7f81ad0db04ac46a3aa821ffc7059b21854f7c6b184e872e1d4d9b6d692a7f652907a0c92b64a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0e027c280fce05575ff4b2880d20e39

SHA1
96b136eea1c1eb1455ed2c6bab45076c3f1731a2

SHA256
0fb156950e3a23104e636c67108c5243347061441f8964f3aad88dffedc0c357

SHA512
91654deda744883145a355eb89d15679821e362332e36e952e13d4c6179c9541b2f1069ac81f0018046bf735f56e4f98b1f4876d8bd0ded6d5c9f2169cd033dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe74964f227b81ac3d61049bfd5a3f21

SHA1
9113fe0ccfee9e47d6d00cf9bb9e5cd617ea0bd8

SHA256
d9201f58f0c0701a8e5e6e5efcf4708d3de6c4aa00e1957df77bb0c8cfde7cf1

SHA512
45bae731ccfaabaf8f28f7a5366e6fba5ba6117532f4a500cf2eb1d8f66ec4d75b8e3056ee6319e498e37e4ecef189740acf92371750f048630c0826ccd3147a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0c614be07e969c9e87334aaf3d70be5

SHA1
c7a3131359f578180a8253c64a051b33788d63ee

SHA256
2f2dfdb8486793567f37625a4d30ec3e8d296813eaf41e7bcc0fef9ec46de62d

SHA512
cd072f37292bbced1cf421c64e9ec666f3a9ba762b3951c1a78d322eb8b3a0f8ea759690acce01b489a6bd8ae058e81e630b7b05673678a0cd4918fdbf1c3005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa78.TMP

Filesize
1KB

MD5
65986734007ef26c72cb1c595ba4afce

SHA1
b519e61bfebc4af8f728e949ce8fa13bbe4d444e

SHA256
10bd031ceb2216e0f684d7b91384c34d62be314b903aae048d8a0ee2fd3199f5

SHA512
9c852d1dcab41187149fd6bc8f1c459d70c926ab01c0b818182c7a0a5864a0d7ffaf52bb18d439ed6ae78f8ef0486f4037ddd9489c67376b8efcae376cbe0276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca372d6e3d3870875216e8d2494b1a3a

SHA1
35053fc979e57c1877fa4b690ed36fb08e3410b7

SHA256
d037aeb329d87581bce09e2aecfbf14fc318b145ae6559a24dd4a52a934c47f0

SHA512
2ccae3d2068f3f3955620276aeae4e04f5bb8b3c78ad41ac4648e691e8903841f014a4562ffd2413ab05895e58fe7beaeaf70623f910cfeb36926d9ed94f5bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e95c11e6b68e3646de8c0b3bcf855f02

SHA1
67271eac787b7a58470fee419d91b67f516c8258

SHA256
5f11d43707e83cb6f827705f808c55cdbe3af951d908578d49618936550374fe

SHA512
8a052f69c6a69ef078800c834890a8647df1036d53c97524ccb45f07f908a74f9cf48a28cd20f3ea36980b078156f750cfdf49203053975dfd481e62c82d2b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d63e940aa227b2bdad6ab7365941121

SHA1
d13cb874b08e9811ed33b6d3f018facb7b0c1a72

SHA256
c6cd6b3380c8480fb65f9a68f9433ab2ce76e016b0618431452b020f24e38987

SHA512
962ce54e1502e9374364e924dd7a1ad9ff655146933c063613df3ec80c54532638742578440eda26ee03197abf854e60315708913bcd34450f65faa3bbe7d0f9

Download Submit
\??\pipe\LOCAL\crashpad_1212_WSBETRSVHZFYGFMS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit