acd1cb200a2f7a7cd9554a7b43c82c62719edf10976d252da7ba95964bbcb0bf

Resubmissions

28-08-2024 22:34

240828-2g8j7szdqc 3

28-08-2024 22:20

240828-18385ayhpa 3

28-08-2024 22:17

240828-17f27s1dnr 4

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28-08-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Your paragraph text (7).png
Size

60KB
MD5

6af06a60941a4910630305a95434225c
SHA1

d0da87b8f9491581a1fb95ee930b099331f46922
SHA256

acd1cb200a2f7a7cd9554a7b43c82c62719edf10976d252da7ba95964bbcb0bf
SHA512

46086d9acac0dbe74562ee9af3448883dfcb3a5ad968b6096f284d7e910636e4e1afde8b4d6f041f2eb0eafd7b24983b547e44bc1b3ee543206ada5ad2f64016
SSDEEP

1536:ik4HGvocKnjEqfCw+S4mTWgqcbbfuG9KLGybw8z9vJ:SMHXqfCTmxbbRybwAvJ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693570549672603"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{DE5FDC20-1BD3-4A27-A199-223B3DFE1148}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
2776	msedge.exe
2776	msedge.exe
5028	msedge.exe
5028	msedge.exe
4136	identity_helper.exe
4136	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
2888	msedge.exe
2888	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 2632	3432	chrome.exe	85
PID 3432 wrote to memory of 2632	3432	chrome.exe	85
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2132	3432	chrome.exe	86
PID 3432 wrote to memory of 2240	3432	chrome.exe	87
PID 3432 wrote to memory of 2240	3432	chrome.exe	87
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88
PID 3432 wrote to memory of 4648	3432	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Your paragraph text (7).png"
1⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5535cc40,0x7ffe5535cc4c,0x7ffe5535cc58
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5028,i,2505996907552825053,5377783152563041944,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2524

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe55523cb8,0x7ffe55523cc8,0x7ffe55523cd8
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14826919169644231017,8864999343519635867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0cc829c7f715971918f0fc6ace58f582

SHA1
0ae52cdf4dd8551f23b2440ebceaacdf5b39e327

SHA256
eeb20f0df1b49d8514eebdf34beb246b25d4e84883fdfdb69cee6b489a962fb8

SHA512
160460fa59dc0bf4fda4419fa221e981b0caf058f103725452c01501cfb5032a49305d27d8ad25c8c95512206b92c5a074628d2913fb5c4574de4cd2a3c5c7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7180e22b86204b05ef8ba0a37fa45af2

SHA1
9eddfe7dbea508b929d81222f4715ff305e31df4

SHA256
72a8778f908e63967bda3190856a0e70655a877062990bc513ce6d1c29c520fa

SHA512
e6128fe1acce80f8f456ba3742fba90f35ca6e2187eaec0910615457c5d9238b158c6fd40a7d9ee8a56497f220ed56d58fdf192442b69db97fdba513991f2df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
63b883c8773b4a50dad2a17b2bcd005f

SHA1
0be46e5c88855a6e1e8c78678cd0f17cd6e1fadf

SHA256
6b4d6926098d9add5d768e279f5819fa23278bbf370e4a712367a707f78f04ef

SHA512
b2457825d46f614d2bbc48547e5347f3522cb90911407ddbccf27287b51db29167472a3e6d57df2ceee21faabd24a391c0f9860141bb6c58d0fbb1372915d084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
1e24963cfb6bb7c995321b22c236379e

SHA1
9a364f9efb701ae177b9a7173b6901ec40352ed2

SHA256
2b3ba3a640897b6396d68ce017e5731e2fe8f8b71aaec42d53504844917a8c5f

SHA512
d5c34dfa8c62b3f84b62b8fd1f934acb5408ee816a5fc2ce879a15834d11f547b37200bfde6a8a634ea96cde4a89a8a9e43e7d42648a0831466bd1685a0f38d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
ba901b7f5ab4566f9161781f86b1f32b

SHA1
cf5508b9fda77678dc4e5a4377086dcbd4af3b72

SHA256
75642e14451445e4dcfc57dd68b24f13a83bf687b47f276e13167203991978cf

SHA512
12bdec4e119fc59598a4712e23e37e43c7c5a6ed2ee55851d7e613140551e6d25b6f4d0390439987faae1c9e8d2679551bbfc41be6743badf1603925a7e69593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3bc4c7f1d05ed05bef1403ef65cde2b

SHA1
7ffcf155307275a6015b17b5062d82faa3301b7f

SHA256
a0a59f94ed3cd1505c88383a6a88d61434f90528038c1d5d2484a60c0f4b1891

SHA512
2af1baf53b5f6129c9802fb958b8e4197827bdf183d8ef78e59ee987fea514d11ab3cafee1d20706f93c4d5c4b6e724dcda84a439e8a5810a04507031eae978d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46b66146dbc699a130a491fcd2279332

SHA1
84e868527d9f9e79c1120128d13a02c4b1557aca

SHA256
09c90f805b3fb2f4b204a8ca3d6c74faf977cf0d2730c24284b652530cf93571

SHA512
3e1c453d9d1adc0ffc8843f727669b2a064c64c97e4866c0960a493ada47cc7e3e15b38435a9bab8f01e6ae9eae49b6f72f4b00ebdefc7153657bdb2f91e77aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ec37bcc776ba4b6e0487360eb1381d1

SHA1
a8b0465aabcbbc969324afd4dbe47d6ed63f6be0

SHA256
89ba1072a36f77f96fbf340efe3a831ee036701a696ddb976572350313e64d4e

SHA512
ae6e65ff31ffe1ce664f085d303b01447ee9469a6c0e1a7822f6d1ab0f02468e561287fd81e3e9d1a93d361ac9cbd72bfc1877405a8049eac95c36aaa40ef5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
c090aa1df9fc6e85ca0712255de961d8

SHA1
06ba53a3ce8b9a532210e943999a1ced47877a42

SHA256
4e75d01586e8ed248947627aadc41846de72fe6c9a827017a9406780a43eeb30

SHA512
6341844cee36384a2fe4ad3c7fd091f3fff9fcbc9dd199678262bf4c550e234f1043b7aa39c4b9534e0ff17fd9972f9a3ef367fa68db044fde177ce2f6c1c048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
3e0bf8e0dfa5bcc58826706c25b46d5e

SHA1
4b1d7feb9df7cd1b6c6de91020032be5cbba86ea

SHA256
0cdbd3fd4aa2db0ee11455efa5db4a485d818a8d26c5cc2dd4253495c0d6d8f4

SHA512
ed8f98d0ea3b9792919ddebdd6a06be833e67bbb36a22753d49b9ee6b6336508122c2fadbdbb6a6d56608b5afa9ff7f4140eb3bc95ec6178cea7636c6c1071ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93d6c05f-9977-4c04-a6bc-fe26226bb2f8.tmp

Filesize
6KB

MD5
50739682977796ea3c8865c54c104ad3

SHA1
98da0930c8e60e17a4b50f9c27122a1836978bcf

SHA256
1593de5d5694f60de9f24ab9a461ddfba6e6a1e4cf57aa65375273b53a7e4bc8

SHA512
c529565006803e9a77cf7fc585acd4ac941652c25894740033dc0de049187577d272cdd4fb2c4b413a39ec9b0fb97e7ff28b1d88a63974ae229713672c0c2e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
25KB

MD5
c6e47407c003ebe5e773149b5b52da00

SHA1
e7dda9374a797c3934e97915dab4d092e4804b2a

SHA256
f6e82e325803b8934dfe3098bb1aec841b68bb2d970bcb1a9e2f83c7273fa04f

SHA512
5bc5c502c708704f8451cc2a5a43377085affcc6bf726e41205fe410f5f768ce8ec08f5566e35fd535627e00dfec4fe6a95bb28a11a041e88fdf36a42c4c1a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
d08c6efb20921f0935a56750f2a8fd4f

SHA1
f5e0717a81774d39a64974bd9f62ff89791dda6e

SHA256
ce3387a0a8b1418aced012d7c7e103296f14deea459a41d2aa431bf974b0fe3e

SHA512
bed112879cfed90ea9fc9091758982da899523889e11e5052fd98669bf904931fafc6731729cff83a10ee81c3f60783220a48b02f0303dfbde55b6248dff6de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
22431f656919b422cd30afd2a999ab0f

SHA1
88ea37f5aa7e735b0be58fb53ebeadbb34dd481e

SHA256
29244c5e8b46a15189cdf053e6b7e588ec4ee0eda4eacba8763669207f4f3376

SHA512
d11c9bb6115844ddc6c1ba3b60e34bafa37cd782553065be288e380a0361ad8bb8ffb328c7379b2c147fd4cd586a70b31b6c2184df4bd4b5bd0c0a6114adb3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
298f669e8dd83c3ea518da0d46e101d3

SHA1
1971ee32309a68c3073527504594ff9c24b024ed

SHA256
1bcf994d4eb7c199dc9fe2b9976ae3c84b970b868447f89018de181766881e5a

SHA512
940e058c10d259b34bc9d78ed15c4eeecb10841f280f702ff611b44dde7e57189e4f94fb8b22cfe4ac3503d4acb92751eeb9140730424f48a65a9a44646324e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
977a6cfcdf0e4c73804f6142b4e77866

SHA1
42f0eb3b30c3f782348c8c802d308ecd58de6f91

SHA256
5ff3981ad9b2e78cd8ede7de6c4bfb7411dfd669376d4287bc1a581f291933bf

SHA512
23a9e400c4a5156ff4571c9f5b363395121b50d146141535da712d930ab49de987bfc984ec1f300d29e3379566f686031f409356a7ec4f84fb2418006472d14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5106440177e2372426d2068af11de942

SHA1
0299b61dacffe36a1541ad93341e8d5da3f1c5d6

SHA256
c5029e0e0776edec8c28b4228a78720f455d732c67a93ff6cc9bbd669e2299b2

SHA512
cd048ec043ecd78866b7a94e302baab72dd9bac1af2d3dc5a97b428d233037fd3b2e9b1f2c497caa45186357686fc5d3e056c4ab215130bb042be67ee3217ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7b27a341ca8c63295cb1a6e6cd5178d

SHA1
94a13f34975278717d2db7e95fc4dd8b980531ed

SHA256
06007166a2bad30fef34efbd57704246f687b9f79b7d2b0c5b6de99a6cc78d51

SHA512
d83c592543eb1bdc39e531124500750f318a38f3fa4826251b923e14ae4ef062881fdefede5d13a1f0dddf9a6f57e025ef1ad94e95501b8ea95aece37696893e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ce90e0e65d71e4276741dc0512f79e6

SHA1
389e9d93676e3a0e71d90bca7d455e387e7a8b83

SHA256
11d703092bf70e938b64005819cb99b85750871bc28751066af5f85d340da938

SHA512
ce10eb22f0a7bee386bbcbae97009ba34693860ec0de79e84e79bfc72d7f3533f6dd2ed9a430dacccefad6f5a5f22e5b5d1f9d57123a3929335c246822707e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d28c4d0f8829f3239f6b82161fde1966

SHA1
dfa247cd8b4cc4324da5dd9434785aeace044f16

SHA256
f4f40926eaf7d749ff09d5cc7657ca22a7d3d125cefac6722296e94c442420bd

SHA512
8f0ef82851fbac1ba18df8d7742aa0f1d9b630eeb065d438b518d7ceb72d288d53d49d0048b70266edb454ed0429c43e0f95491f68e49009ac812af0531dfa0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e2dfd19a9fb449aa43f3b98077fb006

SHA1
faa70192a7f6cf1fa62f4b9570d948c7fe7f02c0

SHA256
c124810bb7ae03015e474a6b3409549aaa00b00d9b0500df03bb0e7df206bc65

SHA512
dccbc874527056e968119d5aea4650c74f1aa65b39a2c399fde986c9c7714e9fde5904a3b6447edf08e2fc70497513025ba904bbc695fd8d622a060362ee4901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e1e796dcfa8cd4b61fe25535a606cf1

SHA1
99559dcfc6c94a04eb5a5b3d2bca053b9269f32b

SHA256
51cefee698f69d073d3f446e19f2d3cd85f20b633f02747398743917cf019d9c

SHA512
c644b78790f0b9429f4b018468106a6240e0050525d174610ead5d113f36f0d1211b91573d099a2c5702ac0fe006ffdae7cdd0d4dcbc20a3054cba6763c97d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f78bc5b3a57cc169a9affde5d8250679

SHA1
b5496b30ad99401fa3226b69c9bb633a98f4aa25

SHA256
962016ea33e0fc001b23a2aef17a77486c21e41e1bc87f354651197f97e24dbf

SHA512
93554a1cba68bdbb273f1147de3de345192917aada67460f7c552c460aad827fe2e6ccc8ca04ed2acc914b3c4a3426f49a05a0f357e9559627cc583dceb99dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3017d7a3cba47329cfcec7f275cf1b7f

SHA1
6cf219adfa89b0a018b5a1673a62645ebc71ffc7

SHA256
b470d70cd08403166227207de45652019f02cc0831c1fb4df232f0e7f4930823

SHA512
8be37b824afe5117223442bf7bf2b59906144fd7bcab58b99b930c434b65018987f1f9a84f89ba9753a6d00cde18779d727572c7451492ad7925bf5d58d734b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5872e9.TMP

Filesize
538B

MD5
df734a6fca3b2e4e924efdd7930ae1ca

SHA1
0971bd5048570bf2c08fe261f734411a1787ad30

SHA256
cff0149c9a032adb69a810f0dcdff94e54f9767b14dfde86f218bfe915222b97

SHA512
ba9780a4da2c19f1c59e3834eff47ba60705837530dafa66ba263cb5e750e62de6370ad455e18fc0bbbe10445119bdcc9f64db424a34a3b72795c025b03d89b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47e6ac2feeca1cc62d762ca72fa1e941

SHA1
147a9d895268a56f5361e9807f9f429c42c0ef66

SHA256
bd4cb9b58e15a33a91860f4e0eab74bb4a506ddd5bc17f9bfff66c45e7fefcc2

SHA512
d1e2432141db012547977416be534476ba3af8fcdf995f66fee12c990b335b528ae7ca524b19dbef211fd5a82226f96dce0164d53f38d6bad57508baa9194596

Download Submit