hxxps://google[.]com/

Analysis

max time kernel
146s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
74	whatismyipaddress.com
13	whatismyipaddress.com
73	whatismyipaddress.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699424638370625"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{D0F51B8F-0C05-45AE-A08B-4068E8CA0D48}	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4064	msedge.exe
4064	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
3804	msedge.exe
3804	msedge.exe
3488	chrome.exe
3488	chrome.exe
5824	msedge.exe
5824	msedge.exe
6064	msedge.exe
6064	msedge.exe
5672	identity_helper.exe
5672	identity_helper.exe
5788	msedge.exe
5788	msedge.exe
5488	msedge.exe
5488	msedge.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
5824	msedge.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe
2560	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 3944	4064	msedge.exe	80
PID 4064 wrote to memory of 3944	4064	msedge.exe	80
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 2508	4064	msedge.exe	81
PID 4064 wrote to memory of 4028	4064	msedge.exe	82
PID 4064 wrote to memory of 4028	4064	msedge.exe	82
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83
PID 4064 wrote to memory of 1932	4064	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbbcf3cb8,0x7ffcbbcf3cc8,0x7ffcbbcf3cd8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10409907124361160715,4313200285931821645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb685cc40,0x7ffcb685cc4c,0x7ffcb685cc58
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:3
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2092,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5108,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3196,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4244,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5236,i,11289770962075500157,818230952306262930,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1892

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbbcf3cb8,0x7ffcbbcf3cc8,0x7ffcbbcf3cd8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1537865068041112498,17336118639311462369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:6960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c33a667f650c628d43dc29df85157971

SHA1
485f9a8c3c3356b7977a4909a4cfe6bb6019dc3a

SHA256
6abfb97e43c4d5a7a7196c84b8b38c2ef519aecdb35fc550ef289e4dc4d0a95c

SHA512
2a17f79295695914205890a0eee03b724fc946321452e9183382237f51b7c94132ba317db845f1ebc42f2791cfc6e66d5f1e1044c685508a747e6cedf9425904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
c95ece7978605a7d6718b950d38d54ba

SHA1
bd7559bb3333a91c56f2063a68b53981fbaf4dae

SHA256
a18c943ed979d53fc627d7251b4bcaa95ce7a2b23797a268b7d4c691e36adc82

SHA512
3d9ff190b99d230f4bf6bd38650c3d257984c5b054860785c7663274a4375e7540203a4e6ad769ab9d0242c7b11fcf1e239f39d86d226d1f38d3d58117e26ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
80811d6ba8a8e3c74eb88f9f0f4287ad

SHA1
ecc4e9d54a9592e5acb2ea3dc5e90cf0fd4dec1a

SHA256
a89bb097069f1623cd3b0d2c5ebbbf7e6f0962187777740f44c3e3ae8e17ea8c

SHA512
03323c24aa4368c565d82b2e3f9169bd843158429e05841a6df8044b568b7ede61191a84151d79d315999cf5dbcf4db589a2a7b96f1635670cc51d7c39dfe885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68a12df3607135d62dcf4c5dbe30f9f6

SHA1
61806fcb23c73e3900d291f8518ceb601d91f209

SHA256
eb5bbae78d71b323c5d19f69a92c86dff2a667587d31cd60d74680575961054f

SHA512
35c83e1a7ccff22d0aaa9218cad124bbde3c01c3eaefc3caa87a39dc1a1f9e92a642e55566c205c42eae9603a85a07854f74bbd214cf9b17c609249108f293b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e26f51970d3e376cf3e05b81ab7c4b49

SHA1
4a8523676e6fcd5c4e9456e059cd680a9752fd56

SHA256
1572e7d04ab2367422f0695106dcc7e91e7aae11eeaaf692fa74290d17048eec

SHA512
71b3d8c34b7b4fcf8cf6f9ce769890f8710e53c49a2ae10505daab596bf36346ecb24b8163f0a3f990846a364f89364f2bd91e9fdfa16cd85569a94f13f465d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d7aa2f428be1a33eaa94896e0a7c8ae

SHA1
5cb1ca3fdf96ed16fe130e58658f541004fef66c

SHA256
f4599f6d32adbca75fcc54533b6b77fdc34313c1e540f5ce7aef0dd418a6258f

SHA512
e2a4f6dedb5d6c737d3b4de6e10a7d685ae65f9e0f164205ede714e45a3bdfe698d4117bfd885a4fcfbd626a30693130b1981676cf011d565063b06c95784840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b80a2a56c65ed2172eb1205013d655d

SHA1
de24e1947f1f6b9c13572d866a7261f609420b26

SHA256
e89716deb24e35083fc3efd48540697cfacd170e73461f29b20e4c7b491f867c

SHA512
e21d842d7783156108969c4988d290dbe896014d6ac67e5b5a7692d6734636da08988ec6cbb498e285189327700840d7dcb42fa40743f5b5567aee8f9bf57992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
879c479add6028bca955a2226202cd36

SHA1
1345aa35e8548728993b457619c7d9d05f9f57af

SHA256
558118046d73df75ad4b01cf291ba69cc3e361489a960b5f89c4256dff00f876

SHA512
cde346a58bd14db5b49b901f4742a7d0bb95b63b19f2b96815ab86f03c13e14e16f0e51d16381bcdf08f82b0db25fbc823ba59811a07f5ed47ff7f89fc7f675b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66433a59146392f60d95ad88b5c854d2

SHA1
80f8b77b48fb61b140c60c04182e48af787bab81

SHA256
ffa59b2451369fb96caa3795e47c3e69520304ea6d9ce39db12cf60d151eb422

SHA512
3fe2330a703f5fe9fd986e2be00e1cdc4edb532643d03a16c0e4208e86ae83844d6d921fefc0343267368089d5acd6a26563080de559db12c73aedd5f036644a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2086e584788bba703a5cfa8a6257bfd

SHA1
e0016c760b641802dd561e2ad74ac9a7e7aaa0bc

SHA256
0ffbb89449f15b092759555572d85dd53f772bcec7b84bb40f06fa476f8d12a8

SHA512
23044458b98fa96bca0d64a5485f9f3903e5af3883a2ee168cc20c51fc7d638e216a0f1abfd124f31a2e2385a1c18c0c97fac2f36e1d49a354237b64fa0e1fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abbe56dbe1feae16d05db121df96587e

SHA1
0632ddafb4dc4995c9e23d76e81358846496c95e

SHA256
14f5cc27f6db4a476cd85b80c0980dd86bdbec21f6f62e1b57be831242bd384f

SHA512
1fc304e50d83e168a7e2c57e1824046f39311bf640947754b4d47902cc8c0945b782c93d5b36a4cbd556be3113a5169c814f57707aa280f66ec06899d251dcf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17c69c829c30704c4ee8cea862947ff0

SHA1
4519c3914e2a6acf1bcf7c4b01abb8ffc6f70fc4

SHA256
128d8b9eb0607fca2d04e3b76b5edcf7760a960eb520454a849ec4a4e0b399d4

SHA512
eff3b26d9e0e9cd59acf2acebbf24b0f9a7a8f061c122acebb9765364e15041588896d1849d76768ac021341f6ddc37a366ce3675df9da803ced3f6546bb22b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\5dd85080-d0c3-4d26-a2a8-cc7bda71a377\index-dir\the-real-index

Filesize
1KB

MD5
cc01b7de42822b6307323e5015881964

SHA1
e093eca5b02dbe057c759c348313e58606796ec7

SHA256
45289fb3f25b3ba53bbffd65b3ca0a6c8e186024350d773af8d024d7a9df80c7

SHA512
7b582def4ec41051cb3de3916edb4dc46f43ac00297dcf077c36d3bf2b0ee72d40210bd5b4881e4595b420895daf441d1cb0d824da777d9994460c8b325c6503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\5dd85080-d0c3-4d26-a2a8-cc7bda71a377\index-dir\the-real-index~RFe58e48f.TMP

Filesize
48B

MD5
67e59f516713b61ab3e674d52db6dc4d

SHA1
4dca5fdcb9b6c2caaab27625bef4c023f8a3fdf2

SHA256
cf83ec2c0d8b8284ab26cd35fba6c1e9fee2a8af1dbb0305db47f7be40b051d7

SHA512
0dadae96b7206ec13c12ee51336a90eb906f4dd6a0b353db4ed09dbe8ecebf41714744511a6a3c617ba198ef2528afea5fde4c04794195184a87c2d0f7844f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

Filesize
147B

MD5
d9146751f98d4f4c7efb2e79669a93f5

SHA1
2aeec755b6dc1231cc3228079b682e759ea24ad0

SHA256
b2dd67df20c3ee052b60a790633a04cd5a2ac3698193bc52eaa0a669de139587

SHA512
4dd107e6929d066d421843614e6489eddc8c0af531dc8717d6b25eab7323e7580e552df4b444651f772d20974bb4519d91f836b6de1ca9b20fca453613014e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe58e4cd.TMP

Filesize
147B

MD5
2680db14f259a1bc9abc84d27b765a85

SHA1
e61286805ea50c1323b5e873988e098f18a0de20

SHA256
15989e4653499d530f13aeb952e6734f95c50e4536eec9f47767c1915883220c

SHA512
0607b5d333abd352eeca974150c8e7d545de27c137c11c87a0d6225842bf8e3f2ac467aca9cb596c4626d2fac810cbc60e0c93b34307721542feafef987f9435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ef0d2d7a19c3e5ade292103e38699c5e

SHA1
789ce3f09d67ddb837488b549d07cfcbac9ac944

SHA256
a3b6c47bc92004a0ffe59448c432d20800fe41d05c3389273fd76bef294a6629

SHA512
cf17953792a3587c1030c9a75471234f9cf4d827bce5c58fb46aaf6389e2a7a9e1d650ffc59055ba8bc1e7591e6b0143389a483ffc80f6c59b52268174f0ff83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d2c2e89a8a61a716979633f84147e9ce

SHA1
b954485e0a36d69b514cefdcefb74aeb4ec8545a

SHA256
22fe4dd7178f7a6139be9bff57fba2e7e5a4cc6964d2b9e3108cc804e28026ae

SHA512
0b0258e80905d5be23d336f2a84e45b73f96871c8275aaf25f804354e4c9d10b2d7a7b4a2d4562c91d8dd587736e497fba775e8f46a645dfa0c242f5fd78171f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
2b28f0d47350891d9ec776d994e39253

SHA1
341d2cde947f656ea1f663d1955adc65919ba947

SHA256
13047665f917396ced2355fc512b2ba853e01b56c38da004cfc6f55232a94750

SHA512
8baab60f80e96cd1db0743509bb636561935f52429d3a8136da7789c11140e8304468cd4c3d73197d0dc68c5c4afe12409a023edf73c5262d5860608e2de8c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
e1623dbc997324c353733176cb55cb2e

SHA1
c0b17c25e5ed7346ebb4d55b069e3a7e95daa525

SHA256
42c8ddfdf69f837e9fb64b027c5ece6fbf55c0cc7e76adeba12b15393d474697

SHA512
e5ecb7f6c1c5bec4850640a83a224b2998963058e92779fb4a650567f3f9149bf57203d5eb3261b9c15bafc79395d0244dd812bcd175ecb0d42fac0f33296dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
afa2d21df8f2f1509e3f63dcb70dc3b8

SHA1
616410e07f08f91773d694402296d257bc5b7460

SHA256
3428068df74a2f103b33224996829eaa82f42075e5f5c631e98440eb48bdc223

SHA512
b32cc0502f9f9e26127ec6f74954ca44478a8b65b579efc05ded3fedd822b1dd98b94951e9e7af61873c417bf613b57e7d12115e6576ea6a2eaa672ee814ba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa1518ce6323810a3944eae267984370

SHA1
b5c3ffa118d265d06a3079f405c8757465145190

SHA256
33136d9a4b3bc5fccc7e7a492eda8a2a1a3585aab2fcbadcdd91394a6eec27c4

SHA512
46b80ad58ef15fe9d14779f67c6b8c770bafb029dc5070a677c10b569771bcd628cc2bbae2dffe25ebe02a9dc2e658edbe2c29ac7b21f97445c433258ac8e4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5c17b2c53797afff0d36f4a5a8e2130

SHA1
f06a5ee3f14d6ef0dc7388cfd6a6e60e7ca4416d

SHA256
2552cf56ed4677544abb942d977acfd412be2b6bcf3ec2c13b729873c3f0166b

SHA512
12f727f4191ff0b2a3d3c6c8611d1eab5bcff11166fcefa9ba4d2c929cbdc47d80f9261022ac5450d45f09cf44d7d4b6c43ddab544d4e5c6427910f23515c973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3c3d7c4a04cb2b63e23d358c7ee28b8a

SHA1
5e7b18677c55565d25d26ba993970f7bdb36a169

SHA256
0fcb42b435662934edff3a1f9ab408e6131fb68ee041852d3010d9fc6910c97c

SHA512
59d0bf6a73452558b3d67e300ce8a71d9204bf2bc252d3a2924b7a087ae6094e90c96dc920d221c0c3d496a4a8b427f3d8dbccb1d06577ef070280b5bf8fb835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
91971299f03f296e35a8449c6bbf3f96

SHA1
083efcc0a17f642645fbbc85c5069ebc88b7ffd9

SHA256
7238d7b32c309ca5ba47d892026631c0fafef582dc7166f198e366976d3e86b5

SHA512
c5d3612ef3fa5df5ed4c036bdb63647a4dc453a8a4a8d6e22406ae3ad4faed85cc279af6d88a3987dd9f4dde109db50a58ba065fa1b40830280afc8c72c4489b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
9582b0033e593dc1f4a4ecc3657061d3

SHA1
2a37c1b159d09ee2ae5de4ec1d21f478ad7eb463

SHA256
8aca13e384f88d83b4e03ce8b8fc3d0928b65ba60670f4c5fdeb7aa839a51e1c

SHA512
930a22f970a3b3147efb70122421c338a164ac54a20e67d70d6c95763fa7f0dcbfe8706e97dd2ddbb0eca53b20a66b917178b2af5f9c3b4e813ce8f9e262e4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
63KB

MD5
a2b03561cabc0d346e9a6be3f5b11b5e

SHA1
ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b

SHA256
09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1

SHA512
3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
20KB

MD5
18df7928a52af11d173dcef857512442

SHA1
d157427eb9f62a54a8ab0e96086f11950fb1059b

SHA256
3a8211045d40f79825327521a2fbc95d17d21962df0f4c9f9b9ae77bd2b7d51f

SHA512
d19d2fba70f9215d593a1287af67a025ac2992f7e279253d43359fb93ce8aa9e5585327daeb0dabe5a8c777d8808dec990e73e48253abedc7f823029ac6f3aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c848f6f1104417c88a170056cb68fe81

SHA1
1bfeeb38c623cf7d5ca91fa827ca97ac2bae60f8

SHA256
4d23c75d80cb0c317601d80f84f783545c13b866041fee1fcec87f15cca0fb7c

SHA512
1a2b138aa73d30ded88ea04ba5d4161f9f084eae4bd1a39593173510224d1c53d12e0bed15c3aeba24e92676e76067d6e74fa1b454534b9b88027ef8245f0d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b021699edb32f3c30bcebe4b348260f7

SHA1
bc060789e5bc8e9d129360d7b67dd63194cb21f9

SHA256
d6619f3a9a84df89c28a7a40652decdd059f3540ba4c788c2b520c285363f1a7

SHA512
adaadf5392734f819a670379b53df5392ca7dd44280fddfc1a1853b4049283d7096ff6c607b36351491475f4ffe2abb125d92c3486d0d67ed9c9757eea4c4357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
20865eb7f57ee158f5b7add8b3ec6405

SHA1
4821d1ef11b437fb6d8e87fb7daefedeb3bc9f13

SHA256
f3939497dcd01bd3ca4dc90486a62e059cc911477e77779e99d35128e5dab853

SHA512
c668ddf59aa0959154c29b99efd965a0d2b77da0399a53cca2e49b4d847d294d1685416f030143f1eecb28d8fba3bf6d1003efeb29e8f4c82d878e0e2755c819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
188289c4df671ee8f60b5f6895efd0f6

SHA1
307e494bf473c79926fb0c28e909ec677f48f1c9

SHA256
db3de316bcfd8005966ac4f5f261c9beb80c52765c581239f45925ef2ffc8547

SHA512
a1cad7da50ec60f68a2daa58c0b9c5de5ec66882bffd9392213cc36e3b9924892eaacec26df27fee91112e601426c5aa759b1de9a3a5429d40f180cabf567377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
c1a68b7993ed33211646a056fbf00a77

SHA1
d712da069d6ce0bd1d04594ab1915456bbcd8d38

SHA256
6c62a8eb6c9ce9c8ae83b93a124d14bf505b9c122a60fdf3501332d705baa82b

SHA512
ac5b47610012792040a2ffa425edf185c6b4bdb1cbbb0bb5a28bf9aa2627ff6182126f4bcb6fbd7e6b5683991152c07cfecc2afebb629b451da398f67e05d8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_whatismyipaddress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
278B

MD5
f04f3c1c14d4b48ef00eab284372befb

SHA1
6260ac16b0743042a06ec2744618d569e784298b

SHA256
c3d14fbd21246bc600ef6d5d6274afe9d353af46c2f8da62814a529406befc1e

SHA512
fe1adddcb4a0609ff673f8c9bac86fcabfedd4aee77e91cbdfbb165b8ceeb13c26de7a5799f62fed750b4a5ffa1dec7a8ace112f3762071d5f40197c57675c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f51e0168239ba81cd4e445aa25517b03

SHA1
ab3b659410b6e4c791bc535a854d1aefbc9d4b80

SHA256
2bf87eaf39e8f71bbbae1d94deaf71198cdb2641a0c81f422b48073fe05b94e6

SHA512
53adf4be54a8018fbcfa148eea9aa1dcb79369c995060c52ee9329780f8f39b31ddc950b5a1eae9fd2d5e6da47f36fec814f15c7954e354fc0ac995ded2fa381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
af14c686360dfb92a94d1e7ec53faed4

SHA1
83746178572a0df24eda425f00d7e986ec930936

SHA256
8b113ad5fa214c9bc560e33d7215a314cb0bb2d92efe30ea9dcb0f5bae734c3b

SHA512
c0f5971ad36aeffad49e0a18d0178160c6174354e1ee9552e5c247e26509b563d76dedb479c6c6983fdbf921425a0ad36440038d43e9299b4b84e3d3151948e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
1ee818f77f80d7f593776b7378302e0b

SHA1
8aaef02e2b412e445ddc5677c572526f017c2bdb

SHA256
a92df7c3d724aeafcb7981bae947a1e731b82afe0bf4f34efa4af53033efb7ae

SHA512
621ef8f5c130a90b47994e93a7d195beabe886074e8c02e197d0f932d9ceffd99a9d2384e2980d693d86a1a0d581fe80d2030ed4027c8cc14d3078ae7c597c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60b98d227bfc4f6b7cbb8571e46049b8

SHA1
2214bfe118fe08e596b786e5044b1357d0f5d7e0

SHA256
0074ac2e4c2adaf1a4bb73ee8c50ce1749689d943a9bb2087bb78d6d13355f95

SHA512
a108316eef717d05d0199be77e42903a5fc220f63f655273590d216f12453810353f05d82d7b1b4f98dd801d73c334f98abf137fa14307c3d8a5b333529cce62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a45fc8d5df59ae0c4cd58d94de052368

SHA1
77b739431f0c4badb6a376271e5554e3153b41f6

SHA256
b66d38e71a2cc735785c0b27d917eaf4452e9a1348a887c03a9d0c0b5893d4c2

SHA512
fc4d7312c83ab657d7be3da61942188f8cd77fb298996a208a879a464fc9566e2bdc0fe54e7c3509164f3d1591131f0b8ba549e9064938210a522de166c65c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2b2630b2ad1511802bf829e42a8b7df

SHA1
2d56f898028e9e845831596e84480f1304d488b7

SHA256
cd5afeefba4b5f74ff019c367477dcfb9c7f324b0726dfe9cdb1589d57486402

SHA512
7a3cff076bf812d1454833792d017a15fd03ffd551ca85b67a62496fae3fb6272e31c5cb54a61af453364d0daf6c55417427a27874d15e7cab5ef0d09ad4d2d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
620ad7d5ca3c75ae1dc12c7bfb62ded9

SHA1
46ce4137fc9759809a2e236613123dad969aa40e

SHA256
ae8b41135c9438d73d8b4aafd54e00c6cf7d85ce00c66bfca6943f5b352b8a45

SHA512
62f07813462e44eec0d5fcc24990bff62d36cb5bb2ed6a72c470031cebc6d4dc62dc4774ae83460a65512aaf6e5781cdf221fc5917285aac8bfd9bb5f7bf4e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
314f2fe7394dc653aeee0b03fb413ed8

SHA1
3f9824c78e6643a66cac03d103abfb71671b94d7

SHA256
6eeeda205e7dc4376dc0be86e09f85b3f0d1a65fd77f917077e9b86f1ac2fc06

SHA512
84d6accbb522b81cd7e68210f36806f9a9504af055cdde756fa3d527667b4d1665f5058bdc3292950f53fd94b2ec639d6e5b714bba5c5c5c156cbc98ecb64ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e7476e30e181f3857f55f90180aaa34

SHA1
3df479b4d5b6db670709441a8d3414988be72aa6

SHA256
776012c2a9e7879c75f6adeb752e53b2b69ae63f25fbf1b41240934c26b10bfa

SHA512
a4aede139234178e03d044fdd32e2dfb00065fabd4655cd53878d700a74902e32539ed00204cfce5907ec91d1f5c8decb53a6eb22e90f43232c29f326db23975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb3235f7941e0bf045fd84bd736db3f0

SHA1
f3f5db27d8205ae40c8656ce1c0f767d62d75c7d

SHA256
6a22fdc59a033a21f5471bf423349d3f04472cd2b28dd54a5d69b3668d3ee9a5

SHA512
80fd17459f30428dcbe5f95a67f3383bc734891f627efbfbf33ba6883ccbee4d02db6161331639dd4783d9e9441225b660ab966ea1279f322c005886f29fb28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
9b7d9930fcf9e7fc319913324a444892

SHA1
000f39dfa6d7b8e11996f7d42046b0904e12a830

SHA256
5cef3d53cac0249e8fe9b67f131429aac391ef8a7f14c4324ae4863259320976

SHA512
879255694b3433288d5d5eba45026cac8241f23e79e683b5d7122f3fffbd5506691fcfc6fb125ddee40ba143434d9a695fc027ff653ae31840a8c6d49ffe25aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
f74068b0ba9dd035eb1d17ffa49bad87

SHA1
8f885ac3492dbefa9b7732b8f0b72ee5ba63e35a

SHA256
bf1d91fcf8738a5d7162391f95c2ee8a38f0c5589b4767e091cbc617949e2c11

SHA512
10a8f52ee65aa0748c2d464826d111e71f825041b0ee5dc8d960037f66a128a4d9949e9eb3dc0adef5791b8cf3dc74aa60b663daa12c8203cd3e75722132b030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
60b73d3bf8743acba87693f75a9e1340

SHA1
b43e86e17a9e724083ecf59d39812ae78574b8e9

SHA256
b00924eef8079aa275c404ea88fc8686dcc59eb90a7cd94d393df1c8e686b58f

SHA512
4b734fefa29a643161fe85c68af26f8594067a54252fb11363d59755ca1e3a768fefb75dae6bcc191b6ead92d804773763ccdf529751b8f9f9a08d39dba01e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369942441333252

Filesize
2KB

MD5
ab3261b29372d67477091073f36ea5e2

SHA1
5b8fbb501b31e7f5ca9c76eabbe76c3afae79293

SHA256
f19159917821cba63c3c37e764197216c7df7a4417d69e80e374a9b339d51573

SHA512
875d75e0d91c7b5823f1f700f0b6d53bff9a65aa6a61be81c244bbb7314a9f316a941d87fe71ed80ef20ebc96f85a2493dd7e78fa7717e6f9a9222fb3cc19401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
9ebfb17b349cb444990abc66ec9c984e

SHA1
e2c827f50d93626be19b3978cf5ba446fd29ef9a

SHA256
bf6736ca93899dbf10d7e6003862b0e34383fa527a216d12835d5000d151651e

SHA512
b58fb6188820b4168a60508049a490fd78eaf5ba3ef845d7ca526bd75871a877aff803eb5b43572e9b13fa17f68f8f97b1ab2e0e484b56d395a777ea80d124d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
17b61143aa320d8842212953ed620cfc

SHA1
e220b4225764269b3e43b6d5d9b7a6101ef05654

SHA256
14f67b31068217de24765f027922f11804fa8e719f6e251cdb2069442aa13cc8

SHA512
520a9c15d25458b91b8e485a7b27d78bb34b932da0d30e7febd38b566b267b93294bbd17f857cb99759d1fc9d960be80f4a233b0f3854832b88f1f5a53b1c050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0fc10e1f4292fdde4b6e2d231a5d53b2

SHA1
01e4ce817e5e7d3f196627dca61ed727ae0a7060

SHA256
e380aa52a7375d0f8c544d40d251f298e6acbccd04bc3f0b5c275392fe2cc7f9

SHA512
d781f24f68edcf70dc5530b16a7a14efe0c4d0590a21724de3a4a0e1af19316e8abdaab3120d646e6a7ba5b7f56a261ce013cb125970bbf100007f0eaa9ec95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b714a47dd6a5442a47eddbd34639b6a1

SHA1
08ca903228d90deb7d274cfc78660b063c0cec88

SHA256
1605370519c5f5e6f32479b274486e2fcbf3309760e9d86db34100f55334aeb9

SHA512
18dc0cd5964e9d3782feb8f2071dab38b93091d79feb1016e9b4c22d33e250be0aac9738a3548dc5416fa7cee4b1dc2be5c90b339b028d2068c02ef253130bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5952aa.TMP

Filesize
3KB

MD5
ad4bd101aa3e7c2043934302ac18f493

SHA1
f052fbae3d8748f6e2d6bac3576e8068606a5c1d

SHA256
52f28dd62923624b09873c1a08dbc87901b64f66a6e31d19adb872dd85ccd09a

SHA512
e47ead923167c2acd017498625b4179bcc06717eec5aff4f7c177eaeb2351a7c21b8f97db002840ec8b46e12ce28694f133843cbab294f69e6d1936690338a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5f76b3af0fdaf721427d14ecb35c4e3d

SHA1
04ead5355aaef32c8496aee5dd2bc76a66d29e2b

SHA256
8205cc1c88cc0e6b0e348d861e2fe62c84ea0829388283bf26d6c72a1c203127

SHA512
83b31d053547e66840185cede08ae505bb38b505cd87ab7d479cd581d13056ad4091f01fe2d13a85c9d2496ffb47b3b1a6cefbc039c7320fc8eb5ac3054602fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f856b105-a03b-47dc-ba59-0812f722daa4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3845d91f9b323f4e2c22262a6f8ff69c

SHA1
28eae54edc4d28dd2b31f2cbd14bbd66bd2b8f76

SHA256
f7e7c09b7e94b27cfb48ee1afa68915ee4e897bd15c2906a9e3a6132a8382106

SHA512
b1d6343d4f867ab4ccac9700dc1d5502bf32c984a09c2ac00b376f7038ba57c0bfd4edce67f62e013966f139ac2b189688e04921468378501225c810122d30b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5d235c10a7f9ff6a25c4d2fb3e34499b

SHA1
b55367975f9bf2429ff25ee99572c5b5aa2ca137

SHA256
e702112e138966d98bdb050507970def0849d236392f065e8f053d39bb42d622

SHA512
e5cdbad52dd4134c292f427551f4ffae3afeb96f9b81bdbbbae5ce45511eabbde6e2e234bc06eab8b6f57f065a367c5d439ff80a9d0c49159e797747103da046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
5e4d75891b40c22697062218b1b87909

SHA1
d357d7ac8ea2fda8c51ed4afa7cf9132cd185c5d

SHA256
96ba90626c057eeedf26106fe5e72b58314d1824e923da9b83bcaa45a673fcd7

SHA512
6357cfd41c282b08840c514bebd1ffcc600412381483d0dc8e8687d627b82761678039f1d1d1467965e7231301a130e6939cc99d3aba3ac0e38475bc128d408c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
3ee99679bc9fa1aa223cddf362725b8a

SHA1
2a618450e5ba5fd5132b673874fa83ec7ec4b04e

SHA256
eeeb34a2757be3c150c501c114f2c2f89dec61e213e5d778d1f4a233350034e7

SHA512
aaa9ef026a142b4dbae4685e28c9541197b167d5beae42526c2adad7f443b55b108db9a99f986e91c2fb8f9b5ace15353fa0da112808b8685dd5253efb362ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d16fb18ae960fc451878f58f0553d306

SHA1
2ac1e86adce4806dabd2e0ad715e2508bb948036

SHA256
f41ee0015eea3649e215f6b10e002211eb4d79064312a313d0a1c56448601596

SHA512
218a820e2bc5e12cb5f9dd43bdf5b1468fa58af87cf964bc99a0157c3b981e0eb2f34f30ceefbfb5ebe6e8deb193d15d9d39b544d0581fc2dc05d7cf523f2940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0beee2e6bb965e11107454d722942cf0

SHA1
21fc2935e457c8dbcf5dff13cf52a830a5a76a20

SHA256
c115aef550ace132a49697d0472432677fca1088bd0148ecfef3d49a453c07e1

SHA512
a91d59fc5a9eaeb43313f2aa96ccbece063caa28f229dd2d2de505ec8dfdc06d2a495e06e215869c12004619d5189df9cb0cb600f6f5d173eef658c4cd5c79e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c7fbbf81c296ed2c283b3969088d33ff

SHA1
7bd91e716551054ce2ee308134ab413558b1784c

SHA256
446f860785950ee86ed01e6d780a12e282d10b20e6cf6943a6d1378f70487100

SHA512
fb60ec45f8d2ad8952ab2c1008582247182dc6e2f3ef04cc7afb7fdd105644d7d538797c422bf09f1de5bfdcbdf690ca872810827e1b1bd03473f9edcecac099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
828c467d32cf432b91f2b74525c92fc4

SHA1
34030880fb2b74be6020268b2fda113d911b4066

SHA256
fe765e8edb498c2886df8da7f58c1b62dd0b7bb0b8f8a09f3e057712c35ce9a0

SHA512
cf96115e903c093a3ab6a07b62b133f7fe0746219b75b4d85ffb064673391eeff7daaa237a4ed1babaedadf1867dd717a5e7e387b607cb4fc6f81418cda0e596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ecc53cdb082b8b8543b592dc23361019

SHA1
08a5e64e9642fcf0f46fc41cf02cbf73052d2f7d

SHA256
de84702d46b550a85611906d9df874b8e407897f77eba75b190b17746a977730

SHA512
c5c293fcf115f832f7aa164ad988c021128138c8683260570c09e4fdb40581dadae80cf65e5f048b943db021be68d9cf5a495fd8e2a73cfb3595526d9c5042fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96fe4c3466e54621987c0179270a98a2

SHA1
2ae0b085f4791899d8c419b0ffd3898d0834d600

SHA256
e695ec385e59560c7141cc9fec4a3913c0585b9c0652a0dd3360f27aae36923d

SHA512
78b03778c8225a3707055597ac5d64ebe9f777f465b0070f271e74dc07cf5904a62a1b2d47e43fa8d9193d4bffc4177b431829babef153a5cec86ea6b1a0e4ee

Download Submit
memory/2560-1295-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1297-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1296-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1307-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1306-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1305-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1304-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1303-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1302-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download
memory/2560-1301-0x000001E296030000-0x000001E296031000-memory.dmp

Filesize
4KB

Download