hxxps://ufile[.]io/u23u5j44

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ufile.io/u23u5j44

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726321088123795"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{E77E08D5-36B8-4B0B-8416-CFB07674A369}	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
2884	msedge.exe
2884	msedge.exe
1244	msedge.exe
1244	msedge.exe
5640	identity_helper.exe
5640	identity_helper.exe
5336	chrome.exe
5336	chrome.exe
5336	chrome.exe
5336	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 1844	4240	chrome.exe	83
PID 4240 wrote to memory of 1844	4240	chrome.exe	83
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 3336	4240	chrome.exe	84
PID 4240 wrote to memory of 2548	4240	chrome.exe	85
PID 4240 wrote to memory of 2548	4240	chrome.exe	85
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86
PID 4240 wrote to memory of 3344	4240	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ufile.io/u23u5j44
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeda1fcc40,0x7ffeda1fcc4c,0x7ffeda1fcc58
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3640,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4424,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4948,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4620,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5072,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5632,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5648,i,3502748004543086192,12399593784618367596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5336

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4460

C:\Users\Admin\Desktop\Nezur_Executor\Nezur Executor.exe
"C:\Users\Admin\Desktop\Nezur_Executor\Nezur Executor.exe"
1⤵
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.AspNetCore.App&framework_version=8.0.0&arch=x64&rid=win-x64&os=win10&gui=true
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:1244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffec57946f8,0x7ffec5794708,0x7ffec5794718
    3⤵
    PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
    3⤵
    PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:5880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
    3⤵
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
    3⤵
    PID:5808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
    3⤵
    PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3022641949445193176,14934230263531646782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
    3⤵
    PID:5892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f93fe0279f4ccf7b9da0e85cb6868385

SHA1
f6c19c8f2dbc20706a9c986d8bfbd8f65ba9e5b7

SHA256
59de3ae552d66b9e6bc68334fdb6d14ae8f02240ffeb935d827e819f1b4b0740

SHA512
3a288c12a8754918425abc0b974d794108b942d95abfd198e6a6466b22d2027a7ea55d28e975b1a6b46998d14d3f2b4573f85283df4392e8d0ddd3efe1745581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ee99583ace1aa1d8cc89d52c0e276fd4

SHA1
069fa3eb5c9e4829215874a6a32b98fa254513e3

SHA256
1f9ba44f7bc68832fc771989d9fa0ab36d0c5940054462454516f8b4c9c85cf2

SHA512
e213406ab3cd7d1bdec507925cb452cb6af0bdccd9cddc0403ac76d4ed4c757855d5846c57a775ec8ec716a99a908c7cc262cf2746b7fddfba7824a5c662df71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b5904485dc5f4d699f34a5fee7ca5ae3

SHA1
ee93f97a0a73bc6fbdcab7497ffc1b6938b89b26

SHA256
123b5e8febeb02bd304d759fed4065fbbb43ee253bd53bd83402338fbd39bf8c

SHA512
8508ccb820132afaa0aff0a279536c073251a78ceb01f80e55dc408b2f744d14befd3e171e6032925415e0990fcb4bf8a64d67c430c25b0308417e6732041d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
804500392ca971e45149bd52e40556eb

SHA1
1e28de2deac134092191b198892698eaf0ef5060

SHA256
37e83f6fd6d885315ffbec2e8b791d73e12639bfa92a645b9d547b66ca6fb5dd

SHA512
253ab34b5da21050fc52f7e8c6ff39444baf144e9326f00e6615cb32df3efe5ea20321bcb9f068115ba3d92a5c75ab3d08b1df94c559157275d58bdfd8f107fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9a3eba40c0cbbb29720ec89489dfb2ea

SHA1
b9fd6e1c18c114a87dc3858bddbb520935978742

SHA256
d1c0afc44b887c401e9b276f3315028895ab6175ff2ab746b96319e4e6166116

SHA512
70e942ac5f65b88fa779fa9530f5ac76412d0fa3502903142f3e9f020979edf7e279d919810ed83c98381fdfea8d7ad14607cf73059d0c9286e31c3c911facbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23f60d9a8d58a8388586706c853edb31

SHA1
4150105ec584708e8ac050ab1503d0a625ce5e81

SHA256
3bb31129fd16fc51871fe2502fc76fe312614fce285cf17a225f52f458ccf129

SHA512
5355f522e8c3cd53d09587e794c37cac20d36736936f9768460fd6f9a1da8cf38de5f35935bfe9b753fce6c4bbe78e75f893004abfc705c1b7443e72767e0bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d650344864541b846f359942a92f82de

SHA1
fa9bd4448d1137186befa4ae7e11e0dc2274f4d8

SHA256
b9391cd97ab69256650051f85faf7501df359c5cce64f9d37366227d39d33915

SHA512
a9f2ac0f0afd7c18da22583347bfdd9b2f3ec1e9e17a260bf33ac4f90a371f6210d6c47366a1acb1f0c73122a809bc1b660cb70997d956ff407e976593b17e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69ef094e734b76d61da5c8fd16211bca

SHA1
15a7a29aa21b4885202c00f880600656fdeae6a7

SHA256
13a7e02889c457314a6dbac88610812a591456f5daa5970ae4ac5607cda09531

SHA512
cd05963f2652991b110769f6074f180386f57ec06dcb54ce10d0c38bdf25f68bb22ddd0afa835ff2acdb0cbc3284fa3882a3650cd689389b501e93e423a53814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0380caa0795c0e03ba07fec0fa6e9a9

SHA1
64a437dfbcb2d13fc3fdcb76a738eb8b0becaeba

SHA256
44f01548d8c60ac7fb66fc5577af4af27e82093cdf3787a98e9e8f4a0c883f94

SHA512
001bd88fa95a79863ff0f798f12dd785aef2980021d77cb294f57f3073e4c63b60e420253c7afccf64a9b156b4a762b9cf3471351e2a5b6d420abb3f22df11c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6755350fce1426f074d2ff571d41ba54

SHA1
377dc439832e04e2f55fa853294936085e8b4e6d

SHA256
89bc2f37d08c6812bb9e47cdbaba8d04e9c508b20574d4636a5cc68fafe9fd4a

SHA512
e4ce5db4863206d1806702a0fbeb53caab8f974fd42ec54960545d32b7c9f3f42f4195bb1b44e08fbbb023c4c568ef0ded957216db0f5b9730d748ea477ae755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
365a19b3ef508c90486d237c4d0909db

SHA1
c75d978e08f829f1c43bc80057c2ecea19a4b3ea

SHA256
4783d41f5102c4059873f12a4aa0ee5de78dd5fe613042d9e8e1b566f53c0a51

SHA512
5b572717d0658d640d6201f715117a60e8992ad2bd1ea941921115085fd6cfd42ad5f15454029bbdf675686b27f40d0e2f908ae43809677eb773205876ff64c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
294bb0468d7a0ff22fda40306db29cdd

SHA1
2ad9e54743b6bd1a38abd2f7916f9a2edd2ead15

SHA256
5444f3a222a97f5844519f8d05d5f313991bf7c3a65932849a434c357108f2e8

SHA512
bc52f7939d3ecee08235b65a4320d67070a6868bbd93f0955dce302b01fad120ea83e37116db77e56ed8c60002b2252a2efc4c17a43433ed349b99bbbad38f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57692bd831ba380f596f2fe3283c3992

SHA1
f9d308cf88caa2955f61daa546843c38c9a18347

SHA256
b736312e0f660ec003e3488a76414d7504e01199f538a4def7d02c5b78b33c14

SHA512
cbd1ceb168639e7f65db2eed6a0e105340a685fbd927776d700e0301f9e3c28955ea430cf947e9dc5d558f5732374531a5d565e73adcfef65b14319e2a349bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c3abfd76eeb4a5eaf6780776009b1bc

SHA1
d73dabc888012ca1da03624f36798dfd17b8bddb

SHA256
77b387872d53cda34a7016aefdb12dcf611e93773cad314a115922113ab59a91

SHA512
7490589652b7668033d7ae55e240ddc7f0c42503c443b413b4d1e9c439d90d73d83dfbff73ca976d280fcf0eed424a2a606d41b7a744a45f4ef2dba263be8ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93e3ccb64999dd557ef07369069e4bdf

SHA1
ac4687f23cfa4778d51f8cbb8cf25864db4d61ca

SHA256
cdf2414657bcb41f6ce657e85d497efc138b861066672fd23adb85313d296eb3

SHA512
fac77b15a47722d3f392ecd8edfbb625b8ed4e418227c748b5a7ff582a8f96fbd418be09fb8db2eb66f94c152e28382d13a80bffd37a957dc59fe1b3604a1387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
faf6173e357b6e46392a68d524f16506

SHA1
2d09c1eb5ec1db8dd31bb612058e76b2b01c462a

SHA256
2b18c037e84d4f48aef37071f447d9f29d18a0008f839d287aaf41cd5fa66607

SHA512
1c6adce5068099c8800b692c44eaa7680a8553be95183567266508748f89a63222241d230d66e0816d8344e4ea651ee5520f8aed8c1bf28be4203ffb273fbbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26d7e789dd51fca4cd4d09b5468d81eb

SHA1
950c7dddec474e86b05b5edacbaedfbeeb97105d

SHA256
4c98ed1b1b10e8e3c4e07f80f860419c017264ab368a2c231b2f02889d67c539

SHA512
789f68213292df49b0b18b2d72555e5049eb8e799a93474680e45860181edc85a67c3a03443a530720a95f2917cff44c9c93e4b5e8b87acf05292efbe1c6e6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7707d37a4acad4c5bea7a54cbbcb764

SHA1
5492066ea61fe1bc0b5b150a01e9fd941f216aec

SHA256
56044ef05ac62acb1af1067d7d27e75ea2efa2a99febd4cbf2e095cfa05149bb

SHA512
b64b55cbf56367f62f44cfa7c7187ad4d66df1df9b0370ed4fde46b977837a4f8217f080e7ffb86a56a039838187aa853e328fc219e29a48730cc683c8885f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eda23ce3fc1c0b932d9baa1f7e3d754a

SHA1
79ed4a2fa97bef39ed9599a48eb7c0e877719df5

SHA256
3f5d4eb1d075d3e5da7a4bdc4c9a3880c6a0c96af130f2435db2b1368533dada

SHA512
9970fde6c33bc6d91e5adb3aa8a4ab761897e04acb77eba55e717f58e43331a5bf8983ee05d43abede40ffc5901a1c5be30489136b765e7e298735ca83fa0409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
168598d5fe018a89c99e62ae77075cfa

SHA1
883f9ff4731a1c44a9731887908e2f9a9ecd433a

SHA256
01108c1cde31b1be7d87b7ac91759b76066db44cc06db1308e899a890f2f2851

SHA512
3e2b2d3b3f54a348ab053c37725e87fbd4801d819587d29555df4e17b957712980247fc20274671baea4778b6a1065148bfc329aece13fd4b3bb09e24fd37690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25cc743e5ea4068df68583b4267ebc64

SHA1
4905d278ebc09dd824276d0597ad1b68fc2d6c02

SHA256
e2d3dccc8367e3d82de2cdc8355833dff05e145507670b6c19ba33e7e9dfe260

SHA512
cce1e5078d01a389d6a21b19e6dfb41566c68e89c5cb953f0bc7ef5f746e69472a0fa28690428cdc14835f4f6aeb269eb613aa156df5fcf8e8e3d988b632027d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffee333ba38c09d63348cc4d26f13bbc

SHA1
f29e9f80d24e90a92143b5fc1542682c8cfe3f46

SHA256
e9797dc4bd0f671ced3a67f65ee1d087e3d4d4dd3726b7c5890749a1c58129dd

SHA512
159276cdf366e42a092d3c125f812f3a5e3ab611eab9227befd9e0ca80cd5f480664935a8f773787f99c6d4c4fd330494db2a7d49bd86d3c91864d4a1152752c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95bc4ba63efc16cb29bfa14b6a738b65

SHA1
bb8fa7f6a6253c84b87c34c6e877077968e97b9f

SHA256
d92124891cd3be8cd7ca193442d595c875edc4c53833c9acbc57d012ea11dba8

SHA512
2102a757b4af22dd74730218ef7135243dc3402d8cc4d1ca6f014948b0852339c18d939b732bba46797b7e5e543772acbe18557e64d2e9155d5a513dde2778da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62562052e0541945dc2f0292901ee259

SHA1
5dc8cd2f863736947b4cdb28c84a218aa3d0a038

SHA256
feaef3aa398bbf2ac113bd6e42f74f0fdb6c6c258a1e9c4ab3572199eaa5707a

SHA512
fab92ef5fb9f80db52bfcc4d877d4ef6880f251dd8505f5e19ea43c9061443847dfc986bf3ec054fe268ae10d5b4e7c8f7ec06e48f895ffa4d50cefe17c38e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ebc4c7c03f3c84ff0dad7955a4022a7

SHA1
485fa22a92896eab3d9898942f4a0be7467bd5cb

SHA256
f12b4c0d04ea396dd643c50e61edc343fba46af210a571f0a4a7e6e7adc65090

SHA512
acf9ff1cf48af7e5c8d00b704ffbb48d5e0ce5e7df780b3c95649e25402095748d4ef44f5d9cf25d5dd78dcd83a9999d288c50afc691b369ddada085cf53c986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2699718cd4b2da8ddaf0d76a78c79a9

SHA1
0da5792eb877e5325fa61d81630283b9f5285a6b

SHA256
b3aa1fa8ebf0847b16c575e775ae5c7ab5d9925b2bc64eea3f232ed33fc56043

SHA512
0e0829c131791485edbee1516c77a4b188123131b099e707e28414917153668689fa62faaccf68645ceb016711a10b7488ff8519147e861d05ebcd1f97c0257e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97aec1448cd83d9e0d0948a53ebe050e

SHA1
5008805b3b3bceb1ccbca51c900b00a5bd7f026b

SHA256
e310019360b76786a6842b6adab687ac19234912cddb31f00e6642fbbfcb9a14

SHA512
b970ca3840b622904bf4fc53d9d5411476de36008ca64dd5fdd7cefd2cb4cacb8eb2b83b6ca1db79c7c0b24183f1b656b33488eee4aeaab1c21c9e8b08e86aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ba807aa1e1b5be6d17697779d17f4096

SHA1
2049da60d9b3f282e788ba47bb8db66ba26dc5cc

SHA256
311a8db55b4a827b8491ba89eee4730d0c7f75b03fb351cfb5f1d96e49a167af

SHA512
a6294af136304a9e7c3c40755a92cbdd36e7cda3c787dd532c4409d8615c12d105bb878cef960b7edb346f25f57434c89f2aedcc39142832e6a0c6ec9b87c05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1b875f0e439c3f3991127644e0f6060c

SHA1
e3aed15cca2b4a0f342f5b6f7ebeba284b8dc769

SHA256
79b46a915f195fedcaec3789bcef359ea579c401a9b201bc6823729313beab75

SHA512
775eeb1ce8297da3c15b832965902a92e64e4b26643ce89df204bfba6be2d5fd7f9387914c912850d250025980a5ab3a16b3a296220902e5297e30f1a10b1be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7e15d7768c6c7bfa248bed69bfec91f5

SHA1
997092a01321c47f9ebe80f159eac923ee61c02e

SHA256
78ce4fe11b9f51b821753bdd454ae6f7eb360cd17a3d904bd60fe4893ecdf47d

SHA512
1d6a76227b6cbddf165cb7a1b4ee8773122e7ed6c313e7c182401586542a0871c674dce10a582a448378f1d7ee0e2584291e2e4d317ebd991de17db2c1ca8ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6fba98c7b748a8c8c45bce0f9d2f1079

SHA1
1d9e3acc14093f27c366eb46606019c814fd70b2

SHA256
98ad4b6c92f05c2198f28aadc7cf892292bd1f9afa85ddba83e376bb2d0a0f13

SHA512
12ef7a3d54a5b67c6047fe01a509c259f7cd2aa3f7e352fdad303bf09e7ea26e122632612be2b7dda5bd969d94c0d863f60be35f94ca7f9a40ebcf5926f5b4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5e7ca7194323eef012d5301ea525c81d

SHA1
c40cd18a27753c83c6eb07554abb17d120bdb552

SHA256
1ed3060199239a7e3535818635f822e41c8192442ef81d486001d119eb1a73a0

SHA512
6191f6ca91351c8da973cdfba0a67a6cdd4d0c85738795d351adaf6d122196b3afdab624cebc1889a2d292a5ac9086bfdf89a35b30c434a4ff5d7a5ab66eacb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
876B

MD5
e7574d9baa00c2ed21bd967a95ae5d95

SHA1
5d1ded18c9c9ea7004cc834f52035361aa67fde2

SHA256
03b53ca8185dca22bd732e018cfe9c16d833b12b5f1fd4c609c0f07bcec45e65

SHA512
5e9940f57e2122805c7e5494b070a91937f0c993c86e1875d0abec5eac2943d61da1267405840d3925dac170aa32a1647248b994e39e58072a192a64fb1a4e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
97dc63c1122f737e205d4fe6fbb003a0

SHA1
9d559489ed141ef55dea4f0ac0c2eedf5ea56393

SHA256
7c01e4cfcf4acc8b11a4b4463db1ff7260bc9985c1cab14e000ccffc4aa04396

SHA512
7af6546244c96e46e6d90f84827ed6646b52ff439956835eb9d93f5052ce62b38a00328fa6173236e08ab2b07056b08c08def7d7925ed32f3d723c4d9895c683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d5bb373e03ef38f2f5093fe95cc3f36

SHA1
6a814bf0b590b97564e1da3b3ee47d2ab0b24118

SHA256
38c95fb3be57c000e2283e89ef52aff097a5446ada6d735927f89c1ecdc4fdb7

SHA512
1c10c2ba6a34e37796717a9ab7553b2d06c9e2602a18e4a0b4592f28f690d7a98ca06d3961bfcd62b01be32039fd4639815fae211293219fd5b4095a9b50bedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77e99a3860af4677b0d82f52d624df40

SHA1
277e726f1cc24a78fb92b00dec69223012f84a6f

SHA256
56b04a0d8dbad2eb3238a3300bbe760b92e3db3631e4b998bb5fe42ad5b2ab6e

SHA512
3e82efe0d4884d1bf1c4da9e0ea2d83531f0160b8f9b3d79b36358d3b143acaab3852b11479fc3023ca927876faa003b8ec2ebf10f080dad668d2bb850ed2432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1dc2c0b19ed6d66db5763ba9e75d9d24

SHA1
8b03357bbdd5766b367a93abf6c26f2d5e96fcc2

SHA256
014cc4f4aa072549c8f7171e8af7fb4aaf787cd13ec36566e8f02db2729cc2b6

SHA512
a23c0dd633597c216a878580741b0e3dd1af203082893e7917d135aa78ae1acd956a49cd7616feab33a54c46682fd7553fe12f6bca9fc08210b61c9b3710abfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b2f60503e6b9341e9ec60f9f569ae1fc

SHA1
bee8ceb9d970b5a73e3f320683757eb71a248709

SHA256
25b70a62009009fa4a45f535d0742297c5d1d0447efac9af6239ae792adfd430

SHA512
41677b6ae49625c57bf3445ce9cb7c74dc0c08ea804d8e34d965ee017f767e6ff7454e6079c2b7eb38a23a2abb43b2aca8d412e16c725452e973b4fff3848bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6bd166dc03e5bff42912323b506b0fd

SHA1
2fbd41d85c75450ac3a466fcdade4b10792318bb

SHA256
73384eda08811f3aa6cb3658c8844dadfb6a97bb92b303214361d48dbc0a92f2

SHA512
0fa82a31e5758f1f404360a27d4f504a368d342061ecb38733c50e5c0aff90632b48beeadba9859b81dc564cb4ecfc1fe94160868d59e87bf0038e5ed5ddd71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
84add470f67e21d3f26866440e585a5d

SHA1
b678ca4336eba1131f4a4c3b81f6165b1cfcc845

SHA256
11c83510b73168ad26e741c005d16ef12e0cb0003c1d842bd114ff71b9d0ae48

SHA512
8c84ae359eaa5a322957bee8fa8c4920ffbf5232eb686dacab07274a85ba3d6a16ff7ccd12563ffe737dc46986182c596110906977684fdf2464dd94990010ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5980a0.TMP

Filesize
203B

MD5
9eb2779ba029b5ed5ad7fd52a8c7fd3c

SHA1
24c47c11c311f43ad7cc947dc27086bd168f1d3a

SHA256
5b3d023fc8efd28ff9d63ecb11d1846e8645be04f984b9d2f8ffd5fcb0d3247d

SHA512
f69acdbc27c062524d525860743c41471e541d34351569ece944b8ed0b897f5f3f8a3b759e458cc984b982bf7cf1fbfde4e5d138b07a4f414ef1ab5db9dd8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
576aa2c5409820a2245cb787b5341dea

SHA1
c3a6ddf1b53b059a8bc0b92b74e27d861a9d90e7

SHA256
e84cce5daf39147c5d5e788103f1a0bd1b34f039c65cc4a5386ebe0a71f60f4c

SHA512
a1c7d33f33d53bd180b13181a4b4d215f5570a89c7770bf214b8aea692125cbb7ee1861f2514c1ef8ac4c506432683d729e54ec65b1e32591224370f270de9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
549b0d6fe690ac71290f67234e1a99fe

SHA1
748dcb5da9b01968fd27572906d871c37a08266a

SHA256
5010ad51235ecb70307231806e3b5ecde34869648f29b8451fd3f98f94191010

SHA512
d2e7d81544df9020df3ce97c69f4007600b1d6f6b5d3d7dcd487d15b7da7867d9aaad768a59dd386f23f859669e90a703d9d8f292b495cea47500c9ff7f64c3f

Download Submit