hxxps://getfilenow[.]com/lp?id=Delta%20V3[.]61%20b_78295685&t=ZV5fXWVdQU1HXg==

Analysis

max time kernel
110s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getfilenow.com/lp?id=Delta%20V3.61%20b_78295685&t=ZV5fXWVdQU1HXg==

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732567964480348"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 882538.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
2432	msedge.exe
2432	msedge.exe
2840	identity_helper.exe
2840	identity_helper.exe
3440	chrome.exe
3440	chrome.exe
1588	msedge.exe
1588	msedge.exe
3564	msedge.exe
3564	msedge.exe
1080	identity_helper.exe
1080	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
2432	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2496	2432	msedge.exe	83
PID 2432 wrote to memory of 2496	2432	msedge.exe	83
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 4944	2432	msedge.exe	84
PID 2432 wrote to memory of 1412	2432	msedge.exe	85
PID 2432 wrote to memory of 1412	2432	msedge.exe	85
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86
PID 2432 wrote to memory of 4868	2432	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getfilenow.com/lp?id=Delta%20V3.61%20b_78295685&t=ZV5fXWVdQU1HXg==
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ed2946f8,0x7ff9ed294708,0x7ff9ed294718
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,15363430300175646991,13270222240729058871,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9dce9cc40,0x7ff9dce9cc4c,0x7ff9dce9cc58
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4956,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5092,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3416,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5404,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5284,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5500,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5664,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6028,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6036,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5828,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6068,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6400,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6552,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6560,i,17706248091121858320,12139049940494700692,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  PID:6040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed2946f8,0x7ff9ed294708,0x7ff9ed294718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4739196259302384613,17029912901764756391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0ef9c3538665351bd848c21502748312

SHA1
2556281a50c4eeeccc668a2d0fde0fb402ef6afb

SHA256
02802ebe4c57cc80470c094d07f2d35fa6e8edc6491e8e037a8343c268dbd906

SHA512
3c75f7f1858e6a59abd43c2d9f459328a1b92072b33cfb92e39c5b18e22d1d432d8df8c870f864050d1e487980d16d616059ce70d6f002f23c91e50cb037d248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
fcf5cb2eed34d9b856e015b1d5ef302f

SHA1
6f5bd43fc5e6f1e276553c145775502045fe7e6c

SHA256
96815e910998f1e2d81fcd4daa197cf08c93379101dd801b2e69b8f4a447ee29

SHA512
55a7bde40b7d8ea445320a43169cfdfa602ab71ca682a74da41de526cb4f3e981facf336f9a7ae7e4b6daa2df67c093e0e710234d948e13154f7511330ff994f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a3ed2ea3b97e6ac33e60fcdc0309463

SHA1
7eb5b74c446dd9ce3f0b3445aeb13201206a12c4

SHA256
9d968e12a9d088bc85b224ca4206491b837b2b6f76bbcef0d628152e9a56b3d7

SHA512
930c30792b1881e6d5f952fdcd46f83d298045a2387edcdc7776de5d355d6f414c0a666ae28e4d3164fe44f3d989c3ca0ddbea172a068a03f435d63919d579eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f26658e8e9d23c0f52e18c7a4ce4a8c0

SHA1
29c3e52e8a057441e74c59a604f29c7708388e95

SHA256
7672ab8d74d8e28d81c9441a0d1d9e65e537aa310a90812351228fa2d48aaee1

SHA512
58fca719d9c8a83d8be8202a916a9c23a6e7916f4530fffe5c7745fde97eac8c7bfe8897165a5fbab6e9c6be2665b5d67114b8fac55a12b2cb4a72e41379fb4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
846f3e7df2e3502bb48ee10497579f0a

SHA1
27e66161722d5a4f3b07ce3d81ab2b46c718f541

SHA256
1557a882bbd14f2147e35ad63c0c8152d7bcf2f82ff34de216a497daefa5a922

SHA512
f9a571e4091097fcb41e10e3e82f338857fcdf6afc9af24f7e322d0395faf6d63ba384ef518be269f226cb271c142628cfce72e9f933b6a5e4b98969876bc4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a429df69d72b59648f47b6b41b0fe4f8

SHA1
8ebd6c9828fb50061aa63a2734b312ffb4424632

SHA256
4bfafa4ffebb862dd8accc863c696dec1cb9d4fc8ec08a78f5c26d6b3f4e7bcb

SHA512
2e096894b2e9adaa92c5848f8cdf94e4dd718d38d47c0895762af9d16efa8ab14c7477d2cdcb2d8c09be6946b4d3c2b5c747d41f661b1a8fadb35305ed74bae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
acc4ccf8208980e37d19434dc61abbde

SHA1
b80fea3c8651f610a1d37dce9b5f31be48ee9fb7

SHA256
9c86621c7c8a0b6e7983c30ce9259fe4f1237f487b3e692fbb82416446f8b2aa

SHA512
afbc88b6f803ec6a5e19490cf2bb5e4a5341056b519fa02b4a87686b3f7a94a2f1f1d7b581c662d8df41c2918d6ddaa507b0c47c74648f9333f6a90b1aa85571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a286de5fdb50d6f587c1b8bc04ae941e

SHA1
2a31c01fab8b5bd901e28ef157e1dc49d45a3afc

SHA256
0c09117e5ede3d02feaed04b101f1148bfe0ddba9efc01679c26e6d1791a944f

SHA512
c9b2705a55dfef1ba0fec292ea57a5ca9b5ee578d2ad184e83b02fda6564655207d55a1479685023193a757faa9f77a45bf1d67ac6f3849995d9e2becfab3790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0e91f72edc7164fd4f325f51473ca6b

SHA1
e2090702e2698c70179487b74bfeb1a91e5b06e9

SHA256
cf6e1cb1ccc7cc1429f6ec1f8b3ab7a8d825cab35e8cc89697052733b09dba4b

SHA512
4b27727f2008ad33bcf83ded9adb65602409ce88b09cf2cd71dbabb789ccff65c4151ef161dd982e5e41fc083402ba3e0f6d2be52f2dad07eaa6e5b6f573e66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f60db9ee05c47fccd09548e2d971ec5

SHA1
a58d63a60a5c9faed34adbb53695dc2afb9aa77f

SHA256
138f2e81417dd7ced6388c96614cb0af710c2858a2c875c9abb491c810c07edc

SHA512
b60340e55d81e235072086696fe7e163a4a8ccc4979567b199942dad9d35636bacad9231d41d8e123c0d6490124b08986defecb8f63f7f01ba2ddfd1bb736e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91c26f304d1594a62540174829cf9b7f

SHA1
91763ab335adea12bc73bc4b766592478b0fef97

SHA256
928ea5aaa5c8cd772d672486802ffcba6670c5f75763ab817b46de596783de93

SHA512
920230f9667b38de86fcc2de2e630090e3fa34896c0c674669b0c5a2f83493fa0d6192ce30263c6237e679290ebb5edde56a0398f236fa9dcd3c76700cfa0d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db1bd954e54ef6fe2749131320ba57db

SHA1
1bd0398f97312371677a8e1ac771b60301004317

SHA256
6407a36a742056274ab92b3c65d4226f8a72ea0ea17ee86cf0e412eb94bac1c5

SHA512
accf050991edd409db2e19e9377e82c1ec67c8e3565ad31d466d6aaa136f5784545312cd7a1eaaf1651b9814c637acaca851f12a3152f739602001e7491b86f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cdb15b915dc2f2f0b86f0b96a52d788

SHA1
4171dcc5d959b5b069d86a0d1cb3a13b566258a6

SHA256
7e021b678fd981faa67d813d8c3675bc5e59357ec6305027bea0cc28b6b233ec

SHA512
499c2d83f9903d6ae24b44d9bb7f683efdf8c227db70b27af4d429a485455e447d85349b70bc13f37b71d0dd7b9cc7eaa1661e4bbf0c84dac5121894ef46645f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0809303c145527fcafd71ae9ceda0e6c

SHA1
8cad4cf7654960d0a847f0f6cd552c51268868fe

SHA256
d5288f61a27ecaed91a65276c069b35364006d0c5942bdf409cff7229c5ba55d

SHA512
1f9d506a9451d434f0b65a5a8598590660383a978092a4d75052a6debfc28afbf24b4c80af3a39d2b9a9287eecf1bb6a0836b17e7ed841fd438098b86155f5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
35c254b850b6715a9577dc6b65e83e80

SHA1
edb6406b21b39e444e3542f6d76369d7816e2f7b

SHA256
7c6f709d387e26c8be8394d6c48327d2a0e13767ef1ac16f21ab33c15fe3cde8

SHA512
0af937e0b1dc3a9616664485caa86bbd1dca14ecc8dd0c7c7d28ba2d09bdc7a47076e1c5b68d2b35c85ca57bd1d22fea72ea486ef3d5b72c74b099d8389c495f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ffe55202a10ba535c25cc1a7ba2d7939

SHA1
698730a3ac9738ff36252cb39b9c1d5e2e9e8970

SHA256
c9496d087f14b459fff94e563923f3a5c67cbc864ffbbdfb82d2ecc292a026d0

SHA512
ba38d02065435a7843044f51226bcec5fc2d0a61584aae90e266e64121b2b217f4ddfa625bd40047ca7663419a3d95d1cef784701b8fe45b718360f7581ab115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4acec1b16b584ab51758e7827b31e227

SHA1
b6b6c04f510103ac9844a6e73dd526dcf925ba82

SHA256
9546370adddfdb7553b4a15bf4824337b59ae424dede5b2d06f51fdf6abb649b

SHA512
0caec5f820c0cc42650ad7b9a2fc59a3ceae5c10c6d60507ffb055bd58300d2ea7f6ba640b36078196447e8af15c83b786f4655addd94af5e1463556ee4e6493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d67230b13e26928c7428ab64f32e827

SHA1
fd9b1607bd12cb40675fe838e8b223aa0453f2ac

SHA256
ea4644ec6201c3e2f9c59fa9657ba9ca283c899e5a0e24f82c2808860f344423

SHA512
c315a36ada2de16a78cab34deb450df4270b4f13e44b76afc4aae3f44c796ba6edc8be5264f1fa0eb338586a10b2229545a47610f3cbb19d9f78bda3064ba15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6da483fb2d9b83e069958de35105699c

SHA1
6bdab4268001b987d3d19306df5c9fc9efabe500

SHA256
cb85b1134c603e09678d982fefba16d61faf942e9b781ea1c85eec8e8c3c4c4a

SHA512
e13d5fefc2b0592f98092b34ba34e2741eb4b265fbb36018284e5945ba5409f5bae8635ae446592eb775744e5206c376b2b2a8aa73870be5bc5ca5359119eba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4dd3fe4eb96d495b87d6d7ce12d6f4cf

SHA1
9162807f7faa194e4d9cf5bf0a5c84c4dfda1ddf

SHA256
f23bbf6373891c72d60ea5da58b504abb1b41e304c594d8b71ca1b0e12e2d624

SHA512
9947202c682734f681e69e790c62b2c99f66c990ac07563cc700c52f4e74175f326b6f54b60dbd60234bd56630712677f02c2660eea1b22e5eaee6bc894e1a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
cabcffb04ea52a7716c560ef5d267e8f

SHA1
95866b4cdc48aba458dce499b42ad59cac496b27

SHA256
55621c2eef5423375fc613adf6ee0a4986a47524a97f23e3aec52d935ed5df45

SHA512
76a8d80f64a29b5cb4a9a4cb18ab4c97f23abc064702b5f3af7d4d2041805bc8dc9d7d33bb7bbd6a9a70f19d25bc724f245789fa5945700813b1c969ae78e9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
843B

MD5
58bc53a0228735f5cec3128963bc207d

SHA1
c375a49d53c26519f8ec92b62893801c94e070f8

SHA256
3753111576ff83d5cf442f52afd1c6acba6fefcb39fe1471acb3fdbd6a54bce5

SHA512
268248a292c7f202afc1847d89ae55e4efe97319489b4617d2d7b158c093fbcbeb4c0baa34f5e3b68c6daf0a907b4bd0c6e1daa9d837764f6b00235a5b61ee93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
911deb2ba2c4765f37700ab65bd8ef5d

SHA1
7ee7d9c8d1c02e4dbf8c1c1ded12e55ba106ccea

SHA256
8f9ed36cc76d46256743fc670bdfc5afba148eff593b2bad0c9fe7ff10b72dee

SHA512
5659c09ed30c5bf40fd52f6eed5f5a8e67132730eb7a6f3068de80ddec0e918f23f7122393a5b06e58b236eff4e0c298f5444bce26c84e95f5ff74a642076395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
471B

MD5
83f3143591d01b64e92af906541c3d1b

SHA1
169e20ba245315311c5618b5be1a87d7e6034b7a

SHA256
999f026be47c924e4219914b58273312d875fa37b2f7a97bc145f15f940ac1de

SHA512
457582f3854cf6ba2dbbc9f611e739b3659f8a3fb0e326529a12cc62290463d9e7d6c44f75c6a64d2d6cc618bbe88fddc11abe446b1a6654ef963776ad7003a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
471B

MD5
55cde01fe8838155f71794e2904a41fd

SHA1
d26266afbd1c293f8f2da5e39550bab60d7a608d

SHA256
40b8f30779e79478dc99e676c79a54ccc0d7727b68f6ead261a39a42995c8a9a

SHA512
9d982ad25c72836ba8cfb06e70709b36744acb0b850f50a839c20a7ce366e852cfb761bf5ae181851787ad6e206c0f87ef75b1864f24a70e2cafe371acd4c46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d78a02db72fa06262a290c880f7e889

SHA1
7807968f6c215c30f7d0c629dde8e94700e76fa7

SHA256
c0ab379924eb66a3079f40d62fedbd5c807147af4b71e9136e988129d967e9f9

SHA512
be129d6813ac9a4ae5733eb3dd85de02fb3d802d52b9312d9c08df26b39eb54f23fc1a5df83bf153d3f0f980c44752fd96a03fc67a24f70e0eb9b41e7874da88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91ab588ea705d35297ec9e8cb8d0a57d

SHA1
3af119e328e6f4508c71890cc4ddba5b94dfc565

SHA256
e66729da2f66e8027f7a254d1ae0cb5d0caf030205494c2856a4fc49beca20f0

SHA512
112cf6197c9b837bb3fb468c0ea2ce2e03b8f5a77c3509dcf3c2bcad6334dcb5a60f686c7f0dab210b70f1c790ecb783cb2557b95687b4e9921c8b5c0cef0724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f9b90e0a13b655adfd1cee490199e82

SHA1
a355effccd3a577d323b3bd61cf7d00ef3ef2ae8

SHA256
c4b1861ee85b8b96ea192b283d09a66722827b3477cbd68533c165b6d6a2b34a

SHA512
b728105429a5db5037adbbd1c167b0654cbcb2389c4355a4f144730ee6a949e583c07b2ab714abede116ec62847241b5bf12c24ce4be8db806e777794a0d9303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9816b3f89ae1190de2e9c5be8e622d5e

SHA1
9c5042a1ab582d1e94d2d3cbaf4e08e578432f7f

SHA256
b15e76db2996ddee17d17d3b1f034f97f68adb74c30987b7bb3df929b9787b23

SHA512
63bfeeb10fa5746107b65982e65292d0d33e81680cb81d23239fa4987b736a4a88486cacdbdf88ceeff1cb2f6ff6407b3493cef1e8549dfb409bb149e97cd9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcbaf82a8acbfea10e387768f5fc083e

SHA1
ad1c3c59c395db4700a44954bbef12273554bba4

SHA256
2c6aa39fee4898a8b7369e2a1a2d74fbb6d7ce3e2f38943e3ca8b6608adc5232

SHA512
f1d9e14144a2ec69a3fdb78d331bee1ac600a2c1e8b15deb2cf37b61686593a5f035e23d909409e9e4a5d84808db54deb4003f7f7662c5f59e5644b737e3650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1cdfb70e0fefe120b21905ce8cc5b5d

SHA1
b97a471635a100ab45fe2dbbf47c37a910aa2311

SHA256
b82e5ad32a8233121c4c8903200ea99eb92cd48c80b80280d2d58202bac50c3d

SHA512
2e977a2846858158ebe5476109532eac77ae7e63da21dc420c0d765e9bff34500425ddffed6d0dd8970c3f0335e4a1f856d73b1bfe93a084961fcfd0bc4f9067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
800d8148394ad593db73eb4c1bb55197

SHA1
02f38fbffa42d16fb64c29a8f956f9bdcc3351be

SHA256
4fa1c6ab935afc4b05df67018a5c9f3b070eb987afc874f98b2a3b814e72fcbc

SHA512
fad6b2e29ff6064d7d2df004e9a3beb1605528b4debd6c3776740b071c2cca90a320be2b2d270c6615b4ff525b9bf600440aed4eb6e91b515f00087a3dc52baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373256786311114

Filesize
1KB

MD5
4e0f5012401cec04bcee0829439f736e

SHA1
153089b654f2f2a9458b969bc77ba68120f2595b

SHA256
d65e87b2a23bef0b0be1224ba9623a06b76149dbc8ac3a00405324334d94efc4

SHA512
5953487b36cd9849954436e2fcea1fdd7bef26bc1f520d16adefc386c27ef2a500d9d9d7c9ead40a2bce0472fb8d1f8f2a0e488df9e8cbb430e322719ede359c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
470af8fbe69808dea41e13fc7a17f6e4

SHA1
a2df895c99044221bb6f252e86fb2720c3c3e9a6

SHA256
38ed92cc476386fabadec3775ef1c0b9606054c280abcfff08ea2c43ea908321

SHA512
6e1995032f5e86a8ec966459cae11ce7bd940e90fd9da41b962236f7f1af7b7ea169a1d96e8a5dc3511ab1e9e0ab2b027c51ffe9d04dace3fd94b64c164a884c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
866401ef3f05926d41a5caf603526dfa

SHA1
a720dc2f3922884adf1150401c3d729b10a51c52

SHA256
ffdaa36bf60c1d02be9fbaa77c5919a6d62e4f8c973dc030c386d794d3010598

SHA512
3a52ca175db2b3f1453fe6ee639b89a872f4eb1b56f590c63512bbb3eaeb65f01481f66e482702e0f840313aee8da8ace190a9f23b94921d4b00e4bcc7fa0a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f944657bae78d17f9c6809a6cbb3f225

SHA1
bd6eb75c224671568b71252efc7c531e10bcb00a

SHA256
58acd00db23a9ea1dc8cb297a80e5812d36e061cffb6c2839c961a341c45f6cc

SHA512
908e882cfa415c7aa7d5da02bde7204210ec6a9da994d4886c7a3596da058769fa43da49ba82af0bf8c774b034e4baa61dcbc3ce7a65ad9d76c4acb64de9b4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
564f685d6a1d7ab25e6501f8eee1a010

SHA1
e5b8e64df4a410a1a9771642ce06268678f144d2

SHA256
ab92d28e65aa8bbaaa022f6c8e07d355e018c4c3df73055c3698615404decadb

SHA512
227ac7f817cdd4492101b9f570f348c3875baec877029e7be6f6136d382f71b35cc7d6a4803cc2b31592e3c4e40ea0131eae26917785202e965cecf8678add03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c37f4faf-17f1-4619-8846-47fddfa42a6d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
46d11ea2777224285984826367d0f0fa

SHA1
8d890dce5d38def1ea1d5268347aa8e98573226d

SHA256
c80daceeb12e638b95931c865670936ccd3f576443bbe0e9fa18ed61eb91309e

SHA512
82303b6e49e345b0c60acdac98595e256694ebfc1bb5d54a3e790fb2c4c12727b9f51a98f2e0fb45c4df501060abf5e2305c1abcef9743e83cea72445a2a7675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
170e55f546194953dceda1794ae14075

SHA1
f534d2fbc7b146ece3f9b208b524d2ab0996cb4f

SHA256
dc96b5540518935fcd6be5a76f078d9dd832f720d6a2d3789985784aa5bfdfc0

SHA512
7a39fe69d9b31af7117b4387e168602de3886412cadafdb05c77a750055679f72e670bd40f73662a0a38cf67be379ee2ace2bb8be98163f1b724dc088eceb71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a9e760dbfd7c0c061f048c3d9cbfff03

SHA1
a1109f29ffd7789ac48f58bcaaa2123d859e05e5

SHA256
4037c901642c530e6e1db90e2167c64040b1e43e56a244f6d25bd3518d878a7a

SHA512
a6b5e024e71c912c69fdadd8b40255c27e149ed6fb09e45d153431da62ddf9ef91164b93bddb8583445409957fa34db878c8d93bb9ace73b2fab9d1fb1b3ea28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
fe53c129cee75f1a66c8bc8d7db9a750

SHA1
b77d017a561267613dedf9e5e4505f4d51bf6764

SHA256
e39d5f77ea7c8f1b71f81683758a75b1b75cb29632cdef0fd809cb1f0d697e82

SHA512
213f7eea7c8bce499bb492e59be1795e8e613a1c284d5a9a44bf834d4315eec0dac01ac81c1c6eb4e7c88d2c6d13a951ed903d113b1dfff50bd29146b9eaffb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
47e59055722750958882dfb89be2bc08

SHA1
8bc998c737574abfcdd55420435de7032489a803

SHA256
98f4a126867aec2959e72b5f79bf829576fc6208656d3a658ddb1a91ea69ef03

SHA512
7be8c647449f6d938577012d483820977a5f5782426560da2c1c6391b0fa5f8214b0be979dbacf850cc3fad8f5df7ba5bc98321ccdde838f28857fa6fe06f7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7bb48b0307486ea53112f60955ee7ff8

SHA1
bc757f8b4532f4714f7f076cf6b6dda274fc3f93

SHA256
eb2e40e348527a0dddb7387e0d19f65114f2ec2cf0f2740b91240052c765a353

SHA512
516ec92db6ac8b91065b1338d9ec39dc552f5562b55275e63e67bb6520e0e7219f6a493348e70d479d2c7131d78fd3c74e05787f222182f591d05bdf46965dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
cbe66aa054c4caa2a110bda60c46d830

SHA1
df63eeaf2d19fe260a803858615f8fa38e3163eb

SHA256
829eb6b954747b15b907ab1e62d40323138424abf8f1893db374497e11af4b63

SHA512
b2cc19a12167940570ed1cc2b2e8b6c0aa48f3d37383e6884bd451d664bb8caf72b2644d3ad999fd5a1f436d26b8bebf6ab455300b0af3a330cb61f20cd0a2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f68f23a91acd247eb245f404f61a2e3a

SHA1
13bee5437a6366a47018047964f998e18423d5eb

SHA256
e1bcff25a5df318546709f03279a4fae30fecdfa0727ada194e3037e4cd251d0

SHA512
b78666e1a4ff3119b5d0d339e78c59236cad974c5fcb297d3e9a970c5497d0ded17dc34dc3da1f22e1d456bb305f6cd5ec94b91783624d8d4c6cc6a0d66db5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc711460996e1cc3854aaf1bb6bfbc14

SHA1
94249f6c946783b164cddea54b64772bd4a756bd

SHA256
dacacc997bca724c1c73aaeafa0991cb2cb7e1183a5d99ac41dfc6d3a5feb0d8

SHA512
eb4e74fa2d3066c6464c3c94292b537e4a0a3feceb810a48eae21373b76ef03af42f8740dfe96c23900fb522d327c474ce32d71529997f58d60929e1723724a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f2b18d2ac3c7f76fde0a9a727c543490

SHA1
ea94914950aa427b5e25235e9a5457663a3d5cba

SHA256
35dc1ed7ef482c7a89b47a9e09360c9590d2a39de9dc6cad3ceac7c924651d17

SHA512
50c9673f2f0c9c069ce0564c8d53bbc9481725a1d53223dd5fb8a48fbeb279d55d956116288cba4952551f91ed1afca5841f4dec909a053a3a8cccb5835aa3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bdbe449c-3071-4fe2-a4db-44f4a0dd692b.tmp

Filesize
10KB

MD5
30bd337f849b5c17fba02d8787df3114

SHA1
6f0cb64567a1fca1da303dfe590b8b886029e408

SHA256
ae0b55184286dc53cfa929b320fa978c23cad616dfb459404602e140d806265b

SHA512
47aeb00a20f563cd29e34c0a71879b66b6a8123003b108c762acdbadada34a8acee6be7afceab3da7902cfbf91970490b958ed212f7d37cb1a35c3aee4b86186

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 882538.crdownload

Filesize
5.7MB

MD5
0aa6945aee17c3eae75f48e715ee5eb7

SHA1
b84977d612d1760f7a682e96dba9f7160cdaf72d

SHA256
0b8be7d62ba830a3a53686afb8af57d1b2301d76c8b06759bf4b148d1e2ab6cc

SHA512
8cdb467c92fefe0add78824acc496bf1c70c1eada04a801076073df92497660551c7b3c56a7d97a5ba74eb75879e5323f4b33ee51f94cab8c8afe6515056f5e5

Download Submit