hxxps://drive[.]google[.]com/file/d/1qVxGOYncBjrf5yKCRDgY2vTim-q1rwGE/view

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1qVxGOYncBjrf5yKCRDgY2vTim-q1rwGE/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
128	drive.google.com
129	drive.google.com
8	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764624877684559"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
1044	msedge.exe
1044	msedge.exe
4484	identity_helper.exe
4484	identity_helper.exe
5532	chrome.exe
5532	chrome.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1396	1044	msedge.exe	83
PID 1044 wrote to memory of 1396	1044	msedge.exe	83
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 4704	1044	msedge.exe	84
PID 1044 wrote to memory of 2060	1044	msedge.exe	85
PID 1044 wrote to memory of 2060	1044	msedge.exe	85
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86
PID 1044 wrote to memory of 4860	1044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1qVxGOYncBjrf5yKCRDgY2vTim-q1rwGE/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2724 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11715715764258265980,11021079328845604482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x98,0xa8,0x100,0xb0,0x124,0x7ffa1d5bcc40,0x7ffa1d5bcc4c,0x7ffa1d5bcc58
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4796,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3436,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5248,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3408,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5388,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:2
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5288,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5560,i,17594059744491148340,15956507781646304670,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
710dc31b43fa12629afcb897a58ce7ea

SHA1
ad9cfea5d8f1189b0ef5918fb48255cc94a58c99

SHA256
191b295ca26901fbb6e47f3ec2e4c50ff22663b2f9700a6259a8300518505ea1

SHA512
bd684225b611481d7cd528b985a3188cb803148b01b7a22edb6ede59ba2609b23fa41c627926c39cfaa1420b866446e7bb82e963e2e9704c990f0582369dfaf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
cfdbbafa3a4d9caa69587b56f4caed27

SHA1
ecf5fa3709118baa268435ac39d282643b64f340

SHA256
b13cd2e1748c12573a973a06ccb4e769fae30575fddd5ca768bc2e6ed0e3f2cf

SHA512
316f71515120cebc4d44f3e561e57b5e2d838d1510cc5e304d0990abb74d872089392c8546c38607509626c0ac46bb671d048bc1464f19926afe361bd8db5d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a93a9d790149a44b666bbf037efca65c

SHA1
b790d99b3ff223878961fca9161bd193cd65546c

SHA256
0dc04b836ae1af3a4556aff4d122ef3213b899dfcaa0641c175690b3d88fb435

SHA512
467eae6cef73b866c0688375998c99bc9c89e352f333ed42f0af72e5d2d04db097b20b1d8b0bd9e5225996f1d199bac6011eace2b4089f3d92d852da5a8718d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bf8c3a9a6ba2a92ee891a19dac48acf9

SHA1
d241474ee931f9b912a98ea5a1ab087df6b43808

SHA256
07702f8eb78df970d96c18ce5291cb5a9d84b8ef1eeb04ec32ae0ed62e5e2dec

SHA512
6557f35eb7c31a07ac7c472cc6e535fba8512cb965324fa3b1ee29efa05dde68c1590cb16061bc90c2fbf30646eee99b0f24fc6c8e5d56d8fcdb028bda0db178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c91e87a48d1cdad1519c01171e9e06a5

SHA1
f2e2c0757a9f753c8153f60f6898f0f53377454d

SHA256
ecafa48e57857d790e9f7ed696c46c6d29318685f0c707f983359fe925307663

SHA512
72cf60cf2344e90b5fcf3acb9d6860e68fd5229936dcc105533f21502d4d6bf819801639a55233f9f8666bfce303e4a17fd815a7eed023529c8a4b75be12756e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a14e5b828ec68ed9b9a60d816f14f3f7

SHA1
4eea80567359af696e23ea5c99d5d457798216c4

SHA256
e758dbb9c1d3a50cb8196699cdeb673c2914ceb1a02c47f74809905adea01e25

SHA512
6c86933200dff8d3c56cc8e0ff46e409c067e12f11621c12b2d46adb63b445a71704590f2c33f6f8fe312ed2c508cd371257722b04f6f67e5e485c581fca5448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13656d282828d68dcfebd79517f800dd

SHA1
3707c7b88a29f9f3eeb9edf8799ddf71c12b15d9

SHA256
9c9a3f34eb64ae02637288b61f17400feb47b9df79e7dcf31c84f742196418d6

SHA512
dbacb6953626b7f8a8993b95eba3bfcc81f6d14a894f6f12ae819ea7fa36f8869422e799de3054dc2984f8e2d4d97b6082632f812c8b3af3df8e4354d5625210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a87f6c4ba9236e97ec9a982f609b171

SHA1
ed22c4cab5c9926618165d944d48d41b71464b54

SHA256
daa1d54170bddda5f437b8e18ae7a091c33e4f2c4e9e9ab4d66cddf73d251538

SHA512
f224bbf466bf14a75778b9bd0e07d2b5ce8ac7f22d06b8a8b951d7b55c36093d31acb1adf2318ef8ad8e961615f890a485e8aae586ad57eb743eab76bcc5e251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52e5fb25ca212ddf835d167ee01631b8

SHA1
7ca2ca99988dbb861ed9354b4b6807355008e1bb

SHA256
d515e11b25f630d505b1b33da05bfe867d80913d9e0f07e1d18872a5bbebc3c6

SHA512
29808e3edf43be466f6a37ba1b275a3a6b46e7dd111809bbad586affefca41b428b61498daa446205b2671115711f0628a73d60ff87bef25f376cf05d8c7ab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c578a0f5e42b1219f52e23629187036

SHA1
b9e9a9080989cc6ca2e8e582c752c4efdce32a9f

SHA256
3ac34c598f77b877e8a7fd735f49a050a30660dfc81c58899a3b6be035ca5167

SHA512
b73fea1ffda659dfaa30c703ad1ed184d61efef5cf909d87dcf78c9b8e1b77d437c7f3b2dec73de1f6cdb625ac5587de2e89ebdf2b5f4292c2c3519396909055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45d1efd1f6aec8e7f04b6b8eb8b3e1b2

SHA1
7b4c3a466a46a49ad854712e228aa72541dd92a1

SHA256
2d4ed835c7683c60077784a706907a8c6b22997f60dcbf9ba0da51d8ab7c8228

SHA512
5c750aaf4ad8b55ce3ba7bfb25692fb8a42cb3eee495245dda12a13c075cc090491e37b2392989808360d990ae122f2227a20e36599a858c649b16ebb4e8708b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61c34d06c942aad351f568201e902cb6

SHA1
9192023c71c10bd07b9727489ab8b5bdcea53108

SHA256
24270160374815c63ea49b148c1d79ae8790854fa6650d8337a18c3550aefeb1

SHA512
bb024d97a0175e7f34ae97cfb26de1cbab1f4b1b0ac819c9a2f3ddc7fb4c9eeb25f7d46f1bcea4c2e7e1295e77db643b67890ce12651a6500811f23de020b2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1dcf5b99d5af162e19778e03cdd7afe1

SHA1
6068739a5015b1a58a70bf6359215c64c094cd12

SHA256
ac0c78c1b4e44a9a5a4e8866e970d12969e79ff3a2231e8a2a5915c1d030d55c

SHA512
86a6d9369071936c3858392c1faee2c8dce9e6428c2f13281a1f457dc0f24998dd6fd2a15411a7a49db881f86d0fb3204416e2df65378f73472681702da7be33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
08e7debe1470d25d572f4e79c776a27a

SHA1
e38422d062bfac66e7ce5599e3a0d412d790bee7

SHA256
69fb91c9c446ff85f374debe975979ce4c98625cdf0c2865cd86547a7b5c8621

SHA512
e67f68d9079ef4ebcff7557d30ca6f20801190a3f52ea118c6dd15c65e1acca5046a8b683e80114e30cea922230a6be1715c7b4e4fcd2103d5105e757196fe6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
115d6aa69ca50d0f15e7b8ff08291ecd

SHA1
36936e6abe136c09ce5707387a5721b5c2116452

SHA256
41ad6151f1080927b0a0f7998789166ff8216124375ff50f99db44683e7d0443

SHA512
ec8a0b5159075a979ef76200a3c41ca61b0554f78780f2936d7586a02f2229fe7c9ee9a97364c986b3122c24cb7e7406aca037acca1b6d8a2c19e56d114c0eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f20800a198c926e24edffbb26203674a

SHA1
5eb4bd28fc2a71c6d1c5a3da7cce08b2613300f0

SHA256
f0691296563de2d33393e1cad1e413cf0509e6f997fc067bee4659bb65f9c869

SHA512
989a4b31ae4c1e2ffbc4b70c56308584e524b80c6956c78d3c87fa5898f92792bf44966590c011cad7351c81d91ecd89a3b3cf1f91fb95e8346bcf2a1b3ef22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f1cfa621c28e4c451872900e4cf9e737

SHA1
d414f68834382e3d332789c1c246344ff34e244b

SHA256
d9983ae18c806a3a9d3abb00c4fa9b7f1a1d89f78bfec9252a7559c474210fc2

SHA512
96076cd4313ff4f6b55225605926ce808e3200a815e2ce38394cf5552eeff09bc97c75c48965920ef2c5427aa64380963c146f68315edcf8cd6638dbc9d34bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
84255aec48e63dd837da4ba6aa15f64a

SHA1
f18eca116eb2387d07eb3013f325b5b4216069d8

SHA256
f688d442ae5dfd63f1171931beb79217ccad21d5e1635c2a15dd59bc9b064819

SHA512
342fc7e1a232b1542c015dbc574ea3d35d889b01f2eb55e5a219ef90ab72c5c295a7c74a7de1d0f904dcfd58aa8d191c3f46616969ef4414216b9f321aa5bb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba611255a6ded943788805ba6ddfd1fc

SHA1
c858ed7de40f8e3cf9871913b03d1df321809f37

SHA256
fc546321e1cd1f6ca2ce38e9b594f4bab33f3ca79f7b501d1c698333ed9e3088

SHA512
bbd48e6bf968c276b3b4011831559ae7290923ea6878b846a9595d2158b864a137e7653868f2ab45cc6ff9cd04ce89fbffab458871240328d0183fa1824ac5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
06cc37ec34364cd14f0fe61e0fc5d461

SHA1
fda9c4376d66b55a9e28c9cb1316bbf7ee0e0c33

SHA256
b2fea43ed837234f7f0ca6600b24e0e550d4d4f85efe866c0c2a4f1853b03d4a

SHA512
68301fc797915f2adda6b7ebc0f70625418063e7b425d98d6acf24ed9cc4ae1bc9ec4bdde689d0a861d4c8090501a96bc5cec1261b7c4d2f85b9c94d0b4cfb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63d23e194d1651f1a050f2a372824d3c

SHA1
90f39313f675082e72b661cea3decd5dd9b84c2e

SHA256
24911784657cf9106800423daef4899aba72c2adf53f403a849ca62e493774d8

SHA512
f9fa45ff693d5c52cec0bcfdf8ff95e7524558835dc9b254c297c56ba86e84d137a8356282058210d36dbaef14a03462168df9869c4355ea4f9a5df7fa1e32d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acae27d4794ff3889c98d71c5f071f06

SHA1
81182d140891f0292dd2edd950bc33a6d00f45e6

SHA256
4a9f3f15e00ef00c9bf91c064d4f46aafad93b48247ea0ad40b87e96f984fcc6

SHA512
c799ef8be97aeae4c06787f4f33abb5b71bd14282877a7e84271b7e77d775d510c9463fe587a77e24fedd86bae847191a6f6fa39c97ad2270c3a4aa5689e24e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10100e2c3125db359bdfbfe862615a81

SHA1
9847d65ca766f46e8aa69cea4e17eda60c25e350

SHA256
89b19b3fcfae9463a8f3d2cc2333dd4ec509685f5cb0228c7fa01eaf1cab31bd

SHA512
7cba7b99993b590ceace8a20b096737bbd589acbf4b06f82a5f3809340ed951906dd38a50953851b5454178463a8cef64774eaa4bc73baf2bdbe93b655c7dacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f7f3429b-662e-4080-8cab-45a85efb3d27.tmp

Filesize
5KB

MD5
86b944d81d0e7e8822becb8ec09fac7f

SHA1
af0ba88f00f5ec95954132d3fd4cac9cc70ffeb6

SHA256
fe77ad55e2527b75ee83bdc082e80862d513fb5468e31355e2076e5de8220097

SHA512
5fbffa1306596f4ee0d38994fdab5229b5c28749c99bab8d82724ea03f6bcc5639963ea756de82c0b5ef550f73c8f52e79fa2991cf8681a220496efd5ab7c7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07863fd4b6833455c477c2bb013b62af

SHA1
78fe9b96a3d8517a69d28b51b531a8597f12eb03

SHA256
3eb4bf1e1c9d2a24fcff5d736a89822b8e591ea7e77551b970cd3afbfc151137

SHA512
4d59822965d16713bf2d72e3ed6445b1ad3bdb4839d365d0edfe56de239bc4556b154af05b14fc9d71eb98bb4f8112f6df986f1792397fb1549a07f93d5b8cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ef2ed61ce6b78363ddf1c1399e111a92

SHA1
43c7b2798e8dc9839d5eb7d3a36f8652e9e2bc8b

SHA256
9d7784e0a9e26cdbc8ca407d17e06501e06e7e3ca28e5177ce18f6c23b55bd30

SHA512
2bf3b2e3460f33cf80b60d9aaf424670594a5b9b5cdd5b78cd4ecaf94deff4a9f3b702ffecf06d17365a9f31a2a28de2962254e18a5d2de4f6173cbc40d17618

Download Submit
C:\Users\Admin\AppData\Local\Temp\fec99acd-a7d7-499c-97f0-8cfd21c5e68d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5532_1221742559\235e314a-ec81-4d5a-97d9-8c45fc19820e.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5532_1221742559\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit