hxxp://b2btrip-de[.]com/?auth=2

Resubmissions

29-11-2024 04:04

241129-em2mhszncp 3

27-11-2024 18:17

241127-ww9g6a1jgn 6

Analysis

max time kernel
449s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://b2btrip-de.com/?auth=2

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
214	href.li
15	href.li
16	href.li
150	href.li

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772050596899309"	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
3200	msedge.exe
3200	msedge.exe
3684	msedge.exe
3684	msedge.exe
5188	identity_helper.exe
5188	identity_helper.exe
5416	msedge.exe
5416	msedge.exe
4400	msedge.exe
4400	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 3256	1792	chrome.exe	83
PID 1792 wrote to memory of 3256	1792	chrome.exe	83
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 4004	1792	chrome.exe	84
PID 1792 wrote to memory of 3540	1792	chrome.exe	85
PID 1792 wrote to memory of 3540	1792	chrome.exe	85
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86
PID 1792 wrote to memory of 2916	1792	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://b2btrip-de.com/?auth=2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffbc81cc40,0x7fffbc81cc4c,0x7fffbc81cc58
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1224,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4644,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4888,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4812,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3388,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3368,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5252,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4760,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4744,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4664,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5228,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4676,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4720,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5384,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=968 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5096,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5260,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5980,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5332,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5560,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5852,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=968 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5492,i,16089915209331095777,16015094838012266399,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --inprivate
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffae8546f8,0x7fffae854708,0x7fffae854718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1712646394649772697,12578225218290121561,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --inprivate
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae8546f8,0x7fffae854708,0x7fffae854718
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5164904316248450575,10703330040319732872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
862185d1d830c7075e7dcf64fbd7523c

SHA1
857dce0d6fb1a15f16ba481bdfce839e4fd3d6c6

SHA256
5a85c075f824533ea77f66831983d902135b9874f23fe8a456cd6b89cf68862d

SHA512
fbc49d06631b26fdcf0dabaf49c3f61c4bb1129421a07ae1166a9396ee903820c2bee306888ccf800881794c605e528b36f6e2164aff7c32ee30ecd9d41c66c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c2c3a95bdde1383e223c0e8fa41d8c35

SHA1
a2dc937f27c69d691832b500092d5ae27630bae0

SHA256
f2984c61f85769e556afb4830451e70ed49249ffc3507d0a4f86ab53360b6a7b

SHA512
54fc33b8caeb11a680bafade67cca8261ef732c066fa3a6f329c72894e3f63a6e9699af539d11260b2be3f6eb7b737bb3db58a05ff48600cd3eccc08d9f9b5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fa78b3a6b2d3b942ed8ae6ec0c464e4f

SHA1
f0f7a22ea009164f3f2630072728d0d3a5d624f6

SHA256
da4bb8f8fc510e2a3e171b4ea20cb448aade321798869fb84ab0f0c76ba3d9cf

SHA512
0f99dab7e9feb965b3a350ef7b2dc06446136cf4d8d781bea6b2dacd04549e9e9efd44fb8adab1fb78c2b444183db6e508d6cd08e2de3a6f5f8ae52ce3cc71ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
734023db6e8aaa7d88b6ab5e6fa32293

SHA1
3e0bb7b6477434717891818292a12eb5a8206eda

SHA256
9310b018dcac84273edb28276146248fe312e5efe4d2be20e283cdf67d6a8eef

SHA512
1ae58488a6d1acbddc9a849f5a51460223ed5f6ceb296ad992eac7056982767d852a2b73b06c6e5bb3b8e1242001bc2e4fa9ad7e1077998a7114a23b4a427755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e3da77de9fa257cf48dedae01d5db29d

SHA1
491212a1e8620b28144b137aa7f3b3abaeb40848

SHA256
39cccf96325a72b8ea84a5b4c1a27ab293a7511bb24d4efc88049fa698bee084

SHA512
23133eec696d099870ebebee9d6ea8b2db6e009574eb499cbedc1d5cc921a96e701aeae2423d4c63fd0ec155d1b3e485b056427ded3e3e0fb98ae40a86aa8629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7e537457dbccfc3473eed015a1ca714f

SHA1
ab81c00e1c6a69bfb2d4c8b3dbd9f020fe667db9

SHA256
3a130f1080c029e284ca1b5ee3b8ce933b0554af8c8b036783097ae802a12818

SHA512
9a330986460111ab66d64076bef9ade8f73dd1b2f006f3af5e62a68527bbf22f5477dd7452c52b967ca0030274aea2f7891a296707e24af97c5cb44a6539773e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
60658c770593299d349977e62bc53741

SHA1
af5676e1af24c5b289d0e1040d87fec48dbf61df

SHA256
ae77368dc852f03f04ee05b6a15fb06690202e73c2b4b7ead27924bfc7b0e943

SHA512
9149b5d7cfc458d63b964c52e5cb5d4ee7ff8236b1248ed90ea6b6bf3d794918528a4212292acc756b7ccc4d39d563ab714a4566b950c9e157f3b8f8723df9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
58bcd464803e87d70f5876851ad03079

SHA1
9c3700a671ccb3e3f62c5b2322b1c823dc935b6b

SHA256
99b3e4fa1e58d1eb773f1cca0b9d1c4d059f05d030f16aa4cef6f4edf7439be3

SHA512
9cd18a7b06d72f186b0fe87d6978ed3030fa47a5389889221c4dc7e1dfb11b67671c71753ff87f8326d3db567b6c2047127a9ce13e6d3ca9f8a9090f9f8f7d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef986108adb8d3277842d0c2e56a29a9

SHA1
8687eb6f17836749b1f8c09b4b0b9ef1817133ed

SHA256
595aa0ffd80e206a94e5670e14029bf8e11cd37d76afe9bcf06d9b5c52e35da2

SHA512
5262865dab767b91c4f87df6b0d66d93ca1380379fa44eec91992ccde002dfdc6ac266a567667e834bace7997561c88dacd760d8d60b2fb6998215cfec48c2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
015f2a3dfac8d60a4cf05ad9ca2a2034

SHA1
117610b1faf16304bb1105779219b4e1902d6c05

SHA256
2944bd9bd89d3e910371be96e9199fab1932fb7d47a4b069cc2a879c4c22ef97

SHA512
7d9f8c21869d647e032cfa3a83eeb9b4b2fbfd36927156288837896f4991bff4914aa6a26d5ba162cfbbf84e0079c4b8694e2b3a2497120c2ea1769309f687fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8c84c00167165abb893fe3f760fc9ac5

SHA1
090a8c7c6328179494b8702b6a7ee41d082702a3

SHA256
63b9fe14f0eeaee078d547e83409c06f7f7952d8d799d0af98f775537482c38a

SHA512
2f3290edf6646e59eec6c4d0e5578a7d83efd036f112a5e4ed4ae68dfb31181dad4de2e9d798f4cb5ff8fdc286110f8ecabe310cfeb56ce49d242ea5c8976a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af21a3050781587beefd31f0b635ca25

SHA1
b3ab950e2c689132c10b9089941234a8e508447f

SHA256
29d3523a26e9d96572416e039cc6be53fc9dd46644efb41ea9fc66f3dbd54ab7

SHA512
1737c668cd9ca0cd91b2fb9c2de520177e76ad7b626da581c07c026008204dcc1bf43d5a11019065b747a27b985aeadae58c97d5763c0be24e73d8210ff6572b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
39bb8cfd32da3d28f633611c152b6bcf

SHA1
86318da86ebc298075c365ad1d8ea6755e3ed3aa

SHA256
c82eb75eef7d5f45f2f5bd739e96cdb8590d1932b363ff7ef68983183c3408ed

SHA512
f0c9329f480b8cf06995def84c91b22e92207841c9647bdebfd976a15d91d08059e37acb98f1922b341829f264bcaa71cd37e0ec8afbcdc1f21ea3b580f06c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
011c9fd9d40d0017dedd3975f7ecf48d

SHA1
84f678479013ed24fe823b86e73ca3181f032dec

SHA256
482b32bc4befbca4f3a9579aa49febf67b163b0e9d1e1e2d3920bfa6454a94ad

SHA512
679dc930463bbe5d2a8f498fb4fd86ebcc46038b8a8006968caf7778c3fa8a77510c72dae03cb91ff91b5ff6e3de27b68315a0ff442ffb297f08015a277fa750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
762ba44860e502515a2bdb2bf579ac1d

SHA1
6aa39802a7d4a0ec49f5e71df7a34cb6dfff8b36

SHA256
a34cdec35b6ff0c0df881782531766741b95ea275f0cef6dc9b158d2ff4c8eba

SHA512
deb32cfa8537aa894ac6eca43ea7b09f22dc464c69c06498287d41810f59746151e3af8f3668b49f6d136d9bced3bec8761a19d0561f7a273902b5f9cd229cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edd4c301bd3c88e14826abbf35f7f04c

SHA1
a72ba5baddf8500a03d3c312fe8091275b103e0d

SHA256
a568e70024da7aa5d2453cd464c888cd5ad54b7722b8aaa3c2d0256be0ce2ee9

SHA512
c63e54e81b790d01f5818f68e395954c043a732163940f9bbc76e99cf325c2c426ef5b828b9e9314548317e259df39fb52f4170a58024306cc481e51ee04aed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5a528729f785a2001c867904a34168c7

SHA1
8c45a1bcc461b4aeec502a24c7672d02dd60b609

SHA256
95be91e570512dd315e99300aadb47274d9b307ba84d16dd61ca4d496185965d

SHA512
623d2ae6da0fce3e65c15830eed97dc92ad465042acc081f2ff8f26b999f78c691004836764422c70ccd487f97bc43441513c4b7e08eb5d788926fc5fc75ff07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2675f22a3f096592c9ac43a2026523b8

SHA1
2c5416ed29f70da05aae909f9c5142d97df7fc9f

SHA256
f3fd4da8b5265943ac796f3700ffe22fbad49fce798eeeff651cf5643f881135

SHA512
e63ed7b1132d6b6d714b6e0d87ab3f44eddd64d001bebecfa93201631a1712775537e9125242c8b5ffb38b6ed9b4dd09ca8e224419de3f918449bdc05eccbef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ab6e5fdba87fe7b2f29097549e803f0

SHA1
f6de91396b57623b6f27c914cf8f4d7c61407fe5

SHA256
985b1868b63edbb500a00c537a8880e0446ef22f64bb50ccd00bee2a20bb2329

SHA512
b47c9e833210ca8ad317e332ed2d897a413acfdcabe4b095802f995b4337bee38a4ac0c69815f95614a53c367b732900092f3ddcc84a8d4f572fb5c7b2893fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5054c9226c469454957f53934a19d277

SHA1
e02bc7c10dfcff0b287c7cf0f9f9d3d769c580ca

SHA256
062c831ecd2865946899106341e579bb61671fb27fc9f22918694f05b4db4721

SHA512
590d5be214a563026b3ab7c85fd4cfc17d9385896cc42beeb26e68e10029b9accfc82eaf03ee78b8d43529de751cc9ee512d2c8aefe238fc2b0d9efad5027013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c0baeee3c55a941c1fe9c906b21927a

SHA1
f5a9980863d14078b7e7d63c765890d5b1084bc9

SHA256
91bc4dcebddb5d07fbfccace4c816bb8486a1f3420e1a4be37a2125807b3d64e

SHA512
e4b62d03575c56278b8202336b0abf4d283d295fbf7df871d828b3c5db2ffec4a92eb66aa42715b1de2fac1c2f12222bd8eba1f9d906d1da8fd6faebecd477e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8886950c8e14fb7a79557f4b43727a93

SHA1
0b6c0c307472e4df2aaa752a95620da1fb9b2453

SHA256
0369dc59cdc9001f705b07e6cb87c301d3e51ac04820b342ec446eff0c72d120

SHA512
ed344499c477060b850d98d3d4fa3a50e3592e2d2f38511cb96266d5fe70c738cfb3691a73f009cf39bc315ab2405519a7b3cc53f844537e9bab19db76899788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55cd6e5f55ea5434bf74667d33bd3524

SHA1
da00e53ccc59afa9b200511b0eee4a3c54ad67e7

SHA256
c30ff42c05fce0216ec9db299dea047c35306b943ed1d3f6773b231dc85188d7

SHA512
a3bafdb64988dac5f21898765a5b88da2c191fe8b045863238e112a5c05448de9692710288ca607ddc7e7018ddb0df354c6b96cf896f92bddc026517c7d2247c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3001048babe4e420dfefb08039a44973

SHA1
274581b7b686a2512f2c83d623d233bc7f2da84a

SHA256
ba8042f41249961203d2b51788e15612de4bce56d9a1cc29ed504f696df20042

SHA512
88a44c272c120990fd6f4ae87cd287d56c5e4bc4e5d74a0561fa6153b716d4f00be73279fbe33bc91890264b1875ace287a6afd9ccef1c5136bbe45eaeff286e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c1c616795dbf03c373686ae4161c390

SHA1
800c0f1ea4a0167006ff0fe6832588ebea175759

SHA256
3a1d6e522c5f95cee3ca568ad886eadac994a728de58672b580154f7b4980f07

SHA512
6aaa48fb4277d66986fe40ea297c5ed6b3289bd3859185e1a4bc2f8b5061cedf78f246f6d22aa38114f8c5033606c5da2b0647ec4f18585297ced672d6d09293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64d1c148326189fa54dbd52c83872d5d

SHA1
da384fc400e051066398d5cbcbff51a236e69678

SHA256
3f92a8a68cbbdd32020792ddafc19a9898542e5e0b97776f348b4d0bd485477c

SHA512
6a0967e64b4fabdc20b341a41d7e38cc2dbccd5856a3faca9f7c1b552ceab7c2f83c8a320f8872fc65a07287f73bef42ecdc9f92defcb3f41e9432b0c61ffbb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f4275ae9088ac7507a87a29e212a70e

SHA1
b5c6dfb289fdf375ee6f3fd26a5bcc4b505f0d16

SHA256
dc1af15cd07322eafafa6c3563433fe8aa90537c0b602f4541bfcd5c016aa092

SHA512
c3851b473088815ed10ad00df3bb58aba1393d10911225638989dd91a64aa6a4e2e53db956fa2eb9dc7a7d35e587d872338fa51d3f52921ee3a437804f89b6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
633d52187fd72ab69df87cd62d46c9eb

SHA1
cffb44b5bf0fdba758cf1f0022273cd21c391fb0

SHA256
d4048c7271bb737689e57253e964459b3a4e0114a40e6b4209264da06fe0aa36

SHA512
07ba25b3b550e981b0df8215c8e433ee8e1c988dde63af7d537e3c5f435bf6ad464b36bbe7e17a3d07c8edfa31faffabc2bb72765dd189e763057b0cf5945406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b3c0f4194d7fed56581645f71fb1627

SHA1
a1aa2aa1bd382756d7664935c6fafadbca2cd90b

SHA256
e3e5513f1d7f9fc87c83390b31667f9b413c91448d07f58e4252d6052bc29f92

SHA512
a48c13f607671178e0acb5277b78c411e2d561d25d4c31b266ac14613c7adc75315dddabef5e536b34e5d36ea0c9a0d5530799876182df49149136da07f222a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91eadc6ec7349dc3a9b4a1891765edd7

SHA1
65d4da80d7eed9de09ee7cc0db842109faab8c5f

SHA256
de57d5cd3b59a99f8c1852346a696f5e4f12fef512e3eddbc49899972c973737

SHA512
c4d61f7e32e00f21437d62262e2d8c2af32261ede1dd1ea4de48b49bf3949923435ee33d3c6591ffccbabef2c73ad6697a456b0310e9de0b75c9902416253e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9414157ee913a1795650d08aa0ce3832

SHA1
8bfc0d885c6f6de8b8be3466faebb309e0c530e9

SHA256
26ebaf3712735a296e3a305d5fc13162b6713830ca78247f95e350ee3ee3e6eb

SHA512
e7626d3c069d186b5ee80c5438024904636abd2cd6ff914b209ecc0e2e7364fddf7a060caf06c93ad3d1fe834e223ba151661f39f3f0608c1b565c525808b015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9bdb72f606f00c91c260a937167acfe8

SHA1
e98149ef51a47d7679e7e456361a48a8f39c56e4

SHA256
c50ba133db0cbfd58724a25e22cf522fb24cfd6941148ec584421212740c0be9

SHA512
5c150e5984f362dbfccb3063840522bd4834031ad09afb4ec1aaf196e8328e581e36be578e7b5909abcdb6acfce923b0733cdcdfd242a049233a5fe9c6ccc961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24133a00864937c7ee96498cb60acb43

SHA1
3e1eb98bdf9a1a8565b5c3d2077a769210c9dfda

SHA256
e733018587d16412df3a58494021f6d418e548732e125c790034acd5f8121061

SHA512
a781becf5604398d1f823351d0b626140ce89e0a0bb7efb1550e803499072e26134856ca280da521666d3ee647c1f0d4dfd0a0977a4fbcceffc865f750039664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dda3b37fb0e160a5c9ddb17c15f24db

SHA1
71d18f8b39febe84cac3df02d9dda66d1bf4c94e

SHA256
eeabc33f362acd96d2dfad276caf01a8b708f338a521442eab58ec845ebd4d6b

SHA512
8ef4210c92e0b0d62d97e9e94c853ab23a22c7e7777893a0c7a472e7ee641adbdfb524acfe0d6a89c8ef51fab775a35665b0da290279d4c6005195d6137acf61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b90695722f9bdf0a18f782f813a74003

SHA1
0c93fe0783433c20e62312178da981f737c83615

SHA256
a90d0cceeca6ead78492060e0be5a9bcf19de83f35159d44946328389f1ab9e7

SHA512
ccb7908ba51a902d306645a66506219b16d90634fa4aebfc991f8aad09d590a13b63b755caa74a0c452f74979757abfb05c0f5e9513eb1c3ba42dbd21a3cc3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
93d45ca25ff7ad1504b0eed5032542a7

SHA1
14eeccb6ec5e80384452060480fe7d1cab6aae35

SHA256
1aaa62d8dbeca06998068898d351aa77040fcbdc597487ac1b8fe5ed03d6c210

SHA512
b903fd01b685b3ba65df02c7e3d00891664afa62e074d0e2ddb2886e98618bdc2f90180ed266ce027c6675056b45a3d30ed930aa6461c64190b0e1bc223e6aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1808278686f61129bfbe816ad5b7b841

SHA1
24cdfd62505dbdc31b571569aff777be8dfc1a31

SHA256
b62b14755cd814fbcf107f85bb3d045a4cb65e6c020e51e2eed16b60561d0572

SHA512
a84af8f37613bba3d0cf59a9ef63b1d99bdb72818e4ed86d0c5ef3fd522d4a53198b3169c36436eb6c818f8ae13c2969e9d971112746717a1a90c58c9f398fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
624d5818892b737762c1112ea92fbaad

SHA1
a102413d768f3bebbbea7e905979ef4cf4caa4a1

SHA256
4100c7a939a3273a797c06edbbbdd64db6a5fda52dcc7c77fb3d3ff8c5a55fc8

SHA512
9e2f0863557bf54635c62bc44e8ebc45dc0bcbfe27b1f9cfa6375686300abeb85774b2d743dd2dc695b77692f9562b2d57eaa98a559099a2a62fe6361a4e41ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b7a3cf76a26e526ca2e943991f1f1bd

SHA1
feaae68b75477ad171bd1e273ac3e9c2a31b3010

SHA256
cefa4fd67bdc5b4603749c8062f2d91df1045e7927ae9e28b3fd0b5883a68a19

SHA512
2d5543e98cbfc41b05842de0290569be97b9b1d2619c1310767b1c26ef516e69c2f41ef821fbe3236b5f54a67a9aef9eb2c1f2e33d33b9ab714326d81411bab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
388ee8115f096cb356ee286e537012bf

SHA1
892a57abad5ce33e955e633778f6d56bd309eb81

SHA256
29895efa3baa010b310e554d0ffd5c4d855bbd6334ab72bf1e2679294be73540

SHA512
7ae8f6fcd6f7c69fb6cdfd7394594854fc637a26effe9ad07f7a87cff63de269a1b3ee587db9e8e7ed6e44badca0ce75c54508f2212286cfbf36e7a77f557b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
980a275a116c920b1f161d0f99e6cf43

SHA1
c5459026b9e285c191b487b9856b69cffa804308

SHA256
0b67629c6eba6f67c2f54777e56a89151f49ab7bab959906fe6831a922bf11b3

SHA512
4e7b73a094415193f9cc5a3d8a935fb4502a618f16732dd334427987f950cc4719ae6443d5f47f57469616853ae48f4554202a2a23c27b07c0abfd327acc5ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
690fdc9e04aceb6cbac6b67179ed24b5

SHA1
ea1014b13dcf702b3a17f3a3ae5b50c7fccd5dd8

SHA256
01ad6ebe1e9295d33b62572bad3b27c2d507671f5eecb08ac12bf5be1e963ffa

SHA512
d01589d735788a7a4033220e7a5fe2d7a4d3dbd9e376899ab446c1e96e6fe78650e0da3afe837a06411f8b5227a68db54954237917627a9e5bb60e3153b8c5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5f894c28d7e9af764a5d9b3d9668119

SHA1
8dd526c8e50f3be4cacd1dc0e156bba55c98a95d

SHA256
cd78153f849e7a664e082ecff4effcbe81933aca9ab80b11b335b67c4aa9f066

SHA512
06042552ba1e84076c6d2262aab301df8819bb9dea45defe3828c1a59f4731a968c68176e5325098c297dd89c00d46d05063fb1635242bf2dfbdf9452d89efa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
df0bac2e15d15c0dcaa39b7d126c7ff3

SHA1
0ee992558ed5d192159c7be749528678b7d45b08

SHA256
78bfdecbff453077baa30d8a0ba4e14bffdd4110dc722fba0d9f3a93b8a897d1

SHA512
f010ae29c4d935beb0195370f28afb01cd4f1ba6dcaac9a6edf2d916138e45105fb5e5e9e0fb2e214b47b014b2821509ec21951d224c02710ddd9ed404661688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d26b0d0470c22927546dbcde2511100a

SHA1
ac93eba28546fbf249ae915ef58015954f805fe4

SHA256
5d94f5952a91cc102588426ad0ac1b6866f5e284d9b7f2459d652805c2f78868

SHA512
77a0e967ed364ec6c09f2a7f7f49f11c46f6672d9657f324a2a3b0fd13637185e1228af4a9a0dc02aded37d07283fc1389c7938bed89cb07768f71df51dbf123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5748a91abbd799e11f02d1605e13cd6a

SHA1
8246b942f0f8e5fc8c128820d781331b14d1edd8

SHA256
123d644e326243d7226c8593730ac9edcacea7bbcb85e858e0207d8dd988871d

SHA512
b36b9fb07c1bd5a0417ab244d83bb006769a9af584c04a14c966a5309df3625f97a663890160e4c3dd54a0626f414ed94bcd306c3bd8474b9258a25f10d119ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37128b4e4883085adb70212099d33acf

SHA1
9c716ed5401e9dc2c6879b03f0a34d824d2ede99

SHA256
91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7

SHA512
3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52c854d6-7cc9-47d7-8585-9a15c9cc82b7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3dc8a6d9ab3e6f25b2c771bbb1170a9d

SHA1
a07cbefd31560a333e58a4f5b2789ab079d3ce4d

SHA256
7fae26f5f3a437f39fec382731d012e37e6ad82535fb5bea6eb50c2127a4b67b

SHA512
872e18c17d78f6235e251b26f4fb154975e52ab08ec8fd8e55260fe56f74e3ce16e622fc23bf9e564f803fea0d4befe7eee3e3adb70369b333540a44e21a7fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
489fc02138475ea9c47a447675d84447

SHA1
d41082b4949767c42829dbfab09a33d8080dced0

SHA256
400b456b68f1a576e23845abec84d9f463642d281486014d085acaf5b8f8bc06

SHA512
608b28e2b295f008f5a7341fe78b6486348026a05d0d52d240ac1f26fe3bd22cae12fe3735db9e8e8f967cf3d2e388d6297a98e60a347363c45cb3f5d8b1349e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
960deb5d3c22e4e6eebaf1d7c8e47529

SHA1
9b275f9aec64267ab1d9f8dda9f7456571581952

SHA256
a8c5fade55f2ab096bae477960c5813f7f002e3d2d5fc6d8b4e5e0f992fb8331

SHA512
a0081e243820e7cbb1959faafa2f9e4ff7ebec343be0ae9c0bfcc9f92e79bf3aa0e1c688f11212c14250243f18ef62be69e52af19fa90a6310195ddbdb1e92fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9a09fda939de8392b932e0fbe7eba72

SHA1
bec35a3f2fd6b508532249afbdc40e3ee5b4509f

SHA256
d1aa9e16b06bee3c0e7d06a5c545fc0958c4836ea0fd0836d7c433786c7350a8

SHA512
62d4911b3bb2eb52b1ec6f22db56c8e6bd2c1ebc0d3c95e44f3e4d7e706ecd88168b49d53a21eedc798333d499d673dddb81d40c21fab0040196d34f626297ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91cbaac43db4200f82ba493eb40228e8

SHA1
094fbc238b22f0a7d49d4aaa57e1234c4a409e22

SHA256
15a2cacf92a6599b76eceddb3f98cb5a23d3ff21cf15a70c0052bd7c1b9f30f7

SHA512
3035c04a3456e3a846c6b1bdb4014e6e0d994ee2102bf414ad0f7654c0ec507841378e3950b6c49bfe63646e915d6bbaf12d04d00fef3f4b45c06da71bad8c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5ae1e5226d8a7c026da89c2b5523e09

SHA1
e99fdd01a80d05d8b72dad4f90e77b9274b144dc

SHA256
d5c661c6c902d39449358518960062ae6ff51ac6e2c66c83814507abb61925ac

SHA512
96d9dd65d2f695cb24da61c3e2fad01b138137e64b4b6f4d36ea7ad2858c2727c72ddd0d1733cf9e8994f808eabdde146166820940b9d8c4caadbf7c745ee886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07b3944bd154e108003a4d86f18aa513

SHA1
0afd88e58013d90351177013c5aa6cf83fdce4a9

SHA256
585812516cdf67e0bbead8e936decee32483500b000dca6a74a9bb7f29c24591

SHA512
668293cf72ae0afaa56cf21edb8d6f4fd170b86b2d172bd59940aa45f37aa516c9b64d4e75656ca4b56253aa35b6c8d5645d64062675b2812d46c372711cdec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
7f603cc4a65d2420d1b9f21e92fe9252

SHA1
8a423c7a14e9895ae63bacd7b041e474ed7bfd2a

SHA256
1c8753e6c177d25b13dc3cfccac9d7227381768394202ac72594836f6bf6c888

SHA512
2c252b10f470642b3e342cb9a1d09f8e2955aabf8a569b4722ee331c1860078e4abb8c6dcd40687ce85c387515225337fe3ac71ff135be8ac3fc0585334e1896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fe418d2b53f891c295fc6dc96faedcce

SHA1
19b6a4a3813ad2fe7d146134a68519f6a4c6d391

SHA256
2c1c52f84b12d891df67819a18f9ab6ad47b934af12a21777039b8e36ef98eea

SHA512
0976c8cf5a82dfab4d3257274cdb34a58f26ab2d8c8709dc81506a2274f28240e467ded1332a4f79d04849c49cf6dd531688c1406df2b3d60389863e124b97c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ed79daf035cbcf78957bf3a095edf68

SHA1
58fd381b6e5eb3b9c0add98ad17c7478275edc12

SHA256
ef080754f495b73a722ed2384fcd87f8b7b6d8a69f9d75c1c9f4d33cbe6ae294

SHA512
c122cf2688b00ab211ad27c7320571357541e3fffd3f82be983f168cd8a564c666551fae1835311609d9963d8495ae26f2f94e89bb58213fcb81102d3c2dc607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5c3d37a6512d83147ed670cb556f9f3

SHA1
83707e5c704f315f95e69cb770cb1461af495ef6

SHA256
9879ec2b7e49f31d93795dba3089938a18043070bc3b51c097bf96f8e5227cd4

SHA512
41ce5e8d8124d0186b34d2657789395d53823060b9b3a57d22c17313c7addbc947fa45459e43bd8e19edd8f9b40cd6584082dca605fb833e0609d597b473cbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7bfbc90ed1553211713d85bc29502742

SHA1
e0f01d9c59efed46e34b479b06dc8adfb3a5bb46

SHA256
96f0c8014cd0eb10e32d326c80db3a228a21f770d5bf308f73fccfa1094ff288

SHA512
7fe0f6747e22f1ea9404a16d82b7c0bb296a7cfad1950a3ac4cc79991131621c338d2267c58332c938ab11ed4e0e2264763efcc8741f9667aa24e0004b710123

Download Submit