hxxps://share[.]hsforms[.]com/1Fz5zIQIhQ2WN8d1Mn4WZPAsqu7f

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2024, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://share.hsforms.com/1Fz5zIQIhQ2WN8d1Mn4WZPAsqu7f

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778556459718815"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4460	msedge.exe
4460	msedge.exe
4452	identity_helper.exe
4452	identity_helper.exe
3508	chrome.exe
3508	chrome.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4932	4460	msedge.exe	83
PID 4460 wrote to memory of 4932	4460	msedge.exe	83
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 5036	4460	msedge.exe	84
PID 4460 wrote to memory of 4624	4460	msedge.exe	85
PID 4460 wrote to memory of 4624	4460	msedge.exe	85
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86
PID 4460 wrote to memory of 5044	4460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://share.hsforms.com/1Fz5zIQIhQ2WN8d1Mn4WZPAsqu7f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd660046f8,0x7ffd66004708,0x7ffd66004718
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6788699064429084563,9262575067993481758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd615acc40,0x7ffd615acc4c,0x7ffd615acc58
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2128,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2068,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3136,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3500,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3408,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3548,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5184,i,16008812006431862203,6026262398486283790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:2
  2⤵
  PID:5496

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ac569e8346f455c6565c32a4f826483c

SHA1
96ae36c8166790a67f816b1fbf53fe396a011dce

SHA256
445b3db5df20ca00da1a14495f2ba8d958cf8a3f5176c84eef237e7302be23a1

SHA512
1ae2725a4654b7c740bdb99e324bf8573c7719f48e5bca61081ab87e38ef07a1e58f8c4633f1aaaee21c4dc076fb993ac753bcfc0e23f034199b7b9d4d66f0e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1af187fcb484ef0804f4ec6de2dbfdbc

SHA1
79605bc870f92c040a62e798bbb2157b1916e7a5

SHA256
884f7d4a9cac0e1ba069c1212e6185139a94765c083ee9b0f5b57639f4d729d4

SHA512
d5d26c9c1c8a56563e635e6d0a24030d51ca7f5ab87be225f5e7f789740fe395124aae5a97d3c1aa5932bdaed62c31c18ead475b4af9885eb574b6674016cdd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d8f5a24f4a9da43a39a6e93434bcf6d5

SHA1
d255c12f817e25ef16b19e343c2063d32add81f3

SHA256
2bd43f201fe0fe2ef64b7629dfb806994834b72ec5b72acd7abb1b1af81f2e94

SHA512
56ea8cdf8cb45156f61f1508534922b8b908f1fcce60f09ee4dc13de9dc9f8f8311f02a51b02cd91c7b64eaf9d90784d77a86d75f81425ea8202f5330d98780a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fe978acfdea203f46bb7adbc7c2ba567

SHA1
d220b19adc964f9b30cdedcce526f58f87dc65ac

SHA256
585e4e9aa7ee00ec5feef6047987748e4986633c4767a4a3c4d5462d3e636662

SHA512
c09d0744610668ed991c99e5e5726fcf18bb172b5e93238da03f3cc7d3ad718bae7bbb85605e48c5affdd0d4450c811be57dfb5ac7afe57301dde34a41cabe4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b7b4662de80662db9a6d5b2841346b92

SHA1
4652d7467091f04b32b8ba3cebda3158d71bd12d

SHA256
1069b35a7e011efe4627e4ebd9d32264ee4c24d62351270bec12bbb4f0a60458

SHA512
1f0e020c0725844eb90f8ea9e1a77f84781cc62134df05a991b8ef0dc2e1542f4c8877b1679038592338cd231ec222c1ea128251ec7ef5b0d860ee34103d42a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4c6f22aeb1a4345dde36cc4579d15a8

SHA1
aa1dad0800d368ed732c7fe5b67c97e2e33c6638

SHA256
6010b839476a0f7897e710ac71d9f6a7c041b805ff73d57a755f4203c782d778

SHA512
0f338f7eb25052555ea3fdd2d6d93f34e0af61b5093132c93e0d1542ec641298e8e464e4455bdbe12b71f2a760bd867e1336d4ce2ae2bd9532973d445d8f442f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17e73eb4452d3f676fc5f6077fd7f736

SHA1
791762d6fb3dfc1801dd5bdf6ec0bfeea087d177

SHA256
eb0118057a3542edf911d46673e218f8f5c911eb9b279ada2c60191eae54b9cb

SHA512
c98b84e480100b32fd648f72457a9e3f10969eb58312c5b5876e42ccc7ca5209ad946c267dee14ba3212735ee2b501ae33c0fffcaaf7656cca41273f6c512a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35514e157e07808f7b9f2b9d1cbc3835

SHA1
2ccf41e88b41c184ab22d85ba6180795a64fc9cc

SHA256
9351288c338ffaadcc69fb7796647306d19bd2ce2802b7ce5feaea8675efab76

SHA512
2e19bc2241f4fcfca41ad34efd9288e059609bb0c339e6db569c63c3127f75b7e8de301f2dac7ec2b6ed817f3eb62c6d68d7b8c2c9e1baabc5346cf88544d9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b08b38f97fac18adf7078fde19dd817e

SHA1
85f47fbceaf0de1749851b3dd54928a74a83e109

SHA256
11292738204a8fc9b8c5e60bafc33e46e78d63ba3299a72fa62741ab1cc3377a

SHA512
26223ac1810550c0d2f5eb6ceac27d5fc110c467cf819ad51743da94dca34da0aaf61064cdd50cf8c7af9257eab25a8d950fb1624abf1133d05bf580f72a7769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3cd297a13e7fc3197d3e2309b2d69e6b

SHA1
35fcc69f67f682596b3ec27a6469d05be1aeb363

SHA256
992cf52b938efde1c157ac1f108cad449f7bf7240be7a65e7cc3253ff98bbbbd

SHA512
59e1f0d7d77d7b70975c3ce977f7ec6dbf90e442cd559b553b27f30ab069a8349e223f4cf93a78eff8e6446646cfd0c0d8d58b908e0f4ad8a3ae233c4c97622e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1a3480ab288045fe9f0a8fee5edcec53

SHA1
e6363688ce13f1448053a820ed61c3a5f49ed818

SHA256
b334352634799a0dee06a246b22b21b1d39c281002e12ce0fc8d67d959a81884

SHA512
e77c14d10e1c1f9a46878a05dfbf6317917372be161860aed04234967457a6488262eef0c3a1da0aadab857443662f35404fafabafba4e0135eee1786883e418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b75b15623c368221c25853dd7661eb57

SHA1
e2af226ea9e77a8150cdf73a08f1e43375119771

SHA256
242a62927a974da99a813e2b8264b840c733a73c952b257a1233aab45a4065b0

SHA512
ed31955aa32546864b94a9c010e180d6517b1d3a62dff4252ddac232064ab5ac48c6ef8110541da712c7dfbff78092a7eb8d90ebfb0c0efafeb20f675ca8c307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
b7e7677a5a49a6ae1a5bf4c232cdf597

SHA1
b4a97c9aa01014f3dd2a6a61da603c08ddf35ecf

SHA256
a7d5a01f33eb130c68a35155129cb840f04a52186792be580aa6d42a57b7a685

SHA512
daf9ef2c7fc1a28459b7bc359380f7c4a3d0c807841a8b9376fe9a832d8fb0870fa1487251e22c8c3f9fad73024ffb1025fd9cb3472119f4542e8a23a7869332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ce6db9ccdf49889e95a7f6fd07a7097a

SHA1
48392ffac0beccfebbe2e7f5a826452a90ab89e7

SHA256
b7cbd87434c59473be31f599ea0d3d0b0b9e1d0740ed15d4bb482fbe7071777a

SHA512
c8bde33a43cdeb6ea5a780c6987f4bc9ec02259f0461365dcae583faed5e59d2cdf0f1aa92a3bc23c9aea43df3a1892e1056476561ecdd7f87485a40ab5f1a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f4431617841d501e79055d14d7ccc5f8

SHA1
3c18b79aa755b3631c66c1b28ef14787160c86eb

SHA256
818083f51f2775c9bd5639ff00d55c79df60f990c51b172c6a51c809907ab52f

SHA512
321af887df04f6bb4962c3a5e79d307de26442dfb55283fdf87549236115ff186fd7c06f2f70831e4d655efbbb37ebc7897cfb59cedb61b800a1ec7c6718b665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
08e7450f82f418c7e97642f35687ae82

SHA1
f68f673be9e1f06f08b4dcd207f35d4d28d1eef6

SHA256
65f8a120ae6bbca60ee0c363ef459e2df8618cd6c15a4607eede78e3179ddb32

SHA512
b6407f5d99cc81ef191a2ee490b3fec32465a55a839a81b8cf66c8172ae5bebf7937c77f6d4974a50c1cb23822fe69aaf76cd8442d6e767e8914feb821a97b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6a7cab6e0c777998dd97b15bce719949

SHA1
25efe458f0ea4c91a51903789118e15919140bac

SHA256
c1e3efb5a9cfc1e94dfbe5dd8d2b11b9a585a5d88cbbe66419409a6eaa488b26

SHA512
02883896e0dfd95d71b8bcdf3a980d103fe19b2eb3ab9a3874e966759c31767dd530c1ea4f7e749016250e937a1d5d45f743accbaf09363193765a23bdb60acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f5d160dc03cba73143ae76bbf1c00229

SHA1
929350077cf71e5e8cc1ecf0816b5f7a0fadaca4

SHA256
0f757586f4331c7c2d18219bb04df4d5b757bb58da251febcbab9993365fa191

SHA512
ad003575bfb062113329950a9d638fa09eef60326f8b734c1dccddb4d321a4d8f13201bcb6a99bf9a25288009596c1d9488c43318b0972848ba5844bc9e2e1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b5877f7444bc86afeff7fb75984b1c09

SHA1
83aaf09c3c31c97b443035ed115fef09809e50d2

SHA256
f4bb66aa80cf1258650c5fbd362074e504dd6c5523f7909f986314f6919580b2

SHA512
410863aa9f3244e09d721e0d973a2cea2c72e3fd212e6aa2a0d21ee4d02b696d21ca92889f87d146a89796077294e1b079c9b033ce9954f12dc231108ab9fc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9db7c191206f7ff256d63d61ef951c0

SHA1
5f12e66dbb36f834781915fc8e5ef8e2c9e6b309

SHA256
07eca89899f6482f4a3ab0af15d4153fac39543b72be61ab5913f140f5b5b772

SHA512
ac17af69301f81d0fbbcd41eea50e74c1bb4f2e592e6c1f0cbcfb6fbfeb36aa02873e77304215af9828e37004dc9623144d4458560990e737eaea7c9f4e9be77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5998a51a66a8557d71afaaaec196009b

SHA1
135a3255a53ee571152a469e9e09b02a58acc0be

SHA256
bf6a7a1ce45b983cb13c7d76398e3a47103d7fa715881e0143fc7bb288a03513

SHA512
c56c60ce97f9a9c109ad68780a8b04f70f99d969610114f4aa33d07e5dba67fdf699afecb13760352d69f869587e98fe447bce676dda00f96252c89b34f1471b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bfe12c6b1e085ee6597dfb82e957806

SHA1
6b4b6b7f001af9067a221ee1d928fabfddfd27f9

SHA256
d72d92e29a5e4f2df118e0df9524c2830654e2b68fefc9cc0492910bd95acf73

SHA512
433a23632afe6b48b4989206e0feef709daac3d4d7622107fd8806cc6246fe5ed4072ad13d95daac1afe4ca6c7accf2526cac50857ddc23e674e60aa60574937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cd8b8a841583ed68162409ca4fb5d76

SHA1
6a89f170ae5ba5974e7c3ae86e8212e95a5ca15b

SHA256
d58219da71de24454b9d486debd9d6d7dafae9dfd0d8cddb1aa1a4959d647bd2

SHA512
0c2208c2e5f976c67cdd5f6a5130d27cf2add5eb71bc5369c90c0a279ec5615b01ddff267fc646ce81a64faa67a46d9b5cbee34158ea65ca4ca3b08b03645a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f6081728fb6bb7c6e72cf0d81762e9a1

SHA1
ebb22d8306c3720769ac077ad5bc54ffdd7154ca

SHA256
cb45be3d5b644c2363717202778123a09a9dbf55080c88f7915c723734c77348

SHA512
dd0ce07b36d6422571ecaca3a706db381129f5c6709ae8afa67c97568b87a9379f3764d79879f35fa3a941e3aeedcf7a16b3039ec82eb40164e8831f3af0068f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be33bcfdb898680fdb66f8df02d4b088

SHA1
7c3f9eb49cb344f845f8ba8e58c1cd0522e80228

SHA256
44a61ecb4d55c9c8d7b792c4ba7e9a63e53721090f2f8c0b2137bbca45ad2930

SHA512
b65be9770e1e2afd854222757eb8303abdf60ed151f5a65fed93c98279fe6c13253d4238af738e5f2d5f51af9ccc9a00f161420ff09ae2853f00f558ce572667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b08d072e0f7511673ea2c0c27785f03

SHA1
c3329360bbddc1fadc44a63ea9bb50093a3cc2dc

SHA256
4cc3af3afe35395c33626b259836d253b4c5a4526ca6a822e2a3952122c71813

SHA512
3658dbe15c8e43e032f66109075e001345a37882bfbba93eebbccce701bfbc58a07e998d5efb19f1b0b65dd6cb04dc88c5fd2c843f7dc7e7f26abc2909018b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f82b.TMP

Filesize
1KB

MD5
0d2cd461366ef0414f7cf895d1be1d26

SHA1
85229e487333806d6fb84a15c7113a09a71d6799

SHA256
ddc7ed9bcac0c11800c2cd5725331296c69e2092517b54012f0963bce564f381

SHA512
7244f78530861b4b249e72b33714fd9f690d776774bb9a7840feb8bd21cf2bae503c945a313e92e2ea7f30356fa664d2a95bdcc328bd757fc6bc6a1603e09463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bcbe6e95d0fdfa3fa0d6afa34e781ae6

SHA1
8411ba14e9f662a09f56b30297a4e3b37ca6d246

SHA256
a7cca5f50d1d25e50d68999c41a88d08a966c8667856e761dd2b887e3fe0276d

SHA512
8c84d2276ca8c7f51b4a01502b85ca2f5653e0546847fec93dbd94e070bc2ceaa03685c2d2c9bf726cb9f113c48811f1d6e1e0330110a8d2ac8cd5ec5b20fb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af87041d7b7fd8f3884f701854b85a00

SHA1
8250b08c815f5bfbecbdac16457bfb7c15a120d9

SHA256
a8834b8bcc19036544ccd5d2539ba111f7291e84b162b91dfc44541121a8822f

SHA512
6e1b0912ddf8eb391f2215efbd92e98c4b985784cd3e7eb6a1e85301300396e965fa6046d57d10f49091a0ff1ff119df3a9729cac102d37990e9143b8827d235

Download Submit
C:\Users\Admin\AppData\Local\Temp\9ca5ee98-d354-43ec-8f15-9f65db934452.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3508_2029750640\6aa44e88-e069-4339-aa12-6f1219892458.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3508_2029750640\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit